diff options
| -rw-r--r-- | proxy/src/mechglue/gpp_acquire_cred.c | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/proxy/src/mechglue/gpp_acquire_cred.c b/proxy/src/mechglue/gpp_acquire_cred.c index 61fcec7..b1fdd71 100644 --- a/proxy/src/mechglue/gpp_acquire_cred.c +++ b/proxy/src/mechglue/gpp_acquire_cred.c @@ -80,3 +80,65 @@ OM_uint32 gssi_add_cred(OM_uint32 *minor_status, return maj; } +OM_uint32 gssi_acquire_cred_with_password(OM_uint32 *minor_status, + const gss_name_t desired_name, + const gss_buffer_t password, + OM_uint32 time_req, + const gss_OID_set desired_mechs, + gss_cred_usage_t cred_usage, + gss_cred_id_t *output_cred_handle, + gss_OID_set *actual_mechs, + OM_uint32 *time_rec) +{ + gss_name_t mech_name = GSS_C_NO_NAME; + gss_OID_set special_mechs; + gss_OID_set ret_mechs; + OM_uint32 maj, min; + /* FIXME: -- Implement later. + * There are some fringe cases for which we may want to proxy auth even + * if the caller has access to credentials (in this case a password). */ + + if (desired_mechs == GSS_C_NO_OID_SET) { + return GSS_S_CALL_INACCESSIBLE_READ; + } + + /* re-enter the mechglue, using the special OIDs for skipping + * the use of the interposer */ + special_mechs = gpm_special_available_mechs(desired_mechs); + if (special_mechs == GSS_C_NO_OID_SET) { + return GSS_S_FAILURE; + } + + if (desired_name) { + gssx_name *name = (gssx_name *)desired_name; + + maj = gp_conv_gssx_to_name(&min, name, &mech_name); + if (maj) { + return GSS_S_FAILURE; + } + } + + maj = gss_acquire_cred_with_password(&min, + mech_name, + password, + time_req, + special_mechs, + cred_usage, + output_cred_handle, + &ret_mechs, + time_rec); + + *minor_status = gpm_map_error(min); + + /* TODO: wrap output_cred_handle in gssproxy cred handle */ + + if (actual_mechs) { + *actual_mechs = ret_mechs; + } else { + (void)gss_release_oid_set(&min, &ret_mechs); + } + + (void)gss_release_name(&min, &mech_name); + (void)gss_release_oid_set(&min, &special_mechs); + return maj; +} |