Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/netbsd-1-5]: src/crypto/dist/heimdal/lib/gssapi Pull up revisions 1.2-1....

details:   https://anonhg.NetBSD.org/src/rev/8819cdac3be5
branches:  netbsd-1-5
changeset: 490482:8819cdac3be5
user:      jhawk <jhawk%NetBSD.org@localhost>
date:      Thu Jan 25 07:33:37 2001 +0000

description:
Pull up revisions 1.2-1.3 (requested by fvdl):
  Make gss_acquire_cred() work for cases other than GSS_C_NO_CREDENTIAL
  (i.e 'get current, default credentials').  This is needed to support
  things like gss-api authentication with IKE, as currently implemented
  in racoon.

diffstat:

 crypto/dist/heimdal/lib/gssapi/acquire_cred.c |  61 +++++++++++++++++++++++++-
 1 files changed, 58 insertions(+), 3 deletions(-)

diffs (97 lines):

diff -r 94d95ad4bcbb -r 8819cdac3be5 crypto/dist/heimdal/lib/gssapi/acquire_cred.c
--- a/crypto/dist/heimdal/lib/gssapi/acquire_cred.c     Thu Jan 25 07:23:15 2001 +0000
+++ b/crypto/dist/heimdal/lib/gssapi/acquire_cred.c     Thu Jan 25 07:33:37 2001 +0000
@@ -33,7 +33,7 @@
 
 #include "gssapi_locl.h"
 
-RCSID("$Id: acquire_cred.c,v 1.1.1.1 2000/06/16 18:32:45 thorpej Exp $");
+RCSID("$Id: acquire_cred.c,v 1.1.1.1.2.1 2001/01/25 07:33:37 jhawk Exp $");
 
 OM_uint32 gss_acquire_cred
            (OM_uint32 * minor_status,
@@ -48,21 +48,67 @@
 {
     gss_cred_id_t handle;
     OM_uint32 ret;
+    krb5_principal def_princ;
+    krb5_ccache ccache;
+    krb5_error_code pret = -1, kret = 0;
+    krb5_keytab kt;
+    krb5_creds cred;
+    krb5_get_init_creds_opt opt;
 
     handle = (gss_cred_id_t)malloc(sizeof(*handle));
     if (handle == GSS_C_NO_CREDENTIAL) {
         return GSS_S_FAILURE;
     }
+    memset(handle, 0, sizeof (*handle));
 
     ret = gss_duplicate_name(minor_status, desired_name, &handle->principal);
     if (ret) {
         return ret;
     }
 
+    if (krb5_cc_default(gssapi_krb5_context, &ccache) == 0 &&
+      (pret = krb5_cc_get_principal(gssapi_krb5_context, ccache,
+                                        &def_princ)) == 0 &&
+      krb5_principal_compare(gssapi_krb5_context, handle->principal,
+                                def_princ) == TRUE) {
+       handle->ccache = ccache;
+       handle->keytab = NULL;
+    } else {
+       kret = krb5_kt_default(gssapi_krb5_context, &kt);
+       if (kret != 0)
+           goto out;
+       krb5_get_init_creds_opt_init(&opt);
+       memset(&cred, 0, sizeof(cred));
+       kret = krb5_get_init_creds_keytab(gssapi_krb5_context, &cred,
+         handle->principal, kt, 0, NULL, &opt);
+       if (kret != 0) {
+           krb5_kt_close(gssapi_krb5_context, kt);
+           goto out;
+       }
+       kret = krb5_cc_gen_new(gssapi_krb5_context, &krb5_mcc_ops, &ccache);
+       if (kret != 0) {
+           krb5_kt_close(gssapi_krb5_context, kt);
+           goto out;
+       }
+       kret = krb5_cc_initialize(gssapi_krb5_context, ccache, cred.client);
+       if (kret != 0) {
+           krb5_kt_close(gssapi_krb5_context, kt);
+           krb5_cc_close(gssapi_krb5_context, ccache);
+           goto out;
+       }
+       kret = krb5_cc_store_cred(gssapi_krb5_context, ccache, &cred);
+       if (kret != 0) {
+           krb5_kt_close(gssapi_krb5_context, kt);
+           krb5_cc_close(gssapi_krb5_context, ccache);
+           goto out;
+       }
+       handle->ccache = ccache;
+       handle->keytab = kt;
+    }
+
+
     /* XXX */
     handle->lifetime = time_req;
-
-    handle->keytab = NULL;
     handle->usage = cred_usage;
 
     ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
@@ -83,5 +129,14 @@
 
     *output_cred_handle = handle;
 
+out:
+    if (pret == 0)
+       krb5_free_principal(gssapi_krb5_context, def_princ);
+
+    if (kret != 0) {
+       *minor_status = kret;
+       return GSS_S_FAILURE;
+    }
+
     return GSS_S_COMPLETE;
 }
Home | Main Index | Thread Index | Old Index