diff options
| author | Luke Howard <lukeh@padl.com> | 2011-04-03 08:52:25 +0000 |
|---|---|---|
| committer | Luke Howard <lukeh@padl.com> | 2011-04-03 08:52:25 +0000 |
| commit | 5aba073b9c90bdd43c15151d0a96970e76e8a5fd (patch) | |
| tree | de0c309007b6593042bc71d282dee65cc46887e3 | |
| parent | 7c9fe03bfd4dfb1f2db8bd65c1f42bb95ec1c902 (diff) | |
| download | krb5-5aba073b9c90bdd43c15151d0a96970e76e8a5fd.zip krb5-5aba073b9c90bdd43c15151d0a96970e76e8a5fd.tar.gz krb5-5aba073b9c90bdd43c15151d0a96970e76e8a5fd.tar.bz2 | |
use global server_creds for impersonator cred handle
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24824 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | src/appl/gss-sample/gss-server.c | 30 |
1 files changed, 8 insertions, 22 deletions
diff --git a/src/appl/gss-sample/gss-server.c b/src/appl/gss-sample/gss-server.c index 2f2d4fa..aa7d9b0 100644 --- a/src/appl/gss-sample/gss-server.c +++ b/src/appl/gss-sample/gss-server.c @@ -76,6 +76,7 @@ enumerateAttributes(OM_uint32 *minor, gss_name_t name, int noisy); static OM_uint32 kerberosProtocolTransition(OM_uint32 *minor, + gss_cred_id_t localCreds, gss_name_t authenticatedInitiator, int flags, gss_name_t delegTargetName); @@ -120,7 +121,7 @@ int verbose = 0; */ static int -server_acquire_creds(char *service_name, gss_cred_id_t *server_creds) +server_acquire_creds(char *service_name, int flags, gss_cred_id_t *server_creds) { gss_buffer_desc name_buf; gss_name_t server_name; @@ -136,7 +137,8 @@ server_acquire_creds(char *service_name, gss_cred_id_t *server_creds) } maj_stat = gss_acquire_cred(&min_stat, server_name, 0, - GSS_C_NO_OID_SET, GSS_C_ACCEPT, + GSS_C_NO_OID_SET, + (flags & FLAG_S4U) ? GSS_C_BOTH : GSS_C_ACCEPT, server_creds, NULL, NULL); if (maj_stat != GSS_S_COMPLETE) { display_status("acquiring credentials", maj_stat, min_stat); @@ -303,7 +305,8 @@ server_establish_context(int s, gss_cred_id_t server_creds, int flags, } enumerateAttributes(&min_stat, client, TRUE); if (flags & FLAG_S4U) { - kerberosProtocolTransition(&min_stat, client, flags, deleg_target); + kerberosProtocolTransition(&min_stat, server_creds, + client, flags, deleg_target); } maj_stat = gss_release_name(&min_stat, &client); if (maj_stat != GSS_S_COMPLETE) { @@ -784,7 +787,7 @@ main(int argc, char **argv) service_name = *argv; - if (server_acquire_creds(service_name, &server_creds) < 0) + if (server_acquire_creds(service_name, flags, &server_creds) < 0) return -1; if (import_deleg_target(deleg_target_name, &deleg_target) < 0) @@ -1129,12 +1132,12 @@ constrainedDelegate(OM_uint32 *minor, static OM_uint32 kerberosProtocolTransition(OM_uint32 *minor, + gss_cred_id_t impersonator_cred_handle, gss_name_t authenticatedInitiator, int flags, gss_name_t delegTargetName) { OM_uint32 major, tmpMinor; - gss_cred_id_t impersonator_cred_handle = GSS_C_NO_CREDENTIAL; gss_cred_id_t user_cred_handle = GSS_C_NO_CREDENTIAL; gss_cred_id_t delegated_cred_handle = GSS_C_NO_CREDENTIAL; gss_name_t anonName = GSS_C_NO_NAME; @@ -1147,22 +1150,6 @@ kerberosProtocolTransition(OM_uint32 *minor, mechs.elements = (gss_OID)gss_mech_krb5; mechs.count = 1; - /* get default cred */ - major = gss_acquire_cred(minor, - GSS_C_NO_NAME, - GSS_C_INDEFINITE, - &mechs, - GSS_C_BOTH, - &impersonator_cred_handle, - &actual_mechs, - NULL); - if (GSS_ERROR(major)) { - display_status("gss_acquire_cred", major, *minor); - goto out; - } - - (void) gss_release_oid_set(minor, &actual_mechs); - fprintf(logfile, "Protocol transition tests follow\n"); fprintf(logfile, "-----------------------------------\n\n"); @@ -1250,7 +1237,6 @@ out: (void) gss_release_name(&tmpMinor, &user); (void) gss_release_name(&tmpMinor, &anonName); (void) gss_release_cred(&tmpMinor, &delegated_cred_handle); - (void) gss_release_cred(&tmpMinor, &impersonator_cred_handle); (void) gss_release_cred(&tmpMinor, &user_cred_handle); (void) gss_release_oid_set(&tmpMinor, &actual_mechs); (void) gss_release_buffer(&tmpMinor, &assertion); |