-: 0:Source:g_set_cred_option.c -: 0:Graph:/var/tsitkova/Sources/v10/trunk/src/lib/gssapi/mechglue/g_set_cred_option.so.gcno -: 0:Data:/var/tsitkova/Sources/v10/trunk/src/lib/gssapi/mechglue/g_set_cred_option.so.gcda -: 0:Runs:1069 -: 0:Programs:1 -: 1:/* -: 2: * Copyright 2008-2010 by the Massachusetts Institute of Technology. -: 3: * All Rights Reserved. -: 4: * -: 5: * Export of this software from the United States of America may -: 6: * require a specific license from the United States Government. -: 7: * It is the responsibility of any person or organization contemplating -: 8: * export to obtain such a license before exporting. -: 9: * -: 10: * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and -: 11: * distribute this software and its documentation for any purpose and -: 12: * without fee is hereby granted, provided that the above copyright -: 13: * notice appear in all copies and that both that copyright notice and -: 14: * this permission notice appear in supporting documentation, and that -: 15: * the name of M.I.T. not be used in advertising or publicity pertaining -: 16: * to distribution of the software without specific, written prior -: 17: * permission. Furthermore if you modify this software you must label -: 18: * your software as modified software and not distribute it in such a -: 19: * fashion that it might be confused with the original M.I.T. software. -: 20: * M.I.T. makes no representations about the suitability of -: 21: * this software for any purpose. It is provided "as is" without express -: 22: * or implied warranty. -: 23: */ -: 24: -: 25:/* Glue routine for gssspi_set_cred_option */ -: 26: -: 27:#include "mglueP.h" -: 28:#include -: 29:#ifdef HAVE_STDLIB_H -: 30:#include -: 31:#endif -: 32:#include -: 33:#include -: 34: -: 35:static OM_uint32 8: 36:alloc_union_cred(OM_uint32 *minor_status, -: 37: gss_mechanism mech, -: 38: gss_cred_id_t mech_cred, -: 39: gss_union_cred_t *pcred) -: 40:{ -: 41: OM_uint32 status; -: 42: OM_uint32 temp_minor_status; 8: 43: gss_union_cred_t cred = NULL; -: 44: 8: 45: *pcred = NULL; -: 46: 8: 47: status = GSS_S_FAILURE; -: 48: 8: 49: cred = calloc(1, sizeof(*cred)); 8: 50: if (cred == NULL) { #####: 51: *minor_status = ENOMEM; #####: 52: goto cleanup; -: 53: } -: 54: 8: 55: cred->loopback = cred; 8: 56: cred->count = 1; -: 57: 8: 58: cred->cred_array = calloc(cred->count, sizeof(gss_cred_id_t)); 8: 59: if (cred->cred_array == NULL) { #####: 60: *minor_status = ENOMEM; #####: 61: goto cleanup; -: 62: } 8: 63: cred->cred_array[0] = mech_cred; -: 64: 16: 65: status = generic_gss_copy_oid(minor_status, 8: 66: &mech->mech_type, 8: 67: &cred->mechs_array); 8: 68: if (status != GSS_S_COMPLETE) #####: 69: goto cleanup; -: 70: 8: 71: status = GSS_S_COMPLETE; 8: 72: *pcred = cred; -: 73: -: 74:cleanup: 8: 75: if (status != GSS_S_COMPLETE) #####: 76: gss_release_cred(&temp_minor_status, (gss_cred_id_t *)&cred); -: 77: 8: 78: return status; -: 79:} -: 80: -: 81:/* -: 82: * This differs from gssspi_set_cred_option() as shipped in 1.7, in that -: 83: * it can return a cred handle. To denote this change we have changed the -: 84: * name of the function from gssspi_set_cred_option() to gss_set_cred_option(). -: 85: * However, the dlsym() entry point is still gssspi_set_cred_option(). This -: 86: * fixes a separate issue, namely that a dynamically loaded mechanism could -: 87: * not itself call set_cred_option() without calling