#include <errno.h>
#include "k5-platform.h"
+#include "k5-buf.h"
#include "k5-utf8.h"
#include "krb5.h"
krb5_principal **pkinit_sans,
krb5_principal **upn_sans,
unsigned char ***kdc_hostname);
+static void crypto_update_signer_identity(krb5_context,
+ pkinit_identity_crypto_context);
/* DomainParameters: RFC 2459, 7.3.2. */
struct domain_parameters {
struct _pkinit_identity_crypto_context {
PLArenaPool *pool;
+ const char *identity;
SECMODModule *pem_module; /* used for FILE: and DIR: */
- SECMODModule **id_modules; /* used for PKCS11: */
- PK11SlotInfo **id_userdbs; /* used for NSS: */
- PK11SlotInfo *id_p12_slot; /* used for PKCS12: */
- PK11GenericObject **id_objects; /* used with FILE: and DIR: */
+ struct _pkinit_identity_crypto_module {
+ char *name;
+ SECMODModule *module;
+ } **id_modules; /* used for PKCS11: */
+ struct _pkinit_identity_crypto_userdb {
+ char *name;
+ PK11SlotInfo *userdb;
+ } **id_userdbs; /* used for NSS: */
+ struct _pkinit_identity_crypto_p12slot {
+ char *p12name;
+ PK11SlotInfo *slot;
+ } id_p12_slot; /* used for PKCS12: */
+ struct _pkinit_identity_crypto_file {
+ char *name;
+ PK11GenericObject *obj;
+ CERTCertificate *cert;
+ } **id_objects; /* used with FILE: and DIR: */
SECItem **id_crls;
CERTCertList *id_certs, *ca_certs;
CERTCertificate *id_cert;
size_t spec_size;
int attempts;
- if (id->id_p12_slot == NULL) {
+ if (id->id_p12_slot.slot == NULL) {
configdir = DEFAULT_CONFIGDIR;
#ifdef PKCS12_HACK
/* Figure out where to put the temporary userdb. */
else
snprintf(spec, spec_size, "configDir='%s' flags=readOnly",
configdir);
- id->id_p12_slot = SECMOD_OpenUserDB(spec);
+ id->id_p12_slot.slot = SECMOD_OpenUserDB(spec);
}
#ifdef PKCS12_HACK
if (strcmp(configdir, DEFAULT_CONFIGDIR) != 0) {
struct dirent *ent;
char *path;
/* First, initialize the slot. */
- if (id->id_p12_slot != NULL)
- if (PK11_NeedUserInit(id->id_p12_slot))
- PK11_InitPin(id->id_p12_slot, "", "");
+ if (id->id_p12_slot.slot != NULL)
+ if (PK11_NeedUserInit(id->id_p12_slot.slot))
+ PK11_InitPin(id->id_p12_slot.slot, "", "");
/* Scan the directory, deleting all of the contents. */
dir = opendir(configdir);
if (dir == NULL)
}
}
#endif
- return id->id_p12_slot;
+ return id->id_p12_slot.slot;
}
/* Close the slot which we've been using for holding imported PKCS12
static int
crypto_close_p12_slot(struct _pkinit_identity_crypto_context *id)
{
- SECMOD_CloseUserDB(id->id_p12_slot);
+ SECMOD_CloseUserDB(id->id_p12_slot.slot);
return 0;
}
CERT_DestroyCertList(id_cryptoctx->ca_certs);
CERT_DestroyCertList(id_cryptoctx->id_certs);
if (id_cryptoctx->id_objects != NULL)
- for (i = 0; id_cryptoctx->id_objects[i] != NULL; i++)
- PK11_DestroyGenericObjects(id_cryptoctx->id_objects[i]);
- if (id_cryptoctx->id_p12_slot != NULL)
+ for (i = 0; id_cryptoctx->id_objects[i] != NULL; i++) {
+ PK11_DestroyGenericObjects(id_cryptoctx->id_objects[i]->obj);
+ if (id_cryptoctx->id_objects[i]->cert != NULL)
+ CERT_DestroyCertificate(id_cryptoctx->id_objects[i]->cert);
+ }
+ if (id_cryptoctx->id_p12_slot.slot != NULL)
if ((i = crypto_close_p12_slot(id_cryptoctx)) != 0)
