Beispiel #1
0
OM_uint32 KRB5_CALLCONV
gss_localname(OM_uint32 *minor,
              const gss_name_t pname,
              gss_const_OID mech_type,
              gss_buffer_t localname)
{
    OM_uint32 major, tmpMinor;
    gss_mechanism mech;
    gss_union_name_t unionName;
    gss_name_t mechName = GSS_C_NO_NAME, mechNameP;
    gss_OID selected_mech = GSS_C_NO_OID;

    if (localname != GSS_C_NO_BUFFER) {
	localname->length = 0;
	localname->value = NULL;
    }

    if (minor == NULL)
        return GSS_S_CALL_INACCESSIBLE_WRITE;

    *minor = 0;

    if (pname == GSS_C_NO_NAME)
        return GSS_S_CALL_INACCESSIBLE_READ;

    if (localname == NULL)
        return GSS_S_CALL_INACCESSIBLE_WRITE;

    unionName = (gss_union_name_t)pname;

    if (mech_type != GSS_C_NO_OID) {
        major = gssint_select_mech_type(minor, mech_type, &selected_mech);
        if (major != GSS_S_COMPLETE)
	    return major;
        mech = gssint_get_mechanism(selected_mech);
    } else
        mech = gssint_get_mechanism(unionName->mech_type);

    if (mech == NULL)
	return GSS_S_UNAVAILABLE;

    /* may need to create a mechanism specific name */
    if (unionName->mech_type == GSS_C_NO_OID ||
        (unionName->mech_type != GSS_C_NO_OID &&
         !g_OID_equal(unionName->mech_type, &mech->mech_type))) {
        major = gssint_import_internal_name(minor, &mech->mech_type,
                                            unionName, &mechName);
        if (GSS_ERROR(major))
            return major;

        mechNameP = mechName;
    } else
        mechNameP = unionName->mech_name;

    major = GSS_S_UNAVAILABLE;

    if (mech->gss_localname != NULL) {
        major = mech->gss_localname(minor, mechNameP, mech_type, localname);
        if (GSS_ERROR(major))
            map_error(minor, mech);
    }

    if (GSS_ERROR(major))
        major = attr_localname(minor, mech, mechNameP, localname);

    if (mechName != GSS_C_NO_NAME)
        gssint_release_internal_name(&tmpMinor, &mech->mech_type, &mechName);

    return major;
}
/* V2 KRB5_CALLCONV */
OM_uint32 KRB5_CALLCONV
gss_add_cred_impersonate_name(OM_uint32 *minor_status,
			      gss_cred_id_t input_cred_handle,
			      const gss_cred_id_t impersonator_cred_handle,
			      const gss_name_t desired_name,
			      const gss_OID desired_mech,
			      gss_cred_usage_t cred_usage,
			      OM_uint32 initiator_time_req,
			      OM_uint32 acceptor_time_req,
			      gss_cred_id_t *output_cred_handle,
			      gss_OID_set *actual_mechs,
			      OM_uint32 *initiator_time_rec,
			      OM_uint32 *acceptor_time_rec)
{
    OM_uint32		status, temp_minor_status;
    OM_uint32		time_req, time_rec;
    gss_union_name_t	union_name;
    gss_union_cred_t	new_union_cred, union_cred;
    gss_cred_id_t	mech_impersonator_cred;
    gss_name_t		internal_name = GSS_C_NO_NAME;
    gss_name_t		allocated_name = GSS_C_NO_NAME;
    gss_mechanism	mech;
    gss_cred_id_t	cred = NULL;
    gss_OID		new_mechs_array = NULL;
    gss_cred_id_t *	new_cred_array = NULL;

    status = val_add_cred_impersonate_name_args(minor_status,
						input_cred_handle,
						impersonator_cred_handle,
						desired_name,
						desired_mech,
						cred_usage,
						initiator_time_req,
						acceptor_time_req,
						output_cred_handle,
						actual_mechs,
						initiator_time_rec,
						acceptor_time_rec);
    if (status != GSS_S_COMPLETE)
	return (status);

    mech = gssint_get_mechanism(desired_mech);
    if (!mech)
	return GSS_S_BAD_MECH;
    else if (!mech->gss_acquire_cred)
	return (GSS_S_UNAVAILABLE);

    if (input_cred_handle == GSS_C_NO_CREDENTIAL) {
	union_cred = malloc(sizeof (gss_union_cred_desc));
	if (union_cred == NULL)
	    return (GSS_S_FAILURE);

