]> git.ipfire.org Git - thirdparty/krb5.git/commitdiff
* accept_sec_context.c (rd_and_store_for_creds): Don't mess with
authorDan Winship <danw@mit.edu>
Fri, 30 Jan 1998 01:20:11 +0000 (01:20 +0000)
committerDan Winship <danw@mit.edu>
Fri, 30 Jan 1998 01:20:11 +0000 (01:20 +0000)
        krb5_cc_default--use a new mem-based ccache.

        * Makefile.in:
        * gssapi_krb5.h:
        * copy_ccache.c (gss_krb5_copy_ccache): Routine to copy a
        gss_cred_id_t (such as a forwarded creds) into an existing
        krb5_ccache.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10389 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/gssapi/krb5/ChangeLog
src/lib/gssapi/krb5/Makefile.in
src/lib/gssapi/krb5/accept_sec_context.c
src/lib/gssapi/krb5/copy_ccache.c [new file with mode: 0644]
src/lib/gssapi/krb5/gssapi_krb5.h

index df0c1fe5ea46d8c3f87090545cf076c51f49d2c6..3088ee7f876c9498ac39a7faceddc36962b5f6e2 100644 (file)
@@ -1,3 +1,14 @@
+Thu Jan 29 20:08:02 1998  Dan Winship  <danw@mit.edu>
+
+       * accept_sec_context.c (rd_and_store_for_creds): Don't mess with
+       krb5_cc_default--use a new mem-based ccache.
+
+       * Makefile.in: 
+       * gssapi_krb5.h: 
+       * copy_ccache.c (gss_krb5_copy_ccache): Routine to copy a
+       gss_cred_id_t (such as a forwarded creds) into an existing
+       krb5_ccache.
+
 Fri Jun 27 08:37:11 1997  Theodore Ts'o  <tytso@rsts-11.mit.edu>
 
        * accept_sec_context.c (krb5_gss_accept_sec_context): Will now
index c8f71e72cbbdc5543bd591cf7d0bf2f45afe3dce..2a16c7e4d7404eb824ceff2d0a730d87ba287c0a 100644 (file)
@@ -19,6 +19,7 @@ SRCS = \
        $(srcdir)/canon_name.c \
        $(srcdir)/compare_name.c \
        $(srcdir)/context_time.c \
+       $(srcdir)/copy_ccache.c \
        $(srcdir)/delete_sec_context.c \
        $(srcdir)/disp_name.c \
        $(srcdir)/disp_status.c \
@@ -63,6 +64,7 @@ OBJS = \
        canon_name.$(OBJEXT) \
        compare_name.$(OBJEXT) \
        context_time.$(OBJEXT) \
+       copy_ccache.$(OBJEXT) \
        delete_sec_context.$(OBJEXT) \
        disp_name.$(OBJEXT) \
        disp_status.$(OBJEXT) \
index b9f614cf609f4a638ae7f9a2c0db927a3c2f1d53..ef5d7ebc59d1f13cfd5982082e9edd1ead0bd034 100644 (file)
@@ -68,12 +68,20 @@ rd_and_store_for_creds(context, auth_context, inbuf, out_cred)
     krb5_error_code retval;
     krb5_ccache ccache;
     krb5_gss_cred_id_t cred = NULL;
+    extern krb5_cc_ops krb5_mcc_ops;
 
     if ((retval = krb5_rd_cred(context, auth_context, inbuf, &creds, NULL))) 
        return(retval);
 
-    if ((retval = krb5_cc_default(context, &ccache)))
-       goto cleanup;
+    /* Lots of kludging going on here... Some day the ccache interface
+       will be rewritten though */
+
+    krb5_cc_register(context, &krb5_mcc_ops, 0);
+    if ((retval = krb5_cc_resolve(context, "MEMORY:GSSAPI", &ccache)))
+        goto cleanup;
+
+    if ((retval = krb5_cc_gen_new(context, &ccache)))
+        goto cleanup;
     
     if ((retval = krb5_cc_initialize(context, ccache, creds[0]->client)))
        goto cleanup;
@@ -414,7 +422,7 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
 
                    krb5_auth_con_setflags(context, auth_context_cred, 0);
 
-                   /* store the delegated credential in the user's cache */
+                   /* store the delegated credential */
 
                    rd_and_store_for_creds(context, auth_context_cred,
                                           &option,
diff --git a/src/lib/gssapi/krb5/copy_ccache.c b/src/lib/gssapi/krb5/copy_ccache.c
new file mode 100644 (file)
index 0000000..39d9bc2
--- /dev/null
@@ -0,0 +1,46 @@
+#include "gssapiP_krb5.h"
+
+OM_uint32
+gss_krb5_copy_ccache(minor_status, cred_handle, out_ccache)
+     OM_uint32 *minor_status;
+     gss_cred_id_t cred_handle;
+     krb5_ccache out_ccache;
+{
+   OM_uint32 stat;
+   krb5_gss_cred_id_t k5creds;
+   krb5_cc_cursor cursor;
+   krb5_creds creds;
+   krb5_error_code code;
+   krb5_context context;
+
+   /* validate the cred handle */
+   stat = krb5_gss_validate_cred(minor_status, creds);
+   if (stat)
+       return(stat);
+   
+   k5creds = (krb5_gss_cred_id_t) cred_handle;
+   if (k5creds->usage == GSS_C_ACCEPT) {
+       *minor_status = (OM_uint32) G_BAD_USAGE;
+       return(GSS_S_FAILURE);
+   }
+
+   if (GSS_ERROR(kg_get_context(minor_status, &context)))
+       return (GSS_S_FAILURE);
+
+   code = krb5_cc_start_seq_get(context, k5creds->ccache, &cursor);
+   if (code) {
+       *minor_status = code;
+       return(GSS_S_FAILURE);
+   }
+   while (!code && !krb5_cc_next_cred(context, k5creds->ccache, &creds, &cursor)) 
+       code = krb5_cc_store_cred(context, out_ccache, &creds);
+   krb5_cc_end_seq_get(context, k5creds->ccache, &cursor);
+
+   if (code) {
+       *minor_status = code;
+       return(GSS_S_FAILURE);
+   } else {
+       *minor_status = 0;
+       return(GSS_S_COMPLETE);
+   }
+}
index 71182f22b49e524f7edc434fcc13dcfcfa8d9718..b2ef5806b1cae6d451ce14380a5d18f1be39c57f 100644 (file)
@@ -51,6 +51,10 @@ OM_uint32 gss_krb5_get_tkt_flags
                   gss_ctx_id_t context_handle,
                   krb5_flags *ticket_flags));
 
+OM_uint32 gss_krb5_copy_ccache
+       PROTOTYPE((OM_uint32 *minor_status,
+                  gss_cred_id_t cred_handle,
+                  krb5_ccache out_ccache));
 
 /* this is for backward compatibility only.  It is declared here for
    completeness, but should not be used */