-: 0:Source:store_cred.c -: 0:Graph:/var/tsitkova/Sources/v10/trunk/src/lib/gssapi/krb5/store_cred.so.gcno -: 0:Data:/var/tsitkova/Sources/v10/trunk/src/lib/gssapi/krb5/store_cred.so.gcda -: 0:Runs:1069 -: 0:Programs:1 -: 1:/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -: 2:/* lib/gssapi/krb5/store_cred.c */ -: 3:/* -: 4: * Copyright 2009 by the Massachusetts Institute of Technology. -: 5: * All Rights Reserved. -: 6: * -: 7: * Export of this software from the United States of America may -: 8: * require a specific license from the United States Government. -: 9: * It is the responsibility of any person or organization contemplating -: 10: * export to obtain such a license before exporting. -: 11: * -: 12: * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and -: 13: * distribute this software and its documentation for any purpose and -: 14: * without fee is hereby granted, provided that the above copyright -: 15: * notice appear in all copies and that both that copyright notice and -: 16: * this permission notice appear in supporting documentation, and that -: 17: * the name of M.I.T. not be used in advertising or publicity pertaining -: 18: * to distribution of the software without specific, written prior -: 19: * permission. Furthermore if you modify this software you must label -: 20: * your software as modified software and not distribute it in such a -: 21: * fashion that it might be confused with the original M.I.T. software. -: 22: * M.I.T. makes no representations about the suitability of -: 23: * this software for any purpose. It is provided "as is" without express -: 24: * or implied warranty. -: 25: */ -: 26: -: 27:#include -: 28:#include "k5-int.h" /* for zap() */ -: 29:#include "gssapiP_krb5.h" -: 30:#include -: 31: -: 32:static int #####: 33:has_unexpired_creds(krb5_gss_cred_id_t kcred, -: 34: const gss_OID desired_mech, -: 35: int default_cred) -: 36:{ -: 37: OM_uint32 major_status, minor; -: 38: gss_name_t cred_name; -: 39: gss_OID_set_desc desired_mechs; #####: 40: gss_cred_id_t tmp_cred = GSS_C_NO_CREDENTIAL; -: 41: OM_uint32 time_rec; -: 42: #####: 43: desired_mechs.count = 1; #####: 44: desired_mechs.elements = (gss_OID)desired_mech; -: 45: #####: 46: if (default_cred) #####: 47: cred_name = GSS_C_NO_NAME; -: 48: else #####: 49: cred_name = (gss_name_t)kcred->name; -: 50: #####: 51: major_status = krb5_gss_acquire_cred(&minor, cred_name, 0, -: 52: &desired_mechs, GSS_C_INITIATE, -: 53: &tmp_cred, NULL, &time_rec); -: 54: #####: 55: krb5_gss_release_cred(&minor, &tmp_cred); -: 56: #####: 57: return (GSS_ERROR(major_status) || time_rec); -: 58:} -: 59: -: 60:static OM_uint32 #####: 61:copy_initiator_creds(OM_uint32 *minor_status, -: 62: gss_cred_id_t input_cred_handle, -: 63: const gss_OID desired_mech, -: 64: OM_uint32 overwrite_cred, -: 65: OM_uint32 default_cred) -: 66:{ -: 67: OM_uint32 major_status; -: 68: krb5_error_code code; #####: 69: krb5_gss_cred_id_t kcred = NULL; #####: 70: krb5_context context = NULL; #####: 71: krb5_ccache ccache = NULL; -: 72: #####: 73: if (!default_cred) { #####: 74: *minor_status = G_STORE_NON_DEFAULT_CRED_NOSUPP; #####: 75: major_status = GSS_S_FAILURE; #####: 76: goto cleanup; -: 77: } -: 78: #####: 79: code = krb5_gss_init_context(&context); #####: 80: if (code != 0) { #####: 81: *minor_status = code; #####: 82: major_status = GSS_S_FAILURE; #####: 83: goto cleanup; -: 84: } -: 85: #####: 86: major_status = krb5_gss_validate_cred_1(minor_status, -: 87: input_cred_handle, -: 88: context); #####: 89: if (GSS_ERROR(major_status)) #####: 90: goto cleanup; -: 91: #####: 92: kcred = (krb5_gss_cred_id_t)input_cred_handle; -: 93: #####: 94: if (kcred->ccache == NULL || kcred->proxy_cred) { #####: 95: *minor_status = KG_CCACHE_NOMATCH; #####: 96: major_status = GSS_S_DEFECTIVE_CREDENTIAL; #####: 97: goto cleanup; -: 98: } -: 99: #####: 100: if (!overwrite_cred && #####: 101: has_unexpired_creds(kcred, desired_mech, default_cred)) { #####: 102: major_status = GSS_S_DUPLICATE_ELEMENT; #####: 103: goto cleanup; -: 104: } -: 105: #####: 106: code = krb5int_cc_default(context, &ccache); #####: 107: if (code != 0) { #####: 108: *minor_status = code; #####: 109: major_status = GSS_S_FAILURE; #####: 110: goto cleanup; -: 111: } -: 112: #####: 113: code = krb5_cc_copy_creds(context, kcred->ccache, ccache); #####: 114: if (code != 0) { #####: 115: *minor_status = code; #####: 116: major_status = GSS_S_FAILURE; #####: 117: goto cleanup; -: 118: } -: 119: #####: 120: *minor_status = 0; #####: 121: major_status = GSS_S_COMPLETE; -: 122: -: 123:cleanup: #####: 124: if (kcred != NULL) #####: 125: k5_mutex_unlock(&kcred->lock); #####: 126: if (ccache != NULL) #####: 127: krb5_cc_close(context, ccache); #####: 128: krb5_free_context(context); -: 129: #####: 130: return major_status; -: 131:} -: 132: -: 133:OM_uint32 KRB5_CALLCONV #####: 134:krb5_gss_store_cred(OM_uint32 *minor_status, -: 135: gss_cred_id_t input_cred_handle, -: 136: gss_cred_usage_t cred_usage, -: 137: const gss_OID desired_mech, -: 138: OM_uint32 overwrite_cred, -: 139: OM_uint32 default_cred, -: 140: gss_OID_set *elements_stored, -: 141: gss_cred_usage_t *cred_usage_stored) -: 142:{ -: 143: OM_uint32 major_status; -: 144: gss_cred_usage_t actual_usage; -: 145: OM_uint32 lifetime; -: 146: #####: 147: if (input_cred_handle == GSS_C_NO_CREDENTIAL) #####: 148: return GSS_S_NO_CRED; -: 149: #####: 150: major_status = GSS_S_FAILURE; -: 151: #####: 152: if (cred_usage == GSS_C_ACCEPT) { #####: 153: *minor_status = G_STORE_ACCEPTOR_CRED_NOSUPP; #####: 154: return GSS_S_FAILURE; #####: 155: } else if (cred_usage != GSS_C_INITIATE && cred_usage != GSS_C_BOTH) { #####: 156: *minor_status = G_BAD_USAGE; #####: 157: return GSS_S_FAILURE; -: 158: } -: 159: #####: 160: major_status = krb5_gss_inquire_cred(minor_status, input_cred_handle, -: 161: NULL, &lifetime, -: 162: &actual_usage, elements_stored); #####: 163: if (GSS_ERROR(major_status)) #####: 164: return major_status; -: 165: #####: 166: if (lifetime == 0) #####: 167: return GSS_S_CREDENTIALS_EXPIRED; -: 168: #####: 169: if (actual_usage != GSS_C_INITIATE && actual_usage != GSS_C_BOTH) { #####: 170: *minor_status = G_BAD_USAGE; #####: 171: return GSS_S_FAILURE; -: 172: } -: 173: #####: 174: major_status = copy_initiator_creds(minor_status, input_cred_handle, -: 175: desired_mech, overwrite_cred, -: 176: default_cred); #####: 177: if (GSS_ERROR(major_status)) #####: 178: return major_status; -: 179: #####: 180: if (cred_usage_stored != NULL) #####: 181: *cred_usage_stored = GSS_C_INITIATE; -: 182: #####: 183: return GSS_S_COMPLETE; -: 184:}