Home | History | Annotate | Download | only in libgss
      1 /*
      2  * CDDL HEADER START
      3  *
      4  * The contents of this file are subject to the terms of the
      5  * Common Development and Distribution License (the "License").
      6  * You may not use this file except in compliance with the License.
      7  *
      8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
      9  * or http://www.opensolaris.org/os/licensing.
     10  * See the License for the specific language governing permissions
     11  * and limitations under the License.
     12  *
     13  * When distributing Covered Code, include this CDDL HEADER in each
     14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
     15  * If applicable, add the following below this CDDL HEADER, with the
     16  * fields enclosed by brackets "[]" replaced with your own identifying
     17  * information: Portions Copyright [yyyy] [name of copyright owner]
     18  *
     19  * CDDL HEADER END
     20  */
     21 /*
     22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
     23  * Use is subject to license terms.
     24  */
     25 
     26 /*
     27  *  glue routine for gss_store_cred
     28  */
     29 
     30 #include <mechglueP.h>
     31 
     32 static OM_uint32 val_store_cred_args(
     33 	OM_uint32 *minor_status,
     34 	const gss_cred_id_t input_cred_handle,
     35 	gss_OID_set *elements_stored)
     36 {
     37 
     38 	/* Initialize outputs. */
     39 
     40 	if (minor_status != NULL)
     41 		*minor_status = 0;
     42 
     43 	if (elements_stored != NULL)
     44 		*elements_stored = GSS_C_NULL_OID_SET;
     45 
     46 	/* Validate arguments. */
     47 
     48 	if (minor_status == NULL)
     49 		return (GSS_S_CALL_INACCESSIBLE_WRITE);
     50 
     51 	if (input_cred_handle == GSS_C_NO_CREDENTIAL)
     52 		return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CRED);
     53 
     54 	return (GSS_S_COMPLETE);
     55 }
     56 
     57 OM_uint32 gss_store_cred(minor_status,
     58 			input_cred_handle,
     59 			cred_usage,
     60 			desired_mech,
     61 			overwrite_cred,
     62 			default_cred,
     63 			elements_stored,
     64 			cred_usage_stored)
     65 
     66 OM_uint32		*minor_status;
     67 const gss_cred_id_t	 input_cred_handle;
     68 gss_cred_usage_t	 cred_usage;
     69 const gss_OID		 desired_mech;
     70 OM_uint32		 overwrite_cred;
     71 OM_uint32		 default_cred;
     72 gss_OID_set		*elements_stored;
     73 gss_cred_usage_t	*cred_usage_stored;
     74 
     75 {
     76 	OM_uint32		major_status = GSS_S_FAILURE;
     77 	gss_union_cred_t	union_cred;
     78 	gss_cred_id_t		mech_cred;
     79 	gss_mechanism		mech;
     80 	gss_OID			dmech;
     81 	int			i;
     82 
     83 	major_status = val_store_cred_args(minor_status,
     84 					input_cred_handle,
     85 					elements_stored);
     86 	if (major_status != GSS_S_COMPLETE)
     87 		return (major_status);
     88 
     89 	/* Initial value needed below. */
     90 		major_status = GSS_S_FAILURE;
     91 
     92 	if (cred_usage_stored != NULL)
     93 		*cred_usage_stored = GSS_C_BOTH; /* there's no GSS_C_NEITHER */
     94 
     95 	union_cred = (gss_union_cred_t)input_cred_handle;
     96 
     97 	/* desired_mech != GSS_C_NULL_OID -> store one element */
     98 	if (desired_mech != GSS_C_NULL_OID) {
     99 		mech = __gss_get_mechanism(desired_mech);
    100 		if (mech == NULL)
    101 			return (GSS_S_BAD_MECH);
    102 
    103 		if (mech->gss_store_cred == NULL)
    104 			return (major_status);
    105 
    106 		mech_cred = __gss_get_mechanism_cred(union_cred, desired_mech);
    107 		if (mech_cred == GSS_C_NO_CREDENTIAL)
    108 			return (GSS_S_NO_CRED);
    109 
    110 		return (mech->gss_store_cred(mech->context,
    111 						minor_status,
    112 						(gss_cred_id_t)mech_cred,
    113 						cred_usage,
    114 						desired_mech,
    115 						overwrite_cred,
    116 						default_cred,
    117 						elements_stored,
    118 						cred_usage_stored));
    119 	}
    120 
    121 	/* desired_mech == GSS_C_NULL_OID -> store all elements */
    122 
    123 	*minor_status = 0;
    124 
    125 	for (i = 0; i < union_cred->count; i++) {
    126 		/* Get mech and cred element */
    127 		dmech = &union_cred->mechs_array[i];
    128 		mech = __gss_get_mechanism(dmech);
    129 		if (mech == NULL)
    130 			continue;
    131 
    132 		if (mech->gss_store_cred == NULL)
    133 			continue;
    134 
    135 		mech_cred = __gss_get_mechanism_cred(union_cred, dmech);
    136 		if (mech_cred == GSS_C_NO_CREDENTIAL)
    137 			continue; /* can't happen, but safe to ignore */
    138 
    139 		major_status = mech->gss_store_cred(mech->context,
    140 						minor_status,
    141 						(gss_cred_id_t)mech_cred,
    142 						cred_usage,
    143 						dmech,
    144 						overwrite_cred,
    145 						default_cred,
    146 						NULL,
    147 						cred_usage_stored);
    148 		if (major_status != GSS_S_COMPLETE)
    149 			continue;
    150 
    151 		/* Succeeded for at least one mech */
    152 
    153 		if (elements_stored == NULL)
    154 			continue;
    155 
    156 		if (*elements_stored == GSS_C_NULL_OID_SET) {
    157 			major_status = gss_create_empty_oid_set(minor_status,
    158 						elements_stored);
    159 
    160 			if (GSS_ERROR(major_status))
    161 				return (major_status);
    162 		}
    163 
    164 		major_status = gss_add_oid_set_member(minor_status, dmech,
    165 			elements_stored);
    166 
    167 		/* The caller should clean up elements_stored */
    168 		if (GSS_ERROR(major_status))
    169 			return (major_status);
    170 	}
    171 
    172 	/*
    173 	 * Success with some mechs may mask failure with others, but
    174 	 * that's what elements_stored is for.
    175 	 */
    176 	return (major_status);
    177 }
    178