gssapi: credential store extensions (#451)

Implement the GSS-API credential store API extensions defined by MIT here: https://k5wiki.kerberos.org/wiki/Projects/Credential_Store_extensions Note: we kill off gss_acquire_cred_ext() here. This was never a public API, although mechanisms could have implemented it and I briefly used it in my BrowserID prototype mechanism. gss_acquire_cred_ext_from() occupies the place in the dispatch table where gss_acquire_cred_ext() used to, but this structure was never visible outside Heimdal (i.e. it is only used by internal mechanisms); (Mechanisms that need to accept arbitrary key/value dictionaries from applications should now implement gss_acquire_cred_from().)
2019-01-03 09:26:41 +11:00
parent a7d42cdf6b
commit e0bb9c10ca
39 changed files with 1289 additions and 1054 deletions
--- a/lib/gssapi/ntlm/duplicate_cred.c
+++ b/lib/gssapi/ntlm/duplicate_cred.c
@@ -43,10 +43,10 @@ _gss_ntlm_duplicate_cred(OM_uint32 *minor_status,
    OM_uint32 junk;

    if (input_cred_handle == GSS_C_NO_CREDENTIAL)
-        return _gss_ntlm_acquire_cred(minor_status, GSS_C_NO_NAME,
-                                      GSS_C_INDEFINITE, GSS_C_NO_OID_SET,
-                                      GSS_C_BOTH, output_cred_handle, NULL,
-                                      NULL);
+        return _gss_ntlm_acquire_cred_from(minor_status, GSS_C_NO_NAME,
+					   GSS_C_INDEFINITE, GSS_C_NO_OID_SET,
+					   GSS_C_BOTH, GSS_C_NO_CRED_STORE,
+					   output_cred_handle, NULL, NULL);

    *output_cred_handle = GSS_C_NO_CREDENTIAL;