oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
Files
e0bb9c10cad0fd98245caecf8af8fca855b2df49
heimdal/lib/gssapi/ntlm/acquire_cred.c
Luke Howard e0bb9c10ca gssapi: credential store extensions (#451) 
Implement the GSS-API credential store API extensions defined by MIT here:

https://k5wiki.kerberos.org/wiki/Projects/Credential_Store_extensions

Note: we kill off gss_acquire_cred_ext() here. This was never a public API,
although mechanisms could have implemented it and I briefly used it in my
BrowserID prototype mechanism. gss_acquire_cred_ext_from() occupies the place
in the dispatch table where gss_acquire_cred_ext() used to, but this structure
was never visible outside Heimdal (i.e. it is only used by internal
mechanisms);

(Mechanisms that need to accept arbitrary key/value dictionaries from
applications should now implement gss_acquire_cred_from().)
2019-01-03 14:38:39 -06:00

88 lines
3.1 KiB
C
Raw Blame History

/*
* Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "ntlm.h"
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_acquire_cred_from(OM_uint32 *min_stat,
gss_const_name_t desired_name,
OM_uint32 time_req,
const gss_OID_set desired_mechs,
gss_cred_usage_t cred_usage,
gss_const_key_value_set_t cred_store,
gss_cred_id_t *output_cred_handle,
gss_OID_set *actual_mechs,
OM_uint32 *time_rec)
{
ntlm_name name = (ntlm_name) desired_name;
const char *domain = NULL;
OM_uint32 maj_stat;
ntlm_ctx ctx;
*min_stat = 0;
*output_cred_handle = GSS_C_NO_CREDENTIAL;
if (actual_mechs)
*actual_mechs = GSS_C_NO_OID_SET;
if (time_rec)
*time_rec = GSS_C_INDEFINITE;
if (cred_usage == GSS_C_BOTH || cred_usage == GSS_C_ACCEPT) {
maj_stat = _gss_ntlm_allocate_ctx(min_stat, &ctx);
if (maj_stat != GSS_S_COMPLETE)
return maj_stat;
domain = name != NULL ? name->domain : NULL;
maj_stat = (*ctx->server->nsi_probe)(min_stat, ctx->ictx, domain);
{
gss_ctx_id_t context = (gss_ctx_id_t)ctx;
OM_uint32 junk;
_gss_ntlm_delete_sec_context(&junk, &context, NULL);
}
if (maj_stat)
return maj_stat;
}
if (cred_usage == GSS_C_BOTH || cred_usage == GSS_C_INITIATE) {
ntlm_cred cred;
*min_stat = _gss_ntlm_get_user_cred(name, &cred);
if (*min_stat)
return GSS_S_NO_CRED;
cred->usage = cred_usage;
*output_cred_handle = (gss_cred_id_t)cred;
}
return (GSS_S_COMPLETE);
}
Reference in New Issue View Git Blame Copy Permalink