summaryrefslogtreecommitdiffstats
path: root/proxy/src
diff options
context:
space:
mode:
Diffstat (limited to 'proxy/src')
-rw-r--r--proxy/src/client/gpm_acquire_cred.c208
-rw-r--r--proxy/src/client/gssapi_gpm.h13
2 files changed, 221 insertions, 0 deletions
diff --git a/proxy/src/client/gpm_acquire_cred.c b/proxy/src/client/gpm_acquire_cred.c
index 8e9b010..b7b301b 100644
--- a/proxy/src/client/gpm_acquire_cred.c
+++ b/proxy/src/client/gpm_acquire_cred.c
@@ -287,3 +287,211 @@ done:
*minor_status = ret_min;
return ret_maj;
}
+
+OM_uint32 gpm_inquire_cred(OM_uint32 *minor_status,
+ gssx_cred *cred,
+ gssx_name **name,
+ OM_uint32 *lifetime,
+ gss_cred_usage_t *cred_usage,
+ gss_OID_set *mechanisms)
+{
+ gss_OID_set mechs = GSS_C_NO_OID_SET;
+ gssx_name *dname = NULL;
+ gssx_cred_element *e;
+ gss_OID_desc tmp_oid;
+ uint32_t ret_min;
+ uint32_t ret_maj;
+ uint32_t life;
+ int cu;
+ int i;
+
+ if (!cred) {
+ *minor_status = 0;
+ return GSS_S_CALL_INACCESSIBLE_READ;
+ }
+ if (cred->elements.elements_len == 0) {
+ *minor_status = 0;
+ return GSS_S_FAILURE;
+ }
+
+ if (name) {
+ ret_min = gp_copy_gssx_name_alloc(&cred->desired_name, &dname);
+ if (ret_min != 0) {
+ return GSS_S_FAILURE;
+ }
+ }
+
+ if (mechanisms) {
+ ret_maj = gss_create_empty_oid_set(&ret_min, &mechs);
+ if (ret_maj) {
+ goto done;
+ }
+ }
+
+ life = GSS_C_INDEFINITE;
+ cu = -1;
+
+ for (i = 0; i < cred->elements.elements_len; i++) {
+
+ e = &cred->elements.elements_val[i];
+
+ switch (e->cred_usage) {
+ case GSSX_C_INITIATE:
+ if (e->initiator_time_rec != 0 &&
+ e->initiator_time_rec < life) {
+ life = e->initiator_time_rec;
+ }
+ switch (cu) {
+ case GSS_C_BOTH:
+ break;
+ case GSS_C_ACCEPT:
+ cu = GSS_C_BOTH;
+ default:
+ cu = GSS_C_INITIATE;
+ }
+ break;
+ case GSSX_C_ACCEPT:
+ if (e->acceptor_time_rec != 0 &&
+ e->acceptor_time_rec < life) {
+ life = e->acceptor_time_rec;
+ }
+ switch (cu) {
+ case GSS_C_BOTH:
+ break;
+ case GSS_C_INITIATE:
+ cu = GSS_C_BOTH;
+ default:
+ cu = GSS_C_ACCEPT;
+ }
+ break;
+ case GSSX_C_BOTH:
+ if (e->initiator_time_rec != 0 &&
+ e->initiator_time_rec < life) {
+ life = e->initiator_time_rec;
+ }
+ if (e->acceptor_time_rec != 0 &&
+ e->acceptor_time_rec < life) {
+ life = e->acceptor_time_rec;
+ }
+ cu = GSS_C_BOTH;
+ break;
+ }
+
+ if (mechanisms) {
+ gp_conv_gssx_to_oid(&e->mech, &tmp_oid);
+ ret_maj = gss_add_oid_set_member(&ret_min, &tmp_oid, &mechs);
+ if (ret_maj) {
+ goto done;
+ }
+ }
+ }
+
+ if (lifetime) {
+ *lifetime = life;
+ }
+
+ if (cred_usage) {
+ *cred_usage = cu;
+ }
+
+done:
+ *minor_status = ret_min;
+ if (ret_maj == GSS_S_COMPLETE) {
+ if (name) {
+ *name = dname;
+ }
+ if (mechanisms) {
+ *mechanisms = mechs;
+ }
+ } else {
+ (void)gpm_release_name(&ret_min, (gss_name_t *)&dname);
