OM_uint32
gssEapSetCredService(OM_uint32 *minor,
gss_cred_id_t cred,
const gss_name_t target)
{
OM_uint32 major, tmpMinor;
gss_name_t newTarget = GSS_C_NO_NAME;
if (cred->flags & CRED_FLAG_RESOLVED) {
major = GSS_S_FAILURE;
*minor = GSSEAP_CRED_RESOLVED;
goto cleanup;
}
if (target != GSS_C_NO_NAME) {
major = gssEapDuplicateName(minor, target, &newTarget);
if (GSS_ERROR(major))
goto cleanup;
cred->flags |= CRED_FLAG_TARGET;
} else {
cred->flags &= ~(CRED_FLAG_TARGET);
}
gssEapReleaseName(&tmpMinor, &cred->target);
cred->target = newTarget;
major = GSS_S_COMPLETE;
*minor = 0;
cleanup:
return major;
}
OM_uint32 GSSAPI_CALLCONV
gss_inquire_context(OM_uint32 *minor,
#ifdef HAVE_HEIMDAL_VERSION
gss_const_ctx_id_t ctx,
#else
gss_ctx_id_t ctx,
#endif
gss_name_t *src_name,
gss_name_t *targ_name,
OM_uint32 *lifetime_rec,
gss_OID *mech_type,
OM_uint32 *ctx_flags,
int *locally_initiated,
int *open)
{
OM_uint32 major, tmpMinor;
if (ctx == GSS_C_NO_CONTEXT) {
*minor = EINVAL;
return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT;
}
GSSEAP_MUTEX_LOCK(&((gss_ctx_id_t)ctx)->mutex);
if (src_name != NULL) {
if (ctx->initiatorName != GSS_C_NO_NAME) {
major = gssEapDuplicateName(minor, ctx->initiatorName, src_name);
if (GSS_ERROR(major))
goto cleanup;
} else
*src_name = GSS_C_NO_NAME;
}
if (targ_name != NULL) {
if (ctx->acceptorName != GSS_C_NO_NAME) {
major = gssEapDuplicateName(minor, ctx->acceptorName, targ_name);
if (GSS_ERROR(major))
goto cleanup;
} else
*targ_name = GSS_C_NO_NAME;
}
if (lifetime_rec != NULL)
gssEapContextTime(&tmpMinor, ctx, lifetime_rec);
if (mech_type != NULL) {
major = gssEapCanonicalizeOid(minor, ctx->mechanismUsed, 0, mech_type);
if (GSS_ERROR(major))
goto cleanup;
}
if (ctx_flags != NULL) {
*ctx_flags = ctx->gssFlags;
}
if (locally_initiated != NULL) {
*locally_initiated = CTX_IS_INITIATOR(ctx);
}
if (open != NULL) {
*open = CTX_IS_ESTABLISHED(ctx);
}
major = GSS_S_COMPLETE;
*minor = 0;
cleanup:
GSSEAP_MUTEX_UNLOCK(&((gss_ctx_id_t)ctx)->mutex);
if (GSS_ERROR(major)) {
gssEapReleaseName(&tmpMinor, src_name);
gssEapReleaseName(&tmpMinor, targ_name);
}
return major;
}
static OM_uint32
gssEapDuplicateCred(OM_uint32 *minor,
const gss_cred_id_t src,
gss_cred_id_t *pDst)
{
OM_uint32 major, tmpMinor;
gss_cred_id_t dst = GSS_C_NO_CREDENTIAL;
*pDst = GSS_C_NO_CREDENTIAL;
major = gssEapAllocCred(minor, &dst);
if (GSS_ERROR(major))
goto cleanup;
dst->flags = src->flags;
if (src->name != GSS_C_NO_NAME) {
major = gssEapDuplicateName(minor, src->name, &dst->name);
if (GSS_ERROR(major))
goto cleanup;
}
if (src->target != GSS_C_NO_NAME) {
major = gssEapDuplicateName(minor, src->target, &dst->target);
if (GSS_ERROR(major))
goto cleanup;
}
if (src->password.value != NULL) {
major = duplicateBuffer(minor, &src->password, &dst->password);
if (GSS_ERROR(major))
goto cleanup;
}
#ifndef MECH_EAP
if (src->deleg_assertions.value != NULL) {
major = duplicateBuffer(minor, &src->deleg_assertions, &dst->deleg_assertions);
if (GSS_ERROR(major))
goto cleanup;
}
#endif
major = duplicateOidSet(minor, src->mechanisms, &dst->mechanisms);
if (GSS_ERROR(major))
goto cleanup;
dst->expiryTime = src->expiryTime;
if (src->radiusConfigFile.value != NULL)
duplicateBufferOrCleanup(&src->radiusConfigFile, &dst->radiusConfigFile);
if (src->radiusConfigStanza.value != NULL)
duplicateBufferOrCleanup(&src->radiusConfigStanza, &dst->radiusConfigStanza);
if (src->caCertificate.value != NULL)
duplicateBufferOrCleanup(&src->caCertificate, &dst->caCertificate);
