1*7c478bd9Sstevel@tonic-gate /*
2*7c478bd9Sstevel@tonic-gate * CDDL HEADER START
3*7c478bd9Sstevel@tonic-gate *
4*7c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the
5*7c478bd9Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only
6*7c478bd9Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance
7*7c478bd9Sstevel@tonic-gate * with the License.
8*7c478bd9Sstevel@tonic-gate *
9*7c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10*7c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
11*7c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions
12*7c478bd9Sstevel@tonic-gate * and limitations under the License.
13*7c478bd9Sstevel@tonic-gate *
14*7c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
15*7c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16*7c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
17*7c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
18*7c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
19*7c478bd9Sstevel@tonic-gate *
20*7c478bd9Sstevel@tonic-gate * CDDL HEADER END
21*7c478bd9Sstevel@tonic-gate */
22*7c478bd9Sstevel@tonic-gate /*
23*7c478bd9Sstevel@tonic-gate * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
24*7c478bd9Sstevel@tonic-gate * Use is subject to license terms.
25*7c478bd9Sstevel@tonic-gate */
26*7c478bd9Sstevel@tonic-gate
27*7c478bd9Sstevel@tonic-gate /*
28*7c478bd9Sstevel@tonic-gate * glue routine for gss_acquire_cred
29*7c478bd9Sstevel@tonic-gate */
30*7c478bd9Sstevel@tonic-gate
31*7c478bd9Sstevel@tonic-gate #include <mechglueP.h>
32*7c478bd9Sstevel@tonic-gate #include <gssapi/gssapi_ext.h>
33*7c478bd9Sstevel@tonic-gate #include <stdio.h>
34*7c478bd9Sstevel@tonic-gate #ifdef HAVE_STDLIB_H
35*7c478bd9Sstevel@tonic-gate #include <stdlib.h>
36*7c478bd9Sstevel@tonic-gate #endif
37*7c478bd9Sstevel@tonic-gate #include <string.h>
38*7c478bd9Sstevel@tonic-gate #include <errno.h>
39*7c478bd9Sstevel@tonic-gate #include <time.h>
40*7c478bd9Sstevel@tonic-gate /* local functions */
41*7c478bd9Sstevel@tonic-gate static gss_OID_set create_actual_mechs(const gss_OID, int);
42*7c478bd9Sstevel@tonic-gate
43*7c478bd9Sstevel@tonic-gate static gss_OID_set
create_actual_mechs(mechs_array,count)44*7c478bd9Sstevel@tonic-gate create_actual_mechs(mechs_array, count)
45*7c478bd9Sstevel@tonic-gate const gss_OID mechs_array;
46*7c478bd9Sstevel@tonic-gate int count;
47*7c478bd9Sstevel@tonic-gate {
48*7c478bd9Sstevel@tonic-gate gss_OID_set actual_mechs;
49*7c478bd9Sstevel@tonic-gate int i;
50*7c478bd9Sstevel@tonic-gate OM_uint32 minor;
51*7c478bd9Sstevel@tonic-gate
52*7c478bd9Sstevel@tonic-gate actual_mechs = (gss_OID_set) malloc(sizeof (gss_OID_set_desc));
53*7c478bd9Sstevel@tonic-gate if (!actual_mechs)
54*7c478bd9Sstevel@tonic-gate return (NULL);
55*7c478bd9Sstevel@tonic-gate
56*7c478bd9Sstevel@tonic-gate actual_mechs->elements = (gss_OID)
57*7c478bd9Sstevel@tonic-gate malloc(sizeof (gss_OID_desc) * count);
58*7c478bd9Sstevel@tonic-gate if (!actual_mechs->elements) {
59*7c478bd9Sstevel@tonic-gate free(actual_mechs);
60*7c478bd9Sstevel@tonic-gate return (NULL);
61*7c478bd9Sstevel@tonic-gate }
62*7c478bd9Sstevel@tonic-gate
63*7c478bd9Sstevel@tonic-gate actual_mechs->count = 0;
64*7c478bd9Sstevel@tonic-gate
65*7c478bd9Sstevel@tonic-gate for (i = 0; i < count; i++) {
66*7c478bd9Sstevel@tonic-gate actual_mechs->elements[i].elements = (void *)
