summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib/gssapi/copy_ccache.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/heimdal/lib/gssapi/copy_ccache.c')
-rw-r--r--source4/heimdal/lib/gssapi/copy_ccache.c123
1 files changed, 81 insertions, 42 deletions
diff --git a/source4/heimdal/lib/gssapi/copy_ccache.c b/source4/heimdal/lib/gssapi/copy_ccache.c
index 0f2f155870..782b701e44 100644
--- a/source4/heimdal/lib/gssapi/copy_ccache.c
+++ b/source4/heimdal/lib/gssapi/copy_ccache.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000 - 2001, 2003 Kungliga Tekniska Högskolan
+ * Copyright (c) 2000 - 2001, 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "gssapi_locl.h"
-RCSID("$Id: copy_ccache.c,v 1.9 2005/10/31 16:02:08 lha Exp $");
+RCSID("$Id: copy_ccache.c,v 1.13 2005/11/28 23:05:44 lha Exp $");
OM_uint32
gss_krb5_copy_ccache(OM_uint32 *minor_status,
@@ -63,9 +63,11 @@ gss_krb5_copy_ccache(OM_uint32 *minor_status,
OM_uint32
-gss_krb5_import_ccache(OM_uint32 *minor_status,
- krb5_ccache in,
- gss_cred_id_t *cred)
+gss_krb5_import_cred(OM_uint32 *minor_status,
+ krb5_ccache id,
+ krb5_principal keytab_principal,
+ krb5_keytab keytab,
+ gss_cred_id_t *cred)
{
krb5_error_code kret;
gss_cred_id_t handle;
@@ -83,57 +85,94 @@ gss_krb5_import_ccache(OM_uint32 *minor_status,
}
HEIMDAL_MUTEX_init(&handle->cred_id_mutex);
- handle->usage = GSS_C_INITIATE;
+ handle->usage = 0;
- kret = krb5_cc_get_principal(gssapi_krb5_context, in, &handle->principal);
- if (kret) {
- free(handle);
- gssapi_krb5_set_error_string ();
- *minor_status = kret;
- return GSS_S_FAILURE;
- }
+ if (id) {
+ char *str;
- ret = _gssapi_krb5_ccache_lifetime(minor_status,
- in,
- handle->principal,
- &handle->lifetime);
- if (ret != GSS_S_COMPLETE) {
- krb5_free_principal(gssapi_krb5_context, handle->principal);
- free(handle);
- return ret;
- }
+ handle->usage |= GSS_C_INITIATE;
- ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
- if (ret == GSS_S_COMPLETE)
- ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
- &handle->mechanisms);
- if (ret != GSS_S_COMPLETE) {
- krb5_free_principal(gssapi_krb5_context, handle->principal);
- free(handle);
- *minor_status = kret;
- return GSS_S_FAILURE;
+ kret = krb5_cc_get_principal(gssapi_krb5_context, id,
+ &handle->principal);
+ if (kret) {
+ free(handle);
+ gssapi_krb5_set_error_string ();
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
+
+ if (keytab_principal) {
+ krb5_boolean match;
+
+ match = krb5_principal_compare(gssapi_krb5_context,
+ handle->principal,
+ keytab_principal);
+ if (match == FALSE) {
+ krb5_free_principal(gssapi_krb5_context, handle->principal);
+ free(handle);
+ gssapi_krb5_clear_status ();
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+ }
+
+ ret = _gssapi_krb5_ccache_lifetime(minor_status,
+ id,
+ handle->principal,
+ &handle->lifetime);
+ if (ret != GSS_S_COMPLETE) {
+ krb5_free_principal(gssapi_krb5_context, handle->principal);
+ free(handle);
+ return ret;
+ }
+
+
+ kret = krb5_cc_get_full_name(gssapi_krb5_context, id, &str);
+ if (kret)
+ goto out;
+
+ kret = krb5_cc_resolve(gssapi_krb5_context, str, &handle->ccache);
+ free(str);
+ if (kret)
+ goto out;
}
- {
- const char *type, *name;
+
+ if (keytab) {
char *str;
- type = krb5_cc_get_type(gssapi_krb5_context, in);
- name = krb5_cc_get_name(gssapi_krb5_context, in);
-
- if (asprintf(&str, "%s:%s", type, name) == -1) {
- krb5_set_error_string(gssapi_krb5_context,
- "malloc - out of memory");
- kret = ENOMEM;
- goto out;
+ handle->usage |= GSS_C_ACCEPT;
+
+ if (keytab_principal && handle->principal == NULL) {
+ kret = krb5_copy_principal(gssapi_krb5_context,
+ keytab_principal,
+ &handle->principal);
+ if (kret)
+ goto out;
}
- kret = krb5_cc_resolve(gssapi_krb5_context, str, &handle->ccache);
+ kret = krb5_kt_get_full_name(gssapi_krb5_context, keytab, &str);
+ if (kret)
+ goto out;
+
+ kret = krb5_kt_resolve(gssapi_krb5_context, str, &handle->keytab);
free(str);
if (kret)
goto out;
}
+
+ if (id || keytab) {
+ ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
+ if (ret == GSS_S_COMPLETE)
+ ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
+ &handle->mechanisms);
+ if (ret != GSS_S_COMPLETE) {
+ kret = *minor_status;
+ goto out;
+ }
+ }
+
*minor_status = 0;
*cred = handle;
return GSS_S_COMPLETE;
generated by cgit (git 2.34.1) at 2024-08-18 09:29:59 +0000