Rewrite gss_add_cred() (fix #413)

It turns out gss_add_cred() really needed a complete rewrite. It's much better to first have a gss_duplicate_cred() (which has been needed for other reasons anyways), and use that when the input_cred_handle is not GSS_C_NO_CREDENTIAL and output_cred_handle is not NULL, then mutate that duplicate credential handle (or the input_cred_handle if output_cred_handle is NULL).
2018-12-26 17:24:08 -06:00
parent 134b53ead1
commit e6d1c10808
17 changed files with 737 additions and 161 deletions
--- a/lib/gssapi/krb5/test_acquire_cred.c
+++ b/lib/gssapi/krb5/test_acquire_cred.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003-2005 Kungliga Tekniska Högskolan
+ * Copyright (c) 2003-2018 Kungliga Tekniska Högskolan
 * (Royal Institute of Technology, Stockholm, Sweden).
 * All rights reserved.
 *
@@ -75,6 +75,30 @@ test_add(gss_cred_id_t cred_handle)
 	errx(1, "release_cred failed");
 }

+static void
+test_add_mutate(gss_cred_id_t cred_handle)
+{
+    OM_uint32 major_status, minor_status;
+    OM_uint32 time_rec;
+
+    major_status = gss_add_cred (&minor_status,
+				 cred_handle,
+				 GSS_C_NO_NAME,
+				 GSS_KRB5_MECHANISM,
+				 GSS_C_INITIATE,
+				 0,
+				 0,
+				 NULL,
+				 NULL,
+				 &time_rec,
+				 NULL);
+
+    if (GSS_ERROR(major_status))
+	errx(1, "add_cred failed");
+
+    print_time(time_rec);
+}
+
 static void
 copy_cred(void)
 {
@@ -98,6 +122,7 @@ copy_cred(void)
    test_add(cred_handle);
    test_add(cred_handle);
    test_add(cred_handle);
+    test_add_mutate(cred_handle);

    major_status = gss_release_cred(&minor_status,
 				    &cred_handle);