gssapi: credential store extensions (#451)

Implement the GSS-API credential store API extensions defined by MIT here: https://k5wiki.kerberos.org/wiki/Projects/Credential_Store_extensions Note: we kill off gss_acquire_cred_ext() here. This was never a public API, although mechanisms could have implemented it and I briefly used it in my BrowserID prototype mechanism. gss_acquire_cred_ext_from() occupies the place in the dispatch table where gss_acquire_cred_ext() used to, but this structure was never visible outside Heimdal (i.e. it is only used by internal mechanisms); (Mechanisms that need to accept arbitrary key/value dictionaries from applications should now implement gss_acquire_cred_from().)
2019-01-03 09:26:41 +11:00
parent a7d42cdf6b
commit e0bb9c10ca
39 changed files with 1289 additions and 1054 deletions
--- a/lib/gssapi/krb5/duplicate_cred.c
+++ b/lib/gssapi/krb5/duplicate_cred.c
@@ -53,12 +53,13 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_duplicate_cred (

    if (input_cred_handle == GSS_C_NO_CREDENTIAL) {
        /* Duplicate the default credential */
-        return _gsskrb5_acquire_cred(minor_status, GSS_C_NO_NAME,
-                                     GSS_C_INDEFINITE,
-                                     GSS_C_NO_OID_SET,
-                                     GSS_C_BOTH,
-                                     output_cred_handle,
-                                     NULL, NULL);
+        return _gsskrb5_acquire_cred_from(minor_status, GSS_C_NO_NAME,
+					  GSS_C_INDEFINITE,
+					  GSS_C_NO_OID_SET,
+					  GSS_C_BOTH,
+					  GSS_C_NO_CRED_STORE,
+					  output_cred_handle,
+					  NULL, NULL);
    }

    /* Duplicate the input credential */