1*afab4e30Schristos /* $NetBSD: creds.c,v 1.5 2023/06/19 21:41:43 christos Exp $ */
2ca1c9b0cSelric
3ca1c9b0cSelric /*
4ca1c9b0cSelric * Copyright (c) 2006 Kungliga Tekniska Högskolan
5ca1c9b0cSelric * (Royal Institute of Technology, Stockholm, Sweden).
6ca1c9b0cSelric * All rights reserved.
7ca1c9b0cSelric *
8ca1c9b0cSelric * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
9ca1c9b0cSelric *
10ca1c9b0cSelric * Redistribution and use in source and binary forms, with or without
11ca1c9b0cSelric * modification, are permitted provided that the following conditions
12ca1c9b0cSelric * are met:
13ca1c9b0cSelric *
14ca1c9b0cSelric * 1. Redistributions of source code must retain the above copyright
15ca1c9b0cSelric * notice, this list of conditions and the following disclaimer.
16ca1c9b0cSelric *
17ca1c9b0cSelric * 2. Redistributions in binary form must reproduce the above copyright
18ca1c9b0cSelric * notice, this list of conditions and the following disclaimer in the
19ca1c9b0cSelric * documentation and/or other materials provided with the distribution.
20ca1c9b0cSelric *
21ca1c9b0cSelric * 3. Neither the name of the Institute nor the names of its contributors
22ca1c9b0cSelric * may be used to endorse or promote products derived from this software
23ca1c9b0cSelric * without specific prior written permission.
24ca1c9b0cSelric *
25ca1c9b0cSelric * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
26ca1c9b0cSelric * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
27ca1c9b0cSelric * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
28ca1c9b0cSelric * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
29ca1c9b0cSelric * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
30ca1c9b0cSelric * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
31ca1c9b0cSelric * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
32ca1c9b0cSelric * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33ca1c9b0cSelric * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34ca1c9b0cSelric * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35ca1c9b0cSelric * SUCH DAMAGE.
36ca1c9b0cSelric */
37ca1c9b0cSelric
38ca1c9b0cSelric #include "ntlm.h"
39ca1c9b0cSelric
404f77a458Spettai OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_inquire_cred(OM_uint32 * minor_status,gss_const_cred_id_t cred_handle,gss_name_t * name,OM_uint32 * lifetime,gss_cred_usage_t * cred_usage,gss_OID_set * mechanisms)414f77a458Spettai _gss_ntlm_inquire_cred
42ca1c9b0cSelric (OM_uint32 * minor_status,
43d3273b5bSchristos gss_const_cred_id_t cred_handle,
44ca1c9b0cSelric gss_name_t * name,
45ca1c9b0cSelric OM_uint32 * lifetime,
46ca1c9b0cSelric gss_cred_usage_t * cred_usage,
47ca1c9b0cSelric gss_OID_set * mechanisms
48ca1c9b0cSelric )
49ca1c9b0cSelric {
50ca1c9b0cSelric OM_uint32 ret, junk;
51ca1c9b0cSelric
52ca1c9b0cSelric *minor_status = 0;
53ca1c9b0cSelric
54ca1c9b0cSelric if (cred_handle == NULL)
55ca1c9b0cSelric return GSS_S_NO_CRED;
56ca1c9b0cSelric
57ca1c9b0cSelric if (name) {
584f77a458Spettai ntlm_name n = calloc(1, sizeof(*n));
594f77a458Spettai ntlm_cred c = (ntlm_cred)cred_handle;
604f77a458Spettai if (n) {
614f77a458Spettai n->user = strdup(c->username);
624f77a458Spettai n->domain = strdup(c->domain);
634f77a458Spettai }
644f77a458Spettai if (n == NULL || n->user == NULL || n->domain == NULL) {
651e811e30Schristos if (n) {
664f77a458Spettai free(n->user);
671e811e30Schristos free(n->domain);
681e811e30Schristos free(n);
691e811e30Schristos }
704f77a458Spettai *minor_status = ENOMEM;