	(void) memset(union_cred, 0, sizeof (gss_union_cred_desc));

	/* for default credentials we will use GSS_C_NO_NAME */
	internal_name = GSS_C_NO_NAME;
    } else {
	union_cred = (gss_union_cred_t)input_cred_handle;
	if (gssint_get_mechanism_cred(union_cred, desired_mech) !=
	    GSS_C_NO_CREDENTIAL)
	    return (GSS_S_DUPLICATE_ELEMENT);
    }

    mech_impersonator_cred =
	gssint_get_mechanism_cred((gss_union_cred_t)impersonator_cred_handle,
				  desired_mech);
    if (mech_impersonator_cred == GSS_C_NO_CREDENTIAL)
	return (GSS_S_NO_CRED);

    /* may need to create a mechanism specific name */
    union_name = (gss_union_name_t)desired_name;
    if (union_name->mech_type &&
	g_OID_equal(union_name->mech_type,
		    &mech->mech_type))
	internal_name = union_name->mech_name;
    else {
	if (gssint_import_internal_name(minor_status,
				        &mech->mech_type, union_name,
				        &allocated_name) != GSS_S_COMPLETE)
	    return (GSS_S_BAD_NAME);
	internal_name = allocated_name;
    }

    if (cred_usage == GSS_C_ACCEPT)
	time_req = acceptor_time_req;
    else if (cred_usage == GSS_C_INITIATE)
	time_req = initiator_time_req;
    else if (cred_usage == GSS_C_BOTH)
	time_req = (acceptor_time_req > initiator_time_req) ?
	    acceptor_time_req : initiator_time_req;
    else
	time_req = 0;

    status = mech->gss_acquire_cred_impersonate_name(minor_status,
						     mech_impersonator_cred,
						     internal_name,
						     time_req,
						     GSS_C_NULL_OID_SET,
						     cred_usage,
						     &cred,
						     NULL,
						     &time_rec);
    if (status != GSS_S_COMPLETE) {
	map_error(minor_status, mech);
	goto errout;
    }

    /* may need to set credential auxinfo strucutre */
    if (union_cred->auxinfo.creation_time == 0) {
	union_cred->auxinfo.creation_time = time(NULL);
	union_cred->auxinfo.time_rec = time_rec;
	union_cred->auxinfo.cred_usage = cred_usage;

	/*
	 * we must set the name; if name is not supplied
	 * we must do inquire cred to get it
	 */
	if (internal_name == NULL) {
	    if (mech->gss_inquire_cred == NULL ||
		((status = mech->gss_inquire_cred(
		      &temp_minor_status, cred,
		      &allocated_name, NULL, NULL,
		      NULL)) != GSS_S_COMPLETE))
		goto errout;
	    internal_name = allocated_name;
	}

	if (internal_name != GSS_C_NO_NAME) {
	    status = mech->gss_display_name(&temp_minor_status, internal_name,
					    &union_cred->auxinfo.name,
					    &union_cred->auxinfo.name_type);

	    if (status != GSS_S_COMPLETE)
		goto errout;
	}
    }

    /* now add the new credential elements */
    new_mechs_array = (gss_OID)
	malloc(sizeof (gss_OID_desc) * (union_cred->count+1));

    new_cred_array = (gss_cred_id_t *)
	malloc(sizeof (gss_cred_id_t) * (union_cred->count+1));

    if (!new_mechs_array || !new_cred_array) {
	status = GSS_S_FAILURE;
	goto errout;
    }

    if (acceptor_time_rec)
	if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH)
	    *acceptor_time_rec = time_rec;
    if (initiator_time_rec)
	if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH)
	    *initiator_time_rec = time_rec;