its own implementation -: 88: * instead of the mechanism glue's. (This is useful where a mechanism wishes -: 89: * to export a mechanism-specific API that is a wrapper around this function.) -: 90: */ -: 91:OM_uint32 KRB5_CALLCONV 8: 92:gss_set_cred_option(OM_uint32 *minor_status, -: 93: gss_cred_id_t *cred_handle, -: 94: const gss_OID desired_object, -: 95: const gss_buffer_t value) -: 96:{ -: 97: gss_union_cred_t union_cred; -: 98: gss_mechanism mech; -: 99: int i; -: 100: OM_uint32 status; -: 101: OM_uint32 mech_status; -: 102: OM_uint32 mech_minor_status; -: 103: 8: 104: if (minor_status == NULL) #####: 105: return GSS_S_CALL_INACCESSIBLE_WRITE; -: 106: 8: 107: if (cred_handle == NULL) #####: 108: return GSS_S_CALL_INACCESSIBLE_WRITE; -: 109: 8: 110: *minor_status = 0; -: 111: 8: 112: status = GSS_S_UNAVAILABLE; -: 113: 8: 114: if (*cred_handle == GSS_C_NO_CREDENTIAL) { 8: 115: gss_cred_id_t mech_cred = GSS_C_NO_CREDENTIAL; -: 116: -: 117: /* -: 118: * We need to give a mechanism the opportunity to allocate a -: 119: * credentials handle. Unfortunately this does mean that only -: 120: * the default mechanism can allocate a credentials handle. -: 121: */ 8: 122: mech = gssint_get_mechanism(NULL); 8: 123: if (mech == NULL) #####: 124: return GSS_S_BAD_MECH; -: 125: 8: 126: if (mech->gssspi_set_cred_option == NULL) #####: 127: return GSS_S_UNAVAILABLE; -: 128: 8: 129: status = mech->gssspi_set_cred_option(minor_status, -: 130: &mech_cred, -: 131: desired_object, -: 132: value); 8: 133: if (status != GSS_S_COMPLETE) { #####: 134: map_error(minor_status, mech); #####: 135: return status; -: 136: } -: 137: 8: 138: if (mech_cred != GSS_C_NO_CREDENTIAL) { 8: 139: status = alloc_union_cred(minor_status, -: 140: mech, -: 141: mech_cred, -: 142: &union_cred); 8: 143: if (status != GSS_S_COMPLETE) #####: 144: return status; 8: 145: *cred_handle = (gss_cred_id_t)union_cred; -: 146: } -: 147: } else { #####: 148: union_cred = (gss_union_cred_t)*cred_handle; -: 149: #####: 150: for (i = 0; i < union_cred->count; i++) { #####: 151: mech = gssint_get_mechanism(&union_cred->mechs_array[i]); #####: 152: if (mech == NULL) { #####: 153: status = GSS_S_BAD_MECH; #####: 154: break; -: 155: } -: 156: #####: 157: if (mech->gssspi_set_cred_option == NULL) #####: 158: continue; -: 159: #####: 160: mech_status = mech->gssspi_set_cred_option(&mech_minor_status, #####: 161: &union_cred->cred_array[i], -: 162: desired_object, -: 163: value); #####: 164: if (mech_status == GSS_S_UNAVAILABLE) #####: 165: continue; -: 166: else { #####: 167: status = mech_status; #####: 168: *minor_status = mech_minor_status; -: 169: } #####: 170: if (status != GSS_S_COMPLETE) { #####: 171: map_error(minor_status, mech); #####: 172: break; -: 173: } -: 174: } -: 175: } -: 176: 8: 177: return status; -: 178:} -: 179: -: 180:/* -: 181: * Provide this for backward ABI compatibility, but remove it from the -: 182: * header. -: 183: */ -: 184:OM_uint32 KRB5_CALLCONV -: 185:gssspi_set_cred_option(OM_uint32 *minor_status, -: 186: gss_cred_id_t cred, -: 187: const gss_OID desired_object, -: 188: const gss_buffer_t value); -: 189: -: 190:OM_uint32 KRB5_CALLCONV #####: 191:gssspi_set_cred_option(OM_uint32 *minor_status, -: 192: gss_cred_id_t cred, -: 193: const gss_OID desired_object, -: 194: const gss_buffer_t value) -: 195:{ #####: 196: return gss_set_cred_option(minor_status, &cred, -: 197: desired_object, value); -: 198:}