1 /* 2 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 /* 6 * Copyright 1993 by OpenVision Technologies, Inc. 7 * 8 * Permission to use, copy, modify, distribute, and sell this software 9 * and its documentation for any purpose is hereby granted without fee, 10 * provided that the above copyright notice appears in all copies and 11 * that both that copyright notice and this permission notice appear in 12 * supporting documentation, and that the name of OpenVision not be used 13 * in advertising or publicity pertaining to distribution of the software 14 * without specific, written prior permission. OpenVision makes no 15 * representations about the suitability of this software for any 16 * purpose. It is provided "as is" without express or implied warranty. 17 * 18 * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, 19 * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO 20 * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR 21 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF 22 * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR 23 * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 24 * PERFORMANCE OF THIS SOFTWARE. 25 */ 26 27 #include "gssapiP_krb5.h" 28 #include "mglueP.h" /* SUNW15resync - for KGSS_ macros */ 29 30 /* 31 * $Id: delete_sec_context.c 18396 2006-07-25 20:29:43Z lxs $ 32 */ 33 34 35 #ifdef _KERNEL 36 /* SUNW15resync - todo - unify these kernel rel oid funcs with user spc ones */ 37 38 OM_uint32 39 krb5_gss_internal_release_oid(minor_status, oid) 40 OM_uint32 *minor_status; 41 gss_OID *oid; 42 { 43 /* 44 * This function only knows how to release internal OIDs. It will 45 * return GSS_S_CONTINUE_NEEDED for any OIDs it does not recognize. 46 */ 47 48 if ((*oid != gss_mech_krb5) && 49 (*oid != gss_mech_krb5_old) && 50 (*oid != gss_mech_krb5_wrong) && 51 (*oid != gss_nt_krb5_name) && 52 (*oid != gss_nt_krb5_principal)) { 53 /* We don't know about this OID */ 54 return(GSS_S_CONTINUE_NEEDED); 55 } 56 else { 57 *oid = GSS_C_NO_OID; 58 *minor_status = 0; 59 return(GSS_S_COMPLETE); 60 } 61 } 62 63 OM_uint32 64 generic_gss_release_oid(minor_status, oid) 65 OM_uint32 *minor_status; 66 gss_OID *oid; 67 { 68 if (minor_status) 69 *minor_status = 0; 70 71 if (*oid == GSS_C_NO_OID) 72 return(GSS_S_COMPLETE); 73 74 75 if ((*oid != GSS_C_NT_USER_NAME) && 76 (*oid != GSS_C_NT_MACHINE_UID_NAME) && 77 (*oid != GSS_C_NT_STRING_UID_NAME) && 78 (*oid != GSS_C_NT_HOSTBASED_SERVICE) && 79 (*oid != GSS_C_NT_ANONYMOUS) && 80 (*oid != GSS_C_NT_EXPORT_NAME) && 81 (*oid != gss_nt_service_name)) { 82 FREE((*oid)->elements, (*oid)->length); 83 FREE(*oid, sizeof(gss_OID_desc)); 84 } 85 *oid = GSS_C_NO_OID; 86 return(GSS_S_COMPLETE); 87 } 88 89 OM_uint32 90 krb5_gss_release_oid(minor_status, oid) 91 OM_uint32 *minor_status; 92 gss_OID *oid; 93 { 94 95 if (krb5_gss_internal_release_oid(minor_status, oid) != GSS_S_COMPLETE) { 96 /* Pawn it off on the generic routine */ 97 return(generic_gss_release_oid(minor_status, oid)); 98 } 99 else { 100 *oid = GSS_C_NO_OID; 101 *minor_status = 0; 102 return(GSS_S_COMPLETE); 103 } 104 } 105 #endif 106 107 /*ARGSUSED*/ 108 OM_uint32 109 krb5_gss_delete_sec_context(minor_status, 110 context_handle, 111 output_token 112 #ifdef _KERNEL 113 , gssd_ctx_verifier 114 #endif 115 ) 116 OM_uint32 *minor_status; 117 gss_ctx_id_t *context_handle; 118 gss_buffer_t output_token; 119 #ifdef _KERNEL 120 OM_uint32 gssd_ctx_verifier; 121 #endif 122 { 123 krb5_context context; 124 krb5_gss_ctx_id_rec *ctx; 125 126 if (output_token) { 127 output_token->length = 0; 128 output_token->value = NULL; 129 } 130 131 /*SUPPRESS 29*/ 132 if (*context_handle == GSS_C_NO_CONTEXT) { 133 *minor_status = 0; 134 return(GSS_S_COMPLETE); 135 } 136 137 /*SUPPRESS 29*/ 138 /* validate the context handle */ 139 if (! kg_validate_ctx_id(*context_handle)) { 140 *minor_status = (OM_uint32) G_VALIDATE_FAILED; 141 return(GSS_S_NO_CONTEXT); 142 } 143 144 ctx = (krb5_gss_ctx_id_t) *context_handle; 145 context = ctx->k5_context; 146 147 /* construct a delete context token if necessary */ 148 149 if (output_token) { 150 OM_uint32 major; 151 gss_buffer_desc empty; 152 empty.length = 0; empty.value = NULL; 153 154 if ((major = kg_seal(minor_status, *context_handle, 0, 155 GSS_C_QOP_DEFAULT, 156 &empty, NULL, output_token, KG_TOK_DEL_CTX))) 157 return(major); 158 } 159 160 /* invalidate the context handle */ 161 162 (void)kg_delete_ctx_id(*context_handle); 163 164 /* free all the context state */ 165 166 if (ctx->seqstate) 167 g_order_free(&(ctx->seqstate)); 168 169 if (ctx->enc) 170 krb5_free_keyblock(context, ctx->enc); 171 172 if (ctx->seq) 173 krb5_free_keyblock(context, ctx->seq); 174 175 if (ctx->here) 176 krb5_free_principal(context, ctx->here); 177 if (ctx->there) 178 krb5_free_principal(context, ctx->there); 179 if (ctx->subkey) 180 krb5_free_keyblock(context, ctx->subkey); 181 if (ctx->acceptor_subkey) 182 krb5_free_keyblock(context, ctx->acceptor_subkey); 183 184 /* We never import the auth_context into the kernel */ 185 #ifndef _KERNEL 186 if (ctx->auth_context) { 187 if (ctx->cred_rcache) 188 (void)krb5_auth_con_setrcache(context, ctx->auth_context, NULL); 189 190 krb5_auth_con_free(context, ctx->auth_context); 191 } 192 #endif 193 194 if (ctx->mech_used) 195 (void) KGSS_RELEASE_OID(minor_status, &ctx->mech_used); 196 197 if (ctx->authdata) 198 krb5_free_authdata(context, ctx->authdata); 199 200 if (ctx->k5_context) 201 krb5_free_context(ctx->k5_context); 202 203 /* Zero out context */ 204 (void) memset(ctx, 0, sizeof(*ctx)); 205 xfree_wrap(ctx, sizeof (krb5_gss_ctx_id_rec)); 206 207 /* zero the handle itself */ 208 209 *context_handle = GSS_C_NO_CONTEXT; 210 211 *minor_status = 0; 212 return(GSS_S_COMPLETE); 213 } 214