diff options
author | Greg Hudson <ghudson@mit.edu> | 2010-09-27 03:39:22 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2010-09-27 03:39:22 +0000 |
commit | e76d9a48c905e6db8ea9b7af4b843070756effaa (patch) | |
tree | 4de2b9144c91046489889161acf8131635faac27 /src/tests | |
parent | 19b34d5112cc13214f6a47962be89f199966a449 (diff) | |
download | krb5-e76d9a48c905e6db8ea9b7af4b843070756effaa.tar.gz krb5-e76d9a48c905e6db8ea9b7af4b843070756effaa.tar.xz krb5-e76d9a48c905e6db8ea9b7af4b843070756effaa.zip |
Add gss_krb5_import_cred
Add gss_krb5_import_cred from Heimdal; allows krb5 creds to be
acquired from a keytab or ccache into a GSSAPI credential without
using global process or thread variables.
Merged from the users/lhoward/import-cred branch.
ticket: 6785
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24356 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/tests')
-rw-r--r-- | src/tests/gssapi/t_gssexts.c | 104 |
1 files changed, 81 insertions, 23 deletions
diff --git a/src/tests/gssapi/t_gssexts.c b/src/tests/gssapi/t_gssexts.c index 959378af5..ed1475596 100644 --- a/src/tests/gssapi/t_gssexts.c +++ b/src/tests/gssapi/t_gssexts.c @@ -288,6 +288,82 @@ initAcceptSecContext(OM_uint32 *minor, return major; } +static OM_uint32 +getDefaultCred(OM_uint32 *minor, + const char *keytab_name, + gss_OID_set mechs, + gss_cred_id_t *impersonator_cred_handle) +{ + OM_uint32 major = GSS_S_FAILURE, tmp_minor; + + if (keytab_name) { + krb5_error_code code; + krb5_context context = NULL; + krb5_keytab keytab = NULL; + krb5_principal keytab_principal = NULL; + krb5_ccache ccache = NULL; + + code = krb5_init_context(&context); + if (code) { + displayStatus("krb5_init_context", major, code); + return major; + } + + code = krb5_kt_resolve(context, keytab_name, &keytab); + if (code) { + displayStatus("krb5_kt_resolve", major, code); + goto out; + } + + code = krb5_cc_default(context, &ccache); + if (code) { + displayStatus("krb5_cc_default", major, code); + goto out; + } + + code = krb5_cc_get_principal(context, ccache, &keytab_principal); + if (code) { + displayStatus("krb5_cc_get_principal", major, code); + goto out; + } + + major = gss_krb5_import_cred(minor, + ccache, + keytab_principal, + keytab, + impersonator_cred_handle); + if (GSS_ERROR(major)) { + displayStatus("gss_krb5_import_cred", major, minor); + goto out; + } + + out: + if (code) + *minor = code; + krb5_free_principal(context, keytab_principal); + krb5_cc_close(context, ccache); + krb5_kt_close(context, keytab); + krb5_free_context(context); + } else { + gss_OID_set actual_mechs = GSS_C_NO_OID_SET; + + major = gss_acquire_cred(minor, + GSS_C_NO_NAME, + GSS_C_INDEFINITE, + mechs, + GSS_C_BOTH, + impersonator_cred_handle, + &actual_mechs, + NULL); + if (GSS_ERROR(major)) { + displayStatus("gss_acquire_cred", major, minor); + } + (void) gss_release_oid_set(&tmp_minor, &actual_mechs); + } + + return major; +} + int main(int argc, char *argv[]) { OM_uint32 minor, major; @@ -338,34 +414,16 @@ int main(int argc, char *argv[]) target = GSS_C_NO_NAME; } - if (argc > 3) { - major = krb5_gss_register_acceptor_identity(argv[3]); - if (GSS_ERROR(major)) { - displayStatus("krb5_gss_register_acceptor_identity", - major, minor); - goto out; - } - } - mechs.elements = use_spnego ? (gss_OID)&spnego_mech : (gss_OID)gss_mech_krb5; mechs.count = 1; - /* get default cred */ - major = gss_acquire_cred(&minor, - GSS_C_NO_NAME, - GSS_C_INDEFINITE, - &mechs, - GSS_C_BOTH, - &impersonator_cred_handle, - &actual_mechs, - NULL); - if (GSS_ERROR(major)) { - displayStatus("gss_acquire_cred", major, minor); + major = getDefaultCred(&minor, + argc > 3 ? argv[3] : NULL, + &mechs, + &impersonator_cred_handle); + if (GSS_ERROR(major)) goto out; - } - - (void) gss_release_oid_set(&minor, &actual_mechs); printf("Protocol transition tests follow\n"); printf("-----------------------------------\n\n"); |