creds.c
1 /* 2 * Copyright (c) 2006 Kungliga Tekniska Högskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of the Institute nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #include "gssdigest.h" 37 38 OM_uint32 _gss_scram_inquire_cred 39 (OM_uint32 * minor_status, 40 const gss_cred_id_t cred_handle, 41 gss_name_t * name, 42 OM_uint32 * lifetime, 43 gss_cred_usage_t * cred_usage, 44 gss_OID_set * mechanisms 45 ) 46 { 47 OM_uint32 ret, junk; 48 49 *minor_status = 0; 50 51 if (cred_handle == NULL) 52 return GSS_S_NO_CRED; 53 54 if (name) { 55 ret = _gss_scram_duplicate_name(minor_status, 56 (gss_name_t)cred_handle, 57 name); 58 if (ret) 59 goto out; 60 } 61 if (lifetime) 62 *lifetime = GSS_C_INDEFINITE; 63 if (cred_usage) 64 *cred_usage = 0; 65 if (mechanisms) 66 *mechanisms = GSS_C_NO_OID_SET; 67 68 if (cred_handle == GSS_C_NO_CREDENTIAL) 69 return GSS_S_NO_CRED; 70 71 if (mechanisms) { 72 ret = gss_create_empty_oid_set(minor_status, mechanisms); 73 if (ret) 74 goto out; 75 ret = gss_add_oid_set_member(minor_status, 76 GSS_SCRAM_MECHANISM, 77 mechanisms); 78 if (ret) 79 goto out; 80 } 81 82 return GSS_S_COMPLETE; 83 out: 84 gss_release_oid_set(&junk, mechanisms); 85 return ret; 86 } 87 88 OM_uint32 89 _gss_scram_destroy_cred(OM_uint32 *minor_status, 90 gss_cred_id_t *cred_handle) 91 { 92 krb5_error_code ret; 93 krb5_storage *request, *response; 94 krb5_data response_data; 95 krb5_context context; 96 97 if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL) 98 return GSS_S_COMPLETE; 99 100 ret = krb5_init_context(&context); 101 if (ret) { 102 *minor_status = ret; 103 return GSS_S_FAILURE; 104 } 105 106 ret = krb5_kcm_storage_request(context, KCM_OP_DEL_SCRAM_CRED, &request); 107 if (ret) 108 goto out; 109 110 ret = krb5_store_stringz(request, (char *)*cred_handle); 111 if (ret) 112 goto out; 113 114 ret = krb5_kcm_call(context, request, &response, &response_data); 115 if (ret) 116 goto out; 117 118 krb5_storage_free(request); 119 krb5_storage_free(response); 120 krb5_data_free(&response_data); 121 122 out: 123 krb5_free_context(context); 124 if (ret) { 125 *minor_status = ret; 126 return GSS_S_FAILURE; 127 } 128 129 return _gss_scram_release_cred(minor_status, cred_handle); 130 }