source/heimdal/lib/gssapi/copy_ccache.c

   1 /*
   2  * Copyright (c) 2000 - 2001, 2003 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. Neither the name of the Institute nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33
  34 #include "gssapi_locl.h"
  35
  36 RCSID("$Id: copy_ccache.c,v 1.13 2005/11/28 23:05:44 lha Exp $");
  37
  38 OM_uint32
  39 gss_krb5_copy_ccache(OM_uint32 *minor_status,
  40                      gss_cred_id_t cred,
  41                      krb5_ccache out)
  42 {
  43     krb5_error_code kret;
  44
  45     HEIMDAL_MUTEX_lock(&cred->cred_id_mutex);
  46
  47     if (cred->ccache == NULL) {
  48         HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
  49         *minor_status = EINVAL;
  50         return GSS_S_FAILURE;
  51     }
  52
  53     kret = krb5_cc_copy_cache(gssapi_krb5_context, cred->ccache, out);
  54     HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
  55     if (kret) {
  56         *minor_status = kret;
  57         gssapi_krb5_set_error_string ();
  58         return GSS_S_FAILURE;
  59     }
  60     *minor_status = 0;
  61     return GSS_S_COMPLETE;
  62 }
  63
  64
  65 OM_uint32
  66 gss_krb5_import_cred(OM_uint32 *minor_status,
  67                      krb5_ccache id,
  68                      krb5_principal keytab_principal,
  69                      krb5_keytab keytab,
  70                      gss_cred_id_t *cred)
  71 {
  72     krb5_error_code kret;
  73     gss_cred_id_t handle;
  74     OM_uint32 ret;
  75
  76     *cred = NULL;
  77
  78     GSSAPI_KRB5_INIT ();
  79
  80     handle = (gss_cred_id_t)calloc(1, sizeof(*handle));
  81     if (handle == GSS_C_NO_CREDENTIAL) {
  82         gssapi_krb5_clear_status ();
  83         *minor_status = ENOMEM;
  84         return (GSS_S_FAILURE);
  85     }
  86     HEIMDAL_MUTEX_init(&handle->cred_id_mutex);
  87
  88     handle->usage = 0;
  89
  90     if (id) {
  91         char *str;
  92
  93         handle->usage |= GSS_C_INITIATE;
  94
  95         kret = krb5_cc_get_principal(gssapi_krb5_context, id,
  96                                      &handle->principal);
  97         if (kret) {
  98             free(handle);
  99             gssapi_krb5_set_error_string ();
 100             *minor_status = kret;
 101             return GSS_S_FAILURE;
 102         }
 103
 104         if (keytab_principal) {
 105             krb5_boolean match;
 106
 107             match = krb5_principal_compare(gssapi_krb5_context,
 108                                            handle->principal,
 109                                            keytab_principal);
 110             if (match == FALSE) {
 111                 krb5_free_principal(gssapi_krb5_context, handle->principal);
 112                 free(handle);
 113                 gssapi_krb5_clear_status ();
 114                 *minor_status = EINVAL;
 115                 return GSS_S_FAILURE;
 116             }
 117         }
 118
 119         ret = _gssapi_krb5_ccache_lifetime(minor_status,
 120                                            id,
 121                                            handle->principal,
 122                                            &handle->lifetime);
 123         if (ret != GSS_S_COMPLETE) {
 124             krb5_free_principal(gssapi_krb5_context, handle->principal);
 125             free(handle);
 126             return ret;
 127         }
 128
 129
 130         kret = krb5_cc_get_full_name(gssapi_krb5_context, id, &str);
 131         if (kret)
 132             goto out;
 133
 134         kret = krb5_cc_resolve(gssapi_krb5_context, str, &handle->ccache);
 135         free(str);
 136         if (kret)
 137             goto out;
 138     }
 139
 140
 141     if (keytab) {
 142         char *str;
 143
 144         handle->usage |= GSS_C_ACCEPT;
 145
 146         if (keytab_principal && handle->principal == NULL) {
 147             kret = krb5_copy_principal(gssapi_krb5_context,
 148                                        keytab_principal,
 149                                        &handle->principal);
 150             if (kret)
 151                 goto out;
 152         }
 153
 154         kret = krb5_kt_get_full_name(gssapi_krb5_context, keytab, &str);
