1/*
2 * Copyright (c) 2008-2010 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Portions Copyright (c) 2008-2010 Apple Inc. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 *    notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 *    notice, this list of conditions and the following disclaimer in the
17 *    documentation and/or other materials provided with the distribution.
18 *
19 * 3. Neither the name of the Institute nor the names of its contributors
20 *    may be used to endorse or promote products derived from this software
21 *    without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36#include "heim.h"
37#include "mit-gssapi.h"
38#include "mit-gssapi_krb5.h"
39#include <string.h>
40#include <errno.h>
41#include <stdio.h>
42#include <stdlib.h>
43
44OM_uint32
45heim_gsskrb5_extract_authz_data_from_sec_context(OM_uint32 * /*minor_status*/,
46						 gss_ctx_id_t /*context_handle*/,
47						 int /*ad_type*/,
48						 gss_buffer_t /*ad_data*/);
49
50uint32_t KRB5_CALLCONV
51apple_gss_krb5_export_authdata_if_relevant_context(uint32_t *min_stat,
52						   gss_ctx_id_t *context_handle,
53						   uint32_t version,
54						   void **kctx)
55{
56    apple_gss_krb5_authdata_if_relevant *d;
57    gss_buffer_desc buffer;
58    uint32_t maj_stat;
59
60    if (version != 1 && *context_handle == NULL) {
61	*min_stat = EINVAL;
62	return GSS_S_FAILURE;
63    }
64
65    maj_stat = heim_gsskrb5_extract_authz_data_from_sec_context(min_stat,
66								*context_handle,
67								KRB5_AUTHDATA_IF_RELEVANT,
68								&buffer);
69    if (maj_stat)
70	return maj_stat;
71
72    d = calloc(1, sizeof(*d));
73    if (d == NULL) {
74	gss_release_buffer(min_stat, &buffer);
75	return GSS_S_FAILURE;
76    }
77
78    d->type = KRB5_AUTHDATA_IF_RELEVANT;
79    d->length = buffer.length;
80    d->data = malloc(buffer.length);
81    if (d->data == NULL) {
82	gss_release_buffer(min_stat, &buffer);
83	free(d);
84	*min_stat = 0;
85	return GSS_S_FAILURE;
86    }
87    memcpy(d->data, buffer.value, buffer.length);
88
89    gss_release_buffer(min_stat, &buffer);
90
91    *kctx = d;
92
93    *min_stat = 0;
94    return GSS_S_COMPLETE;
95}
96
97uint32_t
98apple_gss_krb5_free_authdata_if_relevant(uint32_t *minor_status,
99					 void *kctx)
100{
101    apple_gss_krb5_authdata_if_relevant *d = kctx;
102
103    if (d) {
104	if (d->data)
105	    free(d->data);
106	free(d);
107    }
108    *minor_status = 0;
109    return GSS_S_COMPLETE;
110}
111
112
113int
114gss_oid_equal(const gss_OID a, const gss_OID b);
115
116OM_uint32
117heim_gss_import_name(OM_uint32 * /*minor_status*/,
118		     const gss_buffer_t /*input_name_buffer*/,
119		     const gss_OID /*input_name_type*/,
120		     gss_name_t * /*output_name*/);
121
122
123
124OM_uint32
125gss_import_name(OM_uint32 *minor_status,
126		gss_buffer_t input_name_buffer,
127		gss_OID name_type,
128		gss_name_t *name)
129{
130    LOG_ENTRY();
131
132    /*
133     * Rewrite gss_nt_krb5_principal
134     */
135
136    if (gss_oid_equal(name_type, (gss_OID)gss_nt_krb5_principal)) {
137	struct comb_principal **p = (void *)input_name_buffer->value;
138	input_name_buffer->value = &(*p)->heim;
139    }
140
141    return heim_gss_import_name(minor_status, input_name_buffer, name_type, name);
142}
143