1 /* -*- mode: c; indent-tabs-mode: nil -*- */
3 * lib/gssapi/krb5/import_sec_context.c
5 * Copyright 1995,2004,2007,2008 by the Massachusetts Institute of Technology.
8 * Export of this software from the United States of America may
9 * require a specific license from the United States Government.
10 * It is the responsibility of any person or organization contemplating
11 * export to obtain such a license before exporting.
13 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
14 * distribute this software and its documentation for any purpose and
15 * without fee is hereby granted, provided that the above copyright
16 * notice appear in all copies and that both that copyright notice and
17 * this permission notice appear in supporting documentation, and that
18 * the name of M.I.T. not be used in advertising or publicity pertaining
19 * to distribution of the software without specific, written prior
20 * permission. Furthermore if you modify this software you must label
21 * your software as modified software and not distribute it in such a
22 * fashion that it might be confused with the original M.I.T. software.
23 * M.I.T. makes no representations about the suitability of
24 * this software for any purpose. It is provided "as is" without express
25 * or implied warranty.
30 * import_sec_context.c - Internalize the security context.
32 #include "gssapiP_krb5.h"
33 /* for serialization initialization functions */
37 * Fix up the OID of the mechanism so that uses the static version of
38 * the OID if possible.
40 gss_OID krb5_gss_convert_static_mech_oid(oid)
43 const gss_OID_desc *p;
44 OM_uint32 minor_status;
46 for (p = krb5_gss_oid_array; p->length; p++) {
47 if ((oid->length == p->length) &&
48 (memcmp(oid->elements, p->elements, p->length) == 0)) {
49 gss_release_oid(&minor_status, &oid);
57 krb5_gss_ser_init (krb5_context context)
60 static krb5_error_code (KRB5_CALLCONV *const fns[])(krb5_context) = {
61 krb5_ser_context_init, krb5_ser_auth_context_init,
62 krb5_ser_ccache_init, krb5_ser_rcache_init, krb5_ser_keytab_init,
66 for (i = 0; i < sizeof(fns)/sizeof(fns[0]); i++)
67 if ((code = (fns[i])(context)) != 0)
73 krb5_gss_import_sec_context(minor_status, interprocess_token, context_handle)
74 OM_uint32 *minor_status;
75 gss_buffer_t interprocess_token;
76 gss_ctx_id_t *context_handle;
79 krb5_error_code kret = 0;
81 krb5_gss_ctx_id_t ctx;
84 /* This is a bit screwy. We create a krb5 context because we need
85 one when calling the serialization code. However, one of the
86 objects we're unpacking is a krb5 context, so when we finish,
87 we can throw this one away. */
88 kret = krb5_gss_init_context(&context);
93 kret = krb5_gss_ser_init(context);
96 save_error_info(*minor_status, context);
97 krb5_free_context(context);
101 /* Assume a tragic failure */
102 ctx = (krb5_gss_ctx_id_t) NULL;
105 /* Internalize the context */
106 ibp = (krb5_octet *) interprocess_token->value;
107 blen = (size_t) interprocess_token->length;
108 kret = kg_ctx_internalize(context, (krb5_pointer *) &ctx, &ibp, &blen);
109 krb5_free_context(context);
111 *minor_status = (OM_uint32) kret;
112 save_error_info(*minor_status, context);
113 return(GSS_S_FAILURE);
116 /* intern the context handle */
117 if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) {
118 (void)krb5_gss_delete_sec_context(minor_status,
119 (gss_ctx_id_t *) &ctx, NULL);
120 *minor_status = (OM_uint32) G_VALIDATE_FAILED;
121 return(GSS_S_FAILURE);
123 ctx->mech_used = krb5_gss_convert_static_mech_oid(ctx->mech_used);
125 *context_handle = (gss_ctx_id_t) ctx;
128 return (GSS_S_COMPLETE);