krb5 commit: Pass the actual mech oid in creds functions
Greg Hudson
ghudson at MIT.EDU
Mon Aug 6 16:08:30 EDT 2012
https://github.com/krb5/krb5/commit/22881a18581623cd4742d9197c90b106645d67a9
commit 22881a18581623cd4742d9197c90b106645d67a9
Author: Simo Sorce <simo at redhat.com>
Date: Thu Jun 7 12:54:43 2012 -0400
Pass the actual mech oid in creds functions
This way the mechanism handler knows what mech type is intended.
This allows plugin that implement multiple mechanisms or interposer
plugins to know what they are being asked to do.
src/lib/gssapi/mechglue/g_acquire_cred.c | 16 ++++++++++--
src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c | 29 ++++++++++++++++------
2 files changed, 34 insertions(+), 11 deletions(-)
diff --git a/src/lib/gssapi/mechglue/g_acquire_cred.c b/src/lib/gssapi/mechglue/g_acquire_cred.c
index c28bf72..d228a77 100644
--- a/src/lib/gssapi/mechglue/g_acquire_cred.c
+++ b/src/lib/gssapi/mechglue/g_acquire_cred.c
@@ -373,6 +373,7 @@ gss_add_cred_from(minor_status, input_cred_handle,
gss_cred_id_t cred = NULL;
gss_OID new_mechs_array = NULL;
gss_cred_id_t * new_cred_array = NULL;
+ gss_OID_set target_mechs = GSS_C_NO_OID_SET;
status = val_add_cred_args(minor_status,
input_cred_handle,
@@ -439,15 +440,24 @@ gss_add_cred_from(minor_status, input_cred_handle,
else
time_req = 0;
+ status = gss_create_empty_oid_set(minor_status, &target_mechs);
+ if (status != GSS_S_COMPLETE)
+ goto errout;
+
+ status = gss_add_oid_set_member(minor_status,
+ &mech->mech_type, &target_mechs);
+ if (status != GSS_S_COMPLETE)
+ goto errout;
+
if (mech->gss_acquire_cred_from) {
status = mech->gss_acquire_cred_from(minor_status, internal_name,
- time_req, GSS_C_NULL_OID_SET,
+ time_req, target_mechs,
cred_usage, cred_store, &cred,
NULL, &time_rec);
} else if (cred_store == GSS_C_NO_CRED_STORE) {
status = mech->gss_acquire_cred(minor_status, internal_name, time_req,
- GSS_C_NULL_OID_SET, cred_usage, &cred,
- NULL, &time_rec);
+ target_mechs, cred_usage, &cred, NULL,
+ &time_rec);
} else {
return GSS_S_UNAVAILABLE;
}
diff --git a/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c b/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c
index 6ac650b..35ec25c 100644
--- a/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c
+++ b/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c
@@ -339,6 +339,7 @@ gss_add_cred_with_password(minor_status, input_cred_handle,
gss_cred_id_t cred = NULL;
gss_OID new_mechs_array = NULL;
gss_cred_id_t * new_cred_array = NULL;
+ gss_OID_set target_mechs = GSS_C_NO_OID_SET;
status = val_add_cred_pw_args(minor_status,
input_cred_handle,
@@ -402,15 +403,24 @@ gss_add_cred_with_password(minor_status, input_cred_handle,
else
time_req = 0;
+ status = gss_create_empty_oid_set(minor_status, &target_mechs);
+ if (status != GSS_S_COMPLETE)
+ goto errout;
+
+ status = gss_add_oid_set_member(minor_status,
+ &mech->mech_type, &target_mechs);
+ if (status != GSS_S_COMPLETE)
+ goto errout;
+
status = mech_ext->gssspi_acquire_cred_with_password(minor_status,
- internal_name,
- password,
- time_req,
- GSS_C_NULL_OID_SET,
- cred_usage,
- &cred,
- NULL,
- &time_rec);
+ internal_name,
+ password,
+ time_req,
+ target_mechs,
+ cred_usage,
+ &cred,
+ NULL,
+ &time_rec);
if (status != GSS_S_COMPLETE) {
map_error(minor_status, mech);
goto errout;
@@ -506,6 +516,9 @@ errout:
&mech->mech_type,
&allocated_name);
+ if (target_mechs)
+ (void)gss_release_oid_set(&temp_minor_status, &target_mechs);
+
if (input_cred_handle == GSS_C_NO_CREDENTIAL && union_cred)
free(union_cred);
More information about the cvs-krb5
mailing list