krb5 commit: Add SPNEGO support for GSS cred export and import
Greg Hudson
ghudson at MIT.EDU
Tue Sep 11 01:19:05 EDT 2012
https://github.com/krb5/krb5/commit/9c1a6246f1f6f4904e66f9f9eefbdc59e5c8b69f
commit 9c1a6246f1f6f4904e66f9f9eefbdc59e5c8b69f
Author: Greg Hudson <ghudson at mit.edu>
Date: Wed Aug 29 11:57:26 2012 -0400
Add SPNEGO support for GSS cred export and import
ticket: 7354
src/lib/gssapi/spnego/gssapiP_spnego.h | 14 +++++++++++
src/lib/gssapi/spnego/spnego_mech.c | 38 +++++++++++++++++++++++++++++++-
2 files changed, 51 insertions(+), 1 deletions(-)
diff --git a/src/lib/gssapi/spnego/gssapiP_spnego.h b/src/lib/gssapi/spnego/gssapiP_spnego.h
index 772ce50..9d8fe52 100644
--- a/src/lib/gssapi/spnego/gssapiP_spnego.h
+++ b/src/lib/gssapi/spnego/gssapiP_spnego.h
@@ -615,6 +615,20 @@ spnego_gss_acquire_cred_from
OM_uint32 *time_rec
);
+OM_uint32 KRB5_CALLCONV
+spnego_gss_export_cred(
+ OM_uint32 *minor_status,
+ gss_cred_id_t cred_handle,
+ gss_buffer_t token
+);
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_import_cred(
+ OM_uint32 *minor_status,
+ gss_buffer_t token,
+ gss_cred_id_t *cred_handle
+);
+
#ifdef __cplusplus
}
#endif
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
index e207d27..812c16d 100644
--- a/src/lib/gssapi/spnego/spnego_mech.c
+++ b/src/lib/gssapi/spnego/spnego_mech.c
@@ -276,7 +276,9 @@ static struct gss_config spnego_mechanism =
spnego_gss_inquire_attrs_for_mech,
spnego_gss_acquire_cred_from,
NULL, /* gss_store_cred_into */
- spnego_gss_acquire_cred_with_password
+ spnego_gss_acquire_cred_with_password,
+ spnego_gss_export_cred,
+ spnego_gss_import_cred,
};
#ifdef _GSS_STATIC_LINK
@@ -2806,6 +2808,40 @@ cleanup:
return (major);
}
+OM_uint32 KRB5_CALLCONV
+spnego_gss_export_cred(OM_uint32 *minor_status,
+ gss_cred_id_t cred_handle,
+ gss_buffer_t token)
+{
+ spnego_gss_cred_id_t spcred = (spnego_gss_cred_id_t)cred_handle;
+
+ return (gss_export_cred(minor_status, spcred->mcred, token));
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_import_cred(OM_uint32 *minor_status,
+ gss_buffer_t token,
+ gss_cred_id_t *cred_handle)
+{
+ OM_uint32 ret;
+ spnego_gss_cred_id_t spcred;
+ gss_cred_id_t mcred;
+
+ ret = gss_import_cred(minor_status, token, &mcred);
+ if (GSS_ERROR(ret))
+ return (ret);
+ spcred = malloc(sizeof(*spcred));
+ if (spcred == NULL) {
+ gss_release_cred(minor_status, &mcred);
+ *minor_status = ENOMEM;
+ return (GSS_S_FAILURE);
+ }
+ spcred->mcred = mcred;
+ spcred->neg_mechs = GSS_C_NULL_OID_SET;
+ *cred_handle = (gss_cred_id_t)spcred;
+ return (ret);
+}
+
/*
* We will release everything but the ctx_handle so that it
* can be passed back to init/accept context. This routine should
More information about the cvs-krb5
mailing list