pkiDebug("%s: error closing pkcs12 slot: %s\n",
__FUNCTION__, strerror(i));
if (id_cryptoctx->id_userdbs != NULL)
for (i = 0; id_cryptoctx->id_userdbs[i] != NULL; i++)
- SECMOD_CloseUserDB(id_cryptoctx->id_userdbs[i]);
+ SECMOD_CloseUserDB(id_cryptoctx->id_userdbs[i]->userdb);
if (id_cryptoctx->id_modules != NULL)
for (i = 0; id_cryptoctx->id_modules[i] != NULL; i++)
- SECMOD_UnloadUserModule(id_cryptoctx->id_modules[i]);
+ SECMOD_UnloadUserModule(id_cryptoctx->id_modules[i]->module);
if (id_cryptoctx->id_crls != NULL)
for (i = 0; id_cryptoctx->id_crls[i] != NULL; i++)
CERT_UncacheCRL(CERT_GetDefaultCertDB(), id_cryptoctx->id_crls[i]);
return status;
}
+static char *
+reassemble_pkcs11_name(PLArenaPool *pool, pkinit_identity_opts *idopts)
+{
+ struct k5buf buf;
+ int n = 0;
+ char *ret;
+
+ krb5int_buf_init_dynamic(&buf);
+ krb5int_buf_add(&buf, "PKCS11:");
+ n = 0;
+ if (idopts->p11_module_name != NULL) {
+ krb5int_buf_add_fmt(&buf, "%smodule_name=%s",
+ n++ ? "," : "",
+ idopts->p11_module_name);
+ }
+ if (idopts->token_label != NULL) {
+ krb5int_buf_add_fmt(&buf, "%stoken=%s",
+ n++ ? "," : "",
+ idopts->token_label);
+ }
+ if (idopts->cert_label != NULL) {
+ krb5int_buf_add_fmt(&buf, "%scertlabel=%s",
+ n++ ? "," : "",
+ idopts->cert_label);
+ }
+ if (idopts->cert_id_string != NULL) {
+ krb5int_buf_add_fmt(&buf, "%scertid=%s",
+ n++ ? "," : "",
+ idopts->cert_id_string);
+ }
+ if (idopts->slotid != PK_NOSLOT) {
+ krb5int_buf_add_fmt(&buf, "%sslotid=%ld",
+ n++ ? "," : "",
+ (long)idopts->slotid);
+ }
+ if (krb5int_buf_len(&buf) >= 0)
+ ret = PORT_ArenaStrdup(pool, krb5int_buf_data(&buf));
+ else
+ ret = NULL;
+ krb5int_free_buf(&buf);
+ return ret;
+}
+
static SECStatus
crypto_load_pkcs11(krb5_context context,
pkinit_plg_crypto_context plg_cryptoctx,
pkinit_identity_opts *idopts,
pkinit_identity_crypto_context id_cryptoctx)
{
- SECMODModule **id_modules, *module;
+ struct _pkinit_identity_crypto_module **id_modules, *module;
PK11SlotInfo *slot;
char *spec;
size_t spec_size;
if (id_cryptoctx->id_modules != NULL) {
for (i = 0; id_cryptoctx->id_modules[i] != NULL; i++)
continue;
- } else
+ } else {
i = 0;
+ }
/* Allocate a bigger list. */
id_modules = PORT_ArenaZAlloc(id_cryptoctx->pool,
id_modules[j] = id_cryptoctx->id_modules[j];
/* Actually load the module. */
- module = SECMOD_LoadUserModule(spec, NULL, PR_FALSE);
- if (module == NULL) {
+ module = PORT_ArenaZAlloc(id_cryptoctx->pool, sizeof(*module));
+ if (module == NULL)
+ return SECFailure;
+ module->name = reassemble_pkcs11_name(id_cryptoctx->pool, idopts);
+ module->module = SECMOD_LoadUserModule(spec, NULL, PR_FALSE);
+ if (module->module == NULL) {
pkiDebug("%s: error loading PKCS11 module \"%s\"",
__FUNCTION__, idopts->p11_module_name);
return SECFailure;
}
- if (!module->loaded) {
+ if (!module->module->loaded) {
pkiDebug("%s: error really loading PKCS11 module \"%s\"",
__FUNCTION__, idopts->p11_module_name);
- SECMOD_UnloadUserModule(module);
+ SECMOD_UnloadUserModule(module->module);
return SECFailure;
}
- SECMOD_UpdateSlotList(module);
+ SECMOD_UpdateSlotList(module->module);