if (src->subjectNameConstraint.value != NULL)
duplicateBufferOrCleanup(&src->subjectNameConstraint, &dst->subjectNameConstraint);
if (src->subjectAltNameConstraint.value != NULL)
duplicateBufferOrCleanup(&src->subjectAltNameConstraint, &dst->subjectAltNameConstraint);
*pDst = dst;
dst = GSS_C_NO_CREDENTIAL;
major = GSS_S_COMPLETE;
*minor = 0;
cleanup:
gssEapReleaseCred(&tmpMinor, &dst);
return major;
}
OM_uint32
gssEapInquireCred(OM_uint32 *minor,
gss_cred_id_t cred,
gss_name_t *name,
OM_uint32 *pLifetime,
gss_cred_usage_t *cred_usage,
gss_OID_set *mechanisms)
{
OM_uint32 major;
time_t now, lifetime;
if (name != NULL) {
major = gssEapResolveCredIdentity(minor, cred);
if (GSS_ERROR(major))
goto cleanup;
if (cred->name != GSS_C_NO_NAME) {
major = gssEapDuplicateName(minor, cred->name, name);
if (GSS_ERROR(major))
goto cleanup;
} else
*name = GSS_C_NO_NAME;
}
if (cred_usage != NULL) {
OM_uint32 flags = (cred->flags & (CRED_FLAG_INITIATE | CRED_FLAG_ACCEPT));
switch (flags) {
case CRED_FLAG_INITIATE:
*cred_usage = GSS_C_INITIATE;
break;
case CRED_FLAG_ACCEPT:
*cred_usage = GSS_C_ACCEPT;
break;
default:
*cred_usage = GSS_C_BOTH;
break;
}
}
if (mechanisms != NULL) {
if (cred->mechanisms != GSS_C_NO_OID_SET)
major = duplicateOidSet(minor, cred->mechanisms, mechanisms);
else
major = gssEapIndicateMechs(minor, mechanisms);
if (GSS_ERROR(major))
goto cleanup;
}
if (cred->expiryTime == 0) {
lifetime = GSS_C_INDEFINITE;
} else {
now = time(NULL);
lifetime = now - cred->expiryTime;
if (lifetime < 0)
lifetime = 0;
}
if (pLifetime != NULL) {
*pLifetime = lifetime;
}
if (lifetime == 0) {
major = GSS_S_CREDENTIALS_EXPIRED;
*minor = GSSEAP_CRED_EXPIRED;
goto cleanup;
}
major = GSS_S_COMPLETE;
*minor = 0;
cleanup:
return major;
}
OM_uint32
gssEapAcquireCred(OM_uint32 *minor,
const gss_name_t desiredName,
OM_uint32 timeReq GSSEAP_UNUSED,
const gss_OID_set desiredMechs,
int credUsage,
gss_cred_id_t *pCred,
gss_OID_set *pActualMechs,
OM_uint32 *timeRec)
{
OM_uint32 major, tmpMinor;
gss_cred_id_t cred;
/* XXX TODO validate with changed set_cred_option API */
*pCred = GSS_C_NO_CREDENTIAL;
major = gssEapAllocCred(minor, &cred);
if (GSS_ERROR(major))
goto cleanup;
switch (credUsage) {
case GSS_C_BOTH:
cred->flags |= CRED_FLAG_INITIATE | CRED_FLAG_ACCEPT;
break;
case GSS_C_INITIATE:
cred->flags |= CRED_FLAG_INITIATE;
break;
case GSS_C_ACCEPT:
cred->flags |= CRED_FLAG_ACCEPT;
break;
default:
major = GSS_S_FAILURE;
*minor = GSSEAP_BAD_USAGE;
goto cleanup;
break;
}
major = gssEapValidateMechs(minor, desiredMechs);
if (GSS_ERROR(major))
goto cleanup;
major = duplicateOidSet(minor, desiredMechs, &cred->mechanisms);
if (GSS_ERROR(major))
goto cleanup;
if (desiredName != GSS_C_NO_NAME) {
GSSEAP_MUTEX_LOCK(&desiredName->mutex);
major = gssEapDuplicateName(minor, desiredName, &cred->name);
if (GSS_ERROR(major)) {
GSSEAP_MUTEX_UNLOCK(&desiredName->mutex);
goto cleanup;
}
GSSEAP_MUTEX_UNLOCK(&desiredName->mutex);
}
#ifdef GSSEAP_ENABLE_ACCEPTOR
if (cred->flags & CRED_FLAG_ACCEPT) {
#ifdef MECH_EAP
struct rs_context *radContext;
major = gssEapCreateRadiusContext(minor, cred, &radContext);
if (GSS_ERROR(major))
goto cleanup;
rs_context_destroy(radContext);
#endif
}
#endif
if (pActualMechs != NULL) {
major = duplicateOidSet(minor, cred->mechanisms, pActualMechs);
if (GSS_ERROR(major))
goto cleanup;
}
if (timeRec != NULL)
*timeRec = GSS_C_INDEFINITE;
*pCred = cred;
major = GSS_S_COMPLETE;
*minor = 0;
cleanup:
if (GSS_ERROR(major))
gssEapReleaseCred(&tmpMinor, &cred);
return major;
}
