-: 0:Source:inq_cred.c -: 0:Graph:/var/tsitkova/Sources/v10/trunk/src/lib/gssapi/krb5/inq_cred.so.gcno -: 0:Data:/var/tsitkova/Sources/v10/trunk/src/lib/gssapi/krb5/inq_cred.so.gcda -: 0:Runs:1069 -: 0:Programs:1 -: 1:/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -: 2:/* -: 3: * Copyright 2000, 2007 by the Massachusetts Institute of Technology. -: 4: * All Rights Reserved. -: 5: * -: 6: * Export of this software from the United States of America may -: 7: * require a specific license from the United States Government. -: 8: * It is the responsibility of any person or organization contemplating -: 9: * export to obtain such a license before exporting. -: 10: * -: 11: * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and -: 12: * distribute this software and its documentation for any purpose and -: 13: * without fee is hereby granted, provided that the above copyright -: 14: * notice appear in all copies and that both that copyright notice and -: 15: * this permission notice appear in supporting documentation, and that -: 16: * the name of M.I.T. not be used in advertising or publicity pertaining -: 17: * to distribution of the software without specific, written prior -: 18: * permission. Furthermore if you modify this software you must label -: 19: * your software as modified software and not distribute it in such a -: 20: * fashion that it might be confused with the original M.I.T. software. -: 21: * M.I.T. makes no representations about the suitability of -: 22: * this software for any purpose. It is provided "as is" without express -: 23: * or implied warranty. -: 24: */ -: 25:/* -: 26: * Copyright 1993 by OpenVision Technologies, Inc. -: 27: * -: 28: * Permission to use, copy, modify, distribute, and sell this software -: 29: * and its documentation for any purpose is hereby granted without fee, -: 30: * provided that the above copyright notice appears in all copies and -: 31: * that both that copyright notice and this permission notice appear in -: 32: * supporting documentation, and that the name of OpenVision not be used -: 33: * in advertising or publicity pertaining to distribution of the software -: 34: * without specific, written prior permission. OpenVision makes no -: 35: * representations about the suitability of this software for any -: 36: * purpose. It is provided "as is" without express or implied warranty. -: 37: * -: 38: * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, -: 39: * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO -: 40: * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR -: 41: * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF -: 42: * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR -: 43: * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -: 44: * PERFORMANCE OF THIS SOFTWARE. -: 45: */ -: 46: -: 47:/* -: 48: * Copyright (C) 1998 by the FundsXpress, INC. -: 49: * -: 50: * All rights reserved. -: 51: * -: 52: * Export of this software from the United States of America may require -: 53: * a specific license from the United States Government. It is the -: 54: * responsibility of any person or organization contemplating export to -: 55: * obtain such a license before exporting. -: 56: * -: 57: * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and -: 58: * distribute this software and its documentation for any purpose and -: 59: * without fee is hereby granted, provided that the above copyright -: 60: * notice appear in all copies and that both that copyright notice and -: 61: * this permission notice appear in supporting documentation, and that -: 62: * the name of FundsXpress. not be used in advertising or publicity pertaining -: 63: * to distribution of the software without specific, written prior -: 64: * permission. FundsXpress makes no representations about the suitability of -: 65: * this software for any purpose. It is provided "as is" without express -: 66: * or implied warranty. -: 67: * -: 68: * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR -: 69: * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED -: 70: * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. -: 71: */ -: 72: -: 73:#include "gssapiP_krb5.h" -: 74: -: 75:OM_uint32 KRB5_CALLCONV 12: 76:krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, -: 77: cred_usage, mechanisms) -: 78: OM_uint32 *minor_status; -: 79: gss_cred_id_t cred_handle; -: 80: gss_name_t *name; -: 81: OM_uint32 *lifetime_ret; -: 82: gss_cred_usage_t *cred_usage; -: 83: gss_OID_set *mechanisms; -: 84:{ -: 85: krb5_context context; 12: 86: gss_cred_id_t defcred = GSS_C_NO_CREDENTIAL; 12: 87: krb5_gss_cred_id_t cred = NULL; -: 88: krb5_error_code code; -: 89: krb5_timestamp now; -: 90: krb5_deltat lifetime; -: 91: krb5_gss_name_t ret_name; -: 92: krb5_principal princ; -: 93: gss_OID_set mechs; -: 94: OM_uint32 major, tmpmin, ret; -: 95: 12: 96: ret = GSS_S_FAILURE; 12: 97: ret_name = NULL; -: 98: 12: 99: code = krb5_gss_init_context(&context); 12: 100: if (code) { #####: 101: *minor_status = code; #####: 102: return GSS_S_FAILURE; -: 103: } -: 104: 12: 105: if (name) *name = NULL; 12: 106: if (mechanisms) *mechanisms = NULL; -: 107: -: 108: /* check for default credential */ -: 109: /*SUPPRESS 29*/ 12: 110: if (cred_handle == GSS_C_NO_CREDENTIAL) { #####: 111: major = kg_get_defcred(minor_status, &defcred); #####: 112: if (GSS_ERROR(major)) { #####: 113: krb5_free_context(context); #####: 114: return(major); -: 115: } #####: 116: cred_handle = defcred; -: 117: } -: 118: 12: 119: major = kg_cred_resolve(minor_status, context, cred_handle, GSS_C_NO_NAME); 12: 120: if (GSS_ERROR(major)) { #####: 121: krb5_gss_release_cred(minor_status, &defcred); #####: 122: krb5_free_context(context); #####: 123: return(major); -: 124: } 12: 125: cred = (krb5_gss_cred_id_t)cred_handle; -: 126: 12: 127: if ((code = krb5_timeofday(context, &now))) { #####: 128: *minor_status = code; #####: 129: ret = GSS_S_FAILURE; #####: 130: goto fail; -: 131: } -: 132: 12: 133: if (cred->tgt_expire > 0) { #####: 134: if ((lifetime = cred->tgt_expire - now) < 0) #####: 135: lifetime = 0; -: 136: } -: 137: else 12: 138: lifetime = GSS_C_INDEFINITE; -: 139: 12: 140: if (name) { #####: 141: if (cred->name) { #####: 142: code = kg_duplicate_name(context, cred->name, &ret_name); #####: 143: } else if ((cred->usage == GSS_C_ACCEPT || cred->usage == GSS_C_BOTH) #####: 144: && cred->keytab != NULL) { -: 145: /* This is a default acceptor cred; use a name from the keytab if -: 146: * we can. */ #####: 147: code = k5_kt_get_principal(context, cred->keytab, &princ); #####: 148: if (code == 0) { #####: 149: code = kg_init_name(context, princ, NULL, NULL, NULL, -: 150: KG_INIT_NAME_NO_COPY, &ret_name); #####: 151: if (code) #####: 152: krb5_free_principal(context, princ); #####: 153: } else if (code == KRB5_KT_NOTFOUND) #####: 154: code = 0; -: 155: } #####: 156: if (code) { #####: 157: *minor_status = code; #####: 158: save_error_info(*minor_status, context); #####: 159: ret = GSS_S_FAILURE; #####: 160: goto fail; -: 161: } -: 162: } -: 163: 12: 164: if (mechanisms) { #####: 165: if (GSS_ERROR(ret = generic_gss_create_empty_oid_set(minor_status, -: 166: &mechs)) || #####: 167: GSS_ERROR(ret = generic_gss_add_oid_set_member(minor_status, -: 168: gss_mech_krb5_old, -: 169: &mechs)) || #####: 170: GSS_ERROR(ret = generic_gss_add_oid_set_member(minor_status, -: 171: gss_mech_krb5, -: 172: &mechs))) { #####: 173: if (ret_name) #####: 174: kg_release_name(context, &ret_name); -: 175: /* *minor_status set above */ #####: 176: goto fail; -: 177: } -: 178: } -: 179: 12: 180: if (name) { #####: 181: if (ret_name != NULL) #####: 182: *name = (gss_name_t) ret_name; -: 183: else #####: 184: *name = GSS_C_NO_NAME; -: 185: } -: 186: 12: 187: if (lifetime_ret) #####: 188: *lifetime_ret = lifetime; -: 189: 12: 190: if (cred_usage) #####: 191: *cred_usage = cred->usage; 12: 192: k5_mutex_unlock(&cred->lock); -: 193: 12: 194: if (mechanisms) #####: 195: *mechanisms = mechs; -: 196: 12: 197: if (cred_handle == GSS_C_NO_CREDENTIAL) #####: 198: krb5_gss_release_cred(minor_status, (gss_cred_id_t *)&cred); -: 199: 12: 200: krb5_free_context(context); 12: 201: *minor_status = 0; 12: 202: return((lifetime == 0)?GSS_S_CREDENTIALS_EXPIRED:GSS_S_COMPLETE); -: 203:fail: #####: 204: k5_mutex_unlock(&cred->lock); #####: 205: krb5_gss_release_cred(&tmpmin, &defcred); #####: 206: krb5_free_context(context); #####: 207: return ret; -: 208:} -: 209: -: 210:/* V2 interface */ -: 211:OM_uint32 KRB5_CALLCONV #####: 212:krb5_gss_inquire_cred_by_mech(minor_status, cred_handle, -: 213: mech_type, name, initiator_lifetime, -: 214: acceptor_lifetime, cred_usage) -: 215: OM_uint32 *minor_status; -: 216: gss_cred_id_t cred_handle; -: 217: gss_OID mech_type; -: 218: gss_name_t *name; -: 219: OM_uint32 *initiator_lifetime; -: 220: OM_uint32 *acceptor_lifetime; -: 221: gss_cred_usage_t *cred_usage; -: 222:{ -: 223: krb5_gss_cred_id_t cred; -: 224: OM_uint32 lifetime; -: 225: OM_uint32 mstat; -: 226: -: 227: /* -: 228: * We only know how to handle our own creds. -: 229: */ #####: 230: if ((mech_type != GSS_C_NULL_OID) && #####: 231: !g_OID_equal(gss_mech_krb5_old, mech_type) && #####: 232: !g_OID_equal(gss_mech_krb5, mech_type)) { #####: 233: *minor_status = 0; #####: 234: return(GSS_S_NO_CRED); -: 235: } -: 236: #####: 237: cred = (krb5_gss_cred_id_t) cred_handle; #####: 238: mstat = krb5_gss_inquire_cred(minor_status, -: 239: cred_handle, -: 240: name, -: 241: &lifetime, -: 242: cred_usage, -: 243: (gss_OID_set *) NULL); #####: 244: if (mstat == GSS_S_COMPLETE) { #####: 245: if (cred && #####: 246: ((cred->usage == GSS_C_INITIATE) || #####: 247: (cred->usage == GSS_C_BOTH)) && -: 248: initiator_lifetime) #####: 249: *initiator_lifetime = lifetime; #####: 250: if (cred && #####: 251: ((cred->usage == GSS_C_ACCEPT) || #####: 252: (cred->usage == GSS_C_BOTH)) && -: 253: acceptor_lifetime) #####: 254: *acceptor_lifetime = lifetime; -: 255: } #####: 256: return(mstat); -: 257:}