| |
@@ -8,6 +8,7 @@
|
| |
OM_uint32 time_req,
|
| |
const gss_OID_set desired_mechs,
|
| |
gss_cred_usage_t cred_usage,
|
| |
+ gss_const_key_value_set_t cred_store,
|
| |
struct gpp_cred_handle *out_cred_handle,
|
| |
gss_OID_set *actual_mechs,
|
| |
OM_uint32 *time_rec)
|
| |
@@ -43,14 +44,15 @@
|
| |
goto done;
|
| |
}
|
| |
|
| |
- maj = gss_acquire_cred(&min,
|
| |
- name ? name->local : NULL,
|
| |
- time_req,
|
| |
- special_mechs,
|
| |
- cred_usage,
|
| |
- &out_cred_handle->local,
|
| |
- actual_mechs,
|
| |
- time_rec);
|
| |
+ maj = gss_acquire_cred_from(&min,
|
| |
+ name ? name->local : NULL,
|
| |
+ time_req,
|
| |
+ special_mechs,
|
| |
+ cred_usage,
|
| |
+ cred_store,
|
| |
+ &out_cred_handle->local,
|
| |
+ actual_mechs,
|
| |
+ time_rec);
|
| |
|
| |
done:
|
| |
*minor_status = min;
|
| |
@@ -67,9 +69,25 @@
|
| |
gss_OID_set *actual_mechs,
|
| |
OM_uint32 *time_rec)
|
| |
{
|
| |
+ return gssi_acquire_cred_from(minor_status, desired_name, time_req,
|
| |
+ desired_mechs, cred_usage, NULL,
|
| |
+ output_cred_handle, actual_mechs, time_rec);
|
| |
+ }
|
| |
+
|
| |
+ OM_uint32 gssi_acquire_cred_from(OM_uint32 *minor_status,
|
| |
+ const gss_name_t desired_name,
|
| |
+ OM_uint32 time_req,
|
| |
+ const gss_OID_set desired_mechs,
|
| |
+ gss_cred_usage_t cred_usage,
|
| |
+ gss_const_key_value_set_t cred_store,
|
| |
+ gss_cred_id_t *output_cred_handle,
|
| |
+ gss_OID_set *actual_mechs,
|
| |
+ OM_uint32 *time_rec)
|
| |
+ {
|
| |
enum gpp_behavior behavior;
|
| |
struct gpp_name_handle *name;
|
| |
struct gpp_cred_handle *out_cred_handle = NULL;
|
| |
+ struct gssx_cred *in_cred_remote = NULL;
|
| |
OM_uint32 maj, min;
|
| |
OM_uint32 tmaj, tmin;
|
| |
|
| |
@@ -93,11 +111,38 @@
|
| |
name = (struct gpp_name_handle *)desired_name;
|
| |
behavior = gpp_get_behavior();
|
| |
|
| |
+ /* if a cred_store option is passed in, check if it references
|
| |
+ * valid credentials, if so switch behavior appropriately */
|
| |
+ if (cred_store) {
|
| |
+ for (unsigned i = 0; i < cred_store->count; i++) {
|
| |
+ if (strcmp(cred_store->elements[i].key, "ccache") == 0) {
|
| |
+ gssx_cred remote = {0};
|
| |
+ maj = gppint_retrieve_remote_creds(&min,
|
| |
+ cred_store->elements[i].value, NULL, &remote);
|
| |
+ if (maj == GSS_S_COMPLETE) {
|
| |
+ in_cred_remote = malloc(sizeof(gssx_cred));
|
| |
+ if (!in_cred_remote) {
|
| |
+ maj = GSS_S_FAILURE;
|
| |
+ min = ENOMEM;
|
| |
+ goto done;
|
| |
+ }
|
| |
+ *in_cred_remote = remote;
|
| |
+ break;
|
| |
+ }
|
| |
+ }
|
| |
+ }
|
| |
+ if (in_cred_remote) {
|
| |
+ behavior = GPP_REMOTE_ONLY;
|
| |
+ } else {
|
| |
+ behavior = GPP_LOCAL_ONLY;
|
| |
+ }
|
| |
+ }
|
| |
+
|
| |
/* See if we should try local first */
|
| |
if (behavior == GPP_LOCAL_ONLY || behavior == GPP_LOCAL_FIRST) {
|
| |
|
| |
maj = acquire_local(&min, NULL, name,
|
| |
- time_req, desired_mechs, cred_usage,
|
| |
+ time_req, desired_mechs, cred_usage, cred_store,
|
| |
out_cred_handle, actual_mechs, time_rec);
|
| |
|
| |
if (maj == GSS_S_COMPLETE || behavior == GPP_LOCAL_ONLY) {
|
| |
@@ -117,7 +162,7 @@
|
| |
}
|
| |
}
|
| |
|
| |
- maj = gpm_acquire_cred(&min, NULL,
|
| |
