| /* |
| * CDDL HEADER START |
| * |
| * The contents of this file are subject to the terms of the |
| * Common Development and Distribution License (the "License"). |
| * You may not use this file except in compliance with the License. |
| * |
| * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
| * or http://www.opensolaris.org/os/licensing. |
| * See the License for the specific language governing permissions |
| * and limitations under the License. |
| * |
| * When distributing Covered Code, include this CDDL HEADER in each |
| * file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
| * If applicable, add the following below this CDDL HEADER, with the |
| * fields enclosed by brackets "[]" replaced with your own identifying |
| * information: Portions Copyright [yyyy] [name of copyright owner] |
| * |
| * CDDL HEADER END |
| */ |
| /* |
| * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. |
| */ |
| |
| /* |
| * glue routine for gss_inquire_cred |
| */ |
| |
| #include <mechglueP.h> |
| #include "gssapiP_generic.h" |
| #include <stdio.h> |
| #include <stdlib.h> |
| #include <string.h> |
| #include <time.h> |
| |
| OM_uint32 |
| gss_inquire_cred(minor_status, |
| cred_handle, |
| name, |
| lifetime, |
| cred_usage, |
| mechanisms) |
| |
| OM_uint32 *minor_status; |
| const gss_cred_id_t cred_handle; |
| gss_name_t *name; |
| OM_uint32 *lifetime; |
| int *cred_usage; |
| gss_OID_set *mechanisms; |
| |
| { |
| OM_uint32 status, elapsed_time, temp_minor_status; |
| gss_union_cred_t union_cred; |
| gss_mechanism mech; |
| gss_name_t internal_name; |
| int i; |
| |
| /* Initialize outputs. */ |
| |
| if (minor_status != NULL) |
| *minor_status = 0; |
| |
| if (name != NULL) |
| *name = GSS_C_NO_NAME; |
| |
| if (mechanisms != NULL) |
| *mechanisms = GSS_C_NO_OID_SET; |
| |
| /* Validate arguments. */ |
| if (minor_status == NULL) |
| return (GSS_S_CALL_INACCESSIBLE_WRITE); |
| |
| if (cred_handle == GSS_C_NO_CREDENTIAL) { |
| /* |
| * No credential was supplied. This means we can't get a mechanism |
| * pointer to call the mechanism specific gss_inquire_cred. |
| * So, call get_mechanism with an arguement of GSS_C_NULL_OID. |
| * get_mechanism will return the first mechanism in the mech |
| * array, which becomes the default mechanism. |
| */ |
| |
| if ((mech = __gss_get_mechanism(GSS_C_NULL_OID)) == NULL) |
| return (GSS_S_DEFECTIVE_CREDENTIAL); |
| |
| if (!mech->gss_inquire_cred) |
| return (GSS_S_UNAVAILABLE); |
| |
| status = mech->gss_inquire_cred(mech->context, minor_status, |
| GSS_C_NO_CREDENTIAL, |
| name ? &internal_name : NULL, |
| lifetime, cred_usage, |
| mechanisms); |
| |
| if (status != GSS_S_COMPLETE) { |
| map_error(minor_status, mech); |
| return (status); |
| } |
| |
| if (name) { |
| /* |
| * Convert internal_name into a union_name equivalent. |
| */ |
| status = __gss_convert_name_to_union_name( |
| &temp_minor_status, mech, |
| internal_name, name); |
| if (status != GSS_S_COMPLETE) { |
| *minor_status = temp_minor_status; |
| map_error(minor_status, mech); |
| if (mechanisms && *mechanisms) { |
| (void) gss_release_oid_set( |
| &temp_minor_status, |
| mechanisms); |
| } |
| return (status); |
| } |
| } |
| return (GSS_S_COMPLETE); |
| } |
| |
| /* get the cred_handle cast as a union_credentials structure */ |
| |
| union_cred = (gss_union_cred_t)cred_handle; |
| |
| /* |
| * get the information out of the union_cred structure that was |
| * placed there during gss_acquire_cred. |
| */ |
| |
| if (cred_usage != NULL) |
| *cred_usage = union_cred->auxinfo.cred_usage; |
| |
| if (lifetime != NULL) { |
| elapsed_time = time(0) - union_cred->auxinfo.creation_time; |
| *lifetime = union_cred->auxinfo.time_rec < elapsed_time ? 0 : |
| union_cred->auxinfo.time_rec - elapsed_time; |
| } |
| |
| /* |
| * if name is non_null, |
| * call gss_import_name() followed by gss_canonicalize_name() |
| * to get a mechanism specific name passed back to the caller. |
