2 * Copyright (c) 2009 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "mech_locl.h"
37 store_mech_cred(OM_uint32 *minor_status,
38 gssapi_mech_interface m,
39 const struct _gss_mechanism_cred *mc,
40 gss_cred_usage_t input_usage,
41 OM_uint32 store_cred_flags,
42 gss_const_key_value_set_t cred_store,
43 gss_cred_usage_t *usage_stored,
44 gss_buffer_set_t *env)
46 OM_uint32 major_status;
47 OM_uint32 overwrite_cred =
48 !!(store_cred_flags & GSS_C_STORE_CRED_OVERWRITE);
49 OM_uint32 default_cred = !!(store_cred_flags & GSS_C_STORE_CRED_DEFAULT);
51 if (m->gm_store_cred_into2)
52 major_status = m->gm_store_cred_into2(minor_status, mc->gmc_cred,
53 input_usage, &m->gm_mech_oid,
54 store_cred_flags, cred_store,
57 else if (m->gm_store_cred_into)
58 major_status = m->gm_store_cred_into(minor_status, mc->gmc_cred,
59 input_usage, &m->gm_mech_oid,
60 overwrite_cred, default_cred,
61 cred_store, NULL, usage_stored);
62 else if (cred_store == GSS_C_NO_CRED_STORE && m->gm_store_cred)
63 major_status = m->gm_store_cred(minor_status, mc->gmc_cred,
64 input_usage, &m->gm_mech_oid,
65 overwrite_cred, default_cred,
68 major_status = GSS_S_UNAVAILABLE;
74 * See RFC5588 for gss_store_cred(). This function is a variant that takes a
75 * const key/value hashmap-like thing that specifies a credential store in a
76 * mechanism- and implementation-specific way, though Heimdal and MIT agree on
77 * at least the following keys for the Kerberos mechanism: ccache, keytab, and
78 * client_keytab. A set of environment variables may be output as well
80 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
81 gss_store_cred_into2(OM_uint32 *minor_status,
82 gss_const_cred_id_t input_cred_handle,
83 gss_cred_usage_t input_usage,
84 const gss_OID desired_mech,
85 OM_uint32 store_cred_flags,
86 gss_const_key_value_set_t cred_store,
87 gss_OID_set *elements_stored,
88 gss_cred_usage_t *cred_usage_stored,
89 gss_buffer_set_t *env)
91 struct _gss_cred *cred = (struct _gss_cred *)input_cred_handle;
92 struct _gss_mechanism_cred *mc;
93 OM_uint32 major_status;
100 if (input_cred_handle == NULL)
101 return GSS_S_CALL_INACCESSIBLE_READ;
103 if (minor_status == NULL)
104 return GSS_S_CALL_INACCESSIBLE_WRITE;
107 if (cred_usage_stored)
108 *cred_usage_stored = 0;
110 if (elements_stored) {
111 *elements_stored = GSS_C_NO_OID_SET;
113 major_status = gss_create_empty_oid_set(minor_status,
115 if (major_status != GSS_S_COMPLETE)
119 major_status = GSS_S_NO_CRED;
122 HEIM_TAILQ_FOREACH(mc, &cred->gc_mc, gmc_link) {
123 gssapi_mech_interface m = mc->gmc_mech;
125 if (m == NULL || (m->gm_flags & GM_USE_MG_CRED) != 0)
128 if (desired_mech != GSS_C_NO_OID &&
129 !gss_oid_equal(&m->gm_mech_oid, desired_mech))
132 major_status = store_mech_cred(minor_status, m, mc, input_usage,
133 store_cred_flags, cred_store,
134 cred_usage_stored, env);
135 if (major_status == GSS_S_COMPLETE) {
136 if (elements_stored && desired_mech != GSS_C_NO_OID)
137 gss_add_oid_set_member(&minor, desired_mech, elements_stored);
139 } else if (desired_mech != GSS_C_NO_OID) {
140 _gss_mg_error(m, *minor_status);
141 gss_release_oid_set(&minor, elements_stored);
148 major_status = GSS_S_COMPLETE;
151 heim_assert(successes || major_status != GSS_S_COMPLETE,
152 "cred storage failed, but no error raised");
158 * See RFC5588 for gss_store_cred(). This function is a variant that takes a
159 * const key/value hashmap-like thing that specifies a credential store in a
160 * mechanism- and implementation-specific way, though Heimdal and MIT agree on
161 * at least the following keys for the Kerberos mechanism: ccache, keytab, and
164 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
165 gss_store_cred_into(OM_uint32 *minor_status,
166 gss_const_cred_id_t input_cred_handle,
167 gss_cred_usage_t input_usage,
168 const gss_OID desired_mech,
169 OM_uint32 overwrite_cred,
170 OM_uint32 default_cred,
171 gss_const_key_value_set_t cred_store,
172 gss_OID_set *elements_stored,
173 gss_cred_usage_t *cred_usage_stored)
175 OM_uint32 store_cred_flags =
176 (overwrite_cred ? GSS_C_STORE_CRED_OVERWRITE : 0) |
177 (default_cred ? GSS_C_STORE_CRED_DEFAULT : 0);
178 return gss_store_cred_into2(minor_status, input_cred_handle, input_usage,
179 desired_mech, store_cred_flags, cred_store,
180 elements_stored, cred_usage_stored, NULL);