diff options
| author | Greg Hudson <ghudson@mit.edu> | 2012-08-29 11:57:26 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2012-09-11 01:15:43 -0400 |
| commit | 9c1a6246f1f6f4904e66f9f9eefbdc59e5c8b69f (patch) | |
| tree | 22b379ae2a3ce3c8a74da8f6a5f9bedfc09aafa4 /src | |
| parent | 42c237dbfdb4316eb2ebf20c4041c48219afd6f5 (diff) | |
| download | krb5-9c1a6246f1f6f4904e66f9f9eefbdc59e5c8b69f.tar.gz krb5-9c1a6246f1f6f4904e66f9f9eefbdc59e5c8b69f.tar.xz krb5-9c1a6246f1f6f4904e66f9f9eefbdc59e5c8b69f.zip | |
Add SPNEGO support for GSS cred export and import
ticket: 7354
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/gssapi/spnego/gssapiP_spnego.h | 14 | ||||
| -rw-r--r-- | src/lib/gssapi/spnego/spnego_mech.c | 38 |
2 files changed, 51 insertions, 1 deletions
diff --git a/src/lib/gssapi/spnego/gssapiP_spnego.h b/src/lib/gssapi/spnego/gssapiP_spnego.h index 772ce50be..9d8fe52c9 100644 --- a/src/lib/gssapi/spnego/gssapiP_spnego.h +++ b/src/lib/gssapi/spnego/gssapiP_spnego.h @@ -615,6 +615,20 @@ spnego_gss_acquire_cred_from OM_uint32 *time_rec ); +OM_uint32 KRB5_CALLCONV +spnego_gss_export_cred( + OM_uint32 *minor_status, + gss_cred_id_t cred_handle, + gss_buffer_t token +); + +OM_uint32 KRB5_CALLCONV +spnego_gss_import_cred( + OM_uint32 *minor_status, + gss_buffer_t token, + gss_cred_id_t *cred_handle +); + #ifdef __cplusplus } #endif diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c index e207d276c..812c16df6 100644 --- a/src/lib/gssapi/spnego/spnego_mech.c +++ b/src/lib/gssapi/spnego/spnego_mech.c @@ -276,7 +276,9 @@ static struct gss_config spnego_mechanism = spnego_gss_inquire_attrs_for_mech, spnego_gss_acquire_cred_from, NULL, /* gss_store_cred_into */ - spnego_gss_acquire_cred_with_password + spnego_gss_acquire_cred_with_password, + spnego_gss_export_cred, + spnego_gss_import_cred, }; #ifdef _GSS_STATIC_LINK @@ -2806,6 +2808,40 @@ cleanup: return (major); } +OM_uint32 KRB5_CALLCONV +spnego_gss_export_cred(OM_uint32 *minor_status, + gss_cred_id_t cred_handle, + gss_buffer_t token) +{ + spnego_gss_cred_id_t spcred = (spnego_gss_cred_id_t)cred_handle; + + return (gss_export_cred(minor_status, spcred->mcred, token)); +} + +OM_uint32 KRB5_CALLCONV +spnego_gss_import_cred(OM_uint32 *minor_status, + gss_buffer_t token, + gss_cred_id_t *cred_handle) +{ + OM_uint32 ret; + spnego_gss_cred_id_t spcred; + gss_cred_id_t mcred; + + ret = gss_import_cred(minor_status, token, &mcred); + if (GSS_ERROR(ret)) + return (ret); + spcred = malloc(sizeof(*spcred)); + if (spcred == NULL) { + gss_release_cred(minor_status, &mcred); + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + spcred->mcred = mcred; + spcred->neg_mechs = GSS_C_NULL_OID_SET; + *cred_handle = (gss_cred_id_t)spcred; + return (ret); +} + /* * We will release everything but the ctx_handle so that it * can be passed back to init/accept context. This routine should |