diff options
| author | Simo Sorce <simo@redhat.com> | 2014-08-12 18:05:47 -0400 |
|---|---|---|
| committer | Robbie Harwood <rharwood@redhat.com> | 2015-12-01 17:45:53 -0500 |
| commit | 7e71db8edc9694ed75110ddd9efa373250cc0545 (patch) | |
| tree | 3534b077c88f6f710d0e7e4e5680620ccefb7216 /proxy/src/client | |
| parent | e155f81d84f7dd0b0b643a1228c2f9c503fc87e5 (diff) | |
| download | gss-proxy-7e71db8edc9694ed75110ddd9efa373250cc0545.tar.gz gss-proxy-7e71db8edc9694ed75110ddd9efa373250cc0545.tar.xz gss-proxy-7e71db8edc9694ed75110ddd9efa373250cc0545.zip | |
Add gss_acquire_cred_impersonate_name support
This is used by a client that wants to peform a s4u2self operation
using its server credentials.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwoood <rharwood@redhat.com>
Diffstat (limited to 'proxy/src/client')
| -rw-r--r-- | proxy/src/client/gpm_acquire_cred.c | 33 | ||||
| -rw-r--r-- | proxy/src/client/gssapi_gpm.h | 2 |
2 files changed, 34 insertions, 1 deletions
diff --git a/proxy/src/client/gpm_acquire_cred.c b/proxy/src/client/gpm_acquire_cred.c index c0b16cb..a2ac068 100644 --- a/proxy/src/client/gpm_acquire_cred.c +++ b/proxy/src/client/gpm_acquire_cred.c @@ -45,10 +45,12 @@ static int gpmint_cred_to_actual_mechs(gssx_cred *c, gss_OID_set *a) } OM_uint32 gpm_acquire_cred(OM_uint32 *minor_status, + gssx_cred *in_cred_handle, gssx_name *desired_name, OM_uint32 time_req, const gss_OID_set desired_mechs, gss_cred_usage_t cred_usage, + bool impersonate, gssx_cred **output_cred_handle, gss_OID_set *actual_mechs, OM_uint32 *time_rec) @@ -72,6 +74,7 @@ OM_uint32 gpm_acquire_cred(OM_uint32 *minor_status, /* ignore call_ctx for now */ + arg->input_cred_handle = in_cred_handle; arg->desired_name = desired_name; if (desired_mechs) { @@ -85,6 +88,33 @@ OM_uint32 gpm_acquire_cred(OM_uint32 *minor_status, arg->time_req = time_req; arg->cred_usage = gp_conv_cred_usage_to_gssx(cred_usage); + /* impersonate calls use input cred and a special option */ + if (impersonate) { + gssx_option *opt; + arg->options.options_val = calloc(1, sizeof(gssx_option)); + if (!arg->options.options_val) { + ret_maj = GSS_S_FAILURE; + ret_min = ENOMEM; + goto done; + } + arg->options.options_len = 1; + opt = &arg->options.options_val[0]; + opt->option.octet_string_val = strdup(ACQUIRE_TYPE_OPTION); + if (!opt->option.octet_string_val) { + ret_maj = GSS_S_FAILURE; + ret_min = ENOMEM; + goto done; + } + opt->option.octet_string_len = sizeof(ACQUIRE_TYPE_OPTION); + opt->value.octet_string_val = strdup(ACQUIRE_IMPERSONATE_NAME); + if (!opt->value.octet_string_val) { + ret_maj = GSS_S_FAILURE; + ret_min = ENOMEM; + goto done; + } + opt->value.octet_string_len = sizeof(ACQUIRE_IMPERSONATE_NAME); + } + /* execute proxy request */ ret = gpm_make_call(GSSX_ACQUIRE_CRED, &uarg, &ures); if (ret) { @@ -133,8 +163,9 @@ OM_uint32 gpm_acquire_cred(OM_uint32 *minor_status, ret_min = 0; done: - /* desired_name is passed in, don't let gpm_free_xdrs free it */ + /* don't let gpm_free_xdrs free variables passed in */ arg->desired_name = NULL; + arg->input_cred_handle = NULL; gpm_free_xdrs(GSSX_ACQUIRE_CRED, &uarg, &ures); *minor_status = ret_min; return ret_maj; diff --git a/proxy/src/client/gssapi_gpm.h b/proxy/src/client/gssapi_gpm.h index b0a75d0..667b0e0 100644 --- a/proxy/src/client/gssapi_gpm.h +++ b/proxy/src/client/gssapi_gpm.h @@ -53,10 +53,12 @@ OM_uint32 gpm_delete_sec_context(OM_uint32 *minor_status, gss_buffer_t output_token); OM_uint32 gpm_acquire_cred(OM_uint32 *minor_status, + gssx_cred *imp_cred_handle, gssx_name *desired_name, OM_uint32 time_req, const gss_OID_set desired_mechs, gss_cred_usage_t cred_usage, + bool impersonate, gssx_cred **output_cred_handle, gss_OID_set *actual_mechs, OM_uint32 *time_rec); |