67*7c478bd9Sstevel@tonic-gate malloc(mechs_array[i].length);
68*7c478bd9Sstevel@tonic-gate if (actual_mechs->elements[i].elements == NULL) {
69*7c478bd9Sstevel@tonic-gate (void) gss_release_oid_set(&minor, &actual_mechs);
70*7c478bd9Sstevel@tonic-gate return (NULL);
71*7c478bd9Sstevel@tonic-gate }
72*7c478bd9Sstevel@tonic-gate g_OID_copy(&actual_mechs->elements[i], &mechs_array[i]);
73*7c478bd9Sstevel@tonic-gate actual_mechs->count++;
74*7c478bd9Sstevel@tonic-gate }
75*7c478bd9Sstevel@tonic-gate
76*7c478bd9Sstevel@tonic-gate return (actual_mechs);
77*7c478bd9Sstevel@tonic-gate }
78*7c478bd9Sstevel@tonic-gate
79*7c478bd9Sstevel@tonic-gate
80*7c478bd9Sstevel@tonic-gate OM_uint32
gss_acquire_cred_with_password(minor_status,desired_name,password,time_req,desired_mechs,cred_usage,output_cred_handle,actual_mechs,time_rec)81*7c478bd9Sstevel@tonic-gate gss_acquire_cred_with_password(minor_status,
82*7c478bd9Sstevel@tonic-gate desired_name,
83*7c478bd9Sstevel@tonic-gate password,
84*7c478bd9Sstevel@tonic-gate time_req,
85*7c478bd9Sstevel@tonic-gate desired_mechs,
86*7c478bd9Sstevel@tonic-gate cred_usage,
87*7c478bd9Sstevel@tonic-gate output_cred_handle,
88*7c478bd9Sstevel@tonic-gate actual_mechs,
89*7c478bd9Sstevel@tonic-gate time_rec)
90*7c478bd9Sstevel@tonic-gate
91*7c478bd9Sstevel@tonic-gate OM_uint32 * minor_status;
92*7c478bd9Sstevel@tonic-gate const gss_name_t desired_name;
93*7c478bd9Sstevel@tonic-gate const gss_buffer_t password;
94*7c478bd9Sstevel@tonic-gate OM_uint32 time_req;
95*7c478bd9Sstevel@tonic-gate const gss_OID_set desired_mechs;
96*7c478bd9Sstevel@tonic-gate int cred_usage;
97*7c478bd9Sstevel@tonic-gate gss_cred_id_t *output_cred_handle;
98*7c478bd9Sstevel@tonic-gate gss_OID_set * actual_mechs;
99*7c478bd9Sstevel@tonic-gate OM_uint32 * time_rec;
100*7c478bd9Sstevel@tonic-gate
101*7c478bd9Sstevel@tonic-gate {
102*7c478bd9Sstevel@tonic-gate OM_uint32 major = GSS_S_FAILURE;
103*7c478bd9Sstevel@tonic-gate OM_uint32 initTimeOut, acceptTimeOut, outTime = GSS_C_INDEFINITE;
104*7c478bd9Sstevel@tonic-gate gss_OID_set_desc default_OID_set;
105*7c478bd9Sstevel@tonic-gate gss_OID_set mechs;
106*7c478bd9Sstevel@tonic-gate gss_OID_desc default_OID;
107*7c478bd9Sstevel@tonic-gate gss_mechanism mech;
108*7c478bd9Sstevel@tonic-gate int i;
109*7c478bd9Sstevel@tonic-gate gss_union_cred_t creds;
110*7c478bd9Sstevel@tonic-gate
111*7c478bd9Sstevel@tonic-gate /* start by checking parameters */
112*7c478bd9Sstevel@tonic-gate if (minor_status == NULL)
113*7c478bd9Sstevel@tonic-gate return (GSS_S_CALL_INACCESSIBLE_WRITE);
114*7c478bd9Sstevel@tonic-gate *minor_status = 0;
115*7c478bd9Sstevel@tonic-gate
116*7c478bd9Sstevel@tonic-gate if (desired_name == GSS_C_NO_NAME)
117*7c478bd9Sstevel@tonic-gate return (GSS_S_BAD_NAME);
118*7c478bd9Sstevel@tonic-gate
119*7c478bd9Sstevel@tonic-gate if (output_cred_handle == NULL)
120*7c478bd9Sstevel@tonic-gate return (GSS_S_CALL_INACCESSIBLE_WRITE | GSS_S_NO_CRED);
121*7c478bd9Sstevel@tonic-gate
122*7c478bd9Sstevel@tonic-gate *output_cred_handle = GSS_C_NO_CREDENTIAL;
123*7c478bd9Sstevel@tonic-gate
124*7c478bd9Sstevel@tonic-gate /* Set output parameters to NULL for now */
125*7c478bd9Sstevel@tonic-gate if (actual_mechs != NULL)
126*7c478bd9Sstevel@tonic-gate *actual_mechs = GSS_C_NULL_OID_SET;
127*7c478bd9Sstevel@tonic-gate
