Line data Source code
1 : /*
2 : * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan
3 : * (Royal Institute of Technology, Stockholm, Sweden).
4 : * All rights reserved.
5 : *
6 : * Redistribution and use in source and binary forms, with or without
7 : * modification, are permitted provided that the following conditions
8 : * are met:
9 : *
10 : * 1. Redistributions of source code must retain the above copyright
11 : * notice, this list of conditions and the following disclaimer.
12 : *
13 : * 2. Redistributions in binary form must reproduce the above copyright
14 : * notice, this list of conditions and the following disclaimer in the
15 : * documentation and/or other materials provided with the distribution.
16 : *
17 : * 3. Neither the name of the Institute nor the names of its contributors
18 : * may be used to endorse or promote products derived from this software
19 : * without specific prior written permission.
20 : *
21 : * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 : * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 : * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 : * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 : * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 : * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 : * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 : * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 : * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 : * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 : * SUCH DAMAGE.
32 : */
33 :
34 : #include "gsskrb5_locl.h"
35 :
36 : OM_uint32 GSSAPI_CALLCONV
37 0 : _gsskrb5_import_sec_context (
38 : OM_uint32 * minor_status,
39 : const gss_buffer_t interprocess_token,
40 : gss_ctx_id_t * context_handle
41 : )
42 : {
43 0 : OM_uint32 ret = GSS_S_FAILURE;
44 : krb5_context context;
45 : krb5_error_code kret;
46 : krb5_storage *sp;
47 : krb5_auth_context ac;
48 : krb5_address local, remote;
49 : krb5_address *localp, *remotep;
50 : krb5_keyblock keyblock;
51 : int32_t flags, tmp;
52 : int64_t tmp64;
53 : gsskrb5_ctx ctx;
54 :
55 0 : GSSAPI_KRB5_INIT (&context);
56 :
57 0 : *context_handle = GSS_C_NO_CONTEXT;
58 :
59 0 : localp = remotep = NULL;
60 :
61 0 : sp = krb5_storage_from_mem (interprocess_token->value,
62 : interprocess_token->length);
63 0 : if (sp == NULL) {
64 0 : *minor_status = ENOMEM;
65 0 : return GSS_S_FAILURE;
66 : }
67 :
68 0 : krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_PACKED);
69 0 : krb5_storage_set_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE);
70 :
71 0 : ctx = calloc(1, sizeof(*ctx));
72 0 : if (ctx == NULL) {
73 0 : *minor_status = ENOMEM;
74 0 : krb5_storage_free (sp);
75 0 : return GSS_S_FAILURE;
76 : }
77 : HEIMDAL_MUTEX_init(&ctx->ctx_id_mutex);
78 :
79 0 : kret = krb5_auth_con_init (context,
80 0 : &ctx->auth_context);
81 0 : if (kret) {
82 0 : *minor_status = kret;
83 0 : ret = GSS_S_FAILURE;
84 0 : goto failure;
85 : }
86 :
87 : /* flags */
88 :
89 0 : *minor_status = 0;
90 :
91 0 : if (krb5_ret_int32 (sp, &flags) != 0)
92 0 : goto failure;
93 :
94 : /* retrieve the auth context */
95 :
96 0 : ac = ctx->auth_context;
97 0 : if (krb5_ret_int32 (sp, &tmp) != 0)
98 0 : goto failure;
99 0 : ac->flags = tmp;
100 0 : if (flags & SC_LOCAL_ADDRESS) {
101 0 : if (krb5_ret_address (sp, localp = &local) != 0)
102 0 : goto failure;
103 : }
104 :
105 0 : if (flags & SC_REMOTE_ADDRESS) {
106 0 : if (krb5_ret_address (sp, remotep = &remote) != 0)
107 0 : goto failure;
