www.project-moonshot.org Git - mech_eap.orig/blob - mech_eap/set_cred_option.c

   1 /*
   2  * Copyright (c) 2011, JANET(UK)
   3  * All rights reserved.
   4  *
   5  * Redistribution and use in source and binary forms, with or without
   6  * modification, are permitted provided that the following conditions
   7  * are met:
   8  *
   9  * 1. Redistributions of source code must retain the above copyright
  10  *    notice, this list of conditions and the following disclaimer.
  11  *
  12  * 2. Redistributions in binary form must reproduce the above copyright
  13  *    notice, this list of conditions and the following disclaimer in the
  14  *    documentation and/or other materials provided with the distribution.
  15  *
  16  * 3. Neither the name of JANET(UK) nor the names of its contributors
  17  *    may be used to endorse or promote products derived from this software
  18  *    without specific prior written permission.
  19  *
  20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  21  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  23  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
  24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  30  * SUCH DAMAGE.
  31  */
  32
  33 /*
  34  * Set an extended property on a credential handle.
  35  */
  36
  37 #include "gssapiP_eap.h"
  38
  39 static OM_uint32
  40 setCredRadiusConfigFile(OM_uint32 *minor,
  41                         gss_cred_id_t cred,
  42                         const gss_OID oid GSSEAP_UNUSED,
  43                         const gss_buffer_t buffer)
  44 {
  45     OM_uint32 major, tmpMinor;
  46     gss_buffer_desc configFileBuffer = GSS_C_EMPTY_BUFFER;
  47
  48     if (buffer != GSS_C_NO_BUFFER && buffer->length != 0) {
  49         major = duplicateBuffer(minor, buffer, &configFileBuffer);
  50         if (GSS_ERROR(major))
  51             return major;
  52     }
  53
  54     gss_release_buffer(&tmpMinor, &cred->radiusConfigFile);
  55     cred->radiusConfigFile = configFileBuffer;
  56
  57     *minor = 0;
  58     return GSS_S_COMPLETE;
  59 }
  60
  61 static OM_uint32
  62 setCredRadiusConfigStanza(OM_uint32 *minor,
  63                           gss_cred_id_t cred,
  64                           const gss_OID oid GSSEAP_UNUSED,
  65                           const gss_buffer_t buffer)
  66 {
  67     OM_uint32 major, tmpMinor;
  68     gss_buffer_desc configStanzaBuffer = GSS_C_EMPTY_BUFFER;
  69
  70     if (buffer != GSS_C_NO_BUFFER && buffer->length != 0) {
  71         major = duplicateBuffer(minor, buffer, &configStanzaBuffer);
  72         if (GSS_ERROR(major))
  73             return major;
  74     }
  75
  76     gss_release_buffer(&tmpMinor, &cred->radiusConfigStanza);
  77     cred->radiusConfigStanza = configStanzaBuffer;
  78
  79     *minor = 0;
  80     return GSS_S_COMPLETE;
  81 }
  82
  83 static OM_uint32
  84 setCredFlag(OM_uint32 *minor,
  85             gss_cred_id_t cred,
  86             const gss_OID oid GSSEAP_UNUSED,
  87             const gss_buffer_t buffer)
  88 {
  89     OM_uint32 flags;
  90     unsigned char *p;
  91
  92     if (buffer == GSS_C_NO_BUFFER) {
  93         *minor = EINVAL;
  94         return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_FAILURE;
  95     }
  96
  97     if (buffer->length < 4) {
  98         *minor = GSSEAP_WRONG_SIZE;
  99         return GSS_S_FAILURE;
 100     }
 101
 102     p = (unsigned char *)buffer->value;
 103
 104     flags = load_uint32_be(buffer->value) & CRED_FLAG_PUBLIC_MASK;
 105
 106     if (buffer->length > 4 && p[4])
 107         cred->flags &= ~(flags);
 108     else
 109         cred->flags |= flags;