128*7c478bd9Sstevel@tonic-gate if (time_rec)
129*7c478bd9Sstevel@tonic-gate *time_rec = 0;
130*7c478bd9Sstevel@tonic-gate
131*7c478bd9Sstevel@tonic-gate /*
132*7c478bd9Sstevel@tonic-gate * if desired_mechs equals GSS_C_NULL_OID_SET, then pick an
133*7c478bd9Sstevel@tonic-gate * appropriate default. We use the first mechanism in the
134*7c478bd9Sstevel@tonic-gate * mechansim list as the default. This set is created with
135*7c478bd9Sstevel@tonic-gate * statics thus needs not be freed
136*7c478bd9Sstevel@tonic-gate */
137*7c478bd9Sstevel@tonic-gate if (desired_mechs == GSS_C_NULL_OID_SET) {
138*7c478bd9Sstevel@tonic-gate mech = __gss_get_mechanism(GSS_C_NULL_OID);
139*7c478bd9Sstevel@tonic-gate if (mech == NULL)
140*7c478bd9Sstevel@tonic-gate return (GSS_S_BAD_MECH);
141*7c478bd9Sstevel@tonic-gate
142*7c478bd9Sstevel@tonic-gate mechs = &default_OID_set;
143*7c478bd9Sstevel@tonic-gate default_OID_set.count = 1;
144*7c478bd9Sstevel@tonic-gate default_OID_set.elements = &default_OID;
145*7c478bd9Sstevel@tonic-gate default_OID.length = mech->mech_type.length;
146*7c478bd9Sstevel@tonic-gate default_OID.elements = mech->mech_type.elements;
147*7c478bd9Sstevel@tonic-gate } else
148*7c478bd9Sstevel@tonic-gate mechs = desired_mechs;
149*7c478bd9Sstevel@tonic-gate
150*7c478bd9Sstevel@tonic-gate if (mechs->count == 0)
151*7c478bd9Sstevel@tonic-gate return (GSS_S_BAD_MECH);
152*7c478bd9Sstevel@tonic-gate
153*7c478bd9Sstevel@tonic-gate /* allocate the output credential structure */
154*7c478bd9Sstevel@tonic-gate creds = (gss_union_cred_t)malloc(sizeof (gss_union_cred_desc));
155*7c478bd9Sstevel@tonic-gate if (creds == NULL)
156*7c478bd9Sstevel@tonic-gate return (GSS_S_FAILURE);
157*7c478bd9Sstevel@tonic-gate
158*7c478bd9Sstevel@tonic-gate /* initialize to 0s */
159*7c478bd9Sstevel@tonic-gate (void) memset(creds, 0, sizeof (gss_union_cred_desc));
160*7c478bd9Sstevel@tonic-gate
161*7c478bd9Sstevel@tonic-gate /* for each requested mech attempt to obtain a credential */
162*7c478bd9Sstevel@tonic-gate for (i = 0; i < mechs->count; i++) {
163*7c478bd9Sstevel@tonic-gate major = gss_add_cred_with_password(minor_status,
164*7c478bd9Sstevel@tonic-gate (gss_cred_id_t)creds,
165*7c478bd9Sstevel@tonic-gate desired_name,
166*7c478bd9Sstevel@tonic-gate &mechs->elements[i],
167*7c478bd9Sstevel@tonic-gate password,
168*7c478bd9Sstevel@tonic-gate cred_usage, time_req, time_req, NULL,
169*7c478bd9Sstevel@tonic-gate NULL, &initTimeOut, &acceptTimeOut);
170*7c478bd9Sstevel@tonic-gate if (major == GSS_S_COMPLETE) {
171*7c478bd9Sstevel@tonic-gate /* update the credential's time */
172*7c478bd9Sstevel@tonic-gate if (cred_usage == GSS_C_ACCEPT) {
173*7c478bd9Sstevel@tonic-gate if (outTime > acceptTimeOut)
174*7c478bd9Sstevel@tonic-gate outTime = acceptTimeOut;
175*7c478bd9Sstevel@tonic-gate } else if (cred_usage == GSS_C_INITIATE) {
176*7c478bd9Sstevel@tonic-gate if (outTime > initTimeOut)
177*7c478bd9Sstevel@tonic-gate outTime = initTimeOut;
178*7c478bd9Sstevel@tonic-gate } else {
179*7c478bd9Sstevel@tonic-gate /*
180*7c478bd9Sstevel@tonic-gate * time_rec is the lesser of the
181*7c478bd9Sstevel@tonic-gate * init/accept times
182*7c478bd9Sstevel@tonic-gate */
183*7c478bd9Sstevel@tonic-gate if (initTimeOut > acceptTimeOut)
184*7c478bd9Sstevel@tonic-gate outTime = (outTime > acceptTimeOut) ?