| * If this call fails, return failure to our caller. |
| * XXX The cred_handle may contain an array of mechanism OID's |
| * but we only return the MN for the first mechanism to the caller. |
| * In theory, we should modify this to provide an array of MN's |
| * one per mechanism back to the caller. |
| */ |
| |
| if (name != NULL) { |
| if (union_cred->auxinfo.name.length == 0) { |
| *name = GSS_C_NO_NAME; |
| } else if ((gss_import_name(minor_status, |
| &union_cred->auxinfo.name, |
| union_cred->auxinfo.name_type, |
| name) != GSS_S_COMPLETE) || |
| (gss_canonicalize_name(minor_status, *name, |
| &union_cred->mechs_array[0], |
| NULL) != GSS_S_COMPLETE)) { |
| status = GSS_S_DEFECTIVE_CREDENTIAL; |
| goto error; |
| } |
| } |
| |
| /* |
| * copy the mechanism set in union_cred into an OID set and return in |
| * the mechanisms parameter. |
| */ |
| if (mechanisms != NULL) { |
| status = GSS_S_FAILURE; |
| *mechanisms = (gss_OID_set) malloc(sizeof (gss_OID_set_desc)); |
| if (*mechanisms == NULL) |
| goto error; |
| |
| (*mechanisms)->count = 0; |
| (*mechanisms)->elements = |
| (gss_OID) malloc(sizeof (gss_OID_desc) * |
| union_cred->count); |
| |
| if ((*mechanisms)->elements == NULL) { |
| free(*mechanisms); |
| *mechanisms = NULL; |
| goto error; |
| } |
| |
| for (i = 0; i < union_cred->count; i++) { |
| (*mechanisms)->elements[i].elements = (void *) |
| malloc(union_cred->mechs_array[i].length); |
| if ((*mechanisms)->elements[i].elements == NULL) |
| goto error; |
| g_OID_copy(&(*mechanisms)->elements[i], |
| &union_cred->mechs_array[i]); |
| (*mechanisms)->count++; |
| } |
| } |
| |
| return (GSS_S_COMPLETE); |
| |
| error: |
| /* |
| * cleanup any allocated memory - we can just call |
| * gss_release_oid_set, because the set is constructed so that |
| * count always references the currently copied number of |
| * elements. |
| */ |
| if (mechanisms && *mechanisms != NULL) |
| (void) gss_release_oid_set(&temp_minor_status, mechanisms); |
| |
| if (name && *name != NULL) |
| (void) gss_release_name(&temp_minor_status, name); |
| |
| return (status); |
| } |
| |
| OM_uint32 |
| gss_inquire_cred_by_mech(minor_status, cred_handle, mech_type, name, |
| initiator_lifetime, acceptor_lifetime, cred_usage) |
| OM_uint32 *minor_status; |
| const gss_cred_id_t cred_handle; |
| const gss_OID mech_type; |
| gss_name_t *name; |
| OM_uint32 *initiator_lifetime; |
| OM_uint32 *acceptor_lifetime; |
| gss_cred_usage_t *cred_usage; |
| { |
| gss_union_cred_t union_cred; |
| gss_cred_id_t mech_cred; |
| gss_mechanism mech; |
| OM_uint32 status, temp_minor_status; |
| gss_name_t internal_name; |
| |
| if (minor_status != NULL) |
| *minor_status = 0; |
| |
| if (name != NULL) |
| *name = GSS_C_NO_NAME; |
| |
| if (minor_status == NULL) |
| return (GSS_S_CALL_INACCESSIBLE_WRITE); |
| |
| mech = __gss_get_mechanism(mech_type); |
| if (!mech) |
| return (GSS_S_BAD_MECH); |
| if (!mech->gss_inquire_cred_by_mech) |
| return (GSS_S_UNAVAILABLE); |
| |
| union_cred = (gss_union_cred_t)cred_handle; |
| mech_cred = __gss_get_mechanism_cred(union_cred, mech_type); |
| if (mech_cred == NULL) |
| return (GSS_S_DEFECTIVE_CREDENTIAL); |
| |
| if (mech->gss_inquire_cred_by_mech != NULL) { |
| status = mech->gss_inquire_cred_by_mech(mech->context, |
| minor_status, |
| mech_cred, mech_type, |
| name ? &internal_name : NULL, |
| initiator_lifetime, |
| acceptor_lifetime, cred_usage); |
| |
| if (status != GSS_S_COMPLETE) { |
| map_error(minor_status, mech); |
| return (status); |
| } |
| |
| if (name) { |
| /* |
| * Convert internal_name into a union_name equivalent. |
| */ |
| status = __gss_convert_name_to_union_name( |
| &temp_minor_status, mech, |
| internal_name, name); |
| if (status != GSS_S_COMPLETE) { |
| *minor_status = temp_minor_status; |
| map_error(minor_status, mech); |
| return (status); |
| } |
| } |
| } else { |
| return (GSS_S_UNAVAILABLE); |
| } |
| |
| return (GSS_S_COMPLETE); |
| } |