crypto/external/bsd/heimdal/dist/lib/gssapi/ntlm/creds.c

   1 /*      $NetBSD: creds.c,v 1.2 2014/05/12 15:27:36 christos Exp $       */
   2
   3 /*
   4  * Copyright (c) 2006 Kungliga Tekniska Högskolan
   5  * (Royal Institute of Technology, Stockholm, Sweden).
   6  * All rights reserved.
   7  *
   8  * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
   9  *
  10  * Redistribution and use in source and binary forms, with or without
  11  * modification, are permitted provided that the following conditions
  12  * are met:
  13  *
  14  * 1. Redistributions of source code must retain the above copyright
  15  *    notice, this list of conditions and the following disclaimer.
  16  *
  17  * 2. Redistributions in binary form must reproduce the above copyright
  18  *    notice, this list of conditions and the following disclaimer in the
  19  *    documentation and/or other materials provided with the distribution.
  20  *
  21  * 3. Neither the name of the Institute nor the names of its contributors
  22  *    may be used to endorse or promote products derived from this software
  23  *    without specific prior written permission.
  24  *
  25  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  26  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  27  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  28  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  29  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  30  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  31  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  32  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  33  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  34  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  35  * SUCH DAMAGE.
  36  */
  37
  38 #include "ntlm.h"
  39
  40 OM_uint32 GSSAPI_CALLCONV
  41 _gss_ntlm_inquire_cred
  42            (OM_uint32 * minor_status,
  43             const gss_cred_id_t cred_handle,
  44             gss_name_t * name,
  45             OM_uint32 * lifetime,
  46             gss_cred_usage_t * cred_usage,
  47             gss_OID_set * mechanisms
  48            )
  49 {
  50     OM_uint32 ret, junk;
  51
  52     *minor_status = 0;
  53
  54     if (cred_handle == NULL)
  55         return GSS_S_NO_CRED;
  56
  57     if (name) {
  58         ntlm_name n = calloc(1, sizeof(*n));
  59         ntlm_cred c = (ntlm_cred)cred_handle;
  60         if (n) {
  61             n->user = strdup(c->username);
  62             n->domain = strdup(c->domain);
  63         }
  64         if (n == NULL || n->user == NULL || n->domain == NULL) {
  65             if (n) {
  66                 free(n->user);
  67                 free(n->domain);
  68                 free(n);
  69             }
  70             *minor_status = ENOMEM;
  71             return GSS_S_FAILURE;
  72         }
  73         *name = (gss_name_t)n;
  74     }
  75     if (lifetime)
  76         *lifetime = GSS_C_INDEFINITE;
  77     if (cred_usage)
  78         *cred_usage = 0;
  79     if (mechanisms)
  80         *mechanisms = GSS_C_NO_OID_SET;
  81
  82     if (cred_handle == GSS_C_NO_CREDENTIAL)
  83         return GSS_S_NO_CRED;
  84
  85     if (mechanisms) {
  86         ret = gss_create_empty_oid_set(minor_status, mechanisms);
  87         if (ret)
  88             goto out;
  89         ret = gss_add_oid_set_member(minor_status,
  90                                      GSS_NTLM_MECHANISM,
  91                                      mechanisms);
  92         if (ret)
  93             goto out;
  94     }
  95
  96     return GSS_S_COMPLETE;
  97 out:
  98     gss_release_oid_set(&junk, mechanisms);
  99     return ret;
 100 }
 101
 102 #ifdef HAVE_KCM
 103 static OM_uint32
 104 _gss_ntlm_destroy_kcm_cred(gss_cred_id_t *cred_handle)
 105 {
 106     krb5_storage *request, *response;
 107     krb5_data response_data;
 108     krb5_context context;
 109     krb5_error_code ret;
 110     ntlm_cred cred;
 111
 112     cred = (ntlm_cred)*cred_handle;
 113
 114     ret = krb5_init_context(&context);
 115     if (ret)
 116         return ret;
 117
 118     ret = krb5_kcm_storage_request(context, KCM_OP_DEL_NTLM_CRED, &request);
 119     if (ret)
 120         goto out;
 121
 122     ret = krb5_store_stringz(request, cred->username);
 123     if (ret)
 124         goto out;
 125
 126     ret = krb5_store_stringz(request, cred->domain);
 127     if (ret)
 128         goto out;
 129
 130     ret = krb5_kcm_call(context, request, &response, &response_data);
 131     if (ret)
 132         goto out;
 133
 134     krb5_storage_free(request);
 135     krb5_storage_free(response);
 136     krb5_data_free(&response_data);
 137
 138  out:
 139     krb5_free_context(context);
 140
 141     return ret;
 142 }
 143 #endif /* HAVE_KCM */
 144
 145 OM_uint32 GSSAPI_CALLCONV
 146 _gss_ntlm_destroy_cred(OM_uint32 *minor_status,
 147                        gss_cred_id_t *cred_handle)
 148 {
 149 #ifdef HAVE_KCM
 150     krb5_error_code ret;
 151 #endif
 152
 153     if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL)
 154         return GSS_S_COMPLETE;
 155
 156 #ifdef HAVE_KCM
 157     ret = _gss_ntlm_destroy_kcm_cred(cred_handle);
 158     if (ret) {
 159         *minor_status = ret;
 160         return GSS_S_FAILURE;
 161     }
 162 #endif
 163
 164     return _gss_ntlm_release_cred(minor_status, cred_handle);
 165 }