pkiDebug("%s: loaded PKCS11 module \"%s\"\n", __FUNCTION__,
idopts->p11_module_name);
/* Walk the list of slots in the module. */
status = SECFailure;
for (i = 0;
- (i < module->slotCount) && ((slot = module->slots[i]) != NULL);
+ (i < module->module->slotCount) &&
+ ((slot = module->module->slots[i]) != NULL);
i++) {
if (idopts->token_label != NULL) {
label = idopts->token_label;
return new_nickname;
}
+static char *
+reassemble_pkcs12_name(PLArenaPool *pool, const char *filename)
+{
+ char *tmp, *ret;
+
+ if (asprintf(&tmp, "PKCS12:%s", filename) < 0)
+ return NULL;
+ ret = PORT_ArenaStrdup(pool, tmp);
+ free(tmp);
+ return ret;
+}
+
static SECStatus
crypto_load_pkcs12(krb5_context context,
pkinit_plg_crypto_context plg_cryptoctx,
free(password.data);
return SECFailure;
}
+ id_cryptoctx->id_p12_slot.p12name =
+ reassemble_pkcs12_name(id_cryptoctx->pool, name);
pkiDebug("%s: imported PKCS12 bundle \"%s\"\n", __FUNCTION__, name);
SEC_PKCS12DecoderFinish(ctx);
if (password.data != emptypwd)
attr->ulValueLen = ulValueLen;
}
+static char *
+reassemble_files_name(PLArenaPool *pool, const char *certfile,
+ const char *keyfile)
+{
+ char *tmp, *ret;
+
+ if (keyfile != NULL) {
+ if (asprintf(&tmp, "FILE:%s,%s", certfile, keyfile) < 0)
+ return NULL;
+ } else {
+ if (asprintf(&tmp, "FILE:%s", certfile) < 0)
+ return NULL;
+ }
+ ret = PORT_ArenaStrdup(pool, tmp);
+ free(tmp);
+ return ret;
+}
+
/* Load keys, certs, and/or CRLs from files. */
static SECStatus
crypto_load_files(krb5_context context,
pkinit_identity_crypto_context id_cryptoctx)
{
PK11SlotInfo *slot;
- PK11GenericObject *obj, **id_objects;
+ struct _pkinit_identity_crypto_file *obj, **id_objects;
PRBool permanent, match;
CERTCertificate *cert;
CERTCertList *before, *after;
crypto_set_attributes(&attrs[n_attrs++], CKA_LABEL,
(char *) keyfile, strlen(keyfile) + 1);
permanent = PR_FALSE; /* set lifetime to "session" */
- obj = PK11_CreateGenericObject(slot, attrs, n_attrs, permanent);
- if (obj == NULL) {
+ obj = PORT_ArenaZAlloc(id_cryptoctx->pool, sizeof(*obj));
+ if (obj == NULL)
+ return SECFailure;
+ obj->obj = PK11_CreateGenericObject(slot, attrs, n_attrs, permanent);
+ if (obj->obj == NULL) {
pkiDebug("%s: error loading key \"%s\"\n", __FUNCTION__, keyfile);
status = SECFailure;
} else {
crypto_set_attributes(&attrs[n_attrs++], CKA_TRUST,
&cktrust, sizeof(cktrust));
permanent = PR_FALSE; /* set lifetime to "session" */
- obj = PK11_CreateGenericObject(slot, attrs, n_attrs, permanent);
- if (obj == NULL) {
+ obj = PORT_ArenaZAlloc(id_cryptoctx->pool, sizeof(*obj));
+ if (obj == NULL)
+ return SECFailure;
+ obj->name = reassemble_files_name(id_cryptoctx->pool,
+ certfile, keyfile);
+ obj->obj = PK11_CreateGenericObject(slot, attrs, n_attrs, permanent);
+ if (obj->obj == NULL) {
pkiDebug("%s: error loading %scertificate \"%s\"\n",
__FUNCTION__, cert_mark_trusted ? "CA " : "", certfile);
status = SECFailure;
(id_cryptoctx->id_certs, cert) != SECSuccess) {
status = SECFailure;
}
+ obj->cert = CERT_DupCertificate(cert);
} else if (cert_mark_trusted) {
/* Add to the CA list. */
if (cert_maybe_add_to_list
