From 15ffd5b195894929b809a446a534b4fb34b7bc78 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Sun, 5 Nov 2006 00:35:32 +0000
Subject: [PATCH] Add keyblock extraction functions, set more errorstrings

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18916 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/gssapi/krb5/inquire_sec_context_by_oid.c | 66 ++++++++++++++++++++
 1 file changed, 66 insertions(+)

diff --git a/lib/gssapi/krb5/inquire_sec_context_by_oid.c b/lib/gssapi/krb5/inquire_sec_context_by_oid.c
index 4e39b038a..6524ed2fb 100644
--- a/lib/gssapi/krb5/inquire_sec_context_by_oid.c
+++ b/lib/gssapi/krb5/inquire_sec_context_by_oid.c
@@ -84,6 +84,7 @@ static OM_uint32 inquire_sec_context_tkt_flags
 
     if (context_handle->ticket == NULL) {
 	HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+	_gsskrb5_set_status("No ticket from which to obtain flags");
 	*minor_status = EINVAL;
 	return GSS_S_BAD_MECH;
     }
@@ -163,6 +164,7 @@ out:
     if (sp)
 	krb5_storage_free(sp);
     if (ret) {
+	_gsskrb5_set_error_string ();
 	*minor_status = ret;
 	maj_stat = GSS_S_FAILURE;
     }
@@ -195,6 +197,7 @@ static OM_uint32 inquire_sec_context_authz_data
 						  &data);
     HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
     if (ret) {
+	_gsskrb5_set_error_string ();
 	*minor_status = ret;
 	return GSS_S_FAILURE;
     }
@@ -387,6 +390,7 @@ get_authtime(OM_uint32 *minor_status,
     HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
     if (ctx->ticket == NULL) {
 	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+	_gsskrb5_set_status("No ticket to obtain auth time from");
 	*minor_status = EINVAL;
 	return GSS_S_FAILURE;
     }
@@ -404,6 +408,66 @@ get_authtime(OM_uint32 *minor_status,
 				     data_set);
 }
 
+
+static OM_uint32 
+get_service_keyblock(OM_uint32 *minor_status,
+		     gsskrb5_ctx ctx, 
+		     gss_buffer_set_t *data_set)
+{
+    krb5_storage *sp = NULL;
+    krb5_data data;
+    OM_uint32 maj_stat = GSS_S_COMPLETE;
+    krb5_error_code ret = EINVAL;
+    
+    sp = krb5_storage_emem();
+    if (sp == NULL) {
+	*minor_status = ENOMEM;
+	return GSS_S_FAILURE;
+    }
+
+    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
+    if (ctx->service_keyblock == NULL) {
+	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+	_gsskrb5_set_status("No service keyblock on gssapi context");
+	*minor_status = EINVAL;
+	return GSS_S_FAILURE; 
+    }
+
+    krb5_data_zero(&data);
+
+    ret = krb5_store_keyblock(sp, *ctx->service_keyblock);
+
+    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+
+    if (ret)
+	goto out;
+
+    ret = krb5_storage_to_data(sp, &data);
+    if (ret)
+	goto out;
+
+    {
+	gss_buffer_desc value;
+	
+	value.length = data.length;
+	value.value = data.data;
+	
+	maj_stat = gss_add_buffer_set_member(minor_status,
+					     &value,
+					     data_set);
+    }
+
+out:
+    krb5_data_free(&data);
+    if (sp)
+	krb5_storage_free(sp);
+    if (ret) {
+	_gsskrb5_set_error_string ();
+	*minor_status = ret;
+	maj_stat = GSS_S_FAILURE;
+    }
+    return maj_stat;
+}
 /*
  *
  */
@@ -463,6 +527,8 @@ OM_uint32 _gsskrb5_inquire_sec_context_by_oid
 					       data_set);
 	*minor_status = 0;
 	return GSS_S_FAILURE;
+    } else if (gss_oid_equal(desired_object, GSS_KRB5_GET_SERVICE_KEYBLOCK_X)) {
+	return get_service_keyblock(minor_status, ctx, data_set);
     } else {
 	*minor_status = 0;
 	return GSS_S_FAILURE;