implement gss_acquire_cred_ex with password support

add missing SPIs to gss_mech_switch s/acquire_cred_ex/acquire_cred_ext/g
2011-03-27 17:29:24 +11:00
parent fedd232ee4
commit 02cf28e20b
14 changed files with 460 additions and 59 deletions
--- a/lib/gssapi/test_context.c
+++ b/lib/gssapi/test_context.c
@@ -44,6 +44,7 @@ static char *type_string;
 static char *mech_string;
 static char *ret_mech_string;
 static char *client_name;
+static char *client_password;
 static int dns_canon_flag = -1;
 static int mutual_auth_flag = 0;
 static int dce_style_flag = 0;
@@ -467,6 +468,7 @@ static struct getargs args[] = {
     "use dns to canonicalize", NULL },
    {"mutual-auth",0,	arg_flag,	&mutual_auth_flag,"mutual auth", NULL },
    {"client-name", 0,  arg_string,     &client_name, "client name", NULL },
+    {"client-password", 0,  arg_string, &client_password, "client password", NULL },
    {"limit-enctype",0,	arg_string,	&limit_enctype_string, "enctype", NULL },
    {"dce-style",0,	arg_flag,	&dce_style_flag, "dce-style", NULL },
    {"wrapunwrap",0,	arg_flag,	&wrapunwrap_flag, "wrap/unwrap", NULL },
@@ -505,6 +507,8 @@ main(int argc, char **argv)
    void *ctx;
    gss_OID nameoid, mechoid, actual_mech, actual_mech2;
    gss_cred_id_t client_cred = GSS_C_NO_CREDENTIAL, deleg_cred = GSS_C_NO_CREDENTIAL;
+    gss_OID credential_type;
+    gss_buffer_desc credential_data;

    setprogname(argv[0]);

@@ -552,6 +556,13 @@ main(int argc, char **argv)
    if (gsskrb5_acceptor_identity)
 	gsskrb5_register_acceptor_identity(gsskrb5_acceptor_identity);

+    if (client_password) {
+	credential_type = GSS_C_CRED_PASSWORD; 
+	credential_data.value = client_password;
+	credential_data.length = strlen(client_password);
+    } else
+	credential_type = GSS_C_NO_OID;
+
    if (client_name) {
 	gss_buffer_desc cn;
 	gss_name_t cname;
@@ -562,12 +573,20 @@ main(int argc, char **argv)
 	    errx(1, "gss_import_name: %s",
 		 gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));

-	maj_stat = gss_acquire_cred(&min_stat, cname, 0, NULL, 
-				    GSS_C_INITIATE, &client_cred, NULL, NULL);
+	maj_stat = gss_acquire_cred_ext(&min_stat, cname,
+					credential_type, &credential_data,
+					0, GSS_C_NO_OID, GSS_C_INITIATE, &client_cred);
 	if (GSS_ERROR(maj_stat))
-	    errx(1, "gss_import_name: %s",
+	    errx(1, "gss_acquire_cred_ex: %s",
 		 gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));
 	gss_release_name(&min_stat, &cname);
+    } else if (credential_type) {
+	maj_stat = gss_acquire_cred_ex(&min_stat, GSS_C_NO_NAME,
+				       credential_type, &credential_data,
+				       0, GSS_C_NO_OID, GSS_C_INITIATE, &client_cred);
+	if (GSS_ERROR(maj_stat))
+	    errx(1, "gss_acquire_cred_ex: %s",
+		 gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));
    }

    if (limit_enctype_string) {