return status;
}
+static char *
+reassemble_nssdb_name(PLArenaPool *pool, const char *dbdir)
+{
+ char *tmp, *ret;
+
+ if (asprintf(&tmp, "NSS:%s", dbdir) < 0)
+ return NULL;
+ ret = PORT_ArenaStrdup(pool, tmp);
+ free(tmp);
+ return ret;
+}
+
/* Load up a certificate database. */
static krb5_error_code
crypto_load_nssdb(krb5_context context,
const char *configdir,
pkinit_identity_crypto_context id_cryptoctx)
{
- PK11SlotInfo *userdb, **id_userdbs;
+ struct _pkinit_identity_crypto_userdb *userdb, **id_userdbs;
char *p;
size_t spec_size;
int i, j;
id_userdbs[j] = id_cryptoctx->id_userdbs[j];
/* Actually load the module. */
- userdb = SECMOD_OpenUserDB(p);
- if (userdb == NULL) {
+ userdb = PORT_ArenaZAlloc(id_cryptoctx->pool, sizeof(*userdb));
+ if (userdb == NULL)
+ return SECFailure;
+ userdb->name = reassemble_nssdb_name(id_cryptoctx->pool, configdir);
+ userdb->userdb = SECMOD_OpenUserDB(p);
+ if (userdb->userdb == NULL) {
pkiDebug("%s: error loading NSS cert database \"%s\"\n",
__FUNCTION__, configdir);
return ENOENT;
id_cryptoctx->id_userdbs = id_userdbs;
/* Load the CAs from the database. */
- cert_load_ca_certs_from_slot(context, id_cryptoctx, userdb);
+ cert_load_ca_certs_from_slot(context, id_cryptoctx, userdb->userdb);
/* Load the keys from the database. */
return cert_load_certs_with_keys_from_slot(context, id_cryptoctx,
- userdb, NULL, NULL);
+ userdb->userdb, NULL, NULL);
}
/* Load up a certificate and associated key. */
if (data->ch->id_cryptoctx->id_cert != NULL)
CERT_DestroyCertificate(data->ch->id_cryptoctx->id_cert);
data->ch->id_cryptoctx->id_cert = cert;
+ crypto_update_signer_identity(context, data->ch->id_cryptoctx);
return 0;
}
if (id_cryptoctx->id_cert != NULL)
CERT_DestroyCertificate(id_cryptoctx->id_cert);
id_cryptoctx->id_cert = CERT_DupCertificate(cert);
+ crypto_update_signer_identity(context, id_cryptoctx);
return 0;
}
return i;
}
+static const char *
+crypto_get_identity_by_slot(krb5_context context,
+ pkinit_identity_crypto_context id_cryptoctx,
+ PK11SlotInfo *slot)
+{
+ PK11SlotInfo *mslot;
+ struct _pkinit_identity_crypto_userdb *userdb;
+ struct _pkinit_identity_crypto_module *module;
+ int i, j;
+
+ mslot = id_cryptoctx->id_p12_slot.slot;
+ if ((mslot != NULL) && (PK11_GetSlotID(mslot) == PK11_GetSlotID(slot)))
+ return id_cryptoctx->id_p12_slot.p12name;
+ for (i = 0;
+ (id_cryptoctx->id_userdbs != NULL) &&
+ (id_cryptoctx->id_userdbs[i] != NULL);
+ i++) {
+ userdb = id_cryptoctx->id_userdbs[i];
+ if (PK11_GetSlotID(userdb->userdb) == PK11_GetSlotID(slot))
+ return userdb->name;
+ }
+ for (i = 0;
+ (id_cryptoctx->id_modules != NULL) &&
+ (id_cryptoctx->id_modules[i] != NULL);
+ i++) {
+ module = id_cryptoctx->id_modules[i];
+ for (j = 0; j < module->module->slotCount; j++) {
+ mslot = module->module->slots[j];
+ if (PK11_GetSlotID(mslot) == PK11_GetSlotID(slot))
+ return module->name;
+ }
+ }
+ return NULL;
+}
+
+static void
+crypto_update_signer_identity(krb5_context context,
+ pkinit_identity_crypto_context id_cryptoctx)
+{
+ PK11SlotList *slist;
+ PK11SlotListElement *sle;
+ CERTCertificate *cert;
