diff options
Diffstat (limited to 'src/lib/gssapi/krb5/acquire_cred.c')
-rw-r--r-- | src/lib/gssapi/krb5/acquire_cred.c | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index c815b35..c08e059 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -417,6 +417,34 @@ prep_ccache(krb5_context context, krb5_gss_cred_id_rec *cred, return 0; } +/* If an impersonator config entry exists in ccache, set *impersonator_out to + * the parsed principal. Otherwise set *impersonator_out to NULL. */ +static krb5_error_code +get_impersonator(krb5_context context, krb5_ccache ccache, + krb5_principal *impersonator_out) +{ + krb5_error_code code; + krb5_data data = empty_data(), data0 = empty_data(); + + *impersonator_out = NULL; + + code = krb5_cc_get_config(context, ccache, NULL, + KRB5_CONF_PROXY_IMPERSONATOR, &data); + if (code) + return (code == KRB5_CC_NOTFOUND) ? 0 : code; + + code = krb5int_copy_data_contents_add0(context, &data, &data0); + if (code) + goto cleanup; + + code = krb5_parse_name(context, data0.data, impersonator_out); + +cleanup: + krb5_free_data_contents(context, &data); + krb5_free_data_contents(context, &data0); + return code; +} + /* Check ccache and scan it for its expiry time. On success, cred takes * ownership of ccache. */ static krb5_error_code @@ -493,6 +521,10 @@ scan_ccache(krb5_context context, krb5_gss_cred_id_rec *cred, goto cleanup; } + code = get_impersonator(context, ccache, &cred->impersonator); + if (code) + goto cleanup; + (void)krb5_cc_set_flags(context, ccache, KRB5_TC_OPENCLOSE); cred->ccache = ccache; @@ -622,6 +654,7 @@ acquire_cred(OM_uint32 *minor_status, cred->usage = args->cred_usage; cred->name = NULL; + cred->impersonator = NULL; cred->iakerb_mech = args->iakerb; cred->default_identity = (name == NULL); #ifndef LEAN_CLIENT |