185*7c478bd9Sstevel@tonic-gate acceptTimeOut : outTime;
186*7c478bd9Sstevel@tonic-gate else
187*7c478bd9Sstevel@tonic-gate outTime = (outTime > initTimeOut) ?
188*7c478bd9Sstevel@tonic-gate initTimeOut : outTime;
189*7c478bd9Sstevel@tonic-gate }
190*7c478bd9Sstevel@tonic-gate }
191*7c478bd9Sstevel@tonic-gate } /* for */
192*7c478bd9Sstevel@tonic-gate
193*7c478bd9Sstevel@tonic-gate /* ensure that we have at least one credential element */
194*7c478bd9Sstevel@tonic-gate if (creds->count < 1) {
195*7c478bd9Sstevel@tonic-gate free(creds);
196*7c478bd9Sstevel@tonic-gate return (major);
197*7c478bd9Sstevel@tonic-gate }
198*7c478bd9Sstevel@tonic-gate
199*7c478bd9Sstevel@tonic-gate /*
200*7c478bd9Sstevel@tonic-gate * fill in output parameters
201*7c478bd9Sstevel@tonic-gate * setup the actual mechs output parameter
202*7c478bd9Sstevel@tonic-gate */
203*7c478bd9Sstevel@tonic-gate if (actual_mechs != NULL) {
204*7c478bd9Sstevel@tonic-gate if ((*actual_mechs = create_actual_mechs(creds->mechs_array,
205*7c478bd9Sstevel@tonic-gate creds->count)) == NULL) {
206*7c478bd9Sstevel@tonic-gate (void) gss_release_cred(minor_status,
207*7c478bd9Sstevel@tonic-gate (gss_cred_id_t *)&creds);
208*7c478bd9Sstevel@tonic-gate *minor_status = 0;
209*7c478bd9Sstevel@tonic-gate return (GSS_S_FAILURE);
210*7c478bd9Sstevel@tonic-gate }
211*7c478bd9Sstevel@tonic-gate }
212*7c478bd9Sstevel@tonic-gate
213*7c478bd9Sstevel@tonic-gate if (time_rec)
214*7c478bd9Sstevel@tonic-gate *time_rec = outTime;
215*7c478bd9Sstevel@tonic-gate
216*7c478bd9Sstevel@tonic-gate
217*7c478bd9Sstevel@tonic-gate *output_cred_handle = (gss_cred_id_t)creds;
218*7c478bd9Sstevel@tonic-gate return (GSS_S_COMPLETE);
219*7c478bd9Sstevel@tonic-gate }
220*7c478bd9Sstevel@tonic-gate
221*7c478bd9Sstevel@tonic-gate /* V2 INTERFACE */
222*7c478bd9Sstevel@tonic-gate OM_uint32
gss_add_cred_with_password(minor_status,input_cred_handle,desired_name,desired_mech,password,cred_usage,initiator_time_req,acceptor_time_req,output_cred_handle,actual_mechs,initiator_time_rec,acceptor_time_rec)223*7c478bd9Sstevel@tonic-gate gss_add_cred_with_password(minor_status, input_cred_handle,
224*7c478bd9Sstevel@tonic-gate desired_name, desired_mech, password,
225*7c478bd9Sstevel@tonic-gate cred_usage, initiator_time_req,
226*7c478bd9Sstevel@tonic-gate acceptor_time_req, output_cred_handle,
227*7c478bd9Sstevel@tonic-gate actual_mechs, initiator_time_rec,
228*7c478bd9Sstevel@tonic-gate acceptor_time_rec)
229*7c478bd9Sstevel@tonic-gate OM_uint32 *minor_status;
230*7c478bd9Sstevel@tonic-gate const gss_cred_id_t input_cred_handle;
