diff options
| author | Tom Yu <tlyu@mit.edu> | 2003-03-06 01:36:51 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2003-03-06 01:36:51 +0000 |
| commit | 74cb6881569b70f41fb9781ebc9a5b95bba59c7d (patch) | |
| tree | 3fd62a4add8feb755fa3c481890be176f3d24137 | |
| parent | 7a97483d469fb8e44c6703767e432278be315a6c (diff) | |
| download | krb5-74cb6881569b70f41fb9781ebc9a5b95bba59c7d.zip krb5-74cb6881569b70f41fb9781ebc9a5b95bba59c7d.tar.gz krb5-74cb6881569b70f41fb9781ebc9a5b95bba59c7d.tar.bz2 | |
* acquire_cred.c (krb5_gss_register_acceptor_identity): New
function. Allows global override of default keytab for
gss_acquire_cred() purposes.
(acquire_accept_cred): Implement override.
* gssapi_krb5.h: Add krb5_gss_register_acceptor_identity.
ticket: 880
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15236 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | src/lib/gssapi/krb5/ChangeLog | 9 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/acquire_cred.c | 66 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/gssapi_krb5.h | 5 |
3 files changed, 61 insertions, 19 deletions
diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index 095f916..7e33383 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,12 @@ +2003-03-05 Tom Yu <tlyu@mit.edu> + + * acquire_cred.c (krb5_gss_register_acceptor_identity): New + function. Allows global override of default keytab for + gss_acquire_cred() purposes. + (acquire_accept_cred): Implement override. + + * gssapi_krb5.h: Add krb5_gss_register_acceptor_identity. + 2003-03-04 Sam Hartman <hartmans@mit.edu> * accept_sec_context.c (rd_and_store_for_creds): Do not expect sequence number in incoming krb_cred message. diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index 23a17b8..2c620b9 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -78,6 +78,29 @@ #include <strings.h> #endif +static char *krb5_gss_keytab = NULL; + +/* Heimdal calls this gsskrb5_register_acceptor_identity. */ +OM_uint32 KRB5_CALLCONV +krb5_gss_register_acceptor_identity(const char *keytab) +{ + size_t len; + + if (keytab == NULL) + return GSS_S_FAILURE; + if (krb5_gss_keytab != NULL) + free(krb5_gss_keytab); + + len = strlen(keytab); + krb5_gss_keytab = malloc(len); + if (krb5_gss_keytab == NULL) + return GSS_S_FAILURE; + + strcpy(krb5_gss_keytab, keytab); + + return GSS_S_COMPLETE; +} + /* get credentials corresponding to a key in the krb5 keytab. If the default name is requested, return the name in output_princ. If output_princ is non-NULL, the caller will use or free it, regardless @@ -103,32 +126,37 @@ acquire_accept_cred(context, minor_status, desired_name, output_princ, cred) /* open the default keytab */ - if ((code = krb5_kt_default(context, &kt))) { + if (krb5_gss_keytab != NULL) + code = krb5_kt_resolve(context, krb5_gss_keytab, &kt); + else + code = krb5_kt_default(context, &kt); + + if (code) { *minor_status = code; return(GSS_S_CRED_UNAVAIL); } -if (desired_name != GSS_C_NO_NAME) { - princ = (krb5_principal) desired_name; - if ((code = krb5_kt_get_entry(context, kt, princ, 0, 0, &entry))) { - (void) krb5_kt_close(context, kt); - if (code == KRB5_KT_NOTFOUND) + if (desired_name != GSS_C_NO_NAME) { + princ = (krb5_principal) desired_name; + if ((code = krb5_kt_get_entry(context, kt, princ, 0, 0, &entry))) { + (void) krb5_kt_close(context, kt); + if (code == KRB5_KT_NOTFOUND) *minor_status = KG_KEYTAB_NOMATCH; - else + else *minor_status = code; - return(GSS_S_CRED_UNAVAIL); - } - krb5_kt_free_entry(context, &entry); - - /* Open the replay cache for this principal. */ - if ((code = krb5_get_server_rcache(context, - krb5_princ_component(context, princ, 0), - &cred->rcache))) { - *minor_status = code; - return(GSS_S_FAILURE); - } + return(GSS_S_CRED_UNAVAIL); + } + krb5_kt_free_entry(context, &entry); -} + /* Open the replay cache for this principal. */ + if ((code = krb5_get_server_rcache(context, + krb5_princ_component(context, princ, 0), + &cred->rcache))) { + *minor_status = code; + return(GSS_S_FAILURE); + } + + } /* hooray. we made it */ diff --git a/src/lib/gssapi/krb5/gssapi_krb5.h b/src/lib/gssapi/krb5/gssapi_krb5.h index 1de52d4..489f654 100644 --- a/src/lib/gssapi/krb5/gssapi_krb5.h +++ b/src/lib/gssapi/krb5/gssapi_krb5.h @@ -100,6 +100,11 @@ extern const gss_OID_desc krb5_gss_oid_array[]; #define gss_krb5_nt_machine_uid_name gss_nt_machine_uid_name #define gss_krb5_nt_string_uid_name gss_nt_string_uid_name +/* Alias for Heimdal compat. */ +#define gsskrb5_register_acceptor_identity krb5_gss_register_acceptor_identity + +OM_uint32 KRB5_CALLCONV krb5_gss_register_acceptor_identity(const char *); + OM_uint32 KRB5_CALLCONV gss_krb5_get_tkt_flags (OM_uint32 *minor_status, gss_ctx_id_t context_handle, |