714f77a458Spettai return GSS_S_FAILURE;
724f77a458Spettai }
734f77a458Spettai *name = (gss_name_t)n;
74ca1c9b0cSelric }
75ca1c9b0cSelric if (lifetime)
76ca1c9b0cSelric *lifetime = GSS_C_INDEFINITE;
77ca1c9b0cSelric if (cred_usage)
78ca1c9b0cSelric *cred_usage = 0;
79ca1c9b0cSelric if (mechanisms)
80ca1c9b0cSelric *mechanisms = GSS_C_NO_OID_SET;
81ca1c9b0cSelric
82ca1c9b0cSelric if (cred_handle == GSS_C_NO_CREDENTIAL)
83ca1c9b0cSelric return GSS_S_NO_CRED;
84ca1c9b0cSelric
85ca1c9b0cSelric if (mechanisms) {
86ca1c9b0cSelric ret = gss_create_empty_oid_set(minor_status, mechanisms);
87ca1c9b0cSelric if (ret)
88ca1c9b0cSelric goto out;
89ca1c9b0cSelric ret = gss_add_oid_set_member(minor_status,
90ca1c9b0cSelric GSS_NTLM_MECHANISM,
91ca1c9b0cSelric mechanisms);
92ca1c9b0cSelric if (ret)
93ca1c9b0cSelric goto out;
94ca1c9b0cSelric }
95ca1c9b0cSelric
96ca1c9b0cSelric return GSS_S_COMPLETE;
97ca1c9b0cSelric out:
98ca1c9b0cSelric gss_release_oid_set(&junk, mechanisms);
99ca1c9b0cSelric return ret;
100ca1c9b0cSelric }
101ca1c9b0cSelric
1024f77a458Spettai #ifdef HAVE_KCM
1034f77a458Spettai static OM_uint32
_gss_ntlm_destroy_kcm_cred(gss_cred_id_t * cred_handle)1044f77a458Spettai _gss_ntlm_destroy_kcm_cred(gss_cred_id_t *cred_handle)
105ca1c9b0cSelric {
106ca1c9b0cSelric krb5_storage *request, *response;
107ca1c9b0cSelric krb5_data response_data;
108ca1c9b0cSelric krb5_context context;
1094f77a458Spettai krb5_error_code ret;
110ca1c9b0cSelric ntlm_cred cred;
111ca1c9b0cSelric
112ca1c9b0cSelric cred = (ntlm_cred)*cred_handle;
113ca1c9b0cSelric
114ca1c9b0cSelric ret = krb5_init_context(&context);
1154f77a458Spettai if (ret)
1164f77a458Spettai return ret;
117ca1c9b0cSelric
118ca1c9b0cSelric ret = krb5_kcm_storage_request(context, KCM_OP_DEL_NTLM_CRED, &request);
119ca1c9b0cSelric if (ret)
120ca1c9b0cSelric goto out;
121ca1c9b0cSelric
122ca1c9b0cSelric ret = krb5_store_stringz(request, cred->username);
123ca1c9b0cSelric if (ret)
124ca1c9b0cSelric goto out;
125ca1c9b0cSelric
126ca1c9b0cSelric ret = krb5_store_stringz(request, cred->domain);
127ca1c9b0cSelric if (ret)
128ca1c9b0cSelric goto out;
129ca1c9b0cSelric
130ca1c9b0cSelric ret = krb5_kcm_call(context, request, &response, &response_data);
131ca1c9b0cSelric if (ret)
132ca1c9b0cSelric goto out;
133ca1c9b0cSelric
134ca1c9b0cSelric krb5_storage_free(request);
135ca1c9b0cSelric krb5_storage_free(response);
136ca1c9b0cSelric krb5_data_free(&response_data);
137ca1c9b0cSelric
138ca1c9b0cSelric out:
139ca1c9b0cSelric krb5_free_context(context);
1404f77a458Spettai
1414f77a458Spettai return ret;
1424f77a458Spettai }
1434f77a458Spettai #endif /* HAVE_KCM */
1444f77a458Spettai
1454f77a458Spettai OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_destroy_cred(OM_uint32 * minor_status,gss_cred_id_t * cred_handle)1464f77a458Spettai _gss_ntlm_destroy_cred(OM_uint32 *minor_status,
1474f77a458Spettai gss_cred_id_t *cred_handle)
1484f77a458Spettai {
1494f77a458Spettai #ifdef HAVE_KCM
1504f77a458Spettai krb5_error_code ret;
1514f77a458Spettai #endif
1524f77a458Spettai
1534f77a458Spettai if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL)
1544f77a458Spettai return GSS_S_COMPLETE;
1554f77a458Spettai
1564f77a458Spettai #ifdef HAVE_KCM
1574f77a458Spettai ret = _gss_ntlm_destroy_kcm_cred(cred_handle);
158ca1c9b0cSelric if (ret) {
159ca1c9b0cSelric *minor_status = ret;
160ca1c9b0cSelric return GSS_S_FAILURE;
161ca1c9b0cSelric }
1624f77a458Spettai #endif
163ca1c9b0cSelric
164ca1c9b0cSelric return _gss_ntlm_release_cred(minor_status, cred_handle);
165ca1c9b0cSelric }
166