8
9
* require a specific license from the United States Government.
9
10
* It is the responsibility of any person or organization contemplating
10
11
* export to obtain such a license before exporting.
12
13
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13
14
* distribute this software and its documentation for any purpose and
14
15
* without fee is hereby granted, provided that the above copyright
59
60
#include "gssapi_krb5.h"
61
62
OM_uint32 KRB5_CALLCONV
62
gss_krb5int_set_allowable_enctypes(OM_uint32 *minor_status,
63
gss_cred_id_t cred_handle,
63
gss_krb5int_set_allowable_enctypes(OM_uint32 *minor_status,
64
gss_cred_id_t cred_handle,
65
const gss_OID desired_oid,
66
const gss_buffer_t value)
68
69
krb5_enctype * new_ktypes;
69
70
OM_uint32 major_status;
70
71
krb5_gss_cred_id_t cred;
71
72
krb5_error_code kerr = 0;
72
73
OM_uint32 temp_status;
74
struct krb5_gss_set_allowable_enctypes_req *req;
74
76
/* Assume a failure */
76
78
major_status = GSS_S_FAILURE;
80
assert(value->length == sizeof(*req));
81
req = (struct krb5_gss_set_allowable_enctypes_req *)value->value;
78
83
/* verify and valildate cred handle */
79
84
if (cred_handle == GSS_C_NO_CREDENTIAL) {
80
kerr = KRB5_NOCREDS_SUPPLIED;
85
kerr = KRB5_NOCREDS_SUPPLIED;
83
88
major_status = krb5_gss_validate_cred(&temp_status, cred_handle);
84
89
if (GSS_ERROR(major_status)) {
88
93
cred = (krb5_gss_cred_id_t) cred_handle;
91
for (i = 0; i < num_ktypes && ktypes[i]; i++) {
92
if (!krb5_c_valid_enctype(ktypes[i])) {
93
kerr = KRB5_PROG_ETYPE_NOSUPP;
96
for (i = 0; i < req->num_ktypes && req->ktypes[i]; i++) {
97
if (!krb5_c_valid_enctype(req->ktypes[i])) {
98
kerr = KRB5_PROG_ETYPE_NOSUPP;
98
kerr = k5_mutex_lock(&cred->lock);
101
if (cred->req_enctypes)
102
free(cred->req_enctypes);
103
cred->req_enctypes = NULL;
104
k5_mutex_unlock(&cred->lock);
105
return GSS_S_COMPLETE;
103
kerr = k5_mutex_lock(&cred->lock);
106
if (cred->req_enctypes)
107
free(cred->req_enctypes);
108
cred->req_enctypes = NULL;
109
k5_mutex_unlock(&cred->lock);
110
return GSS_S_COMPLETE;
108
113
/* Copy the requested ktypes into the cred structure */
109
114
if ((new_ktypes = (krb5_enctype *)malloc(sizeof(krb5_enctype) * (i + 1)))) {
110
memcpy(new_ktypes, ktypes, sizeof(krb5_enctype) * i);
111
new_ktypes[i] = 0; /* "null-terminate" the list */
115
memcpy(new_ktypes, req->ktypes, sizeof(krb5_enctype) * i);
116
new_ktypes[i] = 0; /* "null-terminate" the list */
117
122
kerr = k5_mutex_lock(&cred->lock);
122
127
if (cred->req_enctypes)
123
free(cred->req_enctypes);
128
free(cred->req_enctypes);
124
129
cred->req_enctypes = new_ktypes;
125
130
k5_mutex_unlock(&cred->lock);