[27004] in CVS-changelog-for-Kerberos-V5
krb5 commit: Add SPNEGO support for GSS cred export and import
daemon@ATHENA.MIT.EDU (Greg Hudson)
Tue Sep 11 01:19:18 2012
Date: Tue, 11 Sep 2012 01:19:05 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201209110519.q8B5J5kL029645@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/9c1a6246f1f6f4904e66f9f9eefbdc59e5c8b69f
commit 9c1a6246f1f6f4904e66f9f9eefbdc59e5c8b69f
Author: Greg Hudson <ghudson@mit.edu>
Date: Wed Aug 29 11:57:26 2012 -0400
Add SPNEGO support for GSS cred export and import
ticket: 7354
src/lib/gssapi/spnego/gssapiP_spnego.h | 14 +++++++++++
src/lib/gssapi/spnego/spnego_mech.c | 38 +++++++++++++++++++++++++++++++-
2 files changed, 51 insertions(+), 1 deletions(-)
diff --git a/src/lib/gssapi/spnego/gssapiP_spnego.h b/src/lib/gssapi/spnego/gssapiP_spnego.h
index 772ce50..9d8fe52 100644
--- a/src/lib/gssapi/spnego/gssapiP_spnego.h
+++ b/src/lib/gssapi/spnego/gssapiP_spnego.h
@@ -615,6 +615,20 @@ spnego_gss_acquire_cred_from
OM_uint32 *time_rec
);
+OM_uint32 KRB5_CALLCONV
+spnego_gss_export_cred(
+ OM_uint32 *minor_status,
+ gss_cred_id_t cred_handle,
+ gss_buffer_t token
+);
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_import_cred(
+ OM_uint32 *minor_status,
+ gss_buffer_t token,
+ gss_cred_id_t *cred_handle
+);
+
#ifdef __cplusplus
}
#endif
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
index e207d27..812c16d 100644
--- a/src/lib/gssapi/spnego/spnego_mech.c
+++ b/src/lib/gssapi/spnego/spnego_mech.c
@@ -276,7 +276,9 @@ static struct gss_config spnego_mechanism =
spnego_gss_inquire_attrs_for_mech,
spnego_gss_acquire_cred_from,
NULL, /* gss_store_cred_into */
- spnego_gss_acquire_cred_with_password
+ spnego_gss_acquire_cred_with_password,
+ spnego_gss_export_cred,
+ spnego_gss_import_cred,
};
#ifdef _GSS_STATIC_LINK
@@ -2806,6 +2808,40 @@ cleanup:
return (major);
}
+OM_uint32 KRB5_CALLCONV
+spnego_gss_export_cred(OM_uint32 *minor_status,
+ gss_cred_id_t cred_handle,
+ gss_buffer_t token)
+{
+ spnego_gss_cred_id_t spcred = (spnego_gss_cred_id_t)cred_handle;
+
+ return (gss_export_cred(minor_status, spcred->mcred, token));
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_import_cred(OM_uint32 *minor_status,
+ gss_buffer_t token,
+ gss_cred_id_t *cred_handle)
+{
+ OM_uint32 ret;
+ spnego_gss_cred_id_t spcred;
+ gss_cred_id_t mcred;
+
+ ret = gss_import_cred(minor_status, token, &mcred);
+ if (GSS_ERROR(ret))
+ return (ret);
+ spcred = malloc(sizeof(*spcred));
+ if (spcred == NULL) {
+ gss_release_cred(minor_status, &mcred);
+ *minor_status = ENOMEM;
+ return (GSS_S_FAILURE);
+ }
+ spcred->mcred = mcred;
+ spcred->neg_mechs = GSS_C_NULL_OID_SET;
+ *cred_handle = (gss_cred_id_t)spcred;
+ return (ret);
+}
+
/*
* We will release everything but the ctx_handle so that it
* can be passed back to init/accept context. This routine should
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