231*7c478bd9Sstevel@tonic-gate const gss_name_t desired_name;
232*7c478bd9Sstevel@tonic-gate const gss_OID desired_mech;
233*7c478bd9Sstevel@tonic-gate const gss_buffer_t password;
234*7c478bd9Sstevel@tonic-gate gss_cred_usage_t cred_usage;
235*7c478bd9Sstevel@tonic-gate OM_uint32 initiator_time_req;
236*7c478bd9Sstevel@tonic-gate OM_uint32 acceptor_time_req;
237*7c478bd9Sstevel@tonic-gate gss_cred_id_t *output_cred_handle;
238*7c478bd9Sstevel@tonic-gate gss_OID_set *actual_mechs;
239*7c478bd9Sstevel@tonic-gate OM_uint32 *initiator_time_rec;
240*7c478bd9Sstevel@tonic-gate OM_uint32 *acceptor_time_rec;
241*7c478bd9Sstevel@tonic-gate {
242*7c478bd9Sstevel@tonic-gate OM_uint32 status, time_req, time_rec, temp_minor_status;
243*7c478bd9Sstevel@tonic-gate gss_mechanism mech;
244*7c478bd9Sstevel@tonic-gate gss_mechanism_ext mech_ext;
245*7c478bd9Sstevel@tonic-gate gss_union_name_t union_name = NULL;
246*7c478bd9Sstevel@tonic-gate gss_union_cred_t union_cred, new_union_cred;
247*7c478bd9Sstevel@tonic-gate gss_name_t internal_name = GSS_C_NO_NAME;
248*7c478bd9Sstevel@tonic-gate gss_name_t allocated_name = GSS_C_NO_NAME;
249*7c478bd9Sstevel@tonic-gate gss_cred_id_t cred = NULL;
250*7c478bd9Sstevel@tonic-gate gss_OID new_mechs_array = NULL;
251*7c478bd9Sstevel@tonic-gate gss_cred_id_t *new_cred_array = NULL;
252*7c478bd9Sstevel@tonic-gate
253*7c478bd9Sstevel@tonic-gate /* check input parameters */
254*7c478bd9Sstevel@tonic-gate if (minor_status == NULL)
255*7c478bd9Sstevel@tonic-gate return (GSS_S_CALL_INACCESSIBLE_WRITE);
256*7c478bd9Sstevel@tonic-gate *minor_status = 0;
257*7c478bd9Sstevel@tonic-gate
258*7c478bd9Sstevel@tonic-gate if (input_cred_handle == GSS_C_NO_CREDENTIAL &&
259*7c478bd9Sstevel@tonic-gate output_cred_handle == NULL)
260*7c478bd9Sstevel@tonic-gate return (GSS_S_CALL_INACCESSIBLE_WRITE | GSS_S_NO_CRED);
261*7c478bd9Sstevel@tonic-gate
262*7c478bd9Sstevel@tonic-gate if (desired_name == GSS_C_NO_NAME)
263*7c478bd9Sstevel@tonic-gate return (GSS_S_BAD_NAME);
264*7c478bd9Sstevel@tonic-gate union_name = (gss_union_name_t)desired_name;
265*7c478bd9Sstevel@tonic-gate
266*7c478bd9Sstevel@tonic-gate if (output_cred_handle != NULL)
267*7c478bd9Sstevel@tonic-gate *output_cred_handle = GSS_C_NO_CREDENTIAL;
268*7c478bd9Sstevel@tonic-gate
269*7c478bd9Sstevel@tonic-gate if (actual_mechs != NULL)
270*7c478bd9Sstevel@tonic-gate *actual_mechs = NULL;
271*7c478bd9Sstevel@tonic-gate
272*7c478bd9Sstevel@tonic-gate if (acceptor_time_rec != NULL)
273*7c478bd9Sstevel@tonic-gate *acceptor_time_rec = 0;
274*7c478bd9Sstevel@tonic-gate
