util_cred.c

   1 /*
   2  * Copyright (c) 2010, JANET(UK)
   3  * All rights reserved.
   4  *
   5  * Redistribution and use in source and binary forms, with or without
   6  * modification, are permitted provided that the following conditions
   7  * are met:
   8  *
   9  * 1. Redistributions of source code must retain the above copyright
  10  *    notice, this list of conditions and the following disclaimer.
  11  *
  12  * 2. Redistributions in binary form must reproduce the above copyright
  13  *    notice, this list of conditions and the following disclaimer in the
  14  *    documentation and/or other materials provided with the distribution.
  15  *
  16  * 3. Neither the name of JANET(UK) nor the names of its contributors
  17  *    may be used to endorse or promote products derived from this software
  18  *    without specific prior written permission.
  19  *
  20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  21  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  23  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
  24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  30  * SUCH DAMAGE.
  31  */
  32
  33 #include "gssapiP_eap.h"
  34
  35 OM_uint32
  36 gssEapAllocCred(OM_uint32 *minor, gss_cred_id_t *pCred)
  37 {
  38     OM_uint32 tmpMinor;
  39     gss_cred_id_t cred;
  40
  41     assert(*pCred == GSS_C_NO_CREDENTIAL);
  42
  43     cred = (gss_cred_id_t)GSSEAP_CALLOC(1, sizeof(*cred));
  44     if (cred == NULL) {
  45         *minor = ENOMEM;
  46         return GSS_S_FAILURE;
  47     }
  48
  49     if (GSSEAP_MUTEX_INIT(&cred->mutex) != 0) {
  50         *minor = errno;
  51         gssEapReleaseCred(&tmpMinor, &cred);
  52         return GSS_S_FAILURE;
  53     }
  54
  55     cred->expiryTime = ~0;
  56
  57     *pCred = cred;
  58
  59     *minor = 0;
  60     return GSS_S_COMPLETE;
  61 }
  62
  63 OM_uint32
  64 gssEapReleaseCred(OM_uint32 *minor, gss_cred_id_t *pCred)
  65 {
  66     OM_uint32 tmpMinor;
  67     gss_cred_id_t cred = *pCred;
  68
  69     if (cred == GSS_C_NO_CREDENTIAL) {
  70         return GSS_S_COMPLETE;
  71     }
  72
  73     gssEapReleaseName(&tmpMinor, &cred->name);
  74
  75     if (cred->password.value != NULL) {
  76         memset(cred->password.value, 0, cred->password.length);
  77         GSSEAP_FREE(cred->password.value);
  78     }
  79
  80     GSSEAP_MUTEX_DESTROY(&cred->mutex);
  81     memset(cred, 0, sizeof(*cred));
  82     GSSEAP_FREE(cred);
  83     *pCred = NULL;
  84
  85     *minor = 0;
  86     return GSS_S_COMPLETE;
  87 }
  88
  89 OM_uint32
  90 gssEapAcquireCred(OM_uint32 *minor,
  91                   const gss_name_t desiredName,
  92                   const gss_buffer_t password,
  93                   OM_uint32 timeReq,
  94                   const gss_OID_set desiredMechs,
  95                   int credUsage,
  96                   gss_cred_id_t *pCred,
  97                   gss_OID_set *pActualMechs,
  98                   OM_uint32 *timeRec)
  99 {
 100     OM_uint32 major, tmpMinor;
 101     gss_cred_id_t cred;
 102
 103     *pCred = GSS_C_NO_CREDENTIAL;
 104
 105     major = gssEapAllocCred(minor, &cred);
 106     if (GSS_ERROR(major))
 107         goto cleanup;
 108
 109     if (desiredName != GSS_C_NO_NAME) {
 110         major = gss_duplicate_name(minor, desiredName, &cred->name);
 111         if (GSS_ERROR(major))
 112             goto cleanup;
 113     } else {
 114         cred->flags |= CRED_FLAG_DEFAULT_IDENTITY;
 115     }
 116
 117     if (password != GSS_C_NO_BUFFER) {
 118         major = duplicateBuffer(minor, password, &cred->password);
 119         if (GSS_ERROR(major))
 120             goto cleanup;
 121
 122         cred->flags |= CRED_FLAG_PASSWORD;
 123     }
 124
 125     major = gssEapValidateMechs(minor, desiredMechs);
 126     if (GSS_ERROR(major))
 127         goto cleanup;
 128
 129     major = duplicateOidSet(minor, desiredMechs, &cred->mechanisms);
 130     if (GSS_ERROR(major))
 131         goto cleanup;
 132
 133     switch (credUsage) {
 134     case GSS_C_BOTH:
 135         cred->flags |= CRED_FLAG_INITIATE | CRED_FLAG_ACCEPT;
 136         break;
 137     case GSS_C_INITIATE:
 138         cred->flags |= CRED_FLAG_INITIATE;
 139         break;
 140     case GSS_C_ACCEPT:
 141         cred->flags |= CRED_FLAG_ACCEPT;
 142         break;
 143     default:
 144         major = GSS_S_FAILURE;
 145         goto cleanup;
 146         break;
 147     }
 148
 149     if (pActualMechs != NULL) {
 150         major = duplicateOidSet(minor, cred->mechanisms, pActualMechs);
 151         if (GSS_ERROR(major))
 152             goto cleanup;
 153     }
 154
 155     if (timeRec != NULL)
 156         *timeRec = GSS_C_INDEFINITE;
 157
 158     *pCred = cred;
 159     major = GSS_S_COMPLETE;
 160
 161 cleanup:
 162     if (GSS_ERROR(major))
 163         gssEapReleaseCred(&tmpMinor, &cred);
 164
 165     return major;
 166 }