1 /*
2  * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
3  */
4 /*
5  * lib/gssapi/krb5/import_sec_context.c
6  *
7  * Copyright 1995,2004 by the Massachusetts Institute of Technology.
8  * All Rights Reserved.
9  *
10  * Export of this software from the United States of America may
11  *   require a specific license from the United States Government.
12  *   It is the responsibility of any person or organization contemplating
13  *   export to obtain such a license before exporting.
14  *
15  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
16  * distribute this software and its documentation for any purpose and
17  * without fee is hereby granted, provided that the above copyright
18  * notice appear in all copies and that both that copyright notice and
19  * this permission notice appear in supporting documentation, and that
20  * the name of M.I.T. not be used in advertising or publicity pertaining
21  * to distribution of the software without specific, written prior
22  * permission.  Furthermore if you modify this software you must label
23  * your software as modified software and not distribute it in such a
24  * fashion that it might be confused with the original M.I.T. software.
25  * M.I.T. makes no representations about the suitability of
26  * this software for any purpose.  It is provided "as is" without express
27  * or implied warranty.
28  *
29  */
30 
31 /*
32  * import_sec_context.c	- Internalize the security context.
33  */
34 #include "gssapiP_krb5.h"
35 /* for serialization initialization functions */
36 #include "k5-int.h"
37 #include "mglueP.h"  /* SUNW15resync - for KGSS_ macros */
38 
39 #ifdef	 _KERNEL
40 extern OM_uint32 kgss_release_oid(OM_uint32 *, gss_OID *);
41 #endif
42 
43 
44 /*
45  * Fix up the OID of the mechanism so that uses the static version of
46  * the OID if possible.
47  */
48 gss_OID krb5_gss_convert_static_mech_oid(oid)
49      gss_OID	oid;
50 {
51 	const gss_OID_desc 	*p;
52 	OM_uint32		minor_status;
53 
54 	for (p = krb5_gss_oid_array; p->length; p++) {
55 		if ((oid->length == p->length) &&
56 		    (memcmp(oid->elements, p->elements, p->length) == 0)) {
57 		        (void) KGSS_RELEASE_OID(&minor_status, &oid);
58 			return (gss_OID) p;
59 		}
60 	}
61 	return oid;
62 }
63 
64 krb5_error_code
65 krb5_gss_ser_init (krb5_context context)
66 {
67     krb5_error_code code;
68     static krb5_error_code (KRB5_CALLCONV *const fns[])(krb5_context) = {
69 	krb5_ser_auth_context_init,
70 #ifndef _KERNEL
71 	krb5_ser_context_init,
72 	krb5_ser_ccache_init, krb5_ser_rcache_init, krb5_ser_keytab_init,
73 #endif
74     };
75     int i;
76 
77     for (i = 0; i < sizeof(fns)/sizeof(fns[0]); i++)
78 	if ((code = (fns[i])(context)) != 0)
79 	    return code;
80     return 0;
81 }
82 
83 OM_uint32
84 krb5_gss_import_sec_context(minor_status, interprocess_token, context_handle)
85     OM_uint32		*minor_status;
86     gss_buffer_t	interprocess_token;
87     gss_ctx_id_t	*context_handle;
88 {
89     krb5_context	context;
90     krb5_error_code	kret = 0;
91     size_t		blen;
92     krb5_gss_ctx_id_t	ctx;
93     krb5_octet		*ibp;
94 
95     /* This is a bit screwy.  We create a krb5 context because we need
96        one when calling the serialization code.  However, one of the
97        objects we're unpacking is a krb5 context, so when we finish,
98        we can throw this one away.  */
99     kret = KGSS_INIT_CONTEXT(&context);
100     if (kret) {
101 	*minor_status = kret;
102 	return GSS_S_FAILURE;
103     }
104 
105     kret = krb5_gss_ser_init(context);
106     if (kret) {
107 	*minor_status = kret;
108 	save_error_info(*minor_status, context);
109 	krb5_free_context(context);
110 	return GSS_S_FAILURE;
111     }
112 
113     /* Assume a tragic failure */
114     ctx = (krb5_gss_ctx_id_t) NULL;
115     *minor_status = 0;
116 
117     /* Internalize the context */
118     ibp = (krb5_octet *) interprocess_token->value;
119     blen = (size_t) interprocess_token->length;
120     kret = kg_ctx_internalize(context, (krb5_pointer *) &ctx, &ibp, &blen);
121     /*
122      * SUNW15resync
123      *
124      *    krb5_free_context(context);
125      * Previous versions of MIT(1.2ish)/Solaris did not serialize the
126      * k5_context but MIT 1.5 does.  But we don't need all the userspace
127      * junk in the kernel so we continue to not serialize it.
128      * So we keep this context live here (see it's use in kg_ctx_internalize)
129      * and it will get freed by delete_sec_context.
130      */
131     if (kret) {
132        *minor_status = (OM_uint32) kret;
133        save_error_info(*minor_status, context);
134        krb5_free_context(context);
135        return(GSS_S_FAILURE);
136     }
137 
138     /* intern the context handle */
139     if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) {
140        (void)krb5_gss_delete_sec_context(minor_status,
141 					 (gss_ctx_id_t *) &ctx, NULL
142 #ifdef _KERNEL
143  					,0  /* gssd_ctx_verifier */
144 #endif
145 					);
146        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
147        return(GSS_S_FAILURE);
148     }
149     ctx->mech_used = krb5_gss_convert_static_mech_oid(ctx->mech_used);
150 
151     *context_handle = (gss_ctx_id_t) ctx;
152 
153     *minor_status = 0;
154     return (GSS_S_COMPLETE);
155 }
156