krb5 commit: Add SPNEGO support for GSS cred export and import

[Greg Hudson]

https://github.com/krb5/krb5/commit/9c1a6246f1f6f4904e66f9f9eefbdc59e5c8b69f
commit 9c1a6246f1f6f4904e66f9f9eefbdc59e5c8b69f
Author: Greg Hudson <ghudson at mit.edu>
Date:   Wed Aug 29 11:57:26 2012 -0400

    Add SPNEGO support for GSS cred export and import
    
    ticket: 7354

 src/lib/gssapi/spnego/gssapiP_spnego.h |   14 +++++++++++
 src/lib/gssapi/spnego/spnego_mech.c    |   38 +++++++++++++++++++++++++++++++-
 2 files changed, 51 insertions(+), 1 deletions(-)

diff --git a/src/lib/gssapi/spnego/gssapiP_spnego.h b/src/lib/gssapi/spnego/gssapiP_spnego.h
index 772ce50..9d8fe52 100644
--- a/src/lib/gssapi/spnego/gssapiP_spnego.h
+++ b/src/lib/gssapi/spnego/gssapiP_spnego.h
@@ -615,6 +615,20 @@ spnego_gss_acquire_cred_from
 	OM_uint32 *time_rec
 );
 
+OM_uint32 KRB5_CALLCONV
+spnego_gss_export_cred(
+	OM_uint32 *minor_status,
+	gss_cred_id_t cred_handle,
+	gss_buffer_t token
+);
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_import_cred(
+	OM_uint32 *minor_status,
+	gss_buffer_t token,
+	gss_cred_id_t *cred_handle
+);
+
 #ifdef	__cplusplus
 }
 #endif
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
index e207d27..812c16d 100644
--- a/src/lib/gssapi/spnego/spnego_mech.c
+++ b/src/lib/gssapi/spnego/spnego_mech.c
@@ -276,7 +276,9 @@ static struct gss_config spnego_mechanism =
 	spnego_gss_inquire_attrs_for_mech,
 	spnego_gss_acquire_cred_from,
 	NULL,				/* gss_store_cred_into */
-	spnego_gss_acquire_cred_with_password
+	spnego_gss_acquire_cred_with_password,
+	spnego_gss_export_cred,
+	spnego_gss_import_cred,
 };
 
 #ifdef _GSS_STATIC_LINK
@@ -2806,6 +2808,40 @@ cleanup:
 	return (major);
 }
 
+OM_uint32 KRB5_CALLCONV
+spnego_gss_export_cred(OM_uint32 *minor_status,
+		       gss_cred_id_t cred_handle,
+		       gss_buffer_t token)
+{
+	spnego_gss_cred_id_t spcred = (spnego_gss_cred_id_t)cred_handle;
+
+	return (gss_export_cred(minor_status, spcred->mcred, token));
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_import_cred(OM_uint32 *minor_status,
+		       gss_buffer_t token,
+		       gss_cred_id_t *cred_handle)
+{
+	OM_uint32 ret;
+	spnego_gss_cred_id_t spcred;
+	gss_cred_id_t mcred;
+
+	ret = gss_import_cred(minor_status, token, &mcred);
+	if (GSS_ERROR(ret))
+		return (ret);
+	spcred = malloc(sizeof(*spcred));
+	if (spcred == NULL) {
+		gss_release_cred(minor_status, &mcred);
+		*minor_status = ENOMEM;
+		return (GSS_S_FAILURE);
+	}
+	spcred->mcred = mcred;
+	spcred->neg_mechs = GSS_C_NULL_OID_SET;
+	*cred_handle = (gss_cred_id_t)spcred;
+	return (ret);
+}
+
 /*
  * We will release everything but the ctx_handle so that it
  * can be passed back to init/accept context. This routine should