oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

add support for getting creds from a keytab, from fvdl@netbsd.org

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9591 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
2001-01-30 00:49:05 +00:00
parent 8e87cc8966
commit 19543430ad
6 changed files with 126 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
lib/gssapi/acquire_cred.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -48,21 +48,67 @@ OM_uint32 gss_acquire_cred
{ {
gss_cred_id_t handle; gss_cred_id_t handle;
OM_uint32 ret; OM_uint32 ret;
krb5_principal def_princ;
krb5_ccache ccache;
krb5_error_code pret = -1, kret = 0;
krb5_keytab kt;
krb5_creds cred;
krb5_get_init_creds_opt opt;
handle = (gss_cred_id_t)malloc(sizeof(*handle)); handle = (gss_cred_id_t)malloc(sizeof(*handle));
if (handle == GSS_C_NO_CREDENTIAL) { if (handle == GSS_C_NO_CREDENTIAL) {
return GSS_S_FAILURE; return GSS_S_FAILURE;
} }
memset(handle, 0, sizeof (*handle));
ret = gss_duplicate_name(minor_status, desired_name, &handle->principal); ret = gss_duplicate_name(minor_status, desired_name, &handle->principal);
if (ret) { if (ret) {
return ret; return ret;
} }
if (krb5_cc_default(gssapi_krb5_context, &ccache) == 0 &&
(pret = krb5_cc_get_principal(gssapi_krb5_context, ccache,
&def_princ)) == 0 &&
krb5_principal_compare(gssapi_krb5_context, handle->principal,
def_princ) == TRUE) {
handle->ccache = ccache;
handle->keytab = NULL;
} else {
kret = krb5_kt_default(gssapi_krb5_context, &kt);
if (kret != 0)
goto out;
krb5_get_init_creds_opt_init(&opt);
memset(&cred, 0, sizeof(cred));
kret = krb5_get_init_creds_keytab(gssapi_krb5_context, &cred,
handle->principal, kt, 0, NULL, &opt);
if (kret != 0) {
krb5_kt_close(gssapi_krb5_context, kt);
goto out;
}
kret = krb5_cc_gen_new(gssapi_krb5_context, &krb5_mcc_ops, &ccache);
if (kret != 0) {
krb5_kt_close(gssapi_krb5_context, kt);
goto out;
}
kret = krb5_cc_initialize(gssapi_krb5_context, ccache, cred.client);
if (kret != 0) {
krb5_kt_close(gssapi_krb5_context, kt);
krb5_cc_close(gssapi_krb5_context, ccache);
goto out;
}
kret = krb5_cc_store_cred(gssapi_krb5_context, ccache, &cred);
if (kret != 0) {
krb5_kt_close(gssapi_krb5_context, kt);
krb5_cc_close(gssapi_krb5_context, ccache);
goto out;
}
handle->ccache = ccache;
handle->keytab = kt;
}
/* XXX */ /* XXX */
handle->lifetime = time_req; handle->lifetime = time_req;
handle->keytab = NULL;
handle->usage = cred_usage; handle->usage = cred_usage;
ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms); ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
@@ -83,5 +129,14 @@ OM_uint32 gss_acquire_cred
*output_cred_handle = handle; *output_cred_handle = handle;
out:
if (pret == 0)
krb5_free_principal(gssapi_krb5_context, def_princ);
if (kret != 0) {
*minor_status = kret;
return GSS_S_FAILURE;
}
return GSS_S_COMPLETE; return GSS_S_COMPLETE;
} }

3
lib/gssapi/init_sec_context.c
View File

@@ -256,12 +256,15 @@ init_auth
if (actual_mech_type) if (actual_mech_type)
*actual_mech_type = GSS_KRB5_MECHANISM; *actual_mech_type = GSS_KRB5_MECHANISM;
if (initiator_cred_handle == GSS_C_NO_CREDENTIAL) {
kret = krb5_cc_default (gssapi_krb5_context, &ccache); kret = krb5_cc_default (gssapi_krb5_context, &ccache);
if (kret) { if (kret) {
*minor_status = kret; *minor_status = kret;
ret = GSS_S_FAILURE; ret = GSS_S_FAILURE;
goto failure; goto failure;
} }
} else
ccache = initiator_cred_handle->ccache;
kret = krb5_cc_get_principal (gssapi_krb5_context, kret = krb5_cc_get_principal (gssapi_krb5_context,
ccache, ccache,

