Line data Source code
1 : /*
2 : * Copyright (c) 2004, PADL Software Pty Ltd.
3 : * All rights reserved.
4 : *
5 : * Redistribution and use in source and binary forms, with or without
6 : * modification, are permitted provided that the following conditions
7 : * are met:
8 : *
9 : * 1. Redistributions of source code must retain the above copyright
10 : * notice, this list of conditions and the following disclaimer.
11 : *
12 : * 2. Redistributions in binary form must reproduce the above copyright
13 : * notice, this list of conditions and the following disclaimer in the
14 : * documentation and/or other materials provided with the distribution.
15 : *
16 : * 3. Neither the name of PADL Software nor the names of its contributors
17 : * may be used to endorse or promote products derived from this software
18 : * without specific prior written permission.
19 : *
20 : * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
21 : * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 : * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 : * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
24 : * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 : * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 : * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 : * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 : * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 : * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 : * SUCH DAMAGE.
31 : */
32 :
33 : #include "gsskrb5_locl.h"
34 :
35 : static OM_uint32
36 77400 : import_cred(OM_uint32 *minor_status,
37 : krb5_context context,
38 : gss_cred_id_t *cred_handle,
39 : const gss_buffer_t value)
40 : {
41 2776 : OM_uint32 major_stat;
42 2776 : krb5_error_code ret;
43 77400 : krb5_principal keytab_principal = NULL;
44 77400 : krb5_keytab keytab = NULL;
45 77400 : krb5_storage *sp = NULL;
46 77400 : krb5_ccache id = NULL;
47 2776 : char *str;
48 :
49 77400 : if (cred_handle == NULL || *cred_handle != GSS_C_NO_CREDENTIAL) {
50 0 : *minor_status = 0;
51 0 : return GSS_S_FAILURE;
52 : }
53 :
54 77400 : sp = krb5_storage_from_mem(value->value, value->length);
55 77400 : if (sp == NULL) {
56 0 : *minor_status = 0;
57 0 : return GSS_S_FAILURE;
58 : }
59 :
60 : /* credential cache name */
61 77400 : ret = krb5_ret_string(sp, &str);
62 77400 : if (ret) {
63 0 : *minor_status = ret;
64 0 : major_stat = GSS_S_FAILURE;
65 0 : goto out;
66 : }
67 77400 : if (str[0]) {
68 14541 : ret = krb5_cc_resolve(context, str, &id);
69 14541 : if (ret) {
70 0 : *minor_status = ret;
71 0 : major_stat = GSS_S_FAILURE;
72 0 : goto out;
73 : }
74 : }
75 77400 : free(str);
76 77400 : str = NULL;
77 :
78 : /* keytab principal name */
79 77400 : ret = krb5_ret_string(sp, &str);
80 77400 : if (ret == 0 && str[0])
81 61041 : ret = krb5_parse_name(context, str, &keytab_principal);
82 77400 : if (ret) {
83 0 : *minor_status = ret;
84 0 : major_stat = GSS_S_FAILURE;
85 0 : goto out;
86 : }
87 77400 : free(str);
88 77400 : str = NULL;
89 :
90 : /* keytab principal */
91 77400 : ret = krb5_ret_string(sp, &str);
92 77400 : if (ret) {
93 0 : *minor_status = ret;
94 0 : major_stat = GSS_S_FAILURE;
95 0 : goto out;
96 : }
97 77400 : if (str[0]) {
98 62859 : ret = krb5_kt_resolve(context, str, &keytab);
99 62859 : if (ret) {
100 0 : *minor_status = ret;
101 0 : major_stat = GSS_S_FAILURE;
102 0 : goto out;
103 : }
104 : }
105 77400 : free(str);
106 77400 : str = NULL;
107 :
108 77400 : major_stat = _gsskrb5_krb5_import_cred(minor_status, &id, keytab_principal,
109 : keytab, cred_handle);
110 77400 : out:
111 77400 : if (id)
112 0 : krb5_cc_close(context, id);
113 77400 : if (keytab_principal)
