svn rev #23940: branches/iakerb/src/lib/gssapi/spnego/

ghudson@MIT.EDU ghudson at MIT.EDU
Sat Apr 24 20:31:32 EDT 2010 

http://src.mit.edu/fisheye/changelog/krb5/?cs=23940
Commit By: ghudson
Log Message:
On the iakerb branch, fix spnego_gss_acquire_cred_with_password to
wrap the resulting creds.  (The wrapping didn't exist when the code
was originally written.)



Changed Files:
U   branches/iakerb/src/lib/gssapi/spnego/spnego_mech.c
Modified: branches/iakerb/src/lib/gssapi/spnego/spnego_mech.c
===================================================================
--- branches/iakerb/src/lib/gssapi/spnego/spnego_mech.c	2010-04-24 23:20:10 UTC (rev 23939)
+++ branches/iakerb/src/lib/gssapi/spnego/spnego_mech.c	2010-04-25 00:31:32 UTC (rev 23940)
@@ -2463,8 +2463,10 @@
 				      gss_OID_set *actual_mechs,
 				      OM_uint32 *time_rec)
 {
-	OM_uint32 status;
-	gss_OID_set amechs = GSS_C_NULL_OID_SET;
+	OM_uint32 status, tmpmin;
+	gss_OID_set amechs = GSS_C_NULL_OID_SET, dmechs;
+	gss_cred_id_t mcred = NULL;
+	spnego_gss_cred_id_t spcred = NULL;
 
 	dsyslog("Entering spnego_gss_acquire_cred_with_password\n");
 
@@ -2474,21 +2476,36 @@
 	if (time_rec)
 		*time_rec = 0;
 
+	dmechs = desired_mechs;
 	if (desired_mechs == GSS_C_NULL_OID_SET) {
-		status = get_available_mechs(minor_status,
-				desired_name, cred_usage,
-				output_cred_handle, &amechs);
+		status = get_available_mechs(minor_status, desired_name,
+					     cred_usage, NULL, &amechs);
+		dmechs = amechs;
 	}
 
-	status = gss_acquire_cred_with_password(minor_status,
-			desired_name, password, time_req,
-			desired_mechs ? desired_mechs : amechs, cred_usage,
-			output_cred_handle, actual_mechs,
-			time_rec);
+	status = gss_acquire_cred_with_password(minor_status, desired_name,
+						password, time_req, dmechs,
+						cred_usage, &mcred,
+						actual_mechs, time_rec);
+	if (status != GSS_S_COMPLETE)
+	    goto cleanup;
 
-	if (amechs != GSS_C_NULL_OID_SET)
-		(void) gss_release_oid_set(minor_status, &amechs);
+	spcred = malloc(sizeof(spnego_gss_cred_id_rec));
+	if (spcred == NULL) {
+		*minor_status = ENOMEM;
+		status = GSS_S_FAILURE;
+		goto cleanup;
+	}
+	spcred->neg_mechs = GSS_C_NULL_OID_SET;
+	spcred->mcred = mcred;
+	mcred = GSS_C_NO_CREDENTIAL;
+	*output_cred_handle = (gss_cred_id_t)spcred;
 
+cleanup:
+
+	(void) gss_release_oid_set(&tmpmin, &amechs);
+	(void) gss_release_cred(&tmpmin, &mcred);
+
 	dsyslog("Leaving spnego_gss_acquire_cred_with_password\n");
 	return (status);
 }

More information about the cvs-krb5 mailing list