crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/store_cred.c

   1 /*      $NetBSD: store_cred.c,v 1.1.1.2 2014/04/24 12:45:29 pettai Exp $        */
   2
   3 /*
   4  * Copyright (c) 2003 Kungliga Tekniska Högskolan
   5  * (Royal Institute of Technology, Stockholm, Sweden).
   6  * All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted provided that the following conditions
  10  * are met:
  11  *
  12  * 1. Redistributions of source code must retain the above copyright
  13  *    notice, this list of conditions and the following disclaimer.
  14  *
  15  * 2. Redistributions in binary form must reproduce the above copyright
  16  *    notice, this list of conditions and the following disclaimer in the
  17  *    documentation and/or other materials provided with the distribution.
  18  *
  19  * 3. Neither the name of the Institute nor the names of its contributors
  20  *    may be used to endorse or promote products derived from this software
  21  *    without specific prior written permission.
  22  *
  23  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  24  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  25  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  26  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  27  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  28  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  29  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  30  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  31  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  32  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  33  * SUCH DAMAGE.
  34  */
  35
  36 #include "gsskrb5_locl.h"
  37
  38 OM_uint32 GSSAPI_CALLCONV
  39 _gsskrb5_store_cred(OM_uint32         *minor_status,
  40                     gss_cred_id_t     input_cred_handle,
  41                     gss_cred_usage_t  cred_usage,
  42                     const gss_OID     desired_mech,
  43                     OM_uint32         overwrite_cred,
  44                     OM_uint32         default_cred,
  45                     gss_OID_set       *elements_stored,
  46                     gss_cred_usage_t  *cred_usage_stored)
  47 {
  48     krb5_context context;
  49     krb5_error_code ret;
  50     gsskrb5_cred cred;
  51     krb5_ccache id;
  52     int destroy = 0;
  53
  54     *minor_status = 0;
  55
  56     if (cred_usage != GSS_C_INITIATE) {
  57         *minor_status = GSS_KRB5_S_G_BAD_USAGE;
  58         return GSS_S_FAILURE;
  59     }
  60
  61     if (gss_oid_equal(desired_mech, GSS_KRB5_MECHANISM) == 0)
  62         return GSS_S_BAD_MECH;
  63
  64     cred = (gsskrb5_cred)input_cred_handle;
  65     if (cred == NULL)
  66         return GSS_S_NO_CRED;
  67
  68     GSSAPI_KRB5_INIT (&context);
  69
  70     HEIMDAL_MUTEX_lock(&cred->cred_id_mutex);
  71     if (cred->usage != cred_usage && cred->usage != GSS_C_BOTH) {
  72         HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
  73         *minor_status = GSS_KRB5_S_G_BAD_USAGE;
  74         return(GSS_S_FAILURE);
  75     }
  76
  77     if (cred->principal == NULL) {
  78         HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
  79         *minor_status = GSS_KRB5_S_KG_TGT_MISSING;
  80         return(GSS_S_FAILURE);
  81     }
  82
  83     /* write out cred to credential cache */
  84
  85     ret = krb5_cc_cache_match(context, cred->principal, &id);
  86     if (ret) {
  87         ret = krb5_cc_new_unique(context, NULL, NULL, &id);
  88         if (ret) {
  89             HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
  90             *minor_status = ret;
  91             return(GSS_S_FAILURE);
  92         }
  93         destroy = 1;
  94     }
  95
  96     ret = krb5_cc_initialize(context, id, cred->principal);
  97     if (ret == 0)
  98         ret = krb5_cc_copy_match_f(context, cred->ccache, id, NULL, NULL, NULL);
  99     if (ret) {
 100         if (destroy)
 101             krb5_cc_destroy(context, id);
 102         else
 103             krb5_cc_close(context, id);
 104         HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
 105         *minor_status = ret;
 106         return(GSS_S_FAILURE);
 107     }
 108
 109     if (default_cred)
 110         krb5_cc_switch(context, id);
 111
 112     krb5_cc_close(context, id);
 113
 114     HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
 115
 116     *minor_status = 0;
 117     return GSS_S_COMPLETE;
 118 }