114 61041 : krb5_free_principal(context, keytab_principal);
115 77400 : if (keytab)
116 62859 : krb5_kt_close(context, keytab);
117 77400 : if (str)
118 0 : free(str);
119 77400 : if (sp)
120 77400 : krb5_storage_free(sp);
121 :
122 77400 : return major_stat;
123 : }
124 :
125 :
126 : static OM_uint32
127 12761 : allowed_enctypes(OM_uint32 *minor_status,
128 : krb5_context context,
129 : gss_cred_id_t *cred_handle,
130 : const gss_buffer_t value)
131 : {
132 592 : OM_uint32 major_stat;
133 592 : krb5_error_code ret;
134 592 : size_t len, i;
135 12761 : krb5_enctype *enctypes = NULL;
136 12761 : krb5_storage *sp = NULL;
137 592 : gsskrb5_cred cred;
138 :
139 12761 : if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL) {
140 0 : *minor_status = 0;
141 0 : return GSS_S_FAILURE;
142 : }
143 :
144 12761 : cred = (gsskrb5_cred)*cred_handle;
145 :
146 12761 : if ((value->length % 4) != 0) {
147 0 : *minor_status = 0;
148 0 : major_stat = GSS_S_FAILURE;
149 0 : goto out;
150 : }
151 :
152 : /* serialized as int32_t[], but stored as krb5_enctype[] */
153 12761 : len = value->length / 4;
154 12761 : enctypes = malloc((len + 1) * sizeof(krb5_enctype));
155 12761 : if (enctypes == NULL) {
156 0 : *minor_status = ENOMEM;
157 0 : major_stat = GSS_S_FAILURE;
158 0 : goto out;
159 : }
160 :
161 12761 : sp = krb5_storage_from_mem(value->value, value->length);
162 12761 : if (sp == NULL) {
163 0 : *minor_status = ENOMEM;
164 0 : major_stat = GSS_S_FAILURE;
165 0 : goto out;
166 : }
167 :
168 87977 : for (i = 0; i < len; i++) {
169 3552 : int32_t e;
170 :
171 75216 : ret = krb5_ret_int32(sp, &e);
172 75216 : if (ret) {
173 0 : *minor_status = ret;
174 0 : major_stat = GSS_S_FAILURE;
175 0 : goto out;
176 : }
177 75216 : enctypes[i] = e;
178 : }
179 12761 : enctypes[i] = KRB5_ENCTYPE_NULL;
180 :
181 12761 : if (cred->enctypes)
182 0 : free(cred->enctypes);
183 12761 : cred->enctypes = enctypes;
184 :
185 12761 : krb5_storage_free(sp);
186 :
187 12761 : return GSS_S_COMPLETE;
188 :
189 0 : out:
190 0 : if (sp)
191 0 : krb5_storage_free(sp);
192 0 : if (enctypes)
193 0 : free(enctypes);
194 :
195 0 : return major_stat;
196 : }
197 :
198 : static OM_uint32
199 14541 : no_ci_flags(OM_uint32 *minor_status,
200 : krb5_context context,
201 : gss_cred_id_t *cred_handle,
202 : const gss_buffer_t value)
203 : {
204 592 : gsskrb5_cred cred;
205 :
206 14541 : if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL) {
207 0 : *minor_status = 0;
208 0 : return GSS_S_FAILURE;
209 : }
210 :
211 14541 : cred = (gsskrb5_cred)*cred_handle;
212 14541 : cred->cred_flags |= GSS_CF_NO_CI_FLAGS;
213 :
214 14541 : *minor_status = 0;
215 14541 : return GSS_S_COMPLETE;
216 :
217 : }
218 :
219 :
220 : OM_uint32 GSSAPI_CALLCONV
221 104702 : _gsskrb5_set_cred_option
222 : (OM_uint32 *minor_status,
223 : gss_cred_id_t *cred_handle,
224 : const gss_OID desired_object,
225 : const gss_buffer_t value)
226 : {
227 3960 : krb5_context context;
228 :
229 104702 : GSSAPI_KRB5_INIT (&context);
230 :
231 104702 : if (value == GSS_C_NO_BUFFER) {
232 0 : *minor_status = EINVAL;
233 0 : return GSS_S_FAILURE;
234 : }
235 :
236 104702 : if (gss_oid_equal(desired_object, GSS_KRB5_IMPORT_CRED_X))
237 77400 : return import_cred(minor_status, context, cred_handle, value);
238 :
239 27302 : if (gss_oid_equal(desired_object, GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X))
240 12761 : return allowed_enctypes(minor_status, context, cred_handle, value);
241 :
242 14541 : if (gss_oid_equal(desired_object, GSS_KRB5_CRED_NO_CI_FLAGS_X)) {
243 15133 : return no_ci_flags(minor_status, context, cred_handle, value);
244 : }
245 :
246 :
247 0 : *minor_status = EINVAL;
248 0 : return GSS_S_FAILURE;
249 : }
|
