1 /* $NetBSD: gss_acquire_cred.c,v 1.2 2017/01/28 21:31:46 christos Exp $ */ 2 3 /*- 4 * Copyright (c) 2005 Doug Rabson 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 * 28 * $FreeBSD: src/lib/libgssapi/gss_acquire_cred.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ 29 */ 30 31 #include "mech_locl.h" 32 33 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 34 gss_acquire_cred(OM_uint32 *minor_status, 35 gss_const_name_t desired_name, 36 OM_uint32 time_req, 37 const gss_OID_set desired_mechs, 38 gss_cred_usage_t cred_usage, 39 gss_cred_id_t *output_cred_handle, 40 gss_OID_set *actual_mechs, 41 OM_uint32 *time_rec) 42 { 43 OM_uint32 major_status; 44 gss_OID_set mechs = desired_mechs; 45 gss_OID_set_desc set; 46 struct _gss_name *name = (struct _gss_name *) desired_name; 47 gssapi_mech_interface m; 48 struct _gss_cred *cred; 49 struct _gss_mechanism_cred *mc; 50 OM_uint32 min_time, cred_time; 51 size_t i; 52 53 *minor_status = 0; 54 if (output_cred_handle == NULL) 55 return GSS_S_CALL_INACCESSIBLE_READ; 56 if (actual_mechs) 57 *actual_mechs = GSS_C_NO_OID_SET; 58 if (time_rec) 59 *time_rec = 0; 60 61 _gss_load_mech(); 62 63 /* 64 * First make sure that at least one of the requested 65 * mechanisms is one that we support. 66 */ 67 if (mechs) { 68 for (i = 0; i < mechs->count; i++) { 69 int t; 70 gss_test_oid_set_member(minor_status, 71 &mechs->elements[i], _gss_mech_oids, &t); 72 if (t) 73 break; 74 } 75 if (i == mechs->count) { 76 *minor_status = 0; 77 return (GSS_S_BAD_MECH); 78 } 79 } 80 81 if (actual_mechs) { 82 major_status = gss_create_empty_oid_set(minor_status, 83 actual_mechs); 84 if (major_status) 85 return (major_status); 86 } 87 88 cred = malloc(sizeof(struct _gss_cred)); 89 if (!cred) { 90 if (actual_mechs) 91 gss_release_oid_set(minor_status, actual_mechs); 92 *minor_status = ENOMEM; 93 return (GSS_S_FAILURE); 94 } 95 HEIM_SLIST_INIT(&cred->gc_mc); 96 97 if (mechs == GSS_C_NO_OID_SET) 98 mechs = _gss_mech_oids; 99 100 set.count = 1; 101 min_time = GSS_C_INDEFINITE; 102 for (i = 0; i < mechs->count; i++) { 103 struct _gss_mechanism_name *mn = NULL; 104 105 m = __gss_get_mechanism(&mechs->elements[i]); 106 if (!m) 107 continue; 108 109 if (desired_name != GSS_C_NO_NAME) { 110 major_status = _gss_find_mn(minor_status, name, 111 &mechs->elements[i], &mn); 112 if (major_status != GSS_S_COMPLETE) 113 continue; 114 } 115 116 mc = malloc(sizeof(struct _gss_mechanism_cred)); 117 if (!mc) { 118 continue; 119 } 120 mc->gmc_mech = m; 121 mc->gmc_mech_oid = &m->gm_mech_oid; 122 123 /* 124 * XXX Probably need to do something with actual_mechs. 125 */ 126 set.elements = &mechs->elements[i]; 127 major_status = m->gm_acquire_cred(minor_status, 128 (desired_name != GSS_C_NO_NAME 129 ? mn->gmn_name : GSS_C_NO_NAME), 130 time_req, &set, cred_usage, 131 &mc->gmc_cred, NULL, &cred_time); 132 if (major_status) { 133 free(mc); 134 continue; 135 } 136 if (cred_time < min_time) 137 min_time = cred_time; 138 139 if (actual_mechs) { 140 major_status = gss_add_oid_set_member(minor_status, 141 mc->gmc_mech_oid, actual_mechs); 142 if (major_status) { 143 m->gm_release_cred(minor_status, 144 &mc->gmc_cred); 145 free(mc); 146 continue; 147 } 148 } 149 150 HEIM_SLIST_INSERT_HEAD(&cred->gc_mc, mc, gmc_link); 151 } 152 153 /* 154 * If we didn't manage to create a single credential, return 155 * an error. 156 */ 157 if (!HEIM_SLIST_FIRST(&cred->gc_mc)) { 158 free(cred); 159 if (actual_mechs) 160 gss_release_oid_set(minor_status, actual_mechs); 161 *minor_status = 0; 162 return (GSS_S_NO_CRED); 163 } 164 165 if (time_rec) 166 *time_rec = min_time; 167 *output_cred_handle = (gss_cred_id_t) cred; 168 *minor_status = 0; 169 return (GSS_S_COMPLETE); 170 } 171
Indexes created Fri Jun 26 00:24:39 UTC 2026