+ (void)gss_release_oid_set(&ret_min, &mechs);
+ }
+ return ret_maj;
+}
+
+OM_uint32 gpm_inquire_cred_by_mech(OM_uint32 *minor_status,
+ gssx_cred *cred,
+ gss_OID mech_type,
+ gssx_name **name,
+ OM_uint32 *initiator_lifetime,
+ OM_uint32 *acceptor_lifetime,
+ gss_cred_usage_t *cred_usage)
+{
+ gssx_name *dname = NULL;
+ gssx_cred_element *e;
+ gss_OID_desc tmp_oid;
+ uint32_t ret_min;
+ uint32_t ret_maj;
+ int i;
+
+ if (!cred) {
+ *minor_status = 0;
+ return GSS_S_CALL_INACCESSIBLE_READ;
+ }
+ if (cred->elements.elements_len == 0) {
+ *minor_status = 0;
+ return GSS_S_FAILURE;
+ }
+
+ for (i = 0; i < cred->elements.elements_len; i++) {
+
+ e = &cred->elements.elements_val[i];
+ gp_conv_gssx_to_oid(&e->mech, &tmp_oid);
+ if (!gss_oid_equal(&tmp_oid, mech_type)) {
+ continue;
+ }
+
+ switch (e->cred_usage) {
+ case GSSX_C_INITIATE:
+ if (initiator_lifetime) {
+ *initiator_lifetime = e->initiator_time_rec;
+ }
+ if (cred_usage) {
+ *cred_usage = GSS_C_INITIATE;
+ }
+ break;
+ case GSSX_C_ACCEPT:
+ if (acceptor_lifetime) {
+ *acceptor_lifetime = e->acceptor_time_rec;
+ }
+ if (cred_usage) {
+ *cred_usage = GSS_C_ACCEPT;
+ }
+ break;
+ case GSSX_C_BOTH:
+ if (initiator_lifetime) {
+ *initiator_lifetime = e->initiator_time_rec;
+ }
+ if (acceptor_lifetime) {
+ *acceptor_lifetime = e->acceptor_time_rec;
+ }
+ if (cred_usage) {
+ *cred_usage = GSS_C_BOTH;
+ }
+ break;
+ }
+ if (name) {
+ ret_min = gp_copy_gssx_name_alloc(&e->MN, &dname);
+ if (ret_min != 0) {
+ ret_maj = GSS_S_FAILURE;
+ goto done;
+ }
+ *name = dname;
+ }
+ goto done;
+ }
+
+ if (i >= cred->elements.elements_len) {
+ *minor_status = 0;
+ return GSS_S_FAILURE;
+ }
+
+done:
+ *minor_status = ret_min;
+ if (ret_maj != GSS_S_COMPLETE) {
+ (void)gpm_release_name(&ret_min, (gss_name_t *)&dname);
+ }
+ return ret_maj;
+}
+
diff --git a/proxy/src/client/gssapi_gpm.h b/proxy/src/client/gssapi_gpm.h
index f4faf3f..2a7ed44 100644
--- a/proxy/src/client/gssapi_gpm.h
+++ b/proxy/src/client/gssapi_gpm.h
@@ -94,6 +94,19 @@ OM_uint32 gpm_add_cred(OM_uint32 *minor_status,
gss_OID_set *actual_mechs,
OM_uint32 *initiator_time_rec,
OM_uint32 *acceptor_time_rec);
+OM_uint32 gpm_inquire_cred(OM_uint32 *minor_status,
+ gssx_cred *cred,
+ gssx_name **name,
+ OM_uint32 *lifetime,
+ gss_cred_usage_t *cred_usage,
+ gss_OID_set *mechanisms);
+OM_uint32 gpm_inquire_cred_by_mech(OM_uint32 *minor_status,
+ gssx_cred *cred,
+ gss_OID mech_type,
+ gssx_name **name,
+ OM_uint32 *initiator_lifetime,
+ OM_uint32 *acceptor_lifetime,
+ gss_cred_usage_t *cred_usage);
OM_uint32 gpm_indicate_mechs(OM_uint32 *minor_status, gss_OID_set *mech_set);
OM_uint32 gpm_inquire_names_for_mech(OM_uint32 *minor_status,
generated by cgit (git 2.34.1) at 2025-09-18 15:44:56 +0000