summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib/gssapi/copy_ccache.c
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-11-02 00:31:22 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:45:38 -0500
commit3b2a6997b43dcfe37adf67c84e564a4fbff5b108 (patch)
treeb346357dacf58cc803e5fa5919199a1791eb20ea /source4/heimdal/lib/gssapi/copy_ccache.c
parentf8ebd5a53ce115b9d9dc6e87e0dbe4cdd6f9b79d (diff)
downloadsamba-3b2a6997b43dcfe37adf67c84e564a4fbff5b108.tar.gz
samba-3b2a6997b43dcfe37adf67c84e564a4fbff5b108.tar.bz2
samba-3b2a6997b43dcfe37adf67c84e564a4fbff5b108.zip
r11452: Update Heimdal to current lorikeet, including removing the ccache side
of the gsskrb5_acquire_cred hack. Add support for delegated credentials into the auth and credentials subsystem, and specifically into gensec_gssapi. Add the CIFS NTVFS handler as a consumer of delegated credentials, when no user/domain/password is specified. Andrew Bartlett (This used to be commit 55b89899adb692d90e63873ccdf80b9f94a6b448)
Diffstat (limited to 'source4/heimdal/lib/gssapi/copy_ccache.c')
-rw-r--r--source4/heimdal/lib/gssapi/copy_ccache.c90
1 files changed, 89 insertions, 1 deletions
diff --git a/source4/heimdal/lib/gssapi/copy_ccache.c b/source4/heimdal/lib/gssapi/copy_ccache.c
index 828ca64156..0f2f155870 100644
--- a/source4/heimdal/lib/gssapi/copy_ccache.c
+++ b/source4/heimdal/lib/gssapi/copy_ccache.c
@@ -33,7 +33,7 @@
#include "gssapi_locl.h"
-RCSID("$Id: copy_ccache.c,v 1.7 2003/09/01 15:11:09 lha Exp $");
+RCSID("$Id: copy_ccache.c,v 1.9 2005/10/31 16:02:08 lha Exp $");
OM_uint32
gss_krb5_copy_ccache(OM_uint32 *minor_status,
@@ -61,6 +61,94 @@ gss_krb5_copy_ccache(OM_uint32 *minor_status,
return GSS_S_COMPLETE;
}
+
+OM_uint32
+gss_krb5_import_ccache(OM_uint32 *minor_status,
+ krb5_ccache in,
+ gss_cred_id_t *cred)
+{
+ krb5_error_code kret;
+ gss_cred_id_t handle;
+ OM_uint32 ret;
+
+ *cred = NULL;
+
+ GSSAPI_KRB5_INIT ();
+
+ handle = (gss_cred_id_t)calloc(1, sizeof(*handle));
+ if (handle == GSS_C_NO_CREDENTIAL) {
+ gssapi_krb5_clear_status ();
+ *minor_status = ENOMEM;
+ return (GSS_S_FAILURE);
+ }
+ HEIMDAL_MUTEX_init(&handle->cred_id_mutex);
+
+ handle->usage = GSS_C_INITIATE;
+
+ kret = krb5_cc_get_principal(gssapi_krb5_context, in, &handle->principal);
+ if (kret) {
+ free(handle);
+ gssapi_krb5_set_error_string ();
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
+
+ ret = _gssapi_krb5_ccache_lifetime(minor_status,
+ in,
+ handle->principal,
+ &handle->lifetime);
+ if (ret != GSS_S_COMPLETE) {
+ krb5_free_principal(gssapi_krb5_context, handle->principal);
+ free(handle);
+ return ret;
+ }
+
+ ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
+ if (ret == GSS_S_COMPLETE)
+ ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
+ &handle->mechanisms);
+ if (ret != GSS_S_COMPLETE) {
+ krb5_free_principal(gssapi_krb5_context, handle->principal);
+ free(handle);
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
+
+ {
+ const char *type, *name;
+ char *str;
+
+ type = krb5_cc_get_type(gssapi_krb5_context, in);
+ name = krb5_cc_get_name(gssapi_krb5_context, in);
+
+ if (asprintf(&str, "%s:%s", type, name) == -1) {
+ krb5_set_error_string(gssapi_krb5_context,
+ "malloc - out of memory");
+ kret = ENOMEM;
+ goto out;
+ }
+
+ kret = krb5_cc_resolve(gssapi_krb5_context, str, &handle->ccache);
+ free(str);
+ if (kret)
+ goto out;
+ }
+
+ *minor_status = 0;
+ *cred = handle;
+ return GSS_S_COMPLETE;
+
+out:
+ gssapi_krb5_set_error_string ();
+ if (handle->principal)
+ krb5_free_principal(gssapi_krb5_context, handle->principal);
+ HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
+ free(handle);
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+}
+
+
OM_uint32
gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status,
gss_ctx_id_t context_handle,