Services4User review

Thu Aug 20 17:51:52 EDT 2009

Following up from our IM chat, the GSS exts should be really be based on
the existing gss_acquire/add_cred() functions, and in two variants: one
for S4U2Self, with an additional impersonator_cred_handle input
argument, and one for S4U2Proxy, with that same additional argument and
a subject_cred_handle instead of desired_name.

/* S4U2SELF */
OM_uint32
gss_acquire_cred_with_cred(
	OM_uint32		*minor_status,
	const gss_cred_id_t	impersonator_cred_handle,
	const gss_name_t	desired_name,
	OM_uint32		time_req,
	const gss_OID_set	desired_mechs,
	gss_cred_usage_t	cred_usage,
	gss_cred_id_t		*output_cred_handle,
	gss_OID_set		*actual_mechs,
	OM_uint32		*time_rec
);

OM_uint32
gss_add_cred_with_cred(
	OM_uint32		*minor_status,
	const gss_cred_id_t	impersonator_cred_handle,
	const gss_cred_id_t	input_cred_handle,
	const gss_name_t	desired_name,
	const gss_OID		desired_mech,
	gss_cred_usage_t	cred_usage,
	OM_uint32		initiator_time_req,
	OM_uint32		acceptor_time_req,
	gss_cred_id_t		*output_cred_handle,
	gss_OID_set		*actual_mechs,
	OM_uint32		*initiator_time_rec,
	OM_uint32		*acceptor_time_rec,
);

/* S4U2PROXY */
OM_uint32
gss_acquire_cred_with_creds(
	OM_uint32		*minor_status,
	const gss_cred_id_t	impersonator_cred_handle,
	const gss_cred_id_t	subject_cred_handle,
	OM_uint32		time_req,
	const gss_OID_set	desired_mechs,
	gss_cred_usage_t	cred_usage,
	gss_cred_id_t		*output_cred_handle,
	gss_OID_set		*actual_mechs,
	OM_uint32		*time_rec
);

OM_uint32
gss_add_cred_with_cred(
	OM_uint32		*minor_status,
	const gss_cred_id_t	impersonator_cred_handle,
	const gss_cred_id_t	subject_cred_handle,
	const gss_cred_id_t	input_cred_handle,
	const gss_OID		desired_mech,
	gss_cred_usage_t	cred_usage,
	OM_uint32		initiator_time_req,
	OM_uint32		acceptor_time_req,
	gss_cred_id_t		*output_cred_handle,
	gss_OID_set		*actual_mechs,
	OM_uint32		*initiator_time_rec,
	OM_uint32		*acceptor_time_rec,
);