goto error_out;
}
- d_u_cred->auxinfo.creation_time = time(0);
- d_u_cred->auxinfo.time_rec = 0;
d_u_cred->loopback = d_u_cred;
-
- internal_name = GSS_C_NO_NAME;
-
- if (mech->gss_inquire_cred) {
- status = mech->gss_inquire_cred(minor_status,
- tmp_d_cred,
- &internal_name,
- &d_u_cred->auxinfo.time_rec,
- &d_u_cred->auxinfo.cred_usage,
- NULL);
- if (status != GSS_S_COMPLETE)
- map_error(minor_status, mech);
- }
-
- if (internal_name != GSS_C_NO_NAME) {
- /* consumes internal_name regardless of success */
- temp_status = gssint_convert_name_to_union_name(
- &temp_minor_status, mech,
- internal_name, &tmp_src_name);
- if (temp_status != GSS_S_COMPLETE) {
- *minor_status = temp_minor_status;
- map_error(minor_status, mech);
- if (output_token->length)
- (void) gss_release_buffer(
- &temp_minor_status,
- output_token);
- (void) gss_release_oid(&temp_minor_status,
- &actual_mech);
- free(d_u_cred->cred_array);
- free(d_u_cred);
- return (temp_status);
- }
-
- if (tmp_src_name != GSS_C_NO_NAME) {
- status = gss_display_name(
- &temp_minor_status,
- tmp_src_name,
- &d_u_cred->auxinfo.name,
- &d_u_cred->auxinfo.name_type);
- (void) gss_release_name(&temp_minor_status,
- &tmp_src_name);
- }
- }
-
*d_cred = (gss_cred_id_t)d_u_cred;
}
}
goto errout;
}
- /* may need to set credential auxinfo strucutre */
- if (union_cred->auxinfo.creation_time == 0) {
- union_cred->auxinfo.creation_time = time(NULL);
- union_cred->auxinfo.time_rec = time_rec;
- union_cred->auxinfo.cred_usage = cred_usage;
-
- /*
- * we must set the name; if name is not supplied
- * we must do inquire cred to get it
- */
- if (internal_name == NULL) {
- if (mech->gss_inquire_cred == NULL ||
- ((status = mech->gss_inquire_cred(
- &temp_minor_status, cred,
- &allocated_name, NULL, NULL,
- NULL)) != GSS_S_COMPLETE))
- goto errout;
- internal_name = allocated_name;
- }
-
- if (internal_name != GSS_C_NO_NAME) {
- status = mech->gss_display_name(&temp_minor_status, internal_name,
- &union_cred->auxinfo.name,
- &union_cred->auxinfo.name_type);
-
- if (status != GSS_S_COMPLETE)
- goto errout;
- }
- }
-
/* now add the new credential elements */
new_mechs_array = (gss_OID)
malloc(sizeof (gss_OID_desc) * (union_cred->count+1));
&mech->mech_type,
&allocated_name);
- if (input_cred_handle == GSS_C_NO_CREDENTIAL && union_cred) {
- if (union_cred->auxinfo.name.value)
- free(union_cred->auxinfo.name.value);
+ if (input_cred_handle == GSS_C_NO_CREDENTIAL && union_cred)
free(union_cred);
- }
return (status);
}
goto errout;
}
- /* may need to set credential auxinfo strucutre */
- if (union_cred->auxinfo.creation_time == 0) {
- union_cred->auxinfo.creation_time = time(NULL);
- union_cred->auxinfo.time_rec = time_rec;
- union_cred->auxinfo.cred_usage = cred_usage;
-
- /*
- * we must set the name; if name is not supplied
- * we must do inquire cred to get it
- */
- if (internal_name == NULL) {
- if (mech->gss_inquire_cred == NULL ||
- ((status = mech->gss_inquire_cred(
- &temp_minor_status, cred,
- &allocated_name, NULL, NULL,
- NULL)) != GSS_S_COMPLETE))
- goto errout;
- internal_name = allocated_name;
- }
-
- if (internal_name != GSS_C_NO_NAME) {
- status = mech->gss_display_name(&temp_minor_status, internal_name,
- &union_cred->auxinfo.name,
- &union_cred->auxinfo.name_type);
-
- if (status != GSS_S_COMPLETE)
- goto errout;
- }
- }
-
/* now add the new credential elements */
new_mechs_array = (gss_OID)
malloc(sizeof (gss_OID_desc) * (union_cred->count+1));
