diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2005-11-02 00:31:22 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:45:38 -0500 |
| commit | 3b2a6997b43dcfe37adf67c84e564a4fbff5b108 (patch) | |
| tree | b346357dacf58cc803e5fa5919199a1791eb20ea /source4/heimdal/lib/gssapi/copy_ccache.c | |
| parent | f8ebd5a53ce115b9d9dc6e87e0dbe4cdd6f9b79d (diff) | |
| download | samba-3b2a6997b43dcfe37adf67c84e564a4fbff5b108.tar.gz samba-3b2a6997b43dcfe37adf67c84e564a4fbff5b108.tar.bz2 samba-3b2a6997b43dcfe37adf67c84e564a4fbff5b108.zip | |
r11452: Update Heimdal to current lorikeet, including removing the ccache side
of the gsskrb5_acquire_cred hack.
Add support for delegated credentials into the auth and credentials
subsystem, and specifically into gensec_gssapi.
Add the CIFS NTVFS handler as a consumer of delegated credentials,
when no user/domain/password is specified.
Andrew Bartlett
(This used to be commit 55b89899adb692d90e63873ccdf80b9f94a6b448)
Diffstat (limited to 'source4/heimdal/lib/gssapi/copy_ccache.c')
| -rw-r--r-- | source4/heimdal/lib/gssapi/copy_ccache.c | 90 |
1 files changed, 89 insertions, 1 deletions
diff --git a/source4/heimdal/lib/gssapi/copy_ccache.c b/source4/heimdal/lib/gssapi/copy_ccache.c index 828ca64156..0f2f155870 100644 --- a/source4/heimdal/lib/gssapi/copy_ccache.c +++ b/source4/heimdal/lib/gssapi/copy_ccache.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: copy_ccache.c,v 1.7 2003/09/01 15:11:09 lha Exp $"); +RCSID("$Id: copy_ccache.c,v 1.9 2005/10/31 16:02:08 lha Exp $"); OM_uint32 gss_krb5_copy_ccache(OM_uint32 *minor_status, @@ -61,6 +61,94 @@ gss_krb5_copy_ccache(OM_uint32 *minor_status, return GSS_S_COMPLETE; } + +OM_uint32 +gss_krb5_import_ccache(OM_uint32 *minor_status, + krb5_ccache in, + gss_cred_id_t *cred) +{ + krb5_error_code kret; + gss_cred_id_t handle; + OM_uint32 ret; + + *cred = NULL; + + GSSAPI_KRB5_INIT (); + + handle = (gss_cred_id_t)calloc(1, sizeof(*handle)); + if (handle == GSS_C_NO_CREDENTIAL) { + gssapi_krb5_clear_status (); + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + HEIMDAL_MUTEX_init(&handle->cred_id_mutex); + + handle->usage = GSS_C_INITIATE; + + kret = krb5_cc_get_principal(gssapi_krb5_context, in, &handle->principal); + if (kret) { + free(handle); + gssapi_krb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + + ret = _gssapi_krb5_ccache_lifetime(minor_status, + in, + handle->principal, + &handle->lifetime); + if (ret != GSS_S_COMPLETE) { + krb5_free_principal(gssapi_krb5_context, handle->principal); + free(handle); + return ret; + } + + ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms); + if (ret == GSS_S_COMPLETE) + ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, + &handle->mechanisms); + if (ret != GSS_S_COMPLETE) { + krb5_free_principal(gssapi_krb5_context, handle->principal); + free(handle); + *minor_status = kret; + return GSS_S_FAILURE; + } + + { + const char *type, *name; + char *str; + + type = krb5_cc_get_type(gssapi_krb5_context, in); + name = krb5_cc_get_name(gssapi_krb5_context, in); + + if (asprintf(&str, "%s:%s", type, name) == -1) { + krb5_set_error_string(gssapi_krb5_context, + "malloc - out of memory"); + kret = ENOMEM; + goto out; + } + + kret = krb5_cc_resolve(gssapi_krb5_context, str, &handle->ccache); + free(str); + if (kret) + goto out; + } + + *minor_status = 0; + *cred = handle; + return GSS_S_COMPLETE; + +out: + gssapi_krb5_set_error_string (); + if (handle->principal) + krb5_free_principal(gssapi_krb5_context, handle->principal); + HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); + free(handle); + *minor_status = kret; + return GSS_S_FAILURE; +} + + OM_uint32 gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status, gss_ctx_id_t context_handle, |