From: Andreas Schneider <asn@samba.org>
Date: Fri, 26 Apr 2024 08:40:13 +0000 (+0200)
Subject: lib:krb5_wrap: Implement smb_gss_mech_import_cred()
X-Git-Tag: tdb-1.4.11~791
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ca90f213a27743b7b715146c59f9287506e2da70;p=thirdparty%2Fsamba.git

lib:krb5_wrap: Implement smb_gss_mech_import_cred()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---

diff --git a/lib/krb5_wrap/gss_samba.c b/lib/krb5_wrap/gss_samba.c
index a5940561cda..608cb60f155 100644
--- a/lib/krb5_wrap/gss_samba.c
+++ b/lib/krb5_wrap/gss_samba.c
@@ -48,16 +48,35 @@ int smb_gss_oid_equal(const gss_OID first_oid, const gss_OID second_oid)
 }
 #endif /* !HAVE_GSS_OID_EQUAL */
 
-
 /* wrapper around gss_krb5_import_cred() that prefers to use gss_acquire_cred_from()
  * if this GSSAPI extension is available. gss_acquire_cred_from() is properly
  * interposed by GSSPROXY while gss_krb5_import_cred() is not.
  *
  * This wrapper requires a proper krb5_context to resolve ccache name.
  * All gss_krb5_import_cred() callers in Samba already have krb5_context available. */
-uint32_t smb_gss_krb5_import_cred(uint32_t *minor_status, krb5_context ctx,
-				  krb5_ccache id, krb5_principal keytab_principal,
-				  krb5_keytab keytab, gss_cred_id_t *cred)
+uint32_t smb_gss_krb5_import_cred(uint32_t *minor_status,
+				  krb5_context ctx,
+				  krb5_ccache id,
+				  krb5_principal keytab_principal,
+				  krb5_keytab keytab,
+				  gss_cred_id_t *cred)
+{
+	return smb_gss_mech_import_cred(minor_status,
+					ctx,
+					id,
+					keytab_principal,
+					keytab,
+					gss_mech_krb5,
+					cred);
+}
+
+uint32_t smb_gss_mech_import_cred(OM_uint32 *minor_status,
+				  krb5_context ctx,
+				  krb5_ccache id,
+				  krb5_principal keytab_principal,
+				  krb5_keytab keytab,
+				  const struct gss_OID_desc_struct *mech,
+				  gss_cred_id_t *cred)
 {
 	uint32_t major_status = 0;
 
@@ -86,7 +105,7 @@ uint32_t smb_gss_krb5_import_cred(uint32_t *minor_status, krb5_context ctx,
 	gss_OID_set_desc mech_set = {
 		.count = 1,
 		.elements = discard_const_p(struct gss_OID_desc_struct,
-					    gss_mech_krb5),
+					    mech),
 	};
 
 	gss_cred_usage_t cred_usage = GSS_C_INITIATE;
diff --git a/lib/krb5_wrap/gss_samba.h b/lib/krb5_wrap/gss_samba.h
index 89aee3479c5..9e91f21e406 100644
--- a/lib/krb5_wrap/gss_samba.h
+++ b/lib/krb5_wrap/gss_samba.h
@@ -45,5 +45,13 @@ uint32_t smb_gss_krb5_import_cred(OM_uint32 *minor_status, krb5_context ctx,
 				  krb5_ccache id, krb5_principal keytab_principal,
 				  krb5_keytab keytab, gss_cred_id_t *cred);
 
+uint32_t smb_gss_mech_import_cred(OM_uint32 *minor_status,
+				  krb5_context ctx,
+				  krb5_ccache id,
+				  krb5_principal keytab_principal,
+				  krb5_keytab keytab,
+				  const struct gss_OID_desc_struct *mech,
+				  gss_cred_id_t *cred);
+
 #endif /* HAVE_GSSAPI */
 #endif /* _GSS_SAMBA_H */