diff options
| author | Greg Hudson <ghudson@mit.edu> | 2010-09-27 03:39:22 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2010-09-27 03:39:22 +0000 |
| commit | e76d9a48c905e6db8ea9b7af4b843070756effaa (patch) | |
| tree | 4de2b9144c91046489889161acf8131635faac27 /src/lib/gssapi/spnego | |
| parent | 19b34d5112cc13214f6a47962be89f199966a449 (diff) | |
Add gss_krb5_import_cred
Add gss_krb5_import_cred from Heimdal; allows krb5 creds to be
acquired from a keytab or ccache into a GSSAPI credential without
using global process or thread variables.
Merged from the users/lhoward/import-cred branch.
ticket: 6785
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24356 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/gssapi/spnego')
| -rw-r--r-- | src/lib/gssapi/spnego/gssapiP_spnego.h | 2 | ||||
| -rw-r--r-- | src/lib/gssapi/spnego/spnego_mech.c | 24 |
2 files changed, 23 insertions, 3 deletions
diff --git a/src/lib/gssapi/spnego/gssapiP_spnego.h b/src/lib/gssapi/spnego/gssapiP_spnego.h index d72c85da7..e146508c5 100644 --- a/src/lib/gssapi/spnego/gssapiP_spnego.h +++ b/src/lib/gssapi/spnego/gssapiP_spnego.h @@ -361,7 +361,7 @@ OM_uint32 spnego_gss_set_cred_option ( OM_uint32 *minor_status, - gss_cred_id_t cred_handle, + gss_cred_id_t *cred_handle, const gss_OID desired_object, const gss_buffer_t value ); diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c index e82e9b5b0..80789f643 100644 --- a/src/lib/gssapi/spnego/spnego_mech.c +++ b/src/lib/gssapi/spnego/spnego_mech.c @@ -2247,18 +2247,38 @@ spnego_gss_inquire_cred_by_oid( OM_uint32 spnego_gss_set_cred_option( OM_uint32 *minor_status, - gss_cred_id_t cred_handle, + gss_cred_id_t *cred_handle, const gss_OID desired_object, const gss_buffer_t value) { OM_uint32 ret; + OM_uint32 tmp_minor_status; spnego_gss_cred_id_t spcred = (spnego_gss_cred_id_t)cred_handle; gss_cred_id_t mcred; + mcred = (spcred == NULL) ? GSS_C_NO_CREDENTIAL : spcred->mcred; + ret = gssspi_set_cred_option(minor_status, - mcred, + &mcred, desired_object, value); + if (ret == GSS_S_COMPLETE && spcred == NULL) { + /* + * If the mechanism allocated a new credential handle, then + * we need to wrap it up in an SPNEGO credential handle. + */ + + spcred = malloc(sizeof(spnego_gss_cred_id_rec)); + if (spcred == NULL) { + gss_release_cred(&tmp_minor_status, &mcred); + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + spcred->mcred = mcred; + spcred->neg_mechs = GSS_C_NULL_OID_SET; + *cred_handle = (gss_cred_id_t)spcred; + } + return (ret); } |