+ maj = gpm_acquire_cred(&min, in_cred_remote,
|
| |
name ? name->remote : NULL,
|
| |
time_req,
|
| |
desired_mechs,
|
| |
@@ -132,7 +177,7 @@
|
| |
if (behavior == GPP_REMOTE_FIRST) {
|
| |
/* So remote failed, but we can fallback to local, try that */
|
| |
maj = acquire_local(&min, NULL, name,
|
| |
- time_req, desired_mechs, cred_usage,
|
| |
+ time_req, desired_mechs, cred_usage, cred_store,
|
| |
out_cred_handle, actual_mechs, time_rec);
|
| |
}
|
| |
|
| |
@@ -143,6 +188,10 @@
|
| |
maj = tmaj;
|
| |
min = tmin;
|
| |
}
|
| |
+ if (in_cred_remote) {
|
| |
+ xdr_free((xdrproc_t)xdr_gssx_cred, (char *)in_cred_remote);
|
| |
+ free(in_cred_remote);
|
| |
+ }
|
| |
if (maj == GSS_S_COMPLETE) {
|
| |
*output_cred_handle = (gss_cred_id_t)out_cred_handle;
|
| |
} else {
|
| |
@@ -164,6 +213,26 @@
|
| |
OM_uint32 *initiator_time_rec,
|
| |
OM_uint32 *acceptor_time_rec)
|
| |
{
|
| |
+ return gssi_add_cred_from(minor_status, input_cred_handle, desired_name,
|
| |
+ desired_mech, cred_usage, initiator_time_req,
|
| |
+ acceptor_time_req, NULL, output_cred_handle,
|
| |
+ actual_mechs, initiator_time_rec,
|
| |
+ acceptor_time_rec);
|
| |
+ }
|
| |
+
|
| |
+ OM_uint32 gssi_add_cred_from(OM_uint32 *minor_status,
|
| |
+ const gss_cred_id_t input_cred_handle,
|
| |
+ const gss_name_t desired_name,
|
| |
+ const gss_OID desired_mech,
|
| |
+ gss_cred_usage_t cred_usage,
|
| |
+ OM_uint32 initiator_time_req,
|
| |
+ OM_uint32 acceptor_time_req,
|
| |
+ gss_const_key_value_set_t cred_store,
|
| |
+ gss_cred_id_t *output_cred_handle,
|
| |
+ gss_OID_set *actual_mechs,
|
| |
+ OM_uint32 *initiator_time_rec,
|
| |
+ OM_uint32 *acceptor_time_rec)
|
| |
+ {
|
| |
gss_OID_set desired_mechs = GSS_C_NO_OID_SET;
|
| |
OM_uint32 time_req, time_rec;
|
| |
OM_uint32 maj, min;
|
| |
@@ -206,14 +275,9 @@
|
| |
time_req = 0;
|
| |
}
|
| |
|
| |
- maj = gssi_acquire_cred(minor_status,
|
| |
- desired_name,
|
| |
- time_req,
|
| |
- desired_mechs,
|
| |
- cred_usage,
|
| |
- output_cred_handle,
|
| |
- actual_mechs,
|
| |
- &time_rec);
|
| |
+ maj = gssi_acquire_cred_from(minor_status, desired_name, time_req,
|
| |
+ desired_mechs, cred_usage, NULL,
|
| |
+ output_cred_handle, actual_mechs, &time_rec);
|
| |
if (maj == GSS_S_COMPLETE) {
|
| |
if (acceptor_time_rec &&
|
| |
(cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH)) {
|
| |
@@ -375,7 +439,7 @@
|
| |
if (behavior == GPP_LOCAL_ONLY || behavior == GPP_LOCAL_FIRST) {
|
| |
|
| |
maj = acquire_local(&min, impersonator_cred_handle, name,
|
| |
- time_req, desired_mechs, cred_usage,
|
| |
+ time_req, desired_mechs, cred_usage, NULL,
|
| |
out_cred_handle, actual_mechs, time_rec);
|
| |
|
| |
if (maj == GSS_S_COMPLETE || behavior == GPP_LOCAL_ONLY) {
|
| |
@@ -412,7 +476,7 @@
|
| |
if (behavior == GPP_REMOTE_FIRST) {
|
| |
/* So remote failed, but we can fallback to local, try that */
|
| |
maj = acquire_local(&min, impersonator_cred_handle, name,
|
| |
- time_req, desired_mechs, cred_usage,
|
| |
+ time_req, desired_mechs, cred_usage, NULL,
|
| |
out_cred_handle, actual_mechs, time_rec);
|
| |
}
|
| |
|
| |
@@ -431,4 +495,3 @@
|
| |
*minor_status = gpp_map_error(min);
|
| |
return maj;
|
| |
}
|
| |
-
|
| |