OM_uint32 gssEapSetCredService(OM_uint32 *minor, gss_cred_id_t cred, const gss_name_t target) { OM_uint32 major, tmpMinor; gss_name_t newTarget = GSS_C_NO_NAME; if (cred->flags & CRED_FLAG_RESOLVED) { major = GSS_S_FAILURE; *minor = GSSEAP_CRED_RESOLVED; goto cleanup; } if (target != GSS_C_NO_NAME) { major = gssEapDuplicateName(minor, target, &newTarget); if (GSS_ERROR(major)) goto cleanup; cred->flags |= CRED_FLAG_TARGET; } else { cred->flags &= ~(CRED_FLAG_TARGET); } gssEapReleaseName(&tmpMinor, &cred->target); cred->target = newTarget; major = GSS_S_COMPLETE; *minor = 0; cleanup: return major; }
OM_uint32 GSSAPI_CALLCONV gss_inquire_context(OM_uint32 *minor, #ifdef HAVE_HEIMDAL_VERSION gss_const_ctx_id_t ctx, #else gss_ctx_id_t ctx, #endif gss_name_t *src_name, gss_name_t *targ_name, OM_uint32 *lifetime_rec, gss_OID *mech_type, OM_uint32 *ctx_flags, int *locally_initiated, int *open) { OM_uint32 major, tmpMinor; if (ctx == GSS_C_NO_CONTEXT) { *minor = EINVAL; return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT; } GSSEAP_MUTEX_LOCK(&((gss_ctx_id_t)ctx)->mutex); if (src_name != NULL) { if (ctx->initiatorName != GSS_C_NO_NAME) { major = gssEapDuplicateName(minor, ctx->initiatorName, src_name); if (GSS_ERROR(major)) goto cleanup; } else *src_name = GSS_C_NO_NAME; } if (targ_name != NULL) { if (ctx->acceptorName != GSS_C_NO_NAME) { major = gssEapDuplicateName(minor, ctx->acceptorName, targ_name); if (GSS_ERROR(major)) goto cleanup; } else *targ_name = GSS_C_NO_NAME; } if (lifetime_rec != NULL) gssEapContextTime(&tmpMinor, ctx, lifetime_rec); if (mech_type != NULL) { major = gssEapCanonicalizeOid(minor, ctx->mechanismUsed, 0, mech_type); if (GSS_ERROR(major)) goto cleanup; } if (ctx_flags != NULL) { *ctx_flags = ctx->gssFlags; } if (locally_initiated != NULL) { *locally_initiated = CTX_IS_INITIATOR(ctx); } if (open != NULL) { *open = CTX_IS_ESTABLISHED(ctx); } major = GSS_S_COMPLETE; *minor = 0; cleanup: GSSEAP_MUTEX_UNLOCK(&((gss_ctx_id_t)ctx)->mutex); if (GSS_ERROR(major)) { gssEapReleaseName(&tmpMinor, src_name); gssEapReleaseName(&tmpMinor, targ_name); } return major; }
static OM_uint32 gssEapDuplicateCred(OM_uint32 *minor, const gss_cred_id_t src, gss_cred_id_t *pDst) { OM_uint32 major, tmpMinor; gss_cred_id_t dst = GSS_C_NO_CREDENTIAL; *pDst = GSS_C_NO_CREDENTIAL; major = gssEapAllocCred(minor, &dst); if (GSS_ERROR(major)) goto cleanup; dst->flags = src->flags; if (src->name != GSS_C_NO_NAME) { major = gssEapDuplicateName(minor, src->name, &dst->name); if (GSS_ERROR(major)) goto cleanup; } if (src->target != GSS_C_NO_NAME) { major = gssEapDuplicateName(minor, src->target, &dst->target); if (GSS_ERROR(major)) goto cleanup; } if (src->password.value != NULL) { major = duplicateBuffer(minor, &src->password, &dst->password); if (GSS_ERROR(major)) goto cleanup; } #ifndef MECH_EAP if (src->deleg_assertions.value != NULL) { major = duplicateBuffer(minor, &src->deleg_assertions, &dst->deleg_assertions); if (GSS_ERROR(major)) goto cleanup; } #endif major = duplicateOidSet(minor, src->mechanisms, &dst->mechanisms); if (GSS_ERROR(major)) goto cleanup; dst->expiryTime = src->expiryTime; if (src->radiusConfigFile.value != NULL) duplicateBufferOrCleanup(&src->radiusConfigFile, &dst->radiusConfigFile); if (src->radiusConfigStanza.value != NULL) duplicateBufferOrCleanup(&src->radiusConfigStanza, &dst->radiusConfigStanza); if (src->caCertificate.value != NULL) duplicateBufferOrCleanup(&src->caCertificate, &dst->caCertificate); if (src->subjectNameConstraint.value != NULL) duplicateBufferOrCleanup(&src->subjectNameConstraint, &dst->subjectNameConstraint); if (src->subjectAltNameConstraint.value != NULL) duplicateBufferOrCleanup(&src->subjectAltNameConstraint, &dst->subjectAltNameConstraint); *pDst = dst; dst = GSS_C_NO_CREDENTIAL; major = GSS_S_COMPLETE; *minor = 0; cleanup: gssEapReleaseCred(&tmpMinor, &dst); return major; }
