diff options
| author | Simo Sorce <simo@redhat.com> | 2013-07-27 18:37:51 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2013-07-28 13:17:51 -0400 |
| commit | 1d94f105588f961aba1bfd783cd18f0acf05e686 (patch) | |
| tree | 974ed238e5e94ae368eeea4500731dbd777e5f3c | |
| parent | c68c50fb4afd9a6a62dd033b92e00ba04cf988d3 (diff) | |
| download | gss-ntlmssp-1d94f105588f961aba1bfd783cd18f0acf05e686.tar.gz gss-ntlmssp-1d94f105588f961aba1bfd783cd18f0acf05e686.tar.xz gss-ntlmssp-1d94f105588f961aba1bfd783cd18f0acf05e686.zip | |
Add support for server credentials
| -rw-r--r-- | src/gss_creds.c | 41 |
1 files changed, 40 insertions, 1 deletions
diff --git a/src/gss_creds.c b/src/gss_creds.c index b34b600..37343b6 100644 --- a/src/gss_creds.c +++ b/src/gss_creds.c @@ -105,6 +105,13 @@ static int get_user_file_creds(struct gssntlm_name *name, return 0; } +static int get_server_creds(struct gssntlm_name *name, + struct gssntlm_cred *cred) +{ + if (!name) return EINVAL; + cred->type = GSSNTLM_CRED_SERVER; + return gssntlm_copy_name(name, &cred->cred.server.name); +} static int hex_to_key(const char *hex, struct ntlm_key *key) { @@ -174,6 +181,10 @@ static int get_creds_from_store(struct gssntlm_name *name, } } + /* TODO: should we call get_user_file_creds/get_server_creds if values are + * not found ? + */ + return 0; } @@ -275,7 +286,20 @@ uint32_t gssntlm_acquire_cred_from(uint32_t *minor_status, return GSS_S_FAILURE; } - if (cred_usage == GSS_C_BOTH || cred_usage == GSS_C_INITIATE) { + /* FIXME: should we split the cred union and allow GSS_C_BOTH ? + * It may be possible to specify get server name from env and/or + * user creds from cred store at the same time, etc .. */ + if (cred_usage == GSS_C_BOTH) { + if (name->type == GSSNTLM_NAME_USER || + name->type == GSSNTLM_NAME_ANON) { + cred_usage = GSS_C_INITIATE; + } + if (name->type == GSSNTLM_NAME_SERVER) { + cred_usage = GSS_C_ACCEPT; + } + } + + if (cred_usage == GSS_C_INITIATE) { if (name != NULL && name->type != GSSNTLM_NAME_USER) { retmin = EINVAL; retmaj = GSS_S_CRED_UNAVAIL; @@ -290,6 +314,21 @@ uint32_t gssntlm_acquire_cred_from(uint32_t *minor_status, if (retmin) { retmaj = GSS_S_CRED_UNAVAIL; } + } else if (cred_usage == GSS_C_ACCEPT) { + if (name != NULL && name->type != GSSNTLM_NAME_SERVER) { + retmin = EINVAL; + retmaj = GSS_S_CRED_UNAVAIL; + goto done; + } + + if (cred_store != GSS_C_NO_CRED_STORE) { + retmin = get_creds_from_store(name, cred, cred_store); + } else { + retmin = get_server_creds(name, cred); + } + if (retmin) { + retmaj = GSS_S_CRED_UNAVAIL; + } } else { retmin = EINVAL; retmaj = GSS_S_CRED_UNAVAIL; |