diff options
| author | Sam Hartman <hartmans@mit.edu> | 2009-12-28 17:15:30 +0000 |
|---|---|---|
| committer | Sam Hartman <hartmans@mit.edu> | 2009-12-28 17:15:30 +0000 |
| commit | ec49e6e673ab229462ef18aa2986167eaa643643 (patch) | |
| tree | 625dba55e939a0073cf69f7b79c8c0010df991eb /src/lib/gssapi/krb5 | |
| parent | c5479d0c5b29430a49cf3683513c1223a173ac4e (diff) | |
| download | krb5-ec49e6e673ab229462ef18aa2986167eaa643643.tar.gz krb5-ec49e6e673ab229462ef18aa2986167eaa643643.tar.xz krb5-ec49e6e673ab229462ef18aa2986167eaa643643.zip | |
Anonymous support for Kerberos
This ticket implements Project/Anonymous pkinit from k5wiki. Provides
support for completely anonymous principals and untested client
support for realm-exposed anonymous authentication.
* Introduce kinit -n
* Introduce kadmin -n
* krb5_get_init_creds_opt_set_out_ccache aliases the supplied ccache
* No longer generate ad-initial-verified-cas in pkinit
* Fix pkinit interactions with non-TGT authentication
Merge remote branch 'anonymous' into trunk
Conflicts:
src/lib/krb5/krb/gic_opt.c
ticket: 6607
Tags: enhancement
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23527 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/gssapi/krb5')
| -rw-r--r-- | src/lib/gssapi/krb5/disp_name.c | 9 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/import_name.c | 11 |
2 files changed, 18 insertions, 2 deletions
diff --git a/src/lib/gssapi/krb5/disp_name.c b/src/lib/gssapi/krb5/disp_name.c index ac576f5b4..79b14f1a9 100644 --- a/src/lib/gssapi/krb5/disp_name.c +++ b/src/lib/gssapi/krb5/disp_name.c @@ -34,6 +34,8 @@ krb5_gss_display_name(minor_status, input_name, output_name_buffer, krb5_context context; krb5_error_code code; char *str; + krb5_gss_name_t k5name = (krb5_gss_name_t) input_name; + gss_OID nametype = (gss_OID) gss_nt_krb5_name; code = krb5_gss_init_context(&context); if (code) { @@ -49,6 +51,11 @@ krb5_gss_display_name(minor_status, input_name, output_name_buffer, krb5_free_context(context); return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME); } + if (krb5_princ_type(context, k5name->princ) == KRB5_NT_WELLKNOWN) { + if (krb5_principal_compare(context, k5name->princ, + krb5_anonymous_principal())) + nametype = GSS_C_NT_ANONYMOUS; + } if ((code = krb5_unparse_name(context, ((krb5_gss_name_t) input_name)->princ, @@ -72,6 +79,6 @@ krb5_gss_display_name(minor_status, input_name, output_name_buffer, *minor_status = 0; if (output_name_type) - *output_name_type = (gss_OID) gss_nt_krb5_name; + *output_name_type = (gss_OID) nametype; return(GSS_S_COMPLETE); } diff --git a/src/lib/gssapi/krb5/import_name.c b/src/lib/gssapi/krb5/import_name.c index cd2748b56..cfb75fb22 100644 --- a/src/lib/gssapi/krb5/import_name.c +++ b/src/lib/gssapi/krb5/import_name.c @@ -154,7 +154,16 @@ krb5_gss_import_name(minor_status, input_name_buffer, krb5_free_context(context); return(GSS_S_FAILURE); } - } else { + } else if ((input_name_type != NULL) && + g_OID_equal(input_name_type, GSS_C_NT_ANONYMOUS)) { + code = krb5_copy_principal(context, krb5_anonymous_principal(), &princ); + if (code != 0) { + krb5_free_context(context); + *minor_status = code; + return GSS_S_FAILURE; + } + } + else { #ifndef NO_PASSWORD uid_t uid; struct passwd pwx; |