1 #pragma ident "%Z%%M% %I% %E% SMI" 2 3 /* 4 * Copyright 2000 by the Massachusetts Institute of Technology. 5 * All Rights Reserved. 6 * 7 * Export of this software from the United States of America may 8 * require a specific license from the United States Government. 9 * It is the responsibility of any person or organization contemplating 10 * export to obtain such a license before exporting. 11 * 12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 13 * distribute this software and its documentation for any purpose and 14 * without fee is hereby granted, provided that the above copyright 15 * notice appear in all copies and that both that copyright notice and 16 * this permission notice appear in supporting documentation, and that 17 * the name of M.I.T. not be used in advertising or publicity pertaining 18 * to distribution of the software without specific, written prior 19 * permission. Furthermore if you modify this software you must label 20 * your software as modified software and not distribute it in such a 21 * fashion that it might be confused with the original M.I.T. software. 22 * M.I.T. makes no representations about the suitability of 23 * this software for any purpose. It is provided "as is" without express 24 * or implied warranty. 25 * 26 */ 27 /* 28 * Copyright 1993 by OpenVision Technologies, Inc. 29 * 30 * Permission to use, copy, modify, distribute, and sell this software 31 * and its documentation for any purpose is hereby granted without fee, 32 * provided that the above copyright notice appears in all copies and 33 * that both that copyright notice and this permission notice appear in 34 * supporting documentation, and that the name of OpenVision not be used 35 * in advertising or publicity pertaining to distribution of the software 36 * without specific, written prior permission. OpenVision makes no 37 * representations about the suitability of this software for any 38 * purpose. It is provided "as is" without express or implied warranty. 39 * 40 * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, 41 * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO 42 * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR 43 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF 44 * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR 45 * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 46 * PERFORMANCE OF THIS SOFTWARE. 47 */ 48 49 /* 50 * Copyright (C) 1998 by the FundsXpress, INC. 51 * 52 * All rights reserved. 53 * 54 * Export of this software from the United States of America may require 55 * a specific license from the United States Government. It is the 56 * responsibility of any person or organization contemplating export to 57 * obtain such a license before exporting. 58 * 59 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 60 * distribute this software and its documentation for any purpose and 61 * without fee is hereby granted, provided that the above copyright 62 * notice appear in all copies and that both that copyright notice and 63 * this permission notice appear in supporting documentation, and that 64 * the name of FundsXpress. not be used in advertising or publicity pertaining 65 * to distribution of the software without specific, written prior 66 * permission. FundsXpress makes no representations about the suitability of 67 * this software for any purpose. It is provided "as is" without express 68 * or implied warranty. 69 * 70 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 71 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 72 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 73 */ 74 75 #include "gssapiP_krb5.h" 76 #include "mglueP.h" 77 78 OM_uint32 79 krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, 80 cred_usage, mechanisms) 81 OM_uint32 *minor_status; 82 gss_cred_id_t cred_handle; 83 gss_name_t *name; 84 OM_uint32 *lifetime_ret; 85 gss_cred_usage_t *cred_usage; 86 gss_OID_set *mechanisms; 87 { 88 krb5_context context; 89 krb5_gss_cred_id_t cred; 90 krb5_error_code code; 91 krb5_timestamp now; 92 krb5_deltat lifetime; 93 krb5_principal ret_name; 94 gss_OID_set mechs; 95 OM_uint32 ret; 96 97 ret = GSS_S_FAILURE; 98 ret_name = NULL; 99 100 code = krb5_gss_init_context(&context); 101 if (code) { 102 *minor_status = code; 103 return