OM_uint32 KRB5_CALLCONV
gss_localname(OM_uint32 *minor,
const gss_name_t pname,
gss_const_OID mech_type,
gss_buffer_t localname)
{
OM_uint32 major, tmpMinor;
gss_mechanism mech;
gss_union_name_t unionName;
gss_name_t mechName = GSS_C_NO_NAME, mechNameP;
gss_OID selected_mech = GSS_C_NO_OID;
if (localname != GSS_C_NO_BUFFER) {
localname->length = 0;
localname->value = NULL;
}
if (minor == NULL)
return GSS_S_CALL_INACCESSIBLE_WRITE;
*minor = 0;
if (pname == GSS_C_NO_NAME)
return GSS_S_CALL_INACCESSIBLE_READ;
if (localname == NULL)
return GSS_S_CALL_INACCESSIBLE_WRITE;
unionName = (gss_union_name_t)pname;
if (mech_type != GSS_C_NO_OID) {
major = gssint_select_mech_type(minor, mech_type, &selected_mech);
if (major != GSS_S_COMPLETE)
return major;
mech = gssint_get_mechanism(selected_mech);
} else
mech = gssint_get_mechanism(unionName->mech_type);
if (mech == NULL)
return GSS_S_UNAVAILABLE;
/* may need to create a mechanism specific name */
if (unionName->mech_type == GSS_C_NO_OID ||
(unionName->mech_type != GSS_C_NO_OID &&
!g_OID_equal(unionName->mech_type, &mech->mech_type))) {
major = gssint_import_internal_name(minor, &mech->mech_type,
unionName, &mechName);
if (GSS_ERROR(major))
return major;
mechNameP = mechName;
} else
mechNameP = unionName->mech_name;
major = GSS_S_UNAVAILABLE;
if (mech->gss_localname != NULL) {
major = mech->gss_localname(minor, mechNameP, mech_type, localname);
if (GSS_ERROR(major))
map_error(minor, mech);
}
if (GSS_ERROR(major))
major = attr_localname(minor, mech, mechNameP, localname);
if (mechName != GSS_C_NO_NAME)
gssint_release_internal_name(&tmpMinor, &mech->mech_type, &mechName);
return major;
}
/* V2 KRB5_CALLCONV */
OM_uint32 KRB5_CALLCONV
gss_add_cred_impersonate_name(OM_uint32 *minor_status,
gss_cred_id_t input_cred_handle,
const gss_cred_id_t impersonator_cred_handle,
const gss_name_t desired_name,
const gss_OID desired_mech,
gss_cred_usage_t cred_usage,
OM_uint32 initiator_time_req,
OM_uint32 acceptor_time_req,
gss_cred_id_t *output_cred_handle,
gss_OID_set *actual_mechs,
OM_uint32 *initiator_time_rec,
OM_uint32 *acceptor_time_rec)
{
OM_uint32 status, temp_minor_status;
OM_uint32 time_req, time_rec;
gss_union_name_t union_name;
gss_union_cred_t new_union_cred, union_cred;
gss_cred_id_t mech_impersonator_cred;
gss_name_t internal_name = GSS_C_NO_NAME;
gss_name_t allocated_name = GSS_C_NO_NAME;
gss_mechanism mech;
gss_cred_id_t cred = NULL;
gss_OID new_mechs_array = NULL;
gss_cred_id_t * new_cred_array = NULL;
status = val_add_cred_impersonate_name_args(minor_status,
input_cred_handle,
impersonator_cred_handle,
desired_name,
desired_mech,
cred_usage,
initiator_time_req,
acceptor_time_req,
output_cred_handle,
actual_mechs,
initiator_time_rec,
acceptor_time_rec);
if (status != GSS_S_COMPLETE)
return (status);
mech = gssint_get_mechanism(desired_mech);
if (!mech)
return GSS_S_BAD_MECH;
else if (!mech->gss_acquire_cred)
return (GSS_S_UNAVAILABLE);
if (input_cred_handle == GSS_C_NO_CREDENTIAL) {
union_cred = malloc(sizeof (gss_union_cred_desc));
if (union_cred == NULL)
return (GSS_S_FAILURE);
