diff options
| author | Simo Sorce <simo@redhat.com> | 2013-11-13 19:54:27 -0500 |
|---|---|---|
| committer | Günther Deschner <gdeschner@redhat.com> | 2013-11-20 14:36:57 +0100 |
| commit | 591fad86aba3520a76eaf75aa0fd5e585fac94a5 (patch) | |
| tree | 44d01741be89d64f57922d0e2271df7419d899d3 | |
| parent | 556ea844a5783f9876ee748e1c686bb268f54e8a (diff) | |
| download | gss-proxy-591fad86aba3520a76eaf75aa0fd5e585fac94a5.tar.gz gss-proxy-591fad86aba3520a76eaf75aa0fd5e585fac94a5.tar.xz gss-proxy-591fad86aba3520a76eaf75aa0fd5e585fac94a5.zip | |
Autoinitialize creds on init_sec_context
If the remote client tries to initialize the context without first
acquiring credentials, try to acquire appropriate credentials if
the service allows it.
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
| -rw-r--r-- | proxy/src/gp_rpc_init_sec_context.c | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/proxy/src/gp_rpc_init_sec_context.c b/proxy/src/gp_rpc_init_sec_context.c index 2781238..76ffaab 100644 --- a/proxy/src/gp_rpc_init_sec_context.c +++ b/proxy/src/gp_rpc_init_sec_context.c @@ -24,6 +24,7 @@ */ #include "gp_rpc_process.h" +#include <gssapi/gssapi_krb5.h> int gp_init_sec_context(struct gp_call_ctx *gpcall, union gp_rpc_arg *arg, @@ -74,13 +75,7 @@ int gp_init_sec_context(struct gp_call_ctx *gpcall, if (ret_maj) { goto done; } - } else { - /* FIXME: get ccache from gpsvc ? */ - ret_maj = GSS_S_CRED_UNAVAIL; - ret_min = 0; - goto done; } - ret_maj = gp_conv_gssx_to_name(&ret_min, isca->target_name, &target_name); if (ret_maj) { goto done; @@ -107,6 +102,23 @@ int gp_init_sec_context(struct gp_call_ctx *gpcall, gp_conv_gssx_to_buffer(isca->input_token, &ibuf); } + if (!isca->cred_handle) { + if (gss_oid_equal(mech_type, gss_mech_krb5)) { + ret_maj = gp_add_krb5_creds(&ret_min, gpcall, + NULL, NULL, + GSS_C_INITIATE, + time_req, 0, &ich, + NULL, NULL, NULL); + } else { + ret_maj = GSS_S_NO_CRED; + ret_min = 0; + } + + if (ret_maj) { + goto done; + } + } + ret_maj = gss_init_sec_context(&ret_min, ich, &ctx, @@ -170,5 +182,6 @@ done: &iscr->status); gss_release_name(&ret_min, &target_name); gss_release_oid(&ret_min, &mech_type); + gss_release_cred(&ret_min, &ich); return ret; } |