oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

krb5: Improve cccol sub naming; add gss_store_cred_into2()

Browse Source 
- Formalize the TYPE:collection_name:subsidiary_name naming scheme for
   ccaches in ccache collections
    - KEYRING: ccaches are weird because they have one more optional field: the
      "anchor", so rather than just assume a naming convention everywhere, we
      add new functions as well
 - Add krb5_cc_{resolve,default}_sub() that allows one to specify a
   "subsidiary" ccache name in a collection separately from the
   collection name
 - Add krb5_cc_{resolve,default}_for() which take a principal name,
   unparse it, and use it as the subsidiary ccache name (with colons
   replaced)
 - Make kinit use the new interfaces
 - Add missing DIR ccache iteration functionality
 - Revamps test_cc
 - Add krb5_cc_get_collection() and krb5_cc_get_subsidiary()
 - Bump the ccops SPI version number
 - Add gss_store_cred_into2()
 - Make MEMORY:anonymous not linked into the global MEMORY ccache
   collection, and uses this for delegated cred handles

TBD:

 - Split this up into a krb5 change and gss mech_krb5 change?
 - Add krb5_cc_init_and_store() utility, per Greg's suggestion?
This commit is contained in:
Nicolas Williams
2020-01-22 19:18:14 -06:00
parent a7359d6898
commit 7bf4d76e75
33 changed files with 1749 additions and 715 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
lib/gssapi/test_add_store_cred.c
View File

@@ -94,12 +94,21 @@ gss_err(int exitval, OM_uint32 major, OM_uint32 minor, gss_OID mech,
exit(exitval);
}
static int version_flag = 0;
static int help_flag = 0;
static int version_flag = 0;
static int help_flag = 0;
static int env_flag = 0;
static int def_flag = 0;
static int overwrite_flag = 0;
static struct getargs args[] = {
{"version", 0, arg_flag, &version_flag, "print version", NULL },
{"help", 0, arg_flag, &help_flag, NULL, NULL }
{"help", 0, arg_flag, &help_flag, NULL, NULL },
{"env", 'e', arg_flag, &env_flag,
"output env settings", NULL },
{"default", 0, arg_flag, &def_flag,
"switch credential store default principal", NULL },
{"overwrite", 0, arg_flag, &overwrite_flag,
"overwrite matching credential", NULL },
};
static void
@@ -119,6 +128,8 @@ main(int argc, char **argv)
gss_cred_id_t cred = GSS_C_NO_CREDENTIAL;
gss_key_value_element_desc from_elements, to_elements;
gss_key_value_set_desc from, to;
gss_buffer_set_t env = GSS_C_NO_BUFFER_SET;
OM_uint32 store_flags = 0;
int optidx = 0;
setprogname(argv[0]);
@@ -133,6 +144,11 @@ main(int argc, char **argv)
exit(0);
}
if (def_flag)
store_flags |= GSS_C_STORE_CRED_DEFAULT;
if (overwrite_flag)
store_flags |= GSS_C_STORE_CRED_OVERWRITE;
argc -= optidx;
argv += optidx;
@@ -159,12 +175,35 @@ main(int argc, char **argv)
gss_err(1, major, minor, GSS_KRB5_MECHANISM,
"failed to acquire creds from %s", argv[0]);
major = gss_store_cred_into(&minor, from_cred, GSS_C_INITIATE,
GSS_KRB5_MECHANISM, 1, 1, &to, NULL, NULL);
major = gss_store_cred_into2(&minor, from_cred, GSS_C_INITIATE,
GSS_KRB5_MECHANISM, store_flags, &to, NULL,
NULL, env_flag ? &env : NULL);
if (major != GSS_S_COMPLETE)
gss_err(1, major, minor, GSS_KRB5_MECHANISM,
"failed to store creds into %s", argv[1]);
if (env_flag) {
size_t i;
int got_krb5ccname = 0;
if (env == GSS_C_NO_BUFFER_SET)
warnx("No environment settings");
for (i = 0; env != GSS_C_NO_BUFFER_SET && i < env->count; i++) {
got_krb5ccname = got_krb5ccname ||
(env->elements[i].length > sizeof("KRB5CCNAME=") &&
strncmp((const char *)env->elements[i].value, "KRB5CCNAME=",
sizeof("KRB5CCNAME=") - 1) == 0);
printf("%.*s\n", (int)env->elements[i].length,
(const char *)env->elements[i].value);
}
(void) gss_release_buffer_set(&minor, &env);
if (!got_krb5ccname)
errx(1, "KRB5CCNAME environment variable not set by "
"gss_store_cred_into2()");
}
(void) gss_release_cred(&minor, &from_cred);
(void) gss_release_cred(&minor, &to_cred);