275*7c478bd9Sstevel@tonic-gate if (initiator_time_rec != NULL)
276*7c478bd9Sstevel@tonic-gate *initiator_time_rec = 0;
277*7c478bd9Sstevel@tonic-gate
278*7c478bd9Sstevel@tonic-gate if ((mech = __gss_get_mechanism(desired_mech)) == NULL)
279*7c478bd9Sstevel@tonic-gate return (GSS_S_BAD_MECH);
280*7c478bd9Sstevel@tonic-gate
281*7c478bd9Sstevel@tonic-gate if ((mech_ext = __gss_get_mechanism_ext(desired_mech)) == NULL ||
282*7c478bd9Sstevel@tonic-gate mech_ext->gss_acquire_cred_with_password == NULL)
283*7c478bd9Sstevel@tonic-gate return (GSS_S_UNAVAILABLE);
284*7c478bd9Sstevel@tonic-gate
285*7c478bd9Sstevel@tonic-gate if (input_cred_handle == GSS_C_NO_CREDENTIAL) {
286*7c478bd9Sstevel@tonic-gate union_cred = malloc(sizeof (gss_union_cred_desc));
287*7c478bd9Sstevel@tonic-gate if (union_cred == NULL)
288*7c478bd9Sstevel@tonic-gate return (GSS_S_FAILURE);
289*7c478bd9Sstevel@tonic-gate
290*7c478bd9Sstevel@tonic-gate (void) memset(union_cred, 0, sizeof (gss_union_cred_desc));
291*7c478bd9Sstevel@tonic-gate
292*7c478bd9Sstevel@tonic-gate } else {
293*7c478bd9Sstevel@tonic-gate union_cred = (gss_union_cred_t)input_cred_handle;
294*7c478bd9Sstevel@tonic-gate if (__gss_get_mechanism_cred(union_cred, desired_mech) !=
295*7c478bd9Sstevel@tonic-gate GSS_C_NO_CREDENTIAL)
296*7c478bd9Sstevel@tonic-gate return (GSS_S_DUPLICATE_ELEMENT);
297*7c478bd9Sstevel@tonic-gate }
298*7c478bd9Sstevel@tonic-gate
299*7c478bd9Sstevel@tonic-gate /* May need to create an MN */
300*7c478bd9Sstevel@tonic-gate if (union_name->mech_type &&
301*7c478bd9Sstevel@tonic-gate g_OID_equal(union_name->mech_type,
302*7c478bd9Sstevel@tonic-gate &mech->mech_type))
303*7c478bd9Sstevel@tonic-gate internal_name = union_name->mech_name;
304*7c478bd9Sstevel@tonic-gate else {
305*7c478bd9Sstevel@tonic-gate if (__gss_import_internal_name(minor_status,
306*7c478bd9Sstevel@tonic-gate &mech->mech_type, union_name,
307*7c478bd9Sstevel@tonic-gate &allocated_name) != GSS_S_COMPLETE)
308*7c478bd9Sstevel@tonic-gate return (GSS_S_BAD_NAME);
309*7c478bd9Sstevel@tonic-gate internal_name = allocated_name;
310*7c478bd9Sstevel@tonic-gate }
311*7c478bd9Sstevel@tonic-gate
312*7c478bd9Sstevel@tonic-gate if (cred_usage == GSS_C_ACCEPT)
313*7c478bd9Sstevel@tonic-gate time_req = acceptor_time_req;
314*7c478bd9Sstevel@tonic-gate else if (cred_usage == GSS_C_INITIATE)
315*7c478bd9Sstevel@tonic-gate time_req = initiator_time_req;
316*7c478bd9Sstevel@tonic-gate else if (cred_usage == GSS_C_BOTH)
317*7c478bd9Sstevel@tonic-gate time_req = (acceptor_time_req > initiator_time_req) ?