OM_uint32 gssEapInquireCred(OM_uint32 *minor, gss_cred_id_t cred, gss_name_t *name, OM_uint32 *pLifetime, gss_cred_usage_t *cred_usage, gss_OID_set *mechanisms) { OM_uint32 major; time_t now, lifetime; if (name != NULL) { major = gssEapResolveCredIdentity(minor, cred); if (GSS_ERROR(major)) goto cleanup; if (cred->name != GSS_C_NO_NAME) { major = gssEapDuplicateName(minor, cred->name, name); if (GSS_ERROR(major)) goto cleanup; } else *name = GSS_C_NO_NAME; } if (cred_usage != NULL) { OM_uint32 flags = (cred->flags & (CRED_FLAG_INITIATE | CRED_FLAG_ACCEPT)); switch (flags) { case CRED_FLAG_INITIATE: *cred_usage = GSS_C_INITIATE; break; case CRED_FLAG_ACCEPT: *cred_usage = GSS_C_ACCEPT; break; default: *cred_usage = GSS_C_BOTH; break; } } if (mechanisms != NULL) { if (cred->mechanisms != GSS_C_NO_OID_SET) major = duplicateOidSet(minor, cred->mechanisms, mechanisms); else major = gssEapIndicateMechs(minor, mechanisms); if (GSS_ERROR(major)) goto cleanup; } if (cred->expiryTime == 0) { lifetime = GSS_C_INDEFINITE; } else { now = time(NULL); lifetime = now - cred->expiryTime; if (lifetime < 0) lifetime = 0; } if (pLifetime != NULL) { *pLifetime = lifetime; } if (lifetime == 0) { major = GSS_S_CREDENTIALS_EXPIRED; *minor = GSSEAP_CRED_EXPIRED; goto cleanup; } major = GSS_S_COMPLETE; *minor = 0; cleanup: return major; }
OM_uint32 gssEapAcquireCred(OM_uint32 *minor, const gss_name_t desiredName, OM_uint32 timeReq GSSEAP_UNUSED, const gss_OID_set desiredMechs, int credUsage, gss_cred_id_t *pCred, gss_OID_set *pActualMechs, OM_uint32 *timeRec) { OM_uint32 major, tmpMinor; gss_cred_id_t cred; /* XXX TODO validate with changed set_cred_option API */ *pCred = GSS_C_NO_CREDENTIAL; major = gssEapAllocCred(minor, &cred); if (GSS_ERROR(major)) goto cleanup; switch (credUsage) { case GSS_C_BOTH: cred->flags |= CRED_FLAG_INITIATE | CRED_FLAG_ACCEPT; break; case GSS_C_INITIATE: cred->flags |= CRED_FLAG_INITIATE; break; case GSS_C_ACCEPT: cred->flags |= CRED_FLAG_ACCEPT; break; default: major = GSS_S_FAILURE; *minor = GSSEAP_BAD_USAGE; goto cleanup; break; } major = gssEapValidateMechs(minor, desiredMechs); if (GSS_ERROR(major)) goto cleanup; major = duplicateOidSet(minor, desiredMechs, &cred->mechanisms); if (GSS_ERROR(major)) goto cleanup; if (desiredName != GSS_C_NO_NAME) { GSSEAP_MUTEX_LOCK(&desiredName->mutex); major = gssEapDuplicateName(minor, desiredName, &cred->name); if (GSS_ERROR(major)) { GSSEAP_MUTEX_UNLOCK(&desiredName->mutex); goto cleanup; } GSSEAP_MUTEX_UNLOCK(&desiredName->mutex); } #ifdef GSSEAP_ENABLE_ACCEPTOR if (cred->flags & CRED_FLAG_ACCEPT) { #ifdef MECH_EAP struct rs_context *radContext; major = gssEapCreateRadiusContext(minor, cred, &radContext); if (GSS_ERROR(major)) goto cleanup; rs_context_destroy(radContext); #endif } #endif if (pActualMechs != NULL) { major = duplicateOidSet(minor, cred->mechanisms, pActualMechs); if (GSS_ERROR(major)) goto cleanup; } if (timeRec != NULL) *timeRec = GSS_C_INDEFINITE; *pCred = cred; major = GSS_S_COMPLETE; *minor = 0; cleanup: if (GSS_ERROR(major)) gssEapReleaseCred(&tmpMinor, &cred); return major; }