1139749Simp/*- 24435Sgibbs * SPDX-License-Identifier: BSD-2-Clause 38876Srgrimes * 4963Sats * Copyright (c) 2008 Isilon Inc http://www.isilon.com/ 54435Sgibbs * Authors: Doug Rabson <dfr@rabson.org> 64435Sgibbs * Developed with Red Inc: Alfred Perlstein <alfred@freebsd.org> 74435Sgibbs * 84435Sgibbs * Redistribution and use in source and binary forms, with or without 913765Smpp * modification, are permitted provided that the following conditions 108876Srgrimes * are met: 114435Sgibbs * 1. Redistributions of source code must retain the above copyright 124435Sgibbs * notice, this list of conditions and the following disclaimer. 134435Sgibbs * 2. Redistributions in binary form must reproduce the above copyright 144435Sgibbs * notice, this list of conditions and the following disclaimer in the 154435Sgibbs * documentation and/or other materials provided with the distribution. 164435Sgibbs * 174435Sgibbs * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 184435Sgibbs * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 194435Sgibbs * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 204435Sgibbs * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 218876Srgrimes * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2250477Speter * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 237510Sjkh * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 244435Sgibbs * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 254435Sgibbs * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2651673Smdodd * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2751673Smdodd * SUCH DAMAGE. 2816374Snate */ 2951673Smdodd 3051673Smdodd#include <sys/param.h> 3116374Snate#include <sys/jail.h> 3216374Snate#include <sys/kernel.h> 334435Sgibbs#include <sys/kobj.h> 344435Sgibbs#include <sys/lock.h> 354435Sgibbs#include <sys/malloc.h> 364435Sgibbs#include <sys/mutex.h> 374435Sgibbs 38117700Smarkm#include <kgssapi/gssapi.h> 3930398Sitojun#include <kgssapi/gssapi_impl.h> 404435Sgibbs 414435Sgibbs#include "gssd.h" 424435Sgibbs 434435SgibbsOM_uint32 444435Sgibbsgss_delete_sec_context(OM_uint32 *minor_status, gss_ctx_id_t *context_handle, 4514259Sgibbs gss_buffer_t output_token) 464435Sgibbs{ 474435Sgibbs struct delete_sec_context_res res; 484435Sgibbs struct delete_sec_context_args args; 494435Sgibbs enum clnt_stat stat; 504435Sgibbs gss_ctx_id_t ctx; 514435Sgibbs CLIENT *cl; 524435Sgibbs 534435Sgibbs *minor_status = 0; 544435Sgibbs 554435Sgibbs KGSS_CURVNET_SET_QUIET(KGSS_TD_TO_VNET(curthread)); 564435Sgibbs if (!KGSS_VNET(kgss_gssd_handle)) { 574435Sgibbs KGSS_CURVNET_RESTORE(); 584435Sgibbs return (GSS_S_FAILURE); 594435Sgibbs } 604435Sgibbs KGSS_CURVNET_RESTORE(); 614435Sgibbs 62121492Simp if (*context_handle) { 63121588Simp ctx = *context_handle; 644435Sgibbs 65963Sats /* 664435Sgibbs * If we are past the context establishment phase, let 67963Sats * the in-kernel code do the delete, otherwise 6813765Smpp * userland needs to deal with it. 69963Sats */ 70963Sats if (ctx->handle) { 71963Sats args.ctx = ctx->handle; 72963Sats cl = kgss_gssd_client(); 73963Sats if (cl == NULL) 74963Sats return (GSS_S_FAILURE); 75963Sats 76963Sats bzero(&res, sizeof(res)); 77117700Smarkm stat = gssd_delete_sec_context_1(&args, &res, cl); 78117700Smarkm CLNT_RELEASE(cl); 79117700Smarkm if (stat != RPC_SUCCESS) { 80963Sats *minor_status = stat; 81963Sats return (GSS_S_FAILURE); 82117700Smarkm } 83117700Smarkm 844435Sgibbs if (output_token) 8554201Smdodd kgss_copy_buffer(&res.output_token, 8654201Smdodd output_token); 8754201Smdodd xdr_free((xdrproc_t) xdr_delete_sec_context_res, &res); 8854201Smdodd 8954201Smdodd kgss_delete_context(ctx, NULL); 9054201Smdodd } else { 9154201Smdodd kgss_delete_context(ctx, output_token); 92117700Smarkm } 93117700Smarkm *context_handle = NULL; 9454201Smdodd } else { 9554201Smdodd if (output_token) { 9654201Smdodd output_token->length = 0; 97117700Smarkm output_token->value = NULL; 98117700Smarkm } 99117700Smarkm } 100117700Smarkm 101117700Smarkm return (GSS_S_COMPLETE); 102117700Smarkm} 103117700Smarkm