1 /* $NetBSD: creds.c,v 1.5 2023/06/19 21:41:43 christos Exp $ */
2
3 /*
4 * Copyright (c) 2006 Kungliga Tekniska Högskolan
5 * (Royal Institute of Technology, Stockholm, Sweden).
6 * All rights reserved.
7 *
8 * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 *
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 *
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 *
21 * 3. Neither the name of the Institute nor the names of its contributors
22 * may be used to endorse or promote products derived from this software
23 * without specific prior written permission.
24 *
25 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
28 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * SUCH DAMAGE.
36 */
37
38 #include "ntlm.h"
39
40 OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_inquire_cred(OM_uint32 * minor_status,gss_const_cred_id_t cred_handle,gss_name_t * name,OM_uint32 * lifetime,gss_cred_usage_t * cred_usage,gss_OID_set * mechanisms)41 _gss_ntlm_inquire_cred
42 (OM_uint32 * minor_status,
43 gss_const_cred_id_t cred_handle,
44 gss_name_t * name,
45 OM_uint32 * lifetime,
46 gss_cred_usage_t * cred_usage,
47 gss_OID_set * mechanisms
48 )
49 {
50 OM_uint32 ret, junk;
51
52 *minor_status = 0;
53
54 if (cred_handle == NULL)
55 return GSS_S_NO_CRED;
56
57 if (name) {
58 ntlm_name n = calloc(1, sizeof(*n));
59 ntlm_cred c = (ntlm_cred)cred_handle;
60 if (n) {
61 n->user = strdup(c->username);
62 n->domain = strdup(c->domain);
63 }
64 if (n == NULL || n->user == NULL || n->domain == NULL) {
65 if (n) {
66 free(n->user);
67 free(n->domain);
68 free(n);
69 }
70 *minor_status = ENOMEM;
71 return GSS_S_FAILURE;
72 }
73 *name = (gss_name_t)n;
74 }
75 if (lifetime)
76 *lifetime = GSS_C_INDEFINITE;
77 if (cred_usage)
78 *cred_usage = 0;
79 if (mechanisms)
80 *mechanisms = GSS_C_NO_OID_SET;
81
82 if (cred_handle == GSS_C_NO_CREDENTIAL)
83 return GSS_S_NO_CRED;
84
85 if (mechanisms) {
86 ret = gss_create_empty_oid_set(minor_status, mechanisms);
87 if (ret)
88 goto out;
89 ret = gss_add_oid_set_member(minor_status,
90 GSS_NTLM_MECHANISM,
91 mechanisms);
92 if (ret)
93 goto out;
94 }
95
96 return GSS_S_COMPLETE;
97 out:
98 gss_release_oid_set(&junk, mechanisms);
99 return ret;
100 }
101
102 #ifdef HAVE_KCM
103 static OM_uint32
_gss_ntlm_destroy_kcm_cred(gss_cred_id_t * cred_handle)104 _gss_ntlm_destroy_kcm_cred(gss_cred_id_t *cred_handle)
105 {
106 krb5_storage *request, *response;
107 krb5_data response_data;
108 krb5_context context;
109 krb5_error_code ret;
110 ntlm_cred cred;
111
112 cred = (ntlm_cred)*cred_handle;
113
114 ret = krb5_init_context(&context);
115 if (ret)
116 return ret;
117
118 ret = krb5_kcm_storage_request(context, KCM_OP_DEL_NTLM_CRED, &request);
119 if (ret)
120 goto out;
121
122 ret = krb5_store_stringz(request, cred->username);
123 if (ret)
124 goto out;
125
126 ret = krb5_store_stringz(request, cred->domain);
127 if (ret)
128 goto out;
129
130 ret = krb5_kcm_call(context, request, &response, &response_data);
131 if (ret)
132 goto out;
133
134 krb5_storage_free(request);
135 krb5_storage_free(response);
136 krb5_data_free(&response_data);
137
138 out:
139 krb5_free_context(context);
140
141 return ret;
142 }
143 #endif /* HAVE_KCM */
144
145 OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_destroy_cred(OM_uint32 * minor_status,gss_cred_id_t * cred_handle)146 _gss_ntlm_destroy_cred(OM_uint32 *minor_status,
147 gss_cred_id_t *cred_handle)
148 {
149 #ifdef HAVE_KCM
150 krb5_error_code ret;
151 #endif
152
153 if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL)
154 return GSS_S_COMPLETE;
155
156 #ifdef HAVE_KCM
157 ret = _gss_ntlm_destroy_kcm_cred(cred_handle);
158 if (ret) {
159 *minor_status = ret;
160 return GSS_S_FAILURE;
161 }
162 #endif
163
164 return _gss_ntlm_release_cred(minor_status, cred_handle);
165 }
166