usr/src/uts/common/gssapi/mechs/krb5/mech/val_cred.c

   1 /*
   2  * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
   3  */
   4 /*
   5  * Copyright 1997 by Massachusetts Institute of Technology
   6  * All Rights Reserved.
   7  *
   8  * Export of this software from the United States of America may
   9  *   require a specific license from the United States Government.
  10  *   It is the responsibility of any person or organization contemplating
  11  *   export to obtain such a license before exporting.
  12  *
  13  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  14  * distribute this software and its documentation for any purpose and
  15  * without fee is hereby granted, provided that the above copyright
  16  * notice appear in all copies and that both that copyright notice and
  17  * this permission notice appear in supporting documentation, and that
  18  * the name of M.I.T. not be used in advertising or publicity pertaining
  19  * to distribution of the software without specific, written prior
  20  * permission.  Furthermore if you modify this software you must label
  21  * your software as modified software and not distribute it in such a
  22  * fashion that it might be confused with the original M.I.T. software.
  23  * M.I.T. makes no representations about the suitability of
  24  * this software for any purpose.  It is provided "as is" without express
  25  * or implied warranty.
  26  *
  27  */
  28
  29 #include "gssapiP_krb5.h"
  30
  31 /*
  32  * Check to see whether or not a GSSAPI krb5 credential is valid.  If
  33  * it is not, return an error.
  34  */
  35
  36 OM_uint32
  37 krb5_gss_validate_cred_1(OM_uint32 *minor_status, gss_cred_id_t cred_handle,
  38                          krb5_context context)
  39 {
  40     krb5_gss_cred_id_t cred;
  41     krb5_error_code code;
  42     krb5_principal princ;
  43
  44     if (!kg_validate_cred_id(cred_handle)) {
  45         *minor_status = (OM_uint32) G_VALIDATE_FAILED;
  46         return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_DEFECTIVE_CREDENTIAL);
  47     }
  48
  49     cred = (krb5_gss_cred_id_t) cred_handle;
  50
  51     code = k5_mutex_lock(&cred->lock);
  52     if (code) {
  53         *minor_status = code;
  54         return GSS_S_FAILURE;
  55     }
  56
  57     if (cred->ccache) {
  58         if ((code = krb5_cc_get_principal(context, cred->ccache, &princ))) {
  59             k5_mutex_unlock(&cred->lock);
  60             *minor_status = code;
  61             return(GSS_S_DEFECTIVE_CREDENTIAL);
  62         }
  63         if (!krb5_principal_compare(context, princ, cred->princ)) {
  64             k5_mutex_unlock(&cred->lock);
  65             *minor_status = KG_CCACHE_NOMATCH;
  66             return(GSS_S_DEFECTIVE_CREDENTIAL);
  67         }
  68         (void)krb5_free_principal(context, princ);
  69     }
  70     *minor_status = 0;
  71     return GSS_S_COMPLETE;
  72 }
  73
  74 OM_uint32
  75 krb5_gss_validate_cred(minor_status, cred_handle)
  76      OM_uint32 *minor_status;
  77      gss_cred_id_t cred_handle;
  78 {
  79     krb5_context context;
  80     krb5_error_code code;
  81     OM_uint32 maj;
  82
  83     code = krb5_gss_init_context(&context);
  84     if (code) {
  85         *minor_status = code;
  86         return GSS_S_FAILURE;
  87     }
  88
  89     maj = krb5_gss_validate_cred_1(minor_status, cred_handle, context);
  90     if (maj == 0) {
  91         krb5_gss_cred_id_t cred = (krb5_gss_cred_id_t) cred_handle;
  92         k5_mutex_assert_locked(&cred->lock);
  93         k5_mutex_unlock(&cred->lock);
  94     } else /* Solaris Kerberos - added this else */
  95         save_error_info(*minor_status, context);
  96     krb5_free_context(context);
  97     return maj;
  98 }
  99
 100
 101
 102