g_accept_sec_context.c [plain text]
#include "mglueP.h"
#ifdef HAVE_STDLIB_H
#include <stdlib.h>
#endif
#include <string.h>
#include <errno.h>
static OM_uint32
val_acc_sec_ctx_args(
OM_uint32 *minor_status,
gss_ctx_id_t *context_handle,
gss_cred_id_t verifier_cred_handle,
gss_buffer_t input_token_buffer,
gss_channel_bindings_t input_chan_bindings,
gss_name_t *src_name,
gss_OID *mech_type,
gss_buffer_t output_token,
OM_uint32 *ret_flags,
OM_uint32 *time_rec,
gss_cred_id_t *d_cred)
{
if (minor_status != NULL)
*minor_status = 0;
if (src_name != NULL)
*src_name = GSS_C_NO_NAME;
if (mech_type != NULL)
*mech_type = GSS_C_NO_OID;
if (output_token != GSS_C_NO_BUFFER) {
output_token->length = 0;
output_token->value = NULL;
}
if (d_cred != NULL)
*d_cred = GSS_C_NO_CREDENTIAL;
if (minor_status == NULL)
return (GSS_S_CALL_INACCESSIBLE_WRITE);
if (context_handle == NULL)
return (GSS_S_CALL_INACCESSIBLE_WRITE);
if (input_token_buffer == GSS_C_NO_BUFFER)
return (GSS_S_CALL_INACCESSIBLE_READ);
if (output_token == GSS_C_NO_BUFFER)
return (GSS_S_CALL_INACCESSIBLE_WRITE);
return (GSS_S_COMPLETE);
}
OM_uint32 KRB5_CALLCONV
gss_accept_sec_context (minor_status,
context_handle,
verifier_cred_handle,
input_token_buffer,
input_chan_bindings,
src_name,
mech_type,
output_token,
ret_flags,
time_rec,
d_cred)
OM_uint32 * minor_status;
gss_ctx_id_t * context_handle;
gss_cred_id_t verifier_cred_handle;
gss_buffer_t input_token_buffer;
gss_channel_bindings_t input_chan_bindings;
gss_name_t * src_name;
gss_OID * mech_type;
gss_buffer_t output_token;
OM_uint32 * ret_flags;
OM_uint32 * time_rec;
gss_cred_id_t * d_cred;
{
OM_uint32 status, temp_status, temp_minor_status;
gss_union_ctx_id_t union_ctx_id;
gss_union_cred_t union_cred;
gss_cred_id_t input_cred_handle = GSS_C_NO_CREDENTIAL;
gss_cred_id_t tmp_d_cred = GSS_C_NO_CREDENTIAL;
gss_name_t internal_name = GSS_C_NO_NAME;
gss_name_t tmp_src_name = GSS_C_NO_NAME;
gss_OID_desc token_mech_type_desc;
gss_OID token_mech_type = &token_mech_type_desc;
gss_mechanism mech;
status = val_acc_sec_ctx_args(minor_status,
context_handle,
verifier_cred_handle,
input_token_buffer,
input_chan_bindings,
src_name,
mech_type,
output_token,
ret_flags,
time_rec,
d_cred);
if (status != GSS_S_COMPLETE)
return (status);
if(*context_handle == GSS_C_NO_CONTEXT) {
if (GSS_EMPTY_BUFFER(input_token_buffer))
return (GSS_S_CALL_INACCESSIBLE_READ);
status = gssint_get_mech_type(token_mech_type, input_token_buffer);
if (status)
return status;
status = GSS_S_FAILURE;
union_ctx_id = (gss_union_ctx_id_t)
malloc(sizeof(gss_union_ctx_id_desc));
if (!union_ctx_id)
return (GSS_S_FAILURE);
union_ctx_id->loopback = union_ctx_id;
union_ctx_id->internal_ctx_id = GSS_C_NO_CONTEXT;
status = generic_gss_copy_oid(&temp_minor_status,
token_mech_type,
&union_ctx_id->mech_type);
if (status != GSS_S_COMPLETE) {
free(union_ctx_id);
return (status);
}
*context_handle = (gss_ctx_id_t)union_ctx_id;
} else {
union_ctx_id = (gss_union_ctx_id_t)*context_handle;
token_mech_type = union_ctx_id->mech_type;
}
union_cred = (gss_union_cred_t) verifier_cred_handle;
input_cred_handle = gssint_get_mechanism_cred(union_cred, token_mech_type);
mech = gssint_get_mechanism (token_mech_type);
