gsskrb5: Add simple name attributes support
This adds Kerberos mechanism support for:
- composite principal name export/import
- getting rudimentary name attributes from GSS names using
gss_get_name_attribute():
- all (raw) authorization data from the Ticket
- all (raw) authorization data from the Authenticator
- transit path
- realm
- component count
- each component
- gss_inquire_name()
- gss_display_name_ext() (just for the hostbased service name type
though)
The test exercises almost all of the functionality, except for:
- getting the PAC
- getting authz-data from the Authenticator
- getting the transit path
TBD (much) later:
- amend test_context to do minimal name attribute checks as well
- gss_set_name_attribute() (to request authz-data)
- gss_delete_name_attribute()
- getting specific authorization data elements via URN fragments (as
opposed to all of them)
- parsing the PAC, extracting SIDs (each one as a separate value)
- some configurable local policy (?)
- plugin interface for additional local policy
This commit is contained in:
Nicolas Williams
committed by
Nico Williams
Nico Williams
parent
1cede09a0b
commit
be708ca3cf
@@ -59,6 +59,7 @@ krb5src = \
|
||||
krb5/inquire_mechs_for_name.c \
|
||||
krb5/inquire_names_for_mech.c \
|
||||
krb5/inquire_sec_context_by_oid.c \
|
||||
krb5/name_attrs.c \
|
||||
krb5/pname_to_uid.c \
|
||||
krb5/process_context_token.c \
|
||||
krb5/prf.c \
|
||||
@@ -381,6 +382,8 @@ LDADD = libgssapi.la \
|
||||
$(top_builddir)/lib/krb5/libkrb5.la \
|
||||
$(LIB_roken)
|
||||
|
||||
test_names_LDADD = $(LDADD) $(top_builddir)/lib/asn1/libasn1.la
|
||||
|
||||
# gss
|
||||
|
||||
dist_gsstool_SOURCES = gsstool.c
|
||||
|
||||
Reference in New Issue
Block a user