318*7c478bd9Sstevel@tonic-gate acceptor_time_req : initiator_time_req;
319*7c478bd9Sstevel@tonic-gate
320*7c478bd9Sstevel@tonic-gate status = mech_ext->gss_acquire_cred_with_password(mech->context,
321*7c478bd9Sstevel@tonic-gate minor_status, internal_name, password, time_req,
322*7c478bd9Sstevel@tonic-gate GSS_C_NULL_OID_SET, cred_usage, &cred, NULL,
323*7c478bd9Sstevel@tonic-gate &time_rec);
324*7c478bd9Sstevel@tonic-gate
325*7c478bd9Sstevel@tonic-gate if (status != GSS_S_COMPLETE)
326*7c478bd9Sstevel@tonic-gate goto errout;
327*7c478bd9Sstevel@tonic-gate
328*7c478bd9Sstevel@tonic-gate /* May need to set credential auxinfo strucutre */
329*7c478bd9Sstevel@tonic-gate if (union_cred->auxinfo.creation_time == 0) {
330*7c478bd9Sstevel@tonic-gate union_cred->auxinfo.creation_time = time(NULL);
331*7c478bd9Sstevel@tonic-gate union_cred->auxinfo.time_rec = time_rec;
332*7c478bd9Sstevel@tonic-gate union_cred->auxinfo.cred_usage = cred_usage;
333*7c478bd9Sstevel@tonic-gate
334*7c478bd9Sstevel@tonic-gate if ((status = mech->gss_display_name(mech->context,
335*7c478bd9Sstevel@tonic-gate &temp_minor_status, internal_name,
336*7c478bd9Sstevel@tonic-gate &union_cred->auxinfo.name,
337*7c478bd9Sstevel@tonic-gate &union_cred->auxinfo.name_type)) !=
338*7c478bd9Sstevel@tonic-gate GSS_S_COMPLETE)
339*7c478bd9Sstevel@tonic-gate goto errout;
340*7c478bd9Sstevel@tonic-gate }
341*7c478bd9Sstevel@tonic-gate
342*7c478bd9Sstevel@tonic-gate /* Now add the new credential elements */
343*7c478bd9Sstevel@tonic-gate new_mechs_array = (gss_OID)
344*7c478bd9Sstevel@tonic-gate malloc(sizeof (gss_OID_desc) * (union_cred->count+1));
345*7c478bd9Sstevel@tonic-gate
346*7c478bd9Sstevel@tonic-gate new_cred_array = (gss_cred_id_t *)
347*7c478bd9Sstevel@tonic-gate malloc(sizeof (gss_cred_id_t) * (union_cred->count+1));
348*7c478bd9Sstevel@tonic-gate
349*7c478bd9Sstevel@tonic-gate if (!new_mechs_array || !new_cred_array) {
350*7c478bd9Sstevel@tonic-gate status = GSS_S_FAILURE;
351*7c478bd9Sstevel@tonic-gate goto errout;
352*7c478bd9Sstevel@tonic-gate }
353*7c478bd9Sstevel@tonic-gate
354*7c478bd9Sstevel@tonic-gate if (acceptor_time_rec)
355*7c478bd9Sstevel@tonic-gate if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH)
356*7c478bd9Sstevel@tonic-gate *acceptor_time_rec = time_rec;
357*7c478bd9Sstevel@tonic-gate if (initiator_time_rec)
358*7c478bd9Sstevel@tonic-gate if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH)
359*7c478bd9Sstevel@tonic-gate *initiator_time_rec = time_rec;
360*7c478bd9Sstevel@tonic-gate
361*7c478bd9Sstevel@tonic-gate /*
362*7c478bd9Sstevel@tonic-gate * OK, expand the mechanism array and the credential array
363*7c478bd9Sstevel@tonic-gate */
364*7c478bd9Sstevel@tonic-gate (void) memcpy(new_mechs_array, union_cred->mechs_array,
365*7c478bd9Sstevel@tonic-gate sizeof (gss_OID_desc) * union_cred->count);
366*7c478bd9Sstevel@tonic-gate (void) memcpy(new_cred_array, union_cred->cred_array,
367*7c478bd9Sstevel@tonic-gate sizeof (gss_cred_id_t) * union_cred->count);
368*7c478bd9Sstevel@tonic-gate
369*7c478bd9Sstevel@tonic-gate new_cred_array[union_cred->count] = cred;
370*7c478bd9Sstevel@tonic-gate if ((new_mechs_array[union_cred->count].elements =
371*7c478bd9Sstevel@tonic-gate malloc(mech->mech_type.length)) == NULL)
372*7c478bd9Sstevel@tonic-gate goto errout;
373*7c478bd9Sstevel@tonic-gate