61
lib/gssapi/krb5/acquire_cred.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -48,21 +48,67 @@ OM_uint32 gss_acquire_cred
{ {
gss_cred_id_t handle; gss_cred_id_t handle;
OM_uint32 ret; OM_uint32 ret;
krb5_principal def_princ;
krb5_ccache ccache;
krb5_error_code pret = -1, kret = 0;
krb5_keytab kt;
krb5_creds cred;
krb5_get_init_creds_opt opt;
handle = (gss_cred_id_t)malloc(sizeof(*handle)); handle = (gss_cred_id_t)malloc(sizeof(*handle));
if (handle == GSS_C_NO_CREDENTIAL) { if (handle == GSS_C_NO_CREDENTIAL) {
return GSS_S_FAILURE; return GSS_S_FAILURE;
} }
memset(handle, 0, sizeof (*handle));
ret = gss_duplicate_name(minor_status, desired_name, &handle->principal); ret = gss_duplicate_name(minor_status, desired_name, &handle->principal);
if (ret) { if (ret) {
return ret; return ret;
} }
if (krb5_cc_default(gssapi_krb5_context, &ccache) == 0 &&
(pret = krb5_cc_get_principal(gssapi_krb5_context, ccache,
&def_princ)) == 0 &&
krb5_principal_compare(gssapi_krb5_context, handle->principal,
def_princ) == TRUE) {
handle->ccache = ccache;
handle->keytab = NULL;
} else {
kret = krb5_kt_default(gssapi_krb5_context, &kt);
if (kret != 0)
goto out;
krb5_get_init_creds_opt_init(&opt);
memset(&cred, 0, sizeof(cred));
kret = krb5_get_init_creds_keytab(gssapi_krb5_context, &cred,
handle->principal, kt, 0, NULL, &opt);
if (kret != 0) {
krb5_kt_close(gssapi_krb5_context, kt);
goto out;
}
kret = krb5_cc_gen_new(gssapi_krb5_context, &krb5_mcc_ops, &ccache);
if (kret != 0) {
krb5_kt_close(gssapi_krb5_context, kt);
goto out;
}
kret = krb5_cc_initialize(gssapi_krb5_context, ccache, cred.client);
if (kret != 0) {
krb5_kt_close(gssapi_krb5_context, kt);
krb5_cc_close(gssapi_krb5_context, ccache);
goto out;
}
kret = krb5_cc_store_cred(gssapi_krb5_context, ccache, &cred);
if (kret != 0) {
krb5_kt_close(gssapi_krb5_context, kt);
krb5_cc_close(gssapi_krb5_context, ccache);
goto out;
}
handle->ccache = ccache;
handle->keytab = kt;
}
/* XXX */ /* XXX */
handle->lifetime = time_req; handle->lifetime = time_req;
handle->keytab = NULL;
handle->usage = cred_usage; handle->usage = cred_usage;
ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms); ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
@@ -83,5 +129,14 @@ OM_uint32 gss_acquire_cred
*output_cred_handle = handle; *output_cred_handle = handle;
out:
if (pret == 0)
krb5_free_principal(gssapi_krb5_context, def_princ);
if (kret != 0) {
*minor_status = kret;
return GSS_S_FAILURE;
}
return GSS_S_COMPLETE; return GSS_S_COMPLETE;
} }

3
lib/gssapi/krb5/init_sec_context.c
View File

@@ -256,12 +256,15 @@ init_auth
if (actual_mech_type) if (actual_mech_type)
*actual_mech_type = GSS_KRB5_MECHANISM; *actual_mech_type = GSS_KRB5_MECHANISM;
if (initiator_cred_handle == GSS_C_NO_CREDENTIAL) {
kret = krb5_cc_default (gssapi_krb5_context, &ccache); kret = krb5_cc_default (gssapi_krb5_context, &ccache);
if (kret) { if (kret) {
*minor_status = kret; *minor_status = kret;
ret = GSS_S_FAILURE; ret = GSS_S_FAILURE;
goto failure; goto failure;
} }
} else
ccache = initiator_cred_handle->ccache;
kret = krb5_cc_get_principal (gssapi_krb5_context, kret = krb5_cc_get_principal (gssapi_krb5_context,
ccache, ccache,

2
lib/gssapi/krb5/release_cred.c
View File

@@ -49,6 +49,8 @@ OM_uint32 gss_release_cred
krb5_free_principal(gssapi_krb5_context, (*cred_handle)->principal); krb5_free_principal(gssapi_krb5_context, (*cred_handle)->principal);
if ((*cred_handle)->keytab != NULL) if ((*cred_handle)->keytab != NULL)
krb5_kt_close(gssapi_krb5_context, (*cred_handle)->keytab); krb5_kt_close(gssapi_krb5_context, (*cred_handle)->keytab);
if ((*cred_handle)->ccache != NULL)
krb5_cc_close(gssapi_krb5_context, (*cred_handle)->ccache);
gss_release_oid_set(NULL, &(*cred_handle)->mechanisms); gss_release_oid_set(NULL, &(*cred_handle)->mechanisms);
free(*cred_handle); free(*cred_handle);
*cred_handle = GSS_C_NO_CREDENTIAL; *cred_handle = GSS_C_NO_CREDENTIAL;

2
lib/gssapi/release_cred.c
View File

@@ -49,6 +49,8 @@ OM_uint32 gss_release_cred
krb5_free_principal(gssapi_krb5_context, (*cred_handle)->principal); krb5_free_principal(gssapi_krb5_context, (*cred_handle)->principal);
if ((*cred_handle)->keytab != NULL) if ((*cred_handle)->keytab != NULL)
krb5_kt_close(gssapi_krb5_context, (*cred_handle)->keytab); krb5_kt_close(gssapi_krb5_context, (*cred_handle)->keytab);
if ((*cred_handle)->ccache != NULL)
krb5_cc_close(gssapi_krb5_context, (*cred_handle)->ccache);
gss_release_oid_set(NULL, &(*cred_handle)->mechanisms); gss_release_oid_set(NULL, &(*cred_handle)->mechanisms);
free(*cred_handle); free(*cred_handle);
*cred_handle = GSS_C_NO_CREDENTIAL; *cred_handle = GSS_C_NO_CREDENTIAL;