(void) memset(union_cred, 0, sizeof (gss_union_cred_desc));
/* for default credentials we will use GSS_C_NO_NAME */
internal_name = GSS_C_NO_NAME;
} else {
union_cred = (gss_union_cred_t)input_cred_handle;
if (gssint_get_mechanism_cred(union_cred, desired_mech) !=
GSS_C_NO_CREDENTIAL)
return (GSS_S_DUPLICATE_ELEMENT);
}
mech_impersonator_cred =
gssint_get_mechanism_cred((gss_union_cred_t)impersonator_cred_handle,
desired_mech);
if (mech_impersonator_cred == GSS_C_NO_CREDENTIAL)
return (GSS_S_NO_CRED);
/* may need to create a mechanism specific name */
union_name = (gss_union_name_t)desired_name;
if (union_name->mech_type &&
g_OID_equal(union_name->mech_type,
&mech->mech_type))
internal_name = union_name->mech_name;
else {
if (gssint_import_internal_name(minor_status,
&mech->mech_type, union_name,
&allocated_name) != GSS_S_COMPLETE)
return (GSS_S_BAD_NAME);
internal_name = allocated_name;
}
if (cred_usage == GSS_C_ACCEPT)
time_req = acceptor_time_req;
else if (cred_usage == GSS_C_INITIATE)
time_req = initiator_time_req;
else if (cred_usage == GSS_C_BOTH)
time_req = (acceptor_time_req > initiator_time_req) ?
acceptor_time_req : initiator_time_req;
else
time_req = 0;
status = mech->gss_acquire_cred_impersonate_name(minor_status,
mech_impersonator_cred,
internal_name,
time_req,
GSS_C_NULL_OID_SET,
cred_usage,
&cred,
NULL,
&time_rec);
if (status != GSS_S_COMPLETE) {
map_error(minor_status, mech);
goto errout;
}
/* may need to set credential auxinfo strucutre */
if (union_cred->auxinfo.creation_time == 0) {
union_cred->auxinfo.creation_time = time(NULL);
union_cred->auxinfo.time_rec = time_rec;
union_cred->auxinfo.cred_usage = cred_usage;
/*
* we must set the name; if name is not supplied
* we must do inquire cred to get it
*/
if (internal_name == NULL) {
if (mech->gss_inquire_cred == NULL ||
((status = mech->gss_inquire_cred(
&temp_minor_status, cred,
&allocated_name, NULL, NULL,
NULL)) != GSS_S_COMPLETE))
goto errout;
internal_name = allocated_name;
}
if (internal_name != GSS_C_NO_NAME) {
status = mech->gss_display_name(&temp_minor_status, internal_name,
&union_cred->auxinfo.name,
&union_cred->auxinfo.name_type);
if (status != GSS_S_COMPLETE)
goto errout;
}
}
/* now add the new credential elements */
new_mechs_array = (gss_OID)
malloc(sizeof (gss_OID_desc) * (union_cred->count+1));
new_cred_array = (gss_cred_id_t *)
malloc(sizeof (gss_cred_id_t) * (union_cred->count+1));
if (!new_mechs_array || !new_cred_array) {
status = GSS_S_FAILURE;
goto errout;
}
if (acceptor_time_rec)
if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH)
*acceptor_time_rec = time_rec;
if (initiator_time_rec)
if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH)
*initiator_time_rec = time_rec;
/*
* OK, expand the mechanism array and the credential array
*/
(void) memcpy(new_mechs_array, union_cred->mechs_array,
sizeof (gss_OID_desc) * union_cred->count);
(void) memcpy(new_cred_array, union_cred->cred_array,
sizeof (gss_cred_id_t) * union_cred->count);
new_cred_array[union_cred->count] = cred;
if ((new_mechs_array[union_cred->count].elements =
