1 /* 2 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 #pragma ident "%Z%%M% %I% %E% SMI" 7 8 /* 9 * Copyright 1993 by OpenVision Technologies, Inc. 10 * 11 * Permission to use, copy, modify, distribute, and sell this software 12 * and its documentation for any purpose is hereby granted without fee, 13 * provided that the above copyright notice appears in all copies and 14 * that both that copyright notice and this permission notice appear in 15 * supporting documentation, and that the name of OpenVision not be used 16 * in advertising or publicity pertaining to distribution of the software 17 * without specific, written prior permission. OpenVision makes no 18 * representations about the suitability of this software for any 19 * purpose. It is provided "as is" without express or implied warranty. 20 * 21 * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, 22 * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO 23 * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR 24 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF 25 * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR 26 * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 27 * PERFORMANCE OF THIS SOFTWARE. 28 */ 29 30 #include "gssapiP_krb5.h" 31 #include "mglueP.h" /* SUNW15resync - for KGSS_ macros */ 32 33 /* 34 * $Id: delete_sec_context.c 16465 2004-06-16 02:37:23Z tlyu $ 35 */ 36 37 38 #ifdef _KERNEL 39 /* SUNW15resync - todo - unify these kernel rel oid funcs with user spc ones */ 40 41 OM_uint32 42 krb5_gss_internal_release_oid(minor_status, oid) 43 OM_uint32 *minor_status; 44 gss_OID *oid; 45 { 46 /* 47 * This function only knows how to release internal OIDs. It will 48 * return GSS_S_CONTINUE_NEEDED for any OIDs it does not recognize. 49 */ 50 51 if ((*oid != gss_mech_krb5) && 52 (*oid != gss_mech_krb5_old) && 53 (*oid != gss_mech_krb5_wrong) && 54 (*oid != gss_nt_krb5_name) && 55 (*oid != gss_nt_krb5_principal)) { 56 /* We don't know about this OID */ 57 return(GSS_S_CONTINUE_NEEDED); 58 } 59 else { 60 *oid = GSS_C_NO_OID; 61 *minor_status = 0; 62 return(GSS_S_COMPLETE); 63 } 64 } 65 66 OM_uint32 67 generic_gss_release_oid(minor_status, oid) 68 OM_uint32 *minor_status; 69 gss_OID *oid; 70 { 71 if (minor_status) 72 *minor_status = 0; 73 74 if (*oid == GSS_C_NO_OID) 75 return(GSS_S_COMPLETE); 76 77 78 if ((*oid != GSS_C_NT_USER_NAME) && 79 (*oid != GSS_C_NT_MACHINE_UID_NAME) && 80 (*oid != GSS_C_NT_STRING_UID_NAME) && 81 (*oid != GSS_C_NT_HOSTBASED_SERVICE) && 82 (*oid != GSS_C_NT_ANONYMOUS) && 83 (*oid != GSS_C_NT_EXPORT_NAME) && 84 (*oid != gss_nt_service_name)) { 85 FREE((*oid)->elements, (*oid)->length); 86 FREE(*oid, sizeof(gss_OID_desc)); 87 } 88 *oid = GSS_C_NO_OID; 89 return(GSS_S_COMPLETE); 90 } 91 92 OM_uint32 93 krb5_gss_release_oid(minor_status, oid) 94 OM_uint32 *minor_status; 95 gss_OID *oid; 96 { 97 98 if (krb5_gss_internal_release_oid(minor_status, oid) != GSS_S_COMPLETE) { 99 /* Pawn it off on the generic routine */ 100 return(generic_gss_release_oid(minor_status, oid)); 101 } 102 else { 103 *oid = GSS_C_NO_OID; 104 *minor_status = 0; 105 return(GSS_S_COMPLETE); 106 } 107 } 108 #endif 109 110 /*ARGSUSED*/ 111 OM_uint32 112 krb5_gss_delete_sec_context(minor_status, 113 context_handle, 114 output_token 115 #ifdef _KERNEL 116 , gssd_ctx_verifier 117 #endif 118 ) 119 OM_uint32 *minor_status; 120 gss_ctx_id_t *context_handle; 121 gss_buffer_t output_token; 122 #ifdef _KERNEL 123 OM_uint32 gssd_ctx_verifier; 124 #endif 125 { 126 krb5_context context; 127 krb5_gss_ctx_id_rec *ctx; 128 129 if (output_token) { 130 output_token->length = 0; 131 output_token->value = NULL; 132 } 133 134 /*SUPPRESS 29*/ 135 if (*context_handle == GSS_C_NO_CONTEXT) { 136 *minor_status = 0; 137 return(GSS_S_COMPLETE); 138 } 139 140 /*SUPPRESS 29*/ 141 /* validate the context handle */ 142 if (! kg_validate_ctx_id(*context_handle)) { 143 *minor_status = (OM_uint32) G_VALIDATE_FAILED; 144 return(GSS_S_NO_CONTEXT); 145 } 146 147 ctx = (krb5_gss_ctx_id_t) *context_handle; 148 context = ctx->k5_context; 149 150 /* construct a delete context token if necessary */ 151 152 if (output_token) { 153 OM_uint32 major; 154 gss_buffer_desc empty; 155 empty.length = 0; empty.value = NULL; 156 157 if ((major = kg_seal(minor_status, *context_handle, 0, 158 GSS_C_QOP_DEFAULT, 159 &empty, NULL, output_token, KG_TOK_DEL_CTX))) 160 return(major); 161 } 162 163 /* invalidate the context handle */ 164 165 (void)kg_delete_ctx_id(*context_handle); 166 167 /* free all the context state */ 168 169 if (ctx->seqstate) 170 g_order_free(&(ctx->seqstate)); 171 172 if (ctx->enc) 173 krb5_free_keyblock(context, ctx->enc); 174 175 if (ctx->seq) 176 krb5_free_keyblock(context, ctx->seq); 177 178 if (ctx->here) 179 krb5_free_principal(context, ctx->here); 180 if (ctx->there) 181 krb5_free_principal(context, ctx->there); 182 if (ctx->subkey) 183 krb5_free_keyblock(context, ctx->subkey); 184 if (ctx->acceptor_subkey) 185 krb5_free_keyblock(context, ctx->acceptor_subkey); 186 187 /* We never import the auth_context into the kernel */ 188 #ifndef _KERNEL 189 if (ctx->auth_context) { 190 if (ctx->cred_rcache) 191 (void)krb5_auth_con_setrcache(context, ctx->auth_context, NULL); 192 193 krb5_auth_con_free(context, ctx->auth_context); 194 } 195 #endif 196 197 if (ctx->mech_used) 198 (void) KGSS_RELEASE_OID(minor_status, &ctx->mech_used); 199 200 if (ctx->k5_context) 201 krb5_free_context(ctx->k5_context); 202 203 /* Zero out context */ 204 (void) memset(ctx, 0, sizeof(*ctx)); 205 xfree_wrap(ctx, sizeof (krb5_gss_ctx_id_rec)); 206 207 /* zero the handle itself */ 208 209 *context_handle = GSS_C_NO_CONTEXT; 210 211 *minor_status = 0; 212 return(GSS_S_COMPLETE); 213 } 214