GSS_S_FAILURE; 104 } 105 106 if (name) *name = NULL; 107 if (mechanisms) *mechanisms = NULL; 108 109 /* check for default credential */ 110 /*SUPPRESS 29*/ 111 if (cred_handle == GSS_C_NO_CREDENTIAL) { 112 OM_uint32 major; 113 114 if ((major = kg_get_defcred(minor_status, (gss_cred_id_t *)&cred)) && 115 GSS_ERROR(major)) { 116 krb5_free_context(context); 117 return(major); 118 } 119 } else { 120 OM_uint32 major; 121 122 major = krb5_gss_validate_cred(minor_status, cred_handle); 123 if (GSS_ERROR(major)) { 124 krb5_free_context(context); 125 return(major); 126 } 127 cred = (krb5_gss_cred_id_t) cred_handle; 128 } 129 130 if ((code = krb5_timeofday(context, &now))) { 131 *minor_status = code; 132 ret = GSS_S_FAILURE; 133 goto fail; 134 } 135 136 code = k5_mutex_lock(&cred->lock); 137 if (code != 0) { 138 *minor_status = code; 139 ret = GSS_S_FAILURE; 140 goto fail; 141 } 142 if (cred->tgt_expire > 0) { 143 if ((lifetime = cred->tgt_expire - now) < 0) 144 lifetime = 0; 145 } 146 else 147 lifetime = GSS_C_INDEFINITE; 148 149 if (name) { 150 if (cred->princ && 151 (code = krb5_copy_principal(context, cred->princ, &ret_name))) { 152 k5_mutex_unlock(&cred->lock); 153 *minor_status = code; 154 ret = GSS_S_FAILURE; 155 goto fail; 156 } 157 } 158 159 if (mechanisms) { 160 if (GSS_ERROR(ret = generic_gss_create_empty_oid_set(minor_status, 161 &mechs)) || 162 (cred->prerfc_mech && 163 GSS_ERROR(ret = generic_gss_add_oid_set_member(minor_status, 164 (const gss_OID) gss_mech_krb5_old, 165 &mechs))) || 166 (cred->rfc_mech && 167 GSS_ERROR(ret = generic_gss_add_oid_set_member(minor_status, 168 (const gss_OID) gss_mech_krb5, 169 &mechs)))) { 170 k5_mutex_unlock(&cred->lock); 171 if (ret_name) 172 krb5_free_principal(context, ret_name); 173 /* *minor_status set above */ 174 goto fail; 175 } 176 } 177 178 if (name) { 179 if (ret_name != NULL && ! kg_save_name((gss_name_t) ret_name)) { 180 k5_mutex_unlock(&cred->lock); 181 if (cred_handle == GSS_C_NO_CREDENTIAL) 182 krb5_gss_release_cred(minor_status, (gss_cred_id_t *)&cred); 183 184 (void) gss_release_oid_set(minor_status, &mechs); 185 krb5_free_principal(context, ret_name); 186 *minor_status = (OM_uint32) G_VALIDATE_FAILED; 187 krb5_free_context(context); 188 return(GSS_S_FAILURE); 189 } 190 if (ret_name != NULL) 191 *name = (gss_name_t) ret_name; 192 else 193 *name = GSS_C_NO_NAME; 194 } 195 196 if (lifetime_ret) 197 *lifetime_ret = lifetime; 198 199 if (cred_usage) 200 *cred_usage = cred->usage; 201 k5_mutex_unlock(&cred->lock); 202 203 if (mechanisms) 204 *mechanisms = mechs; 205 206 if (cred_handle == GSS_C_NO_CREDENTIAL) 207 krb5_gss_release_cred(minor_status, (gss_cred_id_t *)&cred); 208 209 krb5_free_context(context); 210 *minor_status = 0; 211 return((lifetime == 0)?GSS_S_CREDENTIALS_EXPIRED:GSS_S_COMPLETE); 212 fail: 213 if (cred_handle == GSS_C_NO_CREDENTIAL) { 214 OM_uint32 tmp_min_stat; 215 216 krb5_gss_release_cred(&tmp_min_stat, (gss_cred_id_t *)&cred); 217 } 218 krb5_free_context(context); 219 return ret; 220 } 221 222 /* V2 interface */ 223 OM_uint32 224 krb5_gss_inquire_cred_by_mech(minor_status, cred_handle, 225 mech_type, name, initiator_lifetime, 226 acceptor_lifetime, cred_usage) 227 OM_uint32 *minor_status; 228 gss_cred_id_t cred_handle; 229 gss_OID mech_type; 230 gss_name_t *name; 231 OM_uint32 *initiator_lifetime; 232 OM_uint32 *acceptor_lifetime; 233 gss_cred_usage_t *cred_usage; 234 { 235 krb5_gss_cred_id_t cred; 236 OM_uint32 lifetime; 237 OM_uint32 mstat; 238 239 /* 240 * We only know how to handle our own creds. 241 */ 242 if ((mech_type != GSS_C_NULL_OID) && 243 !g_OID_equal(gss_mech_krb5_old, mech_type) && 244 !g_OID_equal(gss_mech_krb5, mech_type)) { 245 *minor_status = 0; 246 return(GSS_S_NO_CRED); 247 } 248 249 cred = (krb5_gss_cred_id_t) cred_handle; 250 mstat = krb5_gss_inquire_cred(minor_status, 251 cred_handle, 252 name, 253 &lifetime, 254 cred_usage, 255 (gss_OID_set *) NULL); 256 if (mstat == GSS_S_COMPLETE) { 257 if (cred && 258 ((cred->usage == GSS_C_INITIATE) || 259 (cred->usage == GSS_C_BOTH)) && 260 initiator_lifetime) 261 *initiator_lifetime = lifetime; 262 if (cred && 263 ((cred->usage == GSS_C_ACCEPT) || 264 (cred->usage == GSS_C_BOTH)) && 265 acceptor_lifetime) 266 *acceptor_lifetime = lifetime; 267 } 268 return(mstat); 269 } 270 271