if (mech && mech->gss_accept_sec_context) {
status = mech->gss_accept_sec_context(
mech->context,
minor_status,
&union_ctx_id->internal_ctx_id,
input_cred_handle,
input_token_buffer,
input_chan_bindings,
&internal_name,
mech_type,
output_token,
ret_flags,
time_rec,
d_cred ? &tmp_d_cred : NULL);
if (status == GSS_S_CONTINUE_NEEDED)
return GSS_S_CONTINUE_NEEDED;
if (status != GSS_S_COMPLETE)
goto error_out;
if (internal_name != NULL) {
temp_status = gssint_convert_name_to_union_name(
&temp_minor_status, mech,
internal_name, &tmp_src_name);
if (temp_status != GSS_S_COMPLETE) {
*minor_status = temp_minor_status;
if (output_token->length)
(void) gss_release_buffer(&temp_minor_status,
output_token);
if (internal_name != GSS_C_NO_NAME)
mech->gss_release_name(
mech->context,
&temp_minor_status,
&internal_name);
return (temp_status);
}
if (src_name != NULL) {
*src_name = tmp_src_name;
}
} else if (src_name != NULL) {
*src_name = GSS_C_NO_NAME;
}
if ((ret_flags && GSS_C_DELEG_FLAG) &&
tmp_d_cred != GSS_C_NO_CREDENTIAL) {
gss_union_cred_t d_u_cred = NULL;
d_u_cred = malloc(sizeof (gss_union_cred_desc));
if (d_u_cred == NULL) {
status = GSS_S_FAILURE;
goto error_out;
}
(void) memset(d_u_cred, 0,
sizeof (gss_union_cred_desc));
d_u_cred->count = 1;
status = generic_gss_copy_oid(&temp_minor_status,
token_mech_type,
&d_u_cred->mechs_array);
if (status != GSS_S_COMPLETE) {
free(d_u_cred);
goto error_out;
}
d_u_cred->cred_array = malloc(sizeof (gss_cred_id_t));
if (d_u_cred->cred_array != NULL) {
d_u_cred->cred_array[0] = tmp_d_cred;
} else {
free(d_u_cred);
status = GSS_S_FAILURE;
goto error_out;
}
if (status != GSS_S_COMPLETE) {
free(d_u_cred->cred_array);
free(d_u_cred);
goto error_out;
}
internal_name = GSS_C_NO_NAME;
d_u_cred->auxinfo.creation_time = time(0);
d_u_cred->auxinfo.time_rec = 0;
d_u_cred->loopback = d_u_cred;
if (mech->gss_inquire_cred) {
status = mech->gss_inquire_cred(mech->context,
minor_status,
tmp_d_cred,
&internal_name,
&d_u_cred->auxinfo.time_rec,
&d_u_cred->auxinfo.cred_usage,
NULL);
}
if (internal_name != NULL) {
temp_status = gssint_convert_name_to_union_name(
&temp_minor_status, mech,
internal_name, &tmp_src_name);
if (temp_status != GSS_S_COMPLETE) {
*minor_status = temp_minor_status;
if (output_token->length)
(void) gss_release_buffer(
&temp_minor_status,
output_token);
free(d_u_cred->cred_array);
free(d_u_cred);
return (temp_status);
}
}
if (tmp_src_name != NULL) {
status = gss_display_name(
&temp_minor_status,
tmp_src_name,
&d_u_cred->auxinfo.name,
&d_u_cred->auxinfo.name_type);
}
*d_cred = (gss_cred_id_t)d_u_cred;
}
if (src_name == NULL && tmp_src_name != NULL)
(void) gss_release_name(&temp_minor_status,
&tmp_src_name);
return (status);
} else {
status = GSS_S_BAD_MECH;
}
error_out:
if (union_ctx_id) {
if (union_ctx_id->mech_type) {
if (union_ctx_id->mech_type->elements)
free(union_ctx_id->mech_type->elements);
free(union_ctx_id->mech_type);
*context_handle = GSS_C_NO_CONTEXT;
}
free(union_ctx_id);
}
if (output_token->length)
(void) gss_release_buffer(&temp_minor_status, output_token);
if (src_name)
*src_name = GSS_C_NO_NAME;
if (tmp_src_name != GSS_C_NO_NAME)
(void) gss_release_buffer(&temp_minor_status,
(gss_buffer_t)tmp_src_name);
return (status);
}