2 * Copyright (c) 2000 - 2001, 2003 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "gssapi_locl.h"
36 RCSID("$Id: copy_ccache.c,v 1.13 2005/11/28 23:05:44 lha Exp $");
39 gss_krb5_copy_ccache(OM_uint32 *minor_status,
45 HEIMDAL_MUTEX_lock(&cred->cred_id_mutex);
47 if (cred->ccache == NULL) {
48 HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
49 *minor_status = EINVAL;
53 kret = krb5_cc_copy_cache(gssapi_krb5_context, cred->ccache, out);
54 HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
57 gssapi_krb5_set_error_string ();
61 return GSS_S_COMPLETE;
66 gss_krb5_import_cred(OM_uint32 *minor_status,
68 krb5_principal keytab_principal,
80 handle = (gss_cred_id_t)calloc(1, sizeof(*handle));
81 if (handle == GSS_C_NO_CREDENTIAL) {
82 gssapi_krb5_clear_status ();
83 *minor_status = ENOMEM;
84 return (GSS_S_FAILURE);
86 HEIMDAL_MUTEX_init(&handle->cred_id_mutex);
93 handle->usage |= GSS_C_INITIATE;
95 kret = krb5_cc_get_principal(gssapi_krb5_context, id,
99 gssapi_krb5_set_error_string ();
100 *minor_status = kret;
101 return GSS_S_FAILURE;
104 if (keytab_principal) {
107 match = krb5_principal_compare(gssapi_krb5_context,
110 if (match == FALSE) {
111 krb5_free_principal(gssapi_krb5_context, handle->principal);
113 gssapi_krb5_clear_status ();
114 *minor_status = EINVAL;
115 return GSS_S_FAILURE;
119 ret = _gssapi_krb5_ccache_lifetime(minor_status,
123 if (ret != GSS_S_COMPLETE) {
124 krb5_free_principal(gssapi_krb5_context, handle->principal);
130 kret = krb5_cc_get_full_name(gssapi_krb5_context, id, &str);
134 kret = krb5_cc_resolve(gssapi_krb5_context, str, &handle->ccache);
144 handle->usage |= GSS_C_ACCEPT;
146 if (keytab_principal && handle->principal == NULL) {
147 kret = krb5_copy_principal(gssapi_krb5_context,
154 kret = krb5_kt_get_full_name(gssapi_krb5_context, keytab, &str);
158 kret = krb5_kt_resolve(gssapi_krb5_context, str, &handle->keytab);
166 ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
167 if (ret == GSS_S_COMPLETE)
168 ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
169 &handle->mechanisms);
170 if (ret != GSS_S_COMPLETE) {
171 kret = *minor_status;
178 return GSS_S_COMPLETE;
181 gssapi_krb5_set_error_string ();
182 if (handle->principal)
183 krb5_free_principal(gssapi_krb5_context, handle->principal);
184 HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
186 *minor_status = kret;
187 return GSS_S_FAILURE;
192 gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status,
193 gss_ctx_id_t context_handle,
195 gss_buffer_t ad_data)
200 ad_data->value = NULL;
203 HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
204 if (context_handle->ticket == NULL) {
205 HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
206 *minor_status = EINVAL;
207 return GSS_S_FAILURE;
210 ret = krb5_ticket_get_authorization_data_type(gssapi_krb5_context,
211 context_handle->ticket,
214 HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
217 return GSS_S_FAILURE;
220 ad_data->value = malloc(data.length);
221 if (ad_data->value == NULL) {
222 krb5_data_free(&data);
223 *minor_status = ENOMEM;
224 return GSS_S_FAILURE;
227 ad_data->length = data.length;
228 memcpy(ad_data->value, data.data, ad_data->length);
229 krb5_data_free(&data);
232 return GSS_S_COMPLETE;
236 gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status,
237 gss_ctx_id_t context_handle,
240 HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
241 if (context_handle->ticket == NULL) {
242 HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
243 *minor_status = EINVAL;
244 return GSS_S_FAILURE;
247 *authtime = context_handle->ticket->ticket.authtime;
248 HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
251 return GSS_S_COMPLETE;
254 OM_uint32 gss_krb5_copy_service_keyblock
255 (OM_uint32 *minor_status,
256 gss_ctx_id_t context_handle,
257 struct EncryptionKey **out)
261 HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
262 if (context_handle->service_keyblock == NULL) {
263 HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
264 *minor_status = EINVAL;
265 return GSS_S_FAILURE;
268 ret = krb5_copy_keyblock(gssapi_krb5_context,
269 context_handle->service_keyblock,
272 HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
275 return GSS_S_FAILURE;
279 return GSS_S_COMPLETE;