+ struct _pkinit_identity_crypto_file *obj;
+ int i;
+
+ id_cryptoctx->identity = NULL;
+ if (id_cryptoctx->id_cert == NULL)
+ return;
+ cert = id_cryptoctx->id_cert;
+ for (i = 0;
+ (id_cryptoctx->id_objects != NULL) &&
+ (id_cryptoctx->id_objects[i] != NULL);
+ i++) {
+ obj = id_cryptoctx->id_objects[i];
+ if ((obj->cert != NULL) && CERT_CompareCerts(obj->cert, cert)) {
+ id_cryptoctx->identity = obj->name;
+ return;
+ }
+ }
+ if (cert->slot != NULL) {
+ id_cryptoctx->identity = crypto_get_identity_by_slot(context,
+ id_cryptoctx,
+ cert->slot);
+ if (id_cryptoctx->identity != NULL)
+ return;
+ }
+ slist = PK11_GetAllSlotsForCert(cert, NULL);
+ if (slist != NULL) {
+ for (sle = PK11_GetFirstSafe(slist);
+ sle != NULL;
+ sle = PK11_GetNextSafe(slist, sle, PR_FALSE)) {
+ id_cryptoctx->identity = crypto_get_identity_by_slot(context,
+ id_cryptoctx,
+ sle->slot);
+ if (id_cryptoctx->identity != NULL) {
+ PK11_FreeSlotList(slist);
+ return;
+ }
+ }
+ PK11_FreeSlotList(slist);
+ }
+}
+
+krb5_error_code
+crypto_retrieve_signer_identity(krb5_context context,
+ pkinit_identity_crypto_context id_cryptoctx,
+ const char **identity)
+{
+ *identity = id_cryptoctx->identity;
+ if (*identity == NULL)
+ return ENOENT;
+ return 0;
+}
+
static krb5_error_code
cert_retrieve_cert_sans(krb5_context context,
CERTCertificate *cert,
#include <arpa/inet.h>
#include "k5-platform.h"
+#include "k5-buf.h"
#include "pkinit_crypto_openssl.h"
goto out;
memset(ctx, 0, sizeof(*ctx));
+ ctx->identity = NULL;
+
retval = pkinit_init_certs(ctx);
if (retval)
goto out;
return;
pkiDebug("%s: freeing ctx at %p\n", __FUNCTION__, idctx);
+ free(idctx->identity);
pkinit_fini_certs(idctx);
pkinit_fini_pkcs11(idctx);
free(idctx);
return retval;
}
+krb5_error_code
+crypto_retrieve_signer_identity(krb5_context context,
+ pkinit_identity_crypto_context id_cryptoctx,
+ const char **identity)
+{
+ *identity = id_cryptoctx->identity;
+ if (*identity == NULL)
+ return ENOENT;
+ return 0;
+}
+
krb5_error_code
crypto_retrieve_cert_sans(krb5_context context,
pkinit_plg_crypto_context plgctx,
}
cctx->slotid = slotlist[i];
free(slotlist);
- pkiDebug("open_session: slotid %d (%d of %d)\n", (int) cctx->slotid,
+ pkiDebug("open_session: slotid %d (%lu of %d)\n", (int) cctx->slotid,
i + 1, (int) count);
/* Login if needed */
return retval;
}
+static char *
+reassemble_pkcs12_name(const char *filename)
+{
+ char *ret;
+
+ if (asprintf(&ret, "PKCS12:%s", filename) < 0)
+ return NULL;
+ return ret;
+}
+
static krb5_error_code
pkinit_get_certs_pkcs12(krb5_context context,
pkinit_plg_crypto_context plg_cryptoctx,
id_cryptoctx->creds[0] = malloc(sizeof(struct _pkinit_cred_info));
if (id_cryptoctx->creds[0] == NULL)
goto cleanup;
+ id_cryptoctx->creds[0]->name =
+ reassemble_pkcs12_name(idopts->cert_filename);
id_cryptoctx->creds[0]->cert = x;
#ifndef WITHOUT_PKCS11
id_cryptoctx->creds[0]->cert_id = NULL;
return retval;
}
+static char *
+reassemble_files_name(const char *certfile, const char *keyfile)
+{
+ char *ret;
+
+ if (keyfile != NULL) {
+ if (asprintf(&ret, "FILE:%s,%s", certfile, keyfile) < 0)
