#include "ntlm.h"
OM_uint32 _gss_ntlm_inquire_cred
(OM_uint32 * minor_status,
const gss_cred_id_t cred_handle,
gss_name_t * name,
OM_uint32 * lifetime,
gss_cred_usage_t * cred_usage,
gss_OID_set * mechanisms
)
{
OM_uint32 ret, junk;
*minor_status = 0;
if (cred_handle == NULL)
return GSS_S_NO_CRED;
if (name) {
ret = _gss_ntlm_duplicate_name(minor_status,
(gss_name_t)cred_handle,
name);
if (ret)
goto out;
}
if (lifetime)
*lifetime = GSS_C_INDEFINITE;
if (cred_usage)
*cred_usage = 0;
if (mechanisms)
*mechanisms = GSS_C_NO_OID_SET;
if (cred_handle == GSS_C_NO_CREDENTIAL)
return GSS_S_NO_CRED;
if (mechanisms) {
ret = gss_create_empty_oid_set(minor_status, mechanisms);
if (ret)
goto out;
ret = gss_add_oid_set_member(minor_status,
GSS_NTLM_MECHANISM,
mechanisms);
if (ret)
goto out;
}
return GSS_S_COMPLETE;
out:
gss_release_oid_set(&junk, mechanisms);
return ret;
}
OM_uint32
_gss_ntlm_destroy_cred(OM_uint32 *minor_status,
gss_cred_id_t *cred_handle)
{
krb5_error_code ret;
krb5_storage *request = NULL, *response = NULL;
krb5_data response_data;
krb5_context context;
ntlm_cred cred;
ssize_t sret;
if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL)
return GSS_S_COMPLETE;
cred = (ntlm_cred)*cred_handle;
if ((cred->flags & NTLM_UUID) == 0)
return _gss_ntlm_release_cred(minor_status, cred_handle);
ret = krb5_init_context(&context);
if (ret) {
*minor_status = ret;
return GSS_S_FAILURE;
}
ret = krb5_kcm_storage_request(context, KCM_OP_DESTROY_CRED, &request);
if (ret) {
request = NULL;
goto out;
}
sret = krb5_storage_write(request, cred->uuid, sizeof(cred->uuid));
if (sret != sizeof(cred->uuid)) {
ret = KRB5_CC_IO;
goto out;
}
ret = krb5_kcm_call(context, request, &response, &response_data);
out:
if (request)
krb5_storage_free(request);
if (response) {
krb5_storage_free(response);
krb5_data_free(&response_data);
}
krb5_free_context(context);
if (ret) {
*minor_status = ret;
return GSS_S_FAILURE;
}
return _gss_ntlm_release_cred(minor_status, cred_handle);
}
static OM_uint32
change_hold(OM_uint32 *minor_status, ntlm_cred cred, int op)
{
krb5_storage *request = NULL, *response = NULL;
krb5_data response_data;
krb5_context context;
krb5_error_code ret;
ssize_t sret;
*minor_status = 0;
if (cred == NULL)
return GSS_S_COMPLETE;
if ((cred->flags & NTLM_UUID) == 0)
return GSS_S_COMPLETE;
ret = krb5_init_context(&context);
if (ret) {
*minor_status = ret;
return GSS_S_FAILURE;
}
ret = krb5_kcm_storage_request(context, op, &request);
if (ret) {
request = NULL;
goto out;
}
sret = krb5_storage_write(request, cred->uuid, sizeof(cred->uuid));
if (sret != sizeof(cred->uuid)) {
ret = KRB5_CC_IO;
goto out;
}
ret = krb5_kcm_call(context, request, &response, &response_data);
if (ret)
goto out;
out:
if (request)
krb5_storage_free(request);
if (response) {
krb5_storage_free(response);
krb5_data_free(&response_data);
}
krb5_free_context(context);
if (ret) {
*minor_status = ret;
return GSS_S_FAILURE;
}
return GSS_S_COMPLETE;
}
OM_uint32
_gss_ntlm_cred_hold(OM_uint32 *minor_status, gss_cred_id_t cred)
{
return change_hold(minor_status, (ntlm_cred)cred, KCM_OP_RETAIN_CRED);
}
OM_uint32
_gss_ntlm_cred_unhold(OM_uint32 *minor_status, gss_cred_id_t cred)
{
return change_hold(minor_status, (ntlm_cred)cred, KCM_OP_RELEASE_CRED);
}
OM_uint32
_gss_ntlm_cred_label_get(OM_uint32 *minor_status, gss_cred_id_t cred_handle,
const char *label, gss_buffer_t value)
{
ntlm_cred cred = (ntlm_cred)cred_handle;
krb5_storage *request = NULL, *response = NULL;
krb5_data response_data, data;
krb5_error_code ret;
krb5_context context;
ssize_t sret;
*minor_status = 0;
if (cred == NULL)
return GSS_S_COMPLETE;
if ((cred->flags & NTLM_UUID) == 0)
return GSS_S_COMPLETE;
ret = krb5_init_context(&context);
if (ret) {
*minor_status = ret;
return GSS_S_FAILURE;
}
ret = krb5_kcm_storage_request(context, KCM_OP_CRED_LABEL_GET, &request);
if (ret) {
request = NULL;
goto out;
}
sret = krb5_storage_write(request, cred->uuid, sizeof(cred->uuid));
if (sret != sizeof(cred->uuid)) {
ret = KRB5_CC_IO;
goto out;
}
ret = krb5_store_stringz(request, label);
if (ret)
goto out;
ret = krb5_kcm_call(context, request, &response, &response_data);
if (ret)
goto out;
ret = krb5_ret_data(response, &data);
if (ret)
goto out;
value->value = data.data;
value->length = data.length;
out:
if (request)
krb5_storage_free(request);
if (response) {
krb5_storage_free(response);
krb5_data_free(&response_data);
}
krb5_free_context(context);
if (ret) {
*minor_status = ret;
return GSS_S_FAILURE;
}
return GSS_S_COMPLETE;
}
OM_uint32
_gss_ntlm_cred_label_set(OM_uint32 *minor_status, gss_cred_id_t cred_handle,
const char *label, gss_buffer_t value)
{
ntlm_cred cred = (ntlm_cred)cred_handle;
krb5_storage *request = NULL, *response = NULL;
krb5_data response_data;
krb5_context context;
krb5_error_code ret;
krb5_data data;
ssize_t sret;
*minor_status = 0;
if (cred == NULL)
return GSS_S_COMPLETE;
if ((cred->flags & NTLM_UUID) == 0)
return GSS_S_COMPLETE;
ret = krb5_init_context(&context);
if (ret) {
*minor_status = ret;
return GSS_S_FAILURE;
}
ret = krb5_kcm_storage_request(context, KCM_OP_CRED_LABEL_SET, &request);
if (ret) {
request = NULL;
goto out;
}
sret = krb5_storage_write(request, cred->uuid, sizeof(cred->uuid));
if (sret != sizeof(cred->uuid)) {
ret = KRB5_CC_IO;
goto out;
}
ret = krb5_store_stringz(request, label);
if (ret)
goto out;
if (value) {
data.data = value->value;
data.length = value->length;
} else {
krb5_data_zero(&data);
}
ret = krb5_store_data(request, data);
if (ret)
goto out;
ret = krb5_kcm_call(context, request, &response, &response_data);
if (ret)
goto out;
out:
if (request)
krb5_storage_free(request);
if (response) {
krb5_storage_free(response);
krb5_data_free(&response_data);
}
krb5_free_context(context);
if (ret) {
*minor_status = ret;
return GSS_S_FAILURE;
}
return GSS_S_COMPLETE;
}