 155         if (kret)
 156             goto out;
 157
 158         kret = krb5_kt_resolve(gssapi_krb5_context, str, &handle->keytab);
 159         free(str);
 160         if (kret)
 161             goto out;
 162     }
 163
 164
 165     if (id || keytab) {
 166         ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
 167         if (ret == GSS_S_COMPLETE)
 168             ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
 169                                          &handle->mechanisms);
 170         if (ret != GSS_S_COMPLETE) {
 171             kret = *minor_status;
 172             goto out;
 173         }
 174     }
 175
 176     *minor_status = 0;
 177     *cred = handle;
 178     return GSS_S_COMPLETE;
 179
 180 out:
 181     gssapi_krb5_set_error_string ();
 182     if (handle->principal)
 183         krb5_free_principal(gssapi_krb5_context, handle->principal);
 184     HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
 185     free(handle);
 186     *minor_status = kret;
 187     return GSS_S_FAILURE;
 188 }
 189
 190
 191 OM_uint32
 192 gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status,
 193                                             gss_ctx_id_t context_handle,
 194                                             int ad_type,
 195                                             gss_buffer_t ad_data)
 196 {
 197     krb5_error_code ret;
 198     krb5_data data;
 199
 200     ad_data->value = NULL;
 201     ad_data->length = 0;
 202
 203     HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
 204     if (context_handle->ticket == NULL) {
 205         HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
 206         *minor_status = EINVAL;
 207         return GSS_S_FAILURE;
 208     }
 209
 210     ret = krb5_ticket_get_authorization_data_type(gssapi_krb5_context,
 211                                                   context_handle->ticket,
 212                                                   ad_type,
 213                                                   &data);
 214     HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
 215     if (ret) {
 216         *minor_status = ret;
 217         return GSS_S_FAILURE;
 218     }
 219
 220     ad_data->value = malloc(data.length);
 221     if (ad_data->value == NULL) {
 222         krb5_data_free(&data);
 223         *minor_status = ENOMEM;
 224         return GSS_S_FAILURE;
 225     }
 226
 227     ad_data->length = data.length;
 228     memcpy(ad_data->value, data.data, ad_data->length);
 229     krb5_data_free(&data);
 230
 231     *minor_status = 0;
 232     return GSS_S_COMPLETE;
 233 }
 234
 235 OM_uint32
 236 gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status,
 237                                           gss_ctx_id_t context_handle,
 238                                           time_t *authtime)
 239 {
 240     HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
 241     if (context_handle->ticket == NULL) {
 242         HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
 243         *minor_status = EINVAL;
 244         return GSS_S_FAILURE;
 245     }
 246
 247     *authtime = context_handle->ticket->ticket.authtime;
 248     HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
 249
 250     *minor_status = 0;
 251     return GSS_S_COMPLETE;
 252 }
 253
 254 OM_uint32 gss_krb5_copy_service_keyblock
 255         (OM_uint32 *minor_status,
 256          gss_ctx_id_t context_handle,
 257          struct EncryptionKey **out)
 258 {
 259     krb5_error_code ret;
 260
 261     HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
 262     if (context_handle->service_keyblock == NULL) {
 263         HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
 264         *minor_status = EINVAL;
 265         return GSS_S_FAILURE;
 266     }
 267
 268     ret = krb5_copy_keyblock(gssapi_krb5_context,
 269                              context_handle->service_keyblock,
 270                              out);
 271
 272     HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
 273     if (ret) {
 274         *minor_status = ret;
 275         return GSS_S_FAILURE;
 276     }
 277
 278     *minor_status = 0;
 279     return GSS_S_COMPLETE;
 280 }