diff options
author | Simo Sorce <simo@redhat.com> | 2012-03-22 01:23:40 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2012-03-22 02:33:52 -0400 |
commit | 402e927b928f5d51d36df72f69211fbc5a2136c8 (patch) | |
tree | 0714c7b4504ca2861973f748ab4ec4a69b34cbaa | |
parent | 1e99cc43f9f1983080b37bc5768a76dae0946183 (diff) | |
download | gss-proxy-402e927b928f5d51d36df72f69211fbc5a2136c8.tar.gz gss-proxy-402e927b928f5d51d36df72f69211fbc5a2136c8.tar.xz gss-proxy-402e927b928f5d51d36df72f69211fbc5a2136c8.zip |
Add option to request (or not) delegated credentials back
-rw-r--r-- | proxy/rpcgen/gss_proxy.h | 1 | ||||
-rw-r--r-- | proxy/rpcgen/gss_proxy_xdr.c | 2 | ||||
-rw-r--r-- | proxy/src/gp_rpc_accept_sec_context.c | 9 | ||||
-rw-r--r-- | x-files/gss_proxy.x | 1 |
4 files changed, 11 insertions, 2 deletions
diff --git a/proxy/rpcgen/gss_proxy.h b/proxy/rpcgen/gss_proxy.h index 2b54858..6e98510 100644 --- a/proxy/rpcgen/gss_proxy.h +++ b/proxy/rpcgen/gss_proxy.h @@ -408,6 +408,7 @@ struct gssx_arg_accept_sec_context { gssx_cred *cred_handle; gssx_buffer input_token; gssx_cb *input_cb; + bool_t ret_deleg_cred; struct { u_int options_len; gssx_option *options_val; diff --git a/proxy/rpcgen/gss_proxy_xdr.c b/proxy/rpcgen/gss_proxy_xdr.c index 25d9168..576b9c9 100644 --- a/proxy/rpcgen/gss_proxy_xdr.c +++ b/proxy/rpcgen/gss_proxy_xdr.c @@ -596,6 +596,8 @@ xdr_gssx_arg_accept_sec_context (XDR *xdrs, gssx_arg_accept_sec_context *objp) return FALSE; if (!xdr_pointer (xdrs, (char **)&objp->input_cb, sizeof (gssx_cb), (xdrproc_t) xdr_gssx_cb)) return FALSE; + if (!xdr_bool (xdrs, &objp->ret_deleg_cred)) + return FALSE; if (!xdr_array (xdrs, (char **)&objp->options.options_val, (u_int *) &objp->options.options_len, ~0, sizeof (gssx_option), (xdrproc_t) xdr_gssx_option)) return FALSE; diff --git a/proxy/src/gp_rpc_accept_sec_context.c b/proxy/src/gp_rpc_accept_sec_context.c index 5e85748..62d2387 100644 --- a/proxy/src/gp_rpc_accept_sec_context.c +++ b/proxy/src/gp_rpc_accept_sec_context.c @@ -43,6 +43,7 @@ int gp_accept_sec_context(struct gssproxy_ctx *gpctx, gss_buffer_desc obuf = GSS_C_EMPTY_BUFFER; uint32_t ret_flags; gss_cred_id_t dch = GSS_C_NO_CREDENTIAL; + gss_cred_id_t *pdch = NULL; int ret; asca = &arg->accept_sec_context; @@ -66,6 +67,10 @@ int gp_accept_sec_context(struct gssproxy_ctx *gpctx, pcbs = GSS_C_NO_CHANNEL_BINDINGS; } + if (asca->ret_deleg_cred) { + pdch = &dch; + } + ret_maj = gss_accept_sec_context(&ret_min, &ctx, ach, @@ -76,7 +81,7 @@ int gp_accept_sec_context(struct gssproxy_ctx *gpctx, &obuf, &ret_flags, NULL, - &dch); + pdch); if (ret_maj) { goto done; } @@ -105,7 +110,7 @@ int gp_accept_sec_context(struct gssproxy_ctx *gpctx, goto done; } - if (ret_flags & GSS_C_DELEG_FLAG) { + if ((ret_flags & GSS_C_DELEG_FLAG) && asca->ret_deleg_cred) { ascr->delegated_cred_handle = calloc(1, sizeof(gssx_cred)); if (!ascr->delegated_cred_handle) { ret_maj = GSS_S_FAILURE; diff --git a/x-files/gss_proxy.x b/x-files/gss_proxy.x index d40201c..d3e5dd5 100644 --- a/x-files/gss_proxy.x +++ b/x-files/gss_proxy.x @@ -504,6 +504,7 @@ struct gssx_arg_accept_sec_context { gssx_cred *cred_handle; /* absent -> GSS_C_NO_CREDENTIAL */ gssx_buffer input_token; gssx_cb *input_cb; /* input channel bindings */ + bool ret_deleg_cred; /* return delegated credentials */ gssx_option options<>; }; struct gssx_res_accept_sec_context { |