108 : }
109 :
110 0 : krb5_auth_con_setaddrs (context, ac, localp, remotep);
111 0 : if (localp)
112 0 : krb5_free_address (context, localp);
113 0 : if (remotep)
114 0 : krb5_free_address (context, remotep);
115 0 : localp = remotep = NULL;
116 :
117 0 : if (krb5_ret_int16 (sp, &ac->local_port) != 0)
118 0 : goto failure;
119 :
120 0 : if (krb5_ret_int16 (sp, &ac->remote_port) != 0)
121 0 : goto failure;
122 0 : if (flags & SC_KEYBLOCK) {
123 0 : if (krb5_ret_keyblock (sp, &keyblock) != 0)
124 0 : goto failure;
125 0 : krb5_auth_con_setkey (context, ac, &keyblock);
126 0 : krb5_free_keyblock_contents (context, &keyblock);
127 : }
128 0 : if (flags & SC_LOCAL_SUBKEY) {
129 0 : if (krb5_ret_keyblock (sp, &keyblock) != 0)
130 0 : goto failure;
131 0 : krb5_auth_con_setlocalsubkey (context, ac, &keyblock);
132 0 : krb5_free_keyblock_contents (context, &keyblock);
133 : }
134 0 : if (flags & SC_REMOTE_SUBKEY) {
135 0 : if (krb5_ret_keyblock (sp, &keyblock) != 0)
136 0 : goto failure;
137 0 : krb5_auth_con_setremotesubkey (context, ac, &keyblock);
138 0 : krb5_free_keyblock_contents (context, &keyblock);
139 : }
140 0 : if (krb5_ret_uint32 (sp, &ac->local_seqnumber))
141 0 : goto failure;
142 0 : if (krb5_ret_uint32 (sp, &ac->remote_seqnumber))
143 0 : goto failure;
144 :
145 0 : if (flags & SC_AUTHENTICATOR) {
146 0 : if (krb5_ret_int64(sp, &tmp64))
147 0 : goto failure;
148 0 : ac->authenticator->ctime = tmp64;
149 0 : if (krb5_ret_int32(sp, &tmp))
150 0 : goto failure;
151 0 : ac->authenticator->cusec = tmp;
152 : }
153 :
154 0 : if (krb5_ret_int32 (sp, &tmp) != 0)
155 0 : goto failure;
156 0 : ac->keytype = tmp;
157 0 : if (krb5_ret_int32 (sp, &tmp) != 0)
158 0 : goto failure;
159 0 : ac->cksumtype = tmp;
160 :
161 : /* names */
162 0 : if (flags & SC_SOURCE_NAME) {
163 0 : if (krb5_ret_principal(sp, &ctx->source))
164 0 : goto failure;
165 : }
166 :
167 0 : if (flags & SC_TARGET_NAME) {
168 0 : if (krb5_ret_principal(sp, &ctx->target))
169 0 : goto failure;
170 : }
171 :
172 0 : if (krb5_ret_int32 (sp, &tmp))
173 0 : goto failure;
174 0 : ctx->flags = tmp;
175 0 : if (krb5_ret_int32 (sp, &tmp))
176 0 : goto failure;
177 0 : ctx->more_flags = tmp;
178 0 : if (krb5_ret_int32 (sp, &tmp))
179 0 : goto failure;
180 0 : ctx->state = tmp;
181 : /*
182 : * XXX endtime should be a 64-bit int, but we don't have
183 : * krb5_ret_int64() yet.
184 : */
185 0 : if (krb5_ret_int32 (sp, &tmp))
186 0 : goto failure;
187 0 : ctx->endtime = tmp;
188 :
189 0 : if (flags & SC_ORDER) {
190 0 : ret = _gssapi_msg_order_import(minor_status, sp, &ctx->order);
191 0 : if (ret)
192 0 : goto failure;
193 : }
194 :
195 0 : krb5_storage_free (sp);
196 :
197 0 : _gsskrb5i_is_cfx(context, ctx, (ctx->more_flags & LOCAL) == 0);
198 :
199 0 : *context_handle = (gss_ctx_id_t)ctx;
200 :
201 0 : return GSS_S_COMPLETE;
202 :
203 0 : failure:
204 0 : krb5_auth_con_free (context,
205 : ctx->auth_context);
206 0 : if (ctx->source != NULL)
207 0 : krb5_free_principal(context, ctx->source);
208 0 : if (ctx->target != NULL)
209 0 : krb5_free_principal(context, ctx->target);
210 0 : if (localp)
211 0 : krb5_free_address (context, localp);
212 0 : if (remotep)
213 0 : krb5_free_address (context, remotep);
214 0 : if(ctx->order)
215 0 : _gssapi_msg_order_destroy(&ctx->order);
216 : HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);
217 0 : krb5_storage_free (sp);
218 0 : free (ctx);
219 0 : *context_handle = GSS_C_NO_CONTEXT;
220 0 : return ret;
221 : }
|