malloc(mech->mech_type.length)) == NULL)
goto errout;
g_OID_copy(&new_mechs_array[union_cred->count],
&mech->mech_type);
if (actual_mechs != NULL) {
gss_OID_set_desc oids;
oids.count = union_cred->count + 1;
oids.elements = new_mechs_array;
status = generic_gss_copy_oid_set(minor_status, &oids, actual_mechs);
if (GSS_ERROR(status)) {
free(new_mechs_array[union_cred->count].elements);
goto errout;
}
}
if (output_cred_handle == NULL) {
free(union_cred->mechs_array);
free(union_cred->cred_array);
new_union_cred = union_cred;
} else {
new_union_cred = malloc(sizeof (gss_union_cred_desc));
if (new_union_cred == NULL) {
free(new_mechs_array[union_cred->count].elements);
goto errout;
}
*new_union_cred = *union_cred;
*output_cred_handle = (gss_cred_id_t)new_union_cred;
}
new_union_cred->mechs_array = new_mechs_array;
new_union_cred->cred_array = new_cred_array;
new_union_cred->count++;
new_union_cred->loopback = new_union_cred;
/* We're done with the internal name. Free it if we allocated it. */
if (allocated_name)
(void) gssint_release_internal_name(&temp_minor_status,
&mech->mech_type,
&allocated_name);
return (GSS_S_COMPLETE);
errout:
if (new_mechs_array)
free(new_mechs_array);
if (new_cred_array)
free(new_cred_array);
if (cred != NULL && mech->gss_release_cred)
mech->gss_release_cred(&temp_minor_status, &cred);
if (allocated_name)
(void) gssint_release_internal_name(&temp_minor_status,
&mech->mech_type,
&allocated_name);
if (input_cred_handle == GSS_C_NO_CREDENTIAL && union_cred) {
if (union_cred->auxinfo.name.value)
free(union_cred->auxinfo.name.value);
free(union_cred);
}
return (status);
}
OM_uint32
gss_pname_to_uid(OM_uint32 *minor,
const gss_name_t pname,
const gss_OID mech_type,
uid_t *uidp)
{
OM_uint32 major, tmpMinor;
gss_mechanism mech;
gss_union_name_t unionName;
gss_name_t mechName = GSS_C_NO_NAME, mechNameP;
/*
* find the appropriate mechanism specific pname_to_uid procedure and
* call it.
*/
if (minor == NULL)
return GSS_S_CALL_INACCESSIBLE_WRITE;
*minor = 0;
if (pname == GSS_C_NO_NAME)
return GSS_S_CALL_INACCESSIBLE_READ;
if (uidp == NULL)
return GSS_S_CALL_INACCESSIBLE_WRITE;
unionName = (gss_union_name_t)pname;
if (mech_type != GSS_C_NO_OID)
mech = gssint_get_mechanism(mech_type);
else
mech = gssint_get_mechanism(unionName->mech_type);
if (mech == NULL)
return GSS_S_UNAVAILABLE;
/* may need to create a mechanism specific name */
if (unionName->mech_type == GSS_C_NO_OID ||
(unionName->mech_type != GSS_C_NO_OID &&
!g_OID_equal(unionName->mech_type, &mech->mech_type))) {
major = gssint_import_internal_name(minor, &mech->mech_type,
unionName, &mechName);
if (GSS_ERROR(major))
return major;
mechNameP = mechName;
} else
mechNameP = unionName->mech_name;
major = GSS_S_UNAVAILABLE;
if (mech->gss_pname_to_uid != NULL) {
major = mech->gss_pname_to_uid(minor, mechNameP, mech_type, uidp);
if (GSS_ERROR(major))
map_error(minor, mech);
}
if (GSS_ERROR(major))
major = attr_pname_to_uid(minor, mech, mechNameP, uidp);
if (mechName != GSS_C_NO_NAME)
gssint_release_internal_name(&tmpMinor, &mech->mech_type, &mechName);
return major;
}