374*7c478bd9Sstevel@tonic-gate g_OID_copy(&new_mechs_array[union_cred->count],
375*7c478bd9Sstevel@tonic-gate &mech->mech_type);
376*7c478bd9Sstevel@tonic-gate
377*7c478bd9Sstevel@tonic-gate if (actual_mechs) {
378*7c478bd9Sstevel@tonic-gate *actual_mechs = create_actual_mechs(new_mechs_array,
379*7c478bd9Sstevel@tonic-gate union_cred->count + 1);
380*7c478bd9Sstevel@tonic-gate if (*actual_mechs == NULL) {
381*7c478bd9Sstevel@tonic-gate free(new_mechs_array[union_cred->count].elements);
382*7c478bd9Sstevel@tonic-gate goto errout;
383*7c478bd9Sstevel@tonic-gate }
384*7c478bd9Sstevel@tonic-gate }
385*7c478bd9Sstevel@tonic-gate
386*7c478bd9Sstevel@tonic-gate if (output_cred_handle == NULL) {
387*7c478bd9Sstevel@tonic-gate free(union_cred->mechs_array);
388*7c478bd9Sstevel@tonic-gate free(union_cred->cred_array);
389*7c478bd9Sstevel@tonic-gate new_union_cred = union_cred;
390*7c478bd9Sstevel@tonic-gate } else {
391*7c478bd9Sstevel@tonic-gate new_union_cred = malloc(sizeof (gss_union_cred_desc));
392*7c478bd9Sstevel@tonic-gate if (new_union_cred == NULL) {
393*7c478bd9Sstevel@tonic-gate free(new_mechs_array[union_cred->count].elements);
394*7c478bd9Sstevel@tonic-gate goto errout;
395*7c478bd9Sstevel@tonic-gate }
396*7c478bd9Sstevel@tonic-gate *new_union_cred = *union_cred;
397*7c478bd9Sstevel@tonic-gate *output_cred_handle = (gss_cred_id_t)new_union_cred;
398*7c478bd9Sstevel@tonic-gate }
399*7c478bd9Sstevel@tonic-gate
400*7c478bd9Sstevel@tonic-gate new_union_cred->mechs_array = new_mechs_array;
401*7c478bd9Sstevel@tonic-gate new_union_cred->cred_array = new_cred_array;
402*7c478bd9Sstevel@tonic-gate new_union_cred->count++;
403*7c478bd9Sstevel@tonic-gate
404*7c478bd9Sstevel@tonic-gate /* We're done with the internal name. Free it if we allocated it. */
405*7c478bd9Sstevel@tonic-gate
406*7c478bd9Sstevel@tonic-gate if (allocated_name)
407*7c478bd9Sstevel@tonic-gate (void) __gss_release_internal_name(&temp_minor_status,
408*7c478bd9Sstevel@tonic-gate &mech->mech_type,
409*7c478bd9Sstevel@tonic-gate &allocated_name);
410*7c478bd9Sstevel@tonic-gate
411*7c478bd9Sstevel@tonic-gate return (GSS_S_COMPLETE);
412*7c478bd9Sstevel@tonic-gate
413*7c478bd9Sstevel@tonic-gate errout:
414*7c478bd9Sstevel@tonic-gate if (new_mechs_array)
415*7c478bd9Sstevel@tonic-gate free(new_mechs_array);
416*7c478bd9Sstevel@tonic-gate if (new_cred_array)
417*7c478bd9Sstevel@tonic-gate free(new_cred_array);
418*7c478bd9Sstevel@tonic-gate
419*7c478bd9Sstevel@tonic-gate if (cred != NULL && mech->gss_release_cred)
420*7c478bd9Sstevel@tonic-gate mech->gss_release_cred(mech->context,
421*7c478bd9Sstevel@tonic-gate &temp_minor_status, &cred);
422*7c478bd9Sstevel@tonic-gate
423*7c478bd9Sstevel@tonic-gate if (allocated_name)
424*7c478bd9Sstevel@tonic-gate (void) __gss_release_internal_name(&temp_minor_status,
425*7c478bd9Sstevel@tonic-gate &mech->mech_type,
426*7c478bd9Sstevel@tonic-gate &allocated_name);
427*7c478bd9Sstevel@tonic-gate
428*7c478bd9Sstevel@tonic-gate if (input_cred_handle == GSS_C_NO_CREDENTIAL && union_cred) {
429*7c478bd9Sstevel@tonic-gate if (union_cred->auxinfo.name.value)
430*7c478bd9Sstevel@tonic-gate free(union_cred->auxinfo.name.value);
431*7c478bd9Sstevel@tonic-gate free(union_cred);
432*7c478bd9Sstevel@tonic-gate }
433*7c478bd9Sstevel@tonic-gate
434*7c478bd9Sstevel@tonic-gate return (status);
435*7c478bd9Sstevel@tonic-gate }
436