&mech->mech_type,
&allocated_name);
- if (input_cred_handle == GSS_C_NO_CREDENTIAL && union_cred) {
- if (union_cred->auxinfo.name.value)
- free(union_cred->auxinfo.name.value);
+ if (input_cred_handle == GSS_C_NO_CREDENTIAL && union_cred)
free(union_cred);
- }
return (status);
}
goto errout;
}
- /* may need to set credential auxinfo strucutre */
- if (union_cred->auxinfo.creation_time == 0) {
- union_cred->auxinfo.creation_time = time(NULL);
- union_cred->auxinfo.time_rec = time_rec;
- union_cred->auxinfo.cred_usage = cred_usage;
-
- status = mech->gss_display_name(&temp_minor_status, internal_name,
- &union_cred->auxinfo.name,
- &union_cred->auxinfo.name_type);
- if (status != GSS_S_COMPLETE)
- goto errout;
- }
-
/* now add the new credential elements */
new_mechs_array = (gss_OID)
malloc(sizeof (gss_OID_desc) * (union_cred->count+1));
&mech->mech_type,
&allocated_name);
- if (input_cred_handle == GSS_C_NO_CREDENTIAL && union_cred) {
- if (union_cred->auxinfo.name.value)
- free(union_cred->auxinfo.name.value);
+ if (input_cred_handle == GSS_C_NO_CREDENTIAL && union_cred)
free(union_cred);
- }
return (status);
}
gss_OID_set * mechanisms;
{
- OM_uint32 status, elapsed_time, temp_minor_status;
- gss_cred_id_t defcred = GSS_C_NO_CREDENTIAL;
+ OM_uint32 status, temp_minor_status;
gss_union_cred_t union_cred;
+ gss_mechanism mech;
+ gss_cred_id_t mech_cred;
+ gss_name_t mech_name;
int i;
+ gss_OID_set mechs = NULL;
/* Initialize outputs. */
if (minor_status == NULL)
return (GSS_S_CALL_INACCESSIBLE_WRITE);
- if (cred_handle == GSS_C_NO_CREDENTIAL) {
- /* Acquire a default initiator credential to query. */
- status = gss_acquire_cred(minor_status, GSS_C_NO_NAME,
- GSS_C_INDEFINITE, GSS_C_NULL_OID_SET,
- GSS_C_INITIATE, &defcred, NULL, NULL);
- if (status != GSS_S_COMPLETE)
- return (status);
-
- cred_handle = defcred;
- }
-
- /* get the cred_handle cast as a union_credentials structure */
-
- union_cred = (gss_union_cred_t) cred_handle;
-
/*
- * get the information out of the union_cred structure that was
- * placed there during gss_acquire_cred.
+ * XXX We should iterate over all mechanisms in the credential and
+ * aggregate the results. This requires a union name structure containing
+ * multiple mechanism names, which we don't currently have. For now,
+ * inquire the first mechanism in the credential; this is consistent with
+ * our historical behavior.
*/
- if(cred_usage != NULL)
- *cred_usage = union_cred->auxinfo.cred_usage;
-
- if(lifetime != NULL) {
- elapsed_time = time(0) - union_cred->auxinfo.creation_time;
- *lifetime = union_cred->auxinfo.time_rec < elapsed_time ? 0 :
- union_cred->auxinfo.time_rec - elapsed_time;
+ /* Determine mechanism and mechanism credential. */
+ if (cred_handle != GSS_C_NO_CREDENTIAL) {
+ union_cred = (gss_union_cred_t) cred_handle;
+ if (union_cred->count <= 0)
+ return (GSS_S_DEFECTIVE_CREDENTIAL);
+ mech_cred = union_cred->cred_array[0];
+ mech = gssint_get_mechanism(&union_cred->mechs_array[0]);
+ } else {
+ union_cred = NULL;
+ mech_cred = GSS_C_NO_CREDENTIAL;
+ mech = gssint_get_mechanism(GSS_C_NULL_OID);
}
+ if (mech == NULL)
+ return (GSS_S_DEFECTIVE_CREDENTIAL);
+ if (!mech->gss_inquire_cred)
+ return (GSS_S_UNAVAILABLE);
- /*
- * if name is non_null,
- * call gss_import_name(), giving it the printable name held within
- * union_cred in order to get an internal name to pass back to the
- * caller. If this call fails, return failure to our caller.
