diff options
author | Simo Sorce <simo@redhat.com> | 2013-10-24 20:57:40 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2013-10-24 20:57:40 -0400 |
commit | b693d402926133bf2392b6af62c8dc6ccc4dd66b (patch) | |
tree | 5235a23439be7426781d254b2f9b30d4ce373daf /src/gss_creds.c | |
parent | 8a36ccb157ad5100cae5cbc82d9916264a990d8f (diff) | |
download | gss-ntlmssp-b693d402926133bf2392b6af62c8dc6ccc4dd66b.tar.gz gss-ntlmssp-b693d402926133bf2392b6af62c8dc6ccc4dd66b.tar.xz gss-ntlmssp-b693d402926133bf2392b6af62c8dc6ccc4dd66b.zip |
Add methods to inquire credentials
Also add simple sanity check test.
Diffstat (limited to 'src/gss_creds.c')
-rw-r--r-- | src/gss_creds.c | 110 |
1 files changed, 110 insertions, 0 deletions
diff --git a/src/gss_creds.c b/src/gss_creds.c index 83c3066..1a3ccd0 100644 --- a/src/gss_creds.c +++ b/src/gss_creds.c @@ -358,6 +358,7 @@ done: gssntlm_release_cred(&tmpmin, (gss_cred_id_t *)&cred); } else { *output_cred_handle = (gss_cred_id_t)cred; + if (time_rec) *time_rec = GSS_C_INDEFINITE; } *minor_status = retmin; return retmaj; @@ -425,3 +426,112 @@ uint32_t gssntlm_acquire_cred_with_password(uint32_t *minor_status, actual_mechs, time_rec); } + +uint32_t gssntlm_inquire_cred(uint32_t *minor_status, + gss_cred_id_t cred_handle, + gss_name_t *name, + uint32_t *lifetime, + gss_cred_usage_t *cred_usage, + gss_OID_set *mechanisms) +{ + struct gssntlm_cred *cred; + uint32_t maj, min; + + if (minor_status == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; + *minor_status = 0; + + if (cred_handle == GSS_C_NO_CREDENTIAL) + return GSS_S_NO_CRED; + + cred = (struct gssntlm_cred *)cred_handle; + + if (cred->type == GSSNTLM_CRED_NONE) + return GSS_S_NO_CRED; + + if (name) { + switch (cred->type) { + case GSSNTLM_CRED_NONE: + case GSSNTLM_CRED_ANON: + *name = GSS_C_NO_NAME; + break; + case GSSNTLM_CRED_USER: + maj = gssntlm_duplicate_name(minor_status, + (gss_name_t)&cred->cred.user.user, + name); + if (maj != GSS_S_COMPLETE) return maj; + break; + case GSSNTLM_CRED_SERVER: + maj = gssntlm_duplicate_name(minor_status, + (gss_name_t)&cred->cred.server.name, + name); + if (maj != GSS_S_COMPLETE) return maj; + break; + } + } + + if (lifetime) *lifetime = GSS_C_INDEFINITE; + if (cred_usage) { + if (cred->type == GSSNTLM_CRED_SERVER) { + *cred_usage = GSS_C_ACCEPT; + } else { + *cred_usage = GSS_C_INITIATE; + } + } + + if (mechanisms) { + maj = gss_create_empty_oid_set(minor_status, mechanisms); + if (maj != GSS_S_COMPLETE) { + gss_release_name(&min, name); + return maj; + } + maj = gss_add_oid_set_member(minor_status, + discard_const(&gssntlm_oid), + mechanisms); + if (maj != GSS_S_COMPLETE) { + gss_release_oid_set(&min, mechanisms); + gss_release_name(&min, name); + return maj; + } + } + + return GSS_S_COMPLETE; +} + +uint32_t gssntlm_inquire_cred_by_mech(uint32_t *minor_status, + gss_cred_id_t cred_handle, + gss_OID mech_type, + gss_name_t *name, + uint32_t *initiator_lifetime, + uint32_t *acceptor_lifetime, + gss_cred_usage_t *cred_usage) +{ + gss_cred_usage_t usage; + uint32_t lifetime; + uint32_t maj; + + maj = gssntlm_inquire_cred(minor_status, cred_handle, name, + &lifetime, &usage, NULL); + if (maj != GSS_S_COMPLETE) return maj; + + switch (usage) { + case GSS_C_INITIATE: + if (initiator_lifetime) *initiator_lifetime = lifetime; + if (acceptor_lifetime) *acceptor_lifetime = 0; + break; + case GSS_C_ACCEPT: + if (initiator_lifetime) *initiator_lifetime = 0; + if (acceptor_lifetime) *acceptor_lifetime = lifetime; + break; + case GSS_C_BOTH: + if (initiator_lifetime) *initiator_lifetime = lifetime; + if (acceptor_lifetime) *acceptor_lifetime = lifetime; + break; + default: + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + if (cred_usage) *cred_usage = usage; + return GSS_S_COMPLETE; +} |