From 77cf1ecdf16dee09c9eb88c59eac8c11aa0188bf Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Sat, 14 May 2011 16:01:04 +0200 Subject: [PATCH] implement gss_inquire_cred_by_mech --- moonshot/mech_eap/Makefile.am | 1 + moonshot/mech_eap/inquire_cred.c | 55 +---------------------- moonshot/mech_eap/inquire_cred_by_mech.c | 76 ++++++++++++++++++++++++++++++++ moonshot/mech_eap/mech_eap.exports | 1 + moonshot/mech_eap/util.h | 8 ++++ moonshot/mech_eap/util_cred.c | 66 +++++++++++++++++++++++++++ 6 files changed, 153 insertions(+), 54 deletions(-) create mode 100644 moonshot/mech_eap/inquire_cred_by_mech.c diff --git a/moonshot/mech_eap/Makefile.am b/moonshot/mech_eap/Makefile.am index c8fba95..55014cb 100644 --- a/moonshot/mech_eap/Makefile.am +++ b/moonshot/mech_eap/Makefile.am @@ -52,6 +52,7 @@ mech_eap_la_SOURCES = \ inquire_attrs_for_mech.c \ inquire_context.c \ inquire_cred.c \ + inquire_cred_by_mech.c \ inquire_cred_by_oid.c \ inquire_mech_for_saslname.c \ inquire_mechs_for_name.c \ diff --git a/moonshot/mech_eap/inquire_cred.c b/moonshot/mech_eap/inquire_cred.c index 2e684b7..6c0114b 100644 --- a/moonshot/mech_eap/inquire_cred.c +++ b/moonshot/mech_eap/inquire_cred.c @@ -45,7 +45,6 @@ gss_inquire_cred(OM_uint32 *minor, gss_OID_set *mechanisms) { OM_uint32 major; - time_t now, lifetime; if (cred == NULL) { *minor = EINVAL; @@ -54,60 +53,8 @@ gss_inquire_cred(OM_uint32 *minor, GSSEAP_MUTEX_LOCK(&cred->mutex); - if (name != NULL) { - major = gssEapDuplicateName(minor, cred->name, name); - if (GSS_ERROR(major)) - goto cleanup; - } - - if (cred_usage != NULL) { - OM_uint32 flags = (cred->flags & (CRED_FLAG_INITIATE | CRED_FLAG_ACCEPT)); - - switch (flags) { - case CRED_FLAG_INITIATE: - *cred_usage = GSS_C_INITIATE; - break; - case CRED_FLAG_ACCEPT: - *cred_usage = GSS_C_ACCEPT; - break; - default: - *cred_usage = GSS_C_BOTH; - break; - } - } - - if (mechanisms != NULL) { - if (cred->mechanisms != GSS_C_NO_OID_SET) - major = duplicateOidSet(minor, cred->mechanisms, mechanisms); - else - major = gssEapIndicateMechs(minor, mechanisms); - if (GSS_ERROR(major)) - goto cleanup; - } - - if (cred->expiryTime == 0) { - lifetime = GSS_C_INDEFINITE; - } else { - now = time(NULL); - lifetime = now - cred->expiryTime; - if (lifetime < 0) - lifetime = 0; - } - - if (pLifetime != NULL) { - *pLifetime = lifetime; - } - - if (lifetime == 0) { - major = GSS_S_CREDENTIALS_EXPIRED; - *minor = GSSEAP_CRED_EXPIRED; - goto cleanup; - } - - major = GSS_S_COMPLETE; - *minor = 0; + major = gssEapInquireCred(minor, cred, name, pLifetime, cred_usage, mechanisms); -cleanup: GSSEAP_MUTEX_UNLOCK(&cred->mutex); return major; diff --git a/moonshot/mech_eap/inquire_cred_by_mech.c b/moonshot/mech_eap/inquire_cred_by_mech.c new file mode 100644 index 0000000..24da201 --- /dev/null +++ b/moonshot/mech_eap/inquire_cred_by_mech.c @@ -0,0 +1,76 @@ +/* + * Copyright (c) 2011, JANET(UK) + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of JANET(UK) nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * Return credential handle properties. + */ + +#include "gssapiP_eap.h" + +OM_uint32 +gss_inquire_cred_by_mech(OM_uint32 *minor, + gss_cred_id_t cred, + gss_OID mech_type, + gss_name_t *name, + OM_uint32 *pInitiatorLifetime, + OM_uint32 *pAcceptorLifetime, + gss_cred_usage_t *cred_usage) +{ + OM_uint32 major, lifetime; + + if (cred == NULL) { + *minor = EINVAL; + return GSS_S_NO_CRED; + } + + GSSEAP_MUTEX_LOCK(&cred->mutex); + + if (!gssEapCredAvailable(cred, mech_type)) { + major = GSS_S_BAD_MECH; + *minor = GSSEAP_CRED_MECH_MISMATCH; + goto cleanup; + } + + major = gssEapInquireCred(minor, cred, name, &lifetime, cred_usage, NULL); + if (GSS_ERROR(major)) + goto cleanup; + + if (pInitiatorLifetime != NULL) + *pInitiatorLifetime = (cred->flags & CRED_FLAG_INITIATE) ? lifetime : 0; + if (pAcceptorLifetime != NULL) + *pAcceptorLifetime = (cred->flags & CRED_FLAG_ACCEPT) ? lifetime : 0; + +cleanup: + GSSEAP_MUTEX_UNLOCK(&cred->mutex); + + return major; +} diff --git a/moonshot/mech_eap/mech_eap.exports b/moonshot/mech_eap/mech_eap.exports index 1613713..12f7f54 100644 --- a/moonshot/mech_eap/mech_eap.exports +++ b/moonshot/mech_eap/mech_eap.exports @@ -22,6 +22,7 @@ gss_init_sec_context gss_inquire_attrs_for_mech gss_inquire_context gss_inquire_cred +gss_inquire_cred_by_mech gss_inquire_cred_by_oid gss_inquire_mechs_for_name gss_inquire_mech_for_saslname diff --git a/moonshot/mech_eap/util.h b/moonshot/mech_eap/util.h index b3399be..4de00e3 100644 --- a/moonshot/mech_eap/util.h +++ b/moonshot/mech_eap/util.h @@ -222,6 +222,14 @@ gssEapAcquireCred(OM_uint32 *minor, int gssEapCredAvailable(gss_cred_id_t cred, gss_OID mech); +OM_uint32 +gssEapInquireCred(OM_uint32 *minor, + gss_cred_id_t cred, + gss_name_t *name, + OM_uint32 *pLifetime, + gss_cred_usage_t *cred_usage, + gss_OID_set *mechanisms); + /* util_crypt.c */ int gssEapEncrypt(krb5_context context, int dce_style, size_t ec, diff --git a/moonshot/mech_eap/util_cred.c b/moonshot/mech_eap/util_cred.c index 1d49e56..28cb76c 100644 --- a/moonshot/mech_eap/util_cred.c +++ b/moonshot/mech_eap/util_cred.c @@ -389,3 +389,69 @@ gssEapCredAvailable(gss_cred_id_t cred, gss_OID mech) return present; } + +OM_uint32 +gssEapInquireCred(OM_uint32 *minor, + gss_cred_id_t cred, + gss_name_t *name, + OM_uint32 *pLifetime, + gss_cred_usage_t *cred_usage, + gss_OID_set *mechanisms) +{ + OM_uint32 major; + time_t now, lifetime; + + if (name != NULL) { + major = gssEapDuplicateName(minor, cred->name, name); + if (GSS_ERROR(major)) + return major; + } + + if (cred_usage != NULL) { + OM_uint32 flags = (cred->flags & (CRED_FLAG_INITIATE | CRED_FLAG_ACCEPT)); + + switch (flags) { + case CRED_FLAG_INITIATE: + *cred_usage = GSS_C_INITIATE; + break; + case CRED_FLAG_ACCEPT: + *cred_usage = GSS_C_ACCEPT; + break; + default: + *cred_usage = GSS_C_BOTH; + break; + } + } + + if (mechanisms != NULL) { + if (cred->mechanisms != GSS_C_NO_OID_SET) + major = duplicateOidSet(minor, cred->mechanisms, mechanisms); + else + major = gssEapIndicateMechs(minor, mechanisms); + if (GSS_ERROR(major)) + return major; + } + + if (cred->expiryTime == 0) { + lifetime = GSS_C_INDEFINITE; + } else { + now = time(NULL); + lifetime = now - cred->expiryTime; + if (lifetime < 0) + lifetime = 0; + } + + if (pLifetime != NULL) { + *pLifetime = lifetime; + } + + if (lifetime == 0) { + *minor = GSSEAP_CRED_EXPIRED; + return GSS_S_CREDENTIALS_EXPIRED; + } + + major = GSS_S_COMPLETE; + *minor = 0; + + return major; +} -- 2.1.4