 110
 111     *minor = 0;
 112     return GSS_S_COMPLETE;
 113 }
 114
 115 static OM_uint32
 116 setCredPassword(OM_uint32 *minor,
 117                 gss_cred_id_t cred,
 118                 const gss_OID oid GSSEAP_UNUSED,
 119                 const gss_buffer_t buffer)
 120 {
 121     return gssEapSetCredPassword(minor, cred, buffer);
 122 }
 123
 124 static OM_uint32
 125 setCredPrivateKey(OM_uint32 *minor,
 126                   gss_cred_id_t cred,
 127                   const gss_OID oid GSSEAP_UNUSED,
 128                   const gss_buffer_t buffer)
 129 {
 130     return gssEapSetCredClientCertificate(minor, cred, GSS_C_NO_BUFFER, buffer);
 131 }
 132
 133 static struct {
 134     gss_OID_desc oid;
 135     OM_uint32 (*setOption)(OM_uint32 *, gss_cred_id_t cred,
 136                            const gss_OID, const gss_buffer_t);
 137 } setCredOps[] = {
 138     /* 1.3.6.1.4.1.5322.22.3.3.1 */
 139     {
 140         { 11, "\x2B\x06\x01\x04\x01\xA9\x4A\x16\x03\x03\x01" },
 141         setCredRadiusConfigFile,
 142     },
 143     /* 1.3.6.1.4.1.5322.22.3.3.2 */
 144     {
 145         { 11, "\x2B\x06\x01\x04\x01\xA9\x4A\x16\x03\x03\x02" },
 146         setCredRadiusConfigStanza,
 147     },
 148     /* 1.3.6.1.4.1.5322.22.3.3.3 */
 149     {
 150         { 11, "\x2B\x06\x01\x04\x01\xA9\x4A\x16\x03\x03\x03" },
 151         setCredFlag,
 152     },
 153     /* 1.3.6.1.4.1.5322.22.3.3.4 */
 154     {
 155         { 11, "\x2B\x06\x01\x04\x01\xA9\x4A\x16\x03\x03\x04" },
 156         setCredPassword,
 157     },
 158     /* 1.3.6.1.4.1.5322.22.3.3.5 */
 159     {
 160         { 11, "\x2B\x06\x01\x04\x01\xA9\x4A\x16\x03\x03\x05" },
 161         setCredPrivateKey,
 162     },
 163 };
 164
 165 gss_OID GSS_EAP_CRED_SET_RADIUS_CONFIG_FILE     = &setCredOps[0].oid;
 166 gss_OID GSS_EAP_CRED_SET_RADIUS_CONFIG_STANZA   = &setCredOps[1].oid;
 167 gss_OID GSS_EAP_CRED_SET_CRED_FLAG              = &setCredOps[2].oid;
 168 gss_OID GSS_EAP_CRED_SET_CRED_PASSWORD          = &setCredOps[3].oid;
 169 gss_OID GSS_EAP_CRED_SET_CRED_PRIVATE_KEY       = &setCredOps[4].oid;
 170
 171 OM_uint32 GSSAPI_CALLCONV
 172 gssspi_set_cred_option(OM_uint32 *minor,
 173                        gss_cred_id_t *pCred,
 174                        const gss_OID desired_object,
 175                        const gss_buffer_t value)
 176 {
 177     OM_uint32 major;
 178     gss_cred_id_t cred = *pCred;
 179     int i;
 180
 181     if (cred == GSS_C_NO_CREDENTIAL) {
 182         *minor = EINVAL;
 183         return GSS_S_UNAVAILABLE;
 184     }
 185
 186     GSSEAP_MUTEX_LOCK(&cred->mutex);
 187
 188     major = GSS_S_UNAVAILABLE;
 189     *minor = GSSEAP_BAD_CRED_OPTION;
 190
 191     for (i = 0; i < sizeof(setCredOps) / sizeof(setCredOps[0]); i++) {
 192         if (oidEqual(&setCredOps[i].oid, desired_object)) {
 193             major = (*setCredOps[i].setOption)(minor, cred,
 194                                                desired_object, value);
 195             break;
 196         }
 197     }
 198
 199     GSSEAP_MUTEX_UNLOCK(&cred->mutex);
 200
 201     return major;
 202 }
 203
 204 #if 0
 205 OM_uint32
 206 gsseap_set_cred_flag(OM_uint32 *minor,
 207                      gss_cred_id_t cred,
 208                      OM_uint32 flag,
 209                      int clear)
 210 {
 211     unsigned char buf[5];
 212     gss_buffer_desc value;
 213
 214     value.length = sizeof(buf);
 215     value.value = buf;
 216
 217     store_uint32_be(flag, buf);
 218     buf[4] = (clear != 0);
 219
 220     return gssspi_set_cred_option(minor, &cred,
 221                                   GSS_EAP_CRED_SET_CRED_FLAG, &value);
 222 }
 223 #endif