- */
+ status = mech->gss_inquire_cred(minor_status, mech_cred,
+ name ? &mech_name : NULL,
+ lifetime, cred_usage, NULL);
+ if (status != GSS_S_COMPLETE) {
+ map_error(minor_status, mech);
+ return(status);
+ }
- if(name != NULL) {
- if (union_cred->auxinfo.name.length == 0) {
- *name = GSS_C_NO_NAME;
- } else if ((gss_import_name(&temp_minor_status,
- &union_cred->auxinfo.name,
- union_cred->auxinfo.name_type,
- name) != GSS_S_COMPLETE) ||
- (gss_canonicalize_name(minor_status, *name,
- &union_cred->mechs_array[0],
- NULL) != GSS_S_COMPLETE)) {
- status = GSS_S_DEFECTIVE_CREDENTIAL;
- goto error;
+ if (name) {
+ /* Convert mech_name into a union_name equivalent. */
+ status = gssint_convert_name_to_union_name(&temp_minor_status,
+ mech, mech_name, name);
+ if (status != GSS_S_COMPLETE) {
+ *minor_status = temp_minor_status;
+ map_error(minor_status, mech);
+ return (status);
}
}
if(mechanisms != NULL) {
status = GSS_S_FAILURE;
- *mechanisms = (gss_OID_set) malloc(sizeof(gss_OID_set_desc));
- if (*mechanisms == NULL)
+ mechs = (gss_OID_set) malloc(sizeof(gss_OID_set_desc));
+ if (mechs == NULL)
goto error;
-
- (*mechanisms)->count = 0;
- (*mechanisms)->elements =
- (gss_OID) malloc(sizeof(gss_OID_desc) *
- union_cred->count);
-
- if ((*mechanisms)->elements == NULL) {
- free(*mechanisms);
- *mechanisms = NULL;
+ mechs->count = 0;
+ mechs->elements = malloc(sizeof(gss_OID_desc) *
+ (union_cred ? union_cred->count : 1));
+ if (mechs->elements == NULL)
goto error;
- }
- for(i=0; i < union_cred->count; i++) {
- (*mechanisms)->elements[i].elements = (void *)
- malloc(union_cred->mechs_array[i].length);
- if ((*mechanisms)->elements[i].elements == NULL)
- goto error;
- g_OID_copy(&(*mechanisms)->elements[i],
- &union_cred->mechs_array[i]);
- (*mechanisms)->count++;
+ if (union_cred) {
+ for (i = 0; i < union_cred->count; i++) {
+ mechs->elements[i].elements =
+ malloc(union_cred->mechs_array[i].length);
+ if (mechs->elements[i].elements == NULL)
+ goto error;
+ g_OID_copy(&mechs->elements[i], &union_cred->mechs_array[i]);
+ mechs->count++;
+ }
+ } else {
+ mechs->elements[0].elements = malloc(mech->mech_type.length);
+ g_OID_copy(&mechs->elements[0], &mech->mech_type);
+ mechs->count++;
}
+ *mechanisms = mechs;
}
- if (defcred)
- (void) gss_release_cred(&temp_minor_status, &defcred);
return(GSS_S_COMPLETE);
error:
* count always references the currently copied number of
* elements.
*/
- if (mechanisms && *mechanisms != NULL)
- (void) gss_release_oid_set(&temp_minor_status, mechanisms);
+ if (mechs != NULL)
+ (void) gss_release_oid_set(&temp_minor_status, &mechs);
if (name && *name != NULL)
(void) gss_release_name(&temp_minor_status, name);
- if (defcred)
- (void) gss_release_cred(&temp_minor_status, &defcred);
-
return (status);
}
status = GSS_S_DEFECTIVE_CREDENTIAL;
}
- gss_release_buffer(minor_status, &union_cred->auxinfo.name);
free(union_cred->cred_array);
free(union_cred->mechs_array);
free(union_cred);
OM_uint32 status;
OM_uint32 temp_minor_status;
gss_union_cred_t cred = NULL;
- gss_name_t mech_name = GSS_C_NO_NAME;
*pcred = NULL;
- if (mech->gss_inquire_cred == NULL) {
- status = GSS_S_BAD_MECH;
- goto cleanup;
- }
-
status = GSS_S_FAILURE;
cred = calloc(1, sizeof(*cred));
if (status != GSS_S_COMPLETE)
goto cleanup;
- cred->auxinfo.creation_time = (OM_uint32)time(NULL);
-
- status = mech->gss_inquire_cred(minor_status,
- mech_cred,
- &mech_name,
- &cred->auxinfo.time_rec,
- &cred->auxinfo.cred_usage,
- NULL);
- if (status != GSS_S_COMPLETE)
- goto cleanup;
-
- if (mech_name != GSS_C_NO_NAME) {
- status = mech->gss_display_name(minor_status,
- mech_name,
- &cred->auxinfo.name,
- &cred->auxinfo.name_type);
- if (status != GSS_S_COMPLETE)
- goto cleanup;
- }
-
status = GSS_S_COMPLETE;
*pcred = cred;
cleanup:
if (status != GSS_S_COMPLETE)
gss_release_cred(&temp_minor_status, (gss_cred_id_t *)&cred);
- mech->gss_release_name(&temp_minor_status, &mech_name);
return status;
}
struct gss_mech_spec_name_t *next, *prev;
} gss_mech_spec_name_desc, *gss_mech_spec_name;
-/*
- * Credential auxiliary info, used in the credential structure
- */
-typedef struct gss_union_cred_auxinfo {
- gss_buffer_desc name;
- gss_OID name_type;
- OM_uint32 creation_time;
- OM_uint32 time_rec;
- int cred_usage;
-} gss_union_cred_auxinfo;
-
/*
* Set of Credentials typed on mechanism OID
*/
int count;
gss_OID mechs_array;
gss_cred_id_t *cred_array;
- gss_union_cred_auxinfo auxinfo;
} gss_union_cred_desc, *gss_union_cred_t;
typedef OM_uint32 (KRB5_CALLCONV *gss_acquire_cred_with_password_sfct)(