1 /* 2 * Copyright 1999-2002 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 #pragma ident "%Z%%M% %I% %E% SMI" 7 8 /* 9 * lib/gssapi/krb5/export_sec_context.c 10 * 11 * Copyright 1995 by the Massachusetts Institute of Technology. 12 * All Rights Reserved. 13 * 14 * Export of this software from the United States of America may 15 * require a specific license from the United States Government. 16 * It is the responsibility of any person or organization contemplating 17 * export to obtain such a license before exporting. 18 * 19 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 20 * distribute this software and its documentation for any purpose and 21 * without fee is hereby granted, provided that the above copyright 22 * notice appear in all copies and that both that copyright notice and 23 * this permission notice appear in supporting documentation, and that 24 * the name of M.I.T. not be used in advertising or publicity pertaining 25 * to distribution of the software without specific, written prior 26 * permission. Furthermore if you modify this software you must label 27 * your software as modified software and not distribute it in such a 28 * fashion that it might be confused with the original M.I.T. software. 29 * M.I.T. makes no representations about the suitability of 30 * this software for any purpose. It is provided "as is" without express 31 * or implied warranty. 32 * 33 */ 34 35 /* 36 * export_sec_context.c - Externalize the security context. 37 */ 38 #include <gssapiP_krb5.h> 39 #include <k5-int.h> 40 41 OM_uint32 42 krb5_gss_export_sec_context(ct, minor_status, context_handle, interprocess_token) 43 void *ct; 44 OM_uint32 *minor_status; 45 gss_ctx_id_t *context_handle; 46 gss_buffer_t interprocess_token; 47 { 48 krb5_context context = ct; 49 krb5_error_code kret; 50 OM_uint32 retval; 51 size_t bufsize, blen; 52 krb5_gss_ctx_id_t ctx; 53 krb5_octet *obuffer, *obp; 54 55 /* Solaris Kerberos: for MT safety, we avoid the use of a default 56 * context via kg_get_context() */ 57 #if 0 58 if (GSS_ERROR(kg_get_context(minor_status, (krb5_context*) &context))) 59 return(GSS_S_FAILURE); 60 #endif 61 62 mutex_lock(&krb5_mutex); 63 context = ct; 64 65 /* Assume a tragic failure */ 66 obuffer = (krb5_octet *) NULL; 67 retval = GSS_S_FAILURE; 68 *minor_status = 0; 69 70 if (!kg_validate_ctx_id(*context_handle)) { 71 kret = (OM_uint32) G_VALIDATE_FAILED; 72 retval = GSS_S_NO_CONTEXT; 73 goto error_out; 74 } 75 76 ctx = (krb5_gss_ctx_id_t) *context_handle; 77 78 /* Determine size needed for externalization of context */ 79 bufsize = 0; 80 if ((kret = kg_ctx_size(context, (krb5_pointer) ctx, 81 &bufsize))) 82 goto error_out; 83 84 /* Allocate the buffer */ 85 if ((obuffer = (krb5_octet *) xmalloc(bufsize)) == NULL) { 86 kret = ENOMEM; 87 goto error_out; 88 } 89 90 obp = obuffer; 91 blen = bufsize; 92 /* Externalize the context */ 93 if ((kret = kg_ctx_externalize(context, 94 (krb5_pointer) ctx, &obp, &blen))) 95 goto error_out; 96 97 /* Success! Return the buffer */ 98 interprocess_token->length = bufsize - blen; 99 interprocess_token->value = obuffer; 100 *minor_status = 0; 101 retval = GSS_S_COMPLETE; 102 103 /* Now, clean up the context state */ 104 /* Note, calling non-locking interface */ 105 (void)krb5_gss_delete_sec_context_no_lock(context, minor_status, context_handle, NULL); 106 *context_handle = GSS_C_NO_CONTEXT; 107 108 mutex_unlock(&krb5_mutex); 109 return (GSS_S_COMPLETE); 110 111 error_out: 112 if (obuffer && bufsize) { 113 memset(obuffer, 0, bufsize); 114 krb5_xfree(obuffer); 115 } 116 if (*minor_status == 0) 117 *minor_status = (OM_uint32) kret; 118 mutex_unlock(&krb5_mutex); 119 return(retval); 120 } 121