+ return NULL;
+ } else {
+ if (asprintf(&ret, "FILE:%s", certfile) < 0)
+ return NULL;
+ }
+ return ret;
+}
+
static krb5_error_code
pkinit_load_fs_cert_and_key(krb5_context context,
pkinit_identity_crypto_context id_cryptoctx,
retval = ENOMEM;
goto cleanup;
}
+ id_cryptoctx->creds[cindex]->name = reassemble_files_name(certname,
+ keyname);
id_cryptoctx->creds[cindex]->cert = x;
#ifndef WITHOUT_PKCS11
id_cryptoctx->creds[cindex]->cert_id = NULL;
}
#ifndef WITHOUT_PKCS11
+static char *
+reassemble_pkcs11_name(pkinit_identity_opts *idopts)
+{
+ struct k5buf buf;
+ int n = 0;
+ char *ret;
+
+ krb5int_buf_init_dynamic(&buf);
+ krb5int_buf_add(&buf, "PKCS11:");
+ n = 0;
+ if (idopts->p11_module_name != NULL) {
+ krb5int_buf_add_fmt(&buf, "%smodule_name=%s",
+ n++ ? "," : "",
+ idopts->p11_module_name);
+ }
+ if (idopts->token_label != NULL) {
+ krb5int_buf_add_fmt(&buf, "%stoken=%s",
+ n++ ? "," : "",
+ idopts->token_label);
+ }
+ if (idopts->cert_label != NULL) {
+ krb5int_buf_add_fmt(&buf, "%scertlabel=%s",
+ n++ ? "," : "",
+ idopts->cert_label);
+ }
+ if (idopts->cert_id_string != NULL) {
+ krb5int_buf_add_fmt(&buf, "%scertid=%s",
+ n++ ? "," : "",
+ idopts->cert_id_string);
+ }
+ if (idopts->slotid != PK_NOSLOT) {
+ krb5int_buf_add_fmt(&buf, "%sslotid=%ld",
+ n++ ? "," : "",
+ (long)idopts->slotid);
+ }
+ if (krb5int_buf_len(&buf) >= 0)
+ ret = strdup(krb5int_buf_data(&buf));
+ else
+ ret = NULL;
+ krb5int_free_buf(&buf);
+ return ret;
+}
+
static krb5_error_code
pkinit_get_certs_pkcs11(krb5_context context,
pkinit_plg_crypto_context plg_cryptoctx,
id_cryptoctx->slotid = idopts->slotid;
id_cryptoctx->pkcs11_method = 1;
-
-
if (pkinit_open_session(context, id_cryptoctx)) {
pkiDebug("can't open pkcs11 session\n");
return KRB5KDC_ERR_PREAUTH_FAILED;
id_cryptoctx->creds[i] = malloc(sizeof(struct _pkinit_cred_info));
if (id_cryptoctx->creds[i] == NULL)
return KRB5KDC_ERR_PREAUTH_FAILED;
+ id_cryptoctx->creds[i]->name = reassemble_pkcs11_name(idopts);
id_cryptoctx->creds[i]->cert = x;
id_cryptoctx->creds[i]->key = NULL;
id_cryptoctx->creds[i]->cert_id = cert_id;
#ifndef WITHOUT_PKCS11
free(cred->cert_id);
#endif
+ free(cred->name);
free(cred);
}
}
}
cd->idctx->my_certs = sk_X509_new_null();
sk_X509_push(cd->idctx->my_certs, cd->cred->cert);
+ free(cd->idctx->identity);
+ /* hang on to the selected credential name */
+ if (cd->idctx->creds[cd->index]->name != NULL)
+ cd->idctx->identity = strdup(cd->idctx->creds[cd->index]->name);
+ else
+ cd->idctx->identity = NULL;
cd->idctx->creds[cd->index]->cert = NULL; /* Don't free it twice */
cd->idctx->cert_index = 0;
sk_X509_push(id_cryptoctx->my_certs, id_cryptoctx->creds[0]->cert);
id_cryptoctx->creds[0]->cert = NULL; /* Don't free it twice */
id_cryptoctx->cert_index = 0;
+ /* hang on to the selected credential name */
+ if (id_cryptoctx->creds[0]->name != NULL)
+ id_cryptoctx->identity = strdup(id_cryptoctx->creds[0]->name);
+ else
+ id_cryptoctx->identity = NULL;
if (id_cryptoctx->pkcs11_method != 1) {
id_cryptoctx->my_key = id_cryptoctx->creds[0]->key;
projects / thirdparty / krb5.git / commitdiff