    /*
     * OK, expand the mechanism array and the credential array
     */
    (void) memcpy(new_mechs_array, union_cred->mechs_array,
		  sizeof (gss_OID_desc) * union_cred->count);
    (void) memcpy(new_cred_array, union_cred->cred_array,
		  sizeof (gss_cred_id_t) * union_cred->count);

    new_cred_array[union_cred->count] = cred;
    if ((new_mechs_array[union_cred->count].elements =
	 malloc(mech->mech_type.length)) == NULL)
	goto errout;

    g_OID_copy(&new_mechs_array[union_cred->count],
	       &mech->mech_type);

    if (actual_mechs != NULL) {
	gss_OID_set_desc oids;

	oids.count = union_cred->count + 1;
	oids.elements = new_mechs_array;

	status = generic_gss_copy_oid_set(minor_status, &oids, actual_mechs);
	if (GSS_ERROR(status)) {
	    free(new_mechs_array[union_cred->count].elements);
	    goto errout;
	}
    }

    if (output_cred_handle == NULL) {
	free(union_cred->mechs_array);
	free(union_cred->cred_array);
	new_union_cred = union_cred;
    } else {
	new_union_cred = malloc(sizeof (gss_union_cred_desc));
	if (new_union_cred == NULL) {
	    free(new_mechs_array[union_cred->count].elements);
	    goto errout;
	}
	*new_union_cred = *union_cred;
	*output_cred_handle = (gss_cred_id_t)new_union_cred;
    }

    new_union_cred->mechs_array = new_mechs_array;
    new_union_cred->cred_array = new_cred_array;
    new_union_cred->count++;
    new_union_cred->loopback = new_union_cred;

    /* We're done with the internal name. Free it if we allocated it. */

    if (allocated_name)
	(void) gssint_release_internal_name(&temp_minor_status,
					   &mech->mech_type,
					   &allocated_name);

    return (GSS_S_COMPLETE);

errout:
    if (new_mechs_array)
	free(new_mechs_array);
    if (new_cred_array)
	free(new_cred_array);

    if (cred != NULL && mech->gss_release_cred)
	mech->gss_release_cred(&temp_minor_status, &cred);

    if (allocated_name)
	(void) gssint_release_internal_name(&temp_minor_status,
					   &mech->mech_type,
					   &allocated_name);

    if (input_cred_handle == GSS_C_NO_CREDENTIAL && union_cred) {
	if (union_cred->auxinfo.name.value)
	    free(union_cred->auxinfo.name.value);
	free(union_cred);
    }

    return (status);
}
OM_uint32
gss_pname_to_uid(OM_uint32 *minor,
                 const gss_name_t pname,
                 const gss_OID mech_type,
                 uid_t *uidp)
{
    OM_uint32 major, tmpMinor;
    gss_mechanism mech;
    gss_union_name_t unionName;
    gss_name_t mechName = GSS_C_NO_NAME, mechNameP;

    /*
     * find the appropriate mechanism specific pname_to_uid procedure and
     * call it.
     */
    if (minor == NULL)
        return GSS_S_CALL_INACCESSIBLE_WRITE;

    *minor = 0;

    if (pname == GSS_C_NO_NAME)
        return GSS_S_CALL_INACCESSIBLE_READ;

    if (uidp == NULL)
        return GSS_S_CALL_INACCESSIBLE_WRITE;

    unionName = (gss_union_name_t)pname;

    if (mech_type != GSS_C_NO_OID)
        mech = gssint_get_mechanism(mech_type);
    else
        mech = gssint_get_mechanism(unionName->mech_type);

    if (mech == NULL)
	return GSS_S_UNAVAILABLE;

    /* may need to create a mechanism specific name */
    if (unionName->mech_type == GSS_C_NO_OID ||
        (unionName->mech_type != GSS_C_NO_OID &&
         !g_OID_equal(unionName->mech_type, &mech->mech_type))) {
        major = gssint_import_internal_name(minor, &mech->mech_type,
                                            unionName, &mechName);
        if (GSS_ERROR(major))
            return major;

        mechNameP = mechName;
    } else
        mechNameP = unionName->mech_name;

    major = GSS_S_UNAVAILABLE;

    if (mech->gss_pname_to_uid != NULL) {
        major = mech->gss_pname_to_uid(minor, mechNameP, mech_type, uidp);
        if (GSS_ERROR(major))
            map_error(minor, mech);
    }

    if (GSS_ERROR(major))
        major = attr_pname_to_uid(minor, mech, mechNameP, uidp);

    if (mechName != GSS_C_NO_NAME)
        gssint_release_internal_name(&tmpMinor, &mech->mech_type, &mechName);

    return major;
}