diff options
Diffstat (limited to 'src/lib/gssapi')
| -rw-r--r-- | src/lib/gssapi/krb5/ChangeLog | 7 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/acquire_cred.c | 49 |
2 files changed, 44 insertions, 12 deletions
diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index 1a8eda6ec..ec6b1341f 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,10 @@ +2005-10-20 Alexandra Ellwood <lxs@mit.edu>, Jeffrey Altman <jaltman@mit.edu> + + * acquire_cred.c (acquire_init_cred): + If a specific principal has been requested, attempt to acquire + tickets and set the ccache name in the context to the ccache + containing the tickets if obtained. (KFM/KFW) + 2005-10-20 Jeffrey Altman <jaltman@mit.edu> * gssapi_krb5.hin: add missing GSS_DLLIMP to exported symbols diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index 5318b6d77..c293b2783 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -79,8 +79,11 @@ #include <strings.h> #endif -#ifdef USE_LOGIN_LIBRARY +#if defined(USE_LOGIN_LIBRARY) #include <Kerberos/KerberosLoginPrivate.h> +#elif defined(USE_LEASH) +static void (*pLeash_AcquireInitialTicketsIfNeeded)(krb5_context,krb5_principal,char*,int) = NULL; +static HANDLE hLeashDLL = INVALID_HANDLE_VALUE; #endif k5_mutex_t gssint_krb5_keytab_lock = K5_MUTEX_PARTIAL_INITIALIZER; @@ -227,8 +230,9 @@ acquire_init_cred(context, minor_status, desired_name, output_princ, cred) if (GSS_ERROR(kg_sync_ccache_name(context, minor_status))) return(GSS_S_FAILURE); -#ifdef USE_LOGIN_LIBRARY +#if defined(USE_LOGIN_LIBRARY) || defined(USE_LEASH) if (desired_name != NULL) { +#if defined(USE_LOGIN_LIBRARY) char *ccache_name = NULL; KLPrincipal kl_desired_princ = NULL; @@ -253,18 +257,39 @@ acquire_init_cred(context, minor_status, desired_name, output_princ, cred) if (kl_desired_princ != NULL) { KLDisposePrincipal (kl_desired_princ); } if (ccache_name != NULL) { KLDisposeString (ccache_name); } - - } else { -#endif - /* open the default credential cache */ +#elif defined(USE_LEASH) + if ( hLeashDLL == INVALID_HANDLE_VALUE ) { + hLeashDLL = LoadLibrary("leashw32.dll"); + if ( hLeashDLL != INVALID_HANDLE_VALUE ) { + (FARPROC) pLeash_AcquireInitialTicketsIfNeeded = + GetProcAddress(hLeashDLL, "not_an_API_Leash_AcquireInitialTicketsIfNeeded"); + } + } + + if ( pLeash_AcquireInitialTicketsIfNeeded ) { + char ccname[256]=""; + pLeash_AcquireInitialTicketsIfNeeded(context, (krb5_principal) desired_name, ccname, sizeof(ccname)); + if (!ccname[0]) { + *minor_status = KRB5_CC_NOTFOUND; + return(GSS_S_CRED_UNAVAIL); + } + + if ((code = krb5_cc_resolve (context, ccname, &ccache))) { + *minor_status = code; + return(GSS_S_CRED_UNAVAIL); + } + } +#endif /* USE_LEASH */ + } else +#endif /* USE_LOGIN_LIBRARY || USE_LEASH */ + { + /* open the default credential cache */ - if ((code = krb5int_cc_default(context, &ccache))) { - *minor_status = code; - return(GSS_S_CRED_UNAVAIL); - } -#ifdef USE_LOGIN_LIBRARY + if ((code = krb5int_cc_default(context, &ccache))) { + *minor_status = code; + return(GSS_S_CRED_UNAVAIL); + } } -#endif /* turn off OPENCLOSE mode while extensive frobbing is going on */ |