gssapi: credential store extensions (#451)

Implement the GSS-API credential store API extensions defined by MIT here: https://k5wiki.kerberos.org/wiki/Projects/Credential_Store_extensions Note: we kill off gss_acquire_cred_ext() here. This was never a public API, although mechanisms could have implemented it and I briefly used it in my BrowserID prototype mechanism. gss_acquire_cred_ext_from() occupies the place in the dispatch table where gss_acquire_cred_ext() used to, but this structure was never visible outside Heimdal (i.e. it is only used by internal mechanisms); (Mechanisms that need to accept arbitrary key/value dictionaries from applications should now implement gss_acquire_cred_from().)
2019-01-03 09:26:41 +11:00
parent a7d42cdf6b
commit e0bb9c10ca
39 changed files with 1289 additions and 1054 deletions
--- a/lib/gssapi/mech/gss_store_cred.c
+++ b/lib/gssapi/mech/gss_store_cred.c
@@ -43,58 +43,14 @@ gss_store_cred(OM_uint32         *minor_status,
 	       gss_OID_set       *elements_stored,
 	       gss_cred_usage_t  *cred_usage_stored)
 {
-    struct _gss_cred *cred = (struct _gss_cred *) input_cred_handle;
-    struct _gss_mechanism_cred *mc;
-    OM_uint32 maj = GSS_S_FAILURE;
-    OM_uint32 junk;
-    size_t successes = 0;
-
-    if (minor_status == NULL)
-	return GSS_S_FAILURE;
-    if (elements_stored)
-	*elements_stored = NULL;
-    if (cred_usage_stored)
-	*cred_usage_stored = 0;
-
-    if (cred == NULL)
-	return GSS_S_NO_CONTEXT;
-
-    if (elements_stored) {
-	maj = gss_create_empty_oid_set(minor_status, elements_stored);
-	if (maj != GSS_S_COMPLETE)
-	    return maj;
-    }
-
-    HEIM_SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) {
-	gssapi_mech_interface m = mc->gmc_mech;
-
-	if (m == NULL || m->gm_store_cred == NULL)
-	    continue;
-
-        if (desired_mech != GSS_C_NO_OID &&
-            !gss_oid_equal(&m->gm_mech_oid, desired_mech))
-            continue;
-
-	maj = (m->gm_store_cred)(minor_status, mc->gmc_cred,
-				 cred_usage, desired_mech, overwrite_cred,
-				 default_cred, NULL, cred_usage_stored);
-        if (maj == GSS_S_COMPLETE) {
-            if (elements_stored)
-                gss_add_oid_set_member(&junk, desired_mech, elements_stored);
-            successes++;
-        } else if (desired_mech != GSS_C_NO_OID) {
-            gss_release_oid_set(&junk, elements_stored);
-            return maj;
-        }
-
-    }
-
-    if (successes == 0) {
-        if (maj != GSS_S_COMPLETE)
-            return maj; /* last failure */
-        return GSS_S_FAILURE;
-    }
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
+    return gss_store_cred_into(minor_status,
+			       input_cred_handle,
+			       cred_usage,
+			       desired_mech,
+			       overwrite_cred,
+			       default_cred,
+			       GSS_C_NO_CRED_STORE,
+			       elements_stored,
+			       cred_usage_stored);
 }
+