Rewrite gss_add_cred() (fix #413)

It turns out gss_add_cred() really needed a complete rewrite. It's much better to first have a gss_duplicate_cred() (which has been needed for other reasons anyways), and use that when the input_cred_handle is not GSS_C_NO_CREDENTIAL and output_cred_handle is not NULL, then mutate that duplicate credential handle (or the input_cred_handle if output_cred_handle is NULL).
2018-12-26 17:24:08 -06:00
parent 134b53ead1
commit e6d1c10808
17 changed files with 737 additions and 161 deletions
--- a/lib/gssapi/netlogon/external.c
+++ b/lib/gssapi/netlogon/external.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * Copyright (c) 2010-2018 Kungliga Tekniska Högskolan
 * (Royal Institute of Technology, Stockholm, Sweden).
 * All rights reserved.
 *
@@ -77,11 +77,28 @@ static gssapi_mech_interface_desc netlogon_mech = {
    _netlogon_wrap_iov,
    _netlogon_unwrap_iov,
    _netlogon_wrap_iov_length,
-    NULL,
-    NULL,
-    NULL,
-    NULL,
-    NULL
+    NULL, /* gm_store_cred */
+    NULL, /* gm_export_cred */
+    NULL, /* gm_import_cred */
+    NULL, /* gm_acquire_cred_ext */
+    NULL, /* gm_iter_creds */
+    NULL, /* gm_destroy_cred */
+    NULL, /* gm_cred_hold */
+    NULL, /* gm_cred_unhold */
+    NULL, /* gm_cred_label_get */
+    NULL, /* gm_cred_label_set */
+    NULL, /* gm_mo */
+    0,    /* gm_mo_num */
+    NULL, /* gm_localname */
+    NULL, /* gm_authorize_localname */
+    NULL, /* gm_display_name_ext */
+    NULL, /* gm_inquire_name */
+    NULL, /* gm_get_name_attribute */
+    NULL, /* gm_set_name_attribute */
+    NULL, /* gm_delete_name_attribute */
+    NULL, /* gm_export_name_composite */
+    NULL, /* gm_duplicate_cred */
+    NULL  /* gm_compat */
 };

 gssapi_mech_interface