diff options
| author | Alexandra Ellwood <lxs@mit.edu> | 2005-10-27 22:41:16 +0000 |
|---|---|---|
| committer | Alexandra Ellwood <lxs@mit.edu> | 2005-10-27 22:41:16 +0000 |
| commit | e898f8ab1add347b79d89c5e9a7c411b6ba00ff9 (patch) | |
| tree | 399a58699e4d8be11368549e6bbe3753cf71cf62 /src/lib | |
| parent | 634eb1518febc5bd54da0f6fedbf88153a5c8ff3 (diff) | |
| download | krb5-e898f8ab1add347b79d89c5e9a7c411b6ba00ff9.tar.gz krb5-e898f8ab1add347b79d89c5e9a7c411b6ba00ff9.tar.xz krb5-e898f8ab1add347b79d89c5e9a7c411b6ba00ff9.zip | |
When passed GSS_C_INITIATE and a non-NULL desired name, gss_acquire_cred
should search the available credentials caches rather than simply failing
if tickets for the desired client principal are not in the default ccache.
(this is the KfM-specific portion of the patch -- still need KfW portion)
ticket: 3223
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17466 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/gssapi/krb5/acquire_cred.c | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index 56d6a473c..5318b6d77 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -79,6 +79,10 @@ #include <strings.h> #endif +#ifdef USE_LOGIN_LIBRARY +#include <Kerberos/KerberosLoginPrivate.h> +#endif + k5_mutex_t gssint_krb5_keytab_lock = K5_MUTEX_PARTIAL_INITIALIZER; static char *krb5_gss_keytab = NULL; @@ -223,12 +227,44 @@ acquire_init_cred(context, minor_status, desired_name, output_princ, cred) if (GSS_ERROR(kg_sync_ccache_name(context, minor_status))) return(GSS_S_FAILURE); +#ifdef USE_LOGIN_LIBRARY + if (desired_name != NULL) { + char *ccache_name = NULL; + KLPrincipal kl_desired_princ = NULL; + + if ((code = __KLCreatePrincipalFromKerberos5Principal ((krb5_principal) desired_name, + &kl_desired_princ))) { + *minor_status = code; + return(GSS_S_CRED_UNAVAIL); + } + + if ((code = KLAcquireInitialTickets (kl_desired_princ, NULL, NULL, &ccache_name))) { + KLDisposePrincipal (kl_desired_princ); + *minor_status = code; + return(GSS_S_CRED_UNAVAIL); + } + + if ((code = krb5_cc_resolve (context, ccache_name, &ccache))) { + KLDisposeString (ccache_name); + KLDisposePrincipal (kl_desired_princ); + *minor_status = code; + return(GSS_S_CRED_UNAVAIL); + } + + if (kl_desired_princ != NULL) { KLDisposePrincipal (kl_desired_princ); } + if (ccache_name != NULL) { KLDisposeString (ccache_name); } + + } else { +#endif /* open the default credential cache */ if ((code = krb5int_cc_default(context, &ccache))) { *minor_status = code; return(GSS_S_CRED_UNAVAIL); } +#ifdef USE_LOGIN_LIBRARY + } +#endif /* turn off OPENCLOSE mode while extensive frobbing is going on */ |