return (GSS_S_COMPLETE);
}
-
-/*
- * Internal routines to get and release an internal mechanism name
- */
-
-#if 0
static OM_uint32
-import_internal_name_composite(OM_uint32 *minor_status,
- gss_mechanism mech,
- gss_union_name_t union_name,
- gss_name_t *internal_name)
+import_internal_attributes(OM_uint32 *minor,
+ gss_mechanism dmech,
+ gss_union_name_t sname,
+ gss_name_t dname)
{
- OM_uint32 status, tmp;
- gss_mechanism name_mech;
- gss_buffer_desc composite_name;
+ OM_uint32 major, tmpMinor;
+ gss_mechanism smech;
+ gss_buffer_set_t attrs = GSS_C_NO_BUFFER_SET;
+ size_t i;
- if (mech->gss_import_name == NULL)
+ if (sname->mech_name == GSS_C_NO_NAME)
return (GSS_S_UNAVAILABLE);
- name_mech = gssint_get_mechanism(union_name->mech_type);
- if (name_mech == NULL)
+ smech = gssint_get_mechanism (sname->mech_type);
+ if (smech == NULL)
return (GSS_S_BAD_MECH);
- if (name_mech->gss_export_name_composite == NULL)
+ if (smech->gss_inquire_name == NULL ||
+ smech->gss_get_name_attribute == NULL)
return (GSS_S_UNAVAILABLE);
- composite_name.length = 0;
- composite_name.value = NULL;
+ if (dmech->gss_set_name_attribute == NULL)
+ return (GSS_S_UNAVAILABLE);
- status = (*name_mech->gss_export_name_composite)(minor_status,
- union_name->mech_name,
- &composite_name);
- if (GSS_ERROR(status))
- return (status);
+ major = smech->gss_inquire_name(minor, sname->mech_name,
+ NULL, NULL, &attrs);
+ if (GSS_ERROR(major) || attrs == GSS_C_NO_BUFFER_SET) {
+ gss_release_buffer_set(&tmpMinor, &attrs);
+ return (major);
+ }
- status = (*mech->gss_import_name)(minor_status,
- &composite_name,
- gss_nt_exported_name,
- internal_name);
+ for (i = 0; i < attrs->count; i++) {
+ int more = -1;
- gss_release_buffer(&tmp, &composite_name);
+ while (more != 0) {
+ gss_buffer_desc value, display_value;
+ int authenticated, complete;
- return (status);
+ major = smech->gss_get_name_attribute(minor, sname->mech_name,
+ &attrs->elements[i],
+ &authenticated, &complete,
+ &value, &display_value,
+ &more);
+ if (GSS_ERROR(major))
+ continue;
+
+ if (authenticated) {
+ dmech->gss_set_name_attribute(minor, dname, complete,
+ &attrs->elements[i], &value);
+ }
+
+ gss_release_buffer(&tmpMinor, &value);
+ gss_release_buffer(&tmpMinor, &display_value);
+ }
+ }
+
+ gss_release_buffer_set(&tmpMinor, &attrs);
+
+ return (GSS_S_COMPLETE);
}
-#endif
+
+/*
+ * Internal routines to get and release an internal mechanism name
+ */
OM_uint32 gssint_import_internal_name (minor_status, mech_type, union_name,
internal_name)
gss_union_name_t union_name;
gss_name_t *internal_name;
{
- OM_uint32 status;
+ OM_uint32 status, tmpMinor;
gss_mechanism mech;
mech = gssint_get_mechanism (mech_type);
if (mech == NULL)
return (GSS_S_BAD_MECH);
-#if 0
- /* Try composite name, it will preserve any extended attributes */
- if (union_name->mech_type && union_name->mech_name) {
- status = import_internal_name_composite(minor_status,
- mech,
- union_name,
- internal_name);
- if (status == GSS_S_COMPLETE)
- return (GSS_S_COMPLETE);
+ /*
+ * If we are importing a name for the same mechanism, and the
+ * mechanism implements gss_duplicate_name, then use that.
+ */
+ if (union_name->mech_name != GSS_C_NO_NAME &&
+ g_OID_equal(union_name->mech_type, mech_type) &&
+ mech->gss_duplicate_name != NULL) {
+ status = mech->gss_duplicate_name(minor_status,
+ union_name->mech_name,
+ internal_name);
+ if (status != GSS_S_UNAVAILABLE) {
+ map_error(minor_status, mech);
+ return (status);
+ }
}
-#endif
if (mech->gss_import_name == NULL)
return (GSS_S_UNAVAILABLE);
union_name->external_name,
union_name->name_type,
internal_name);
- if (status != GSS_S_COMPLETE)
+ if (status == GSS_S_COMPLETE) {
+ /* Attempt to round-trip attributes */
+ (void) import_internal_attributes(&tmpMinor, mech,
+ union_name, *internal_name);
+ } else {
map_error(minor_status, mech);
+ }
return (status);
}
NULL, /* gssd_pname_to_uid */
NULL, /* gss_userok */
NULL, /* gss_export_name */
+ spnego_gss_duplicate_name, /* gss_duplicate_name */
NULL, /* gss_store_cred */
spnego_gss_inquire_sec_context_by_oid, /* gss_inquire_sec_context_by_oid */
spnego_gss_inquire_cred_by_oid, /* gss_inquire_cred_by_oid */
return (status);
}
+/*ARGSUSED*/
+OM_uint32
+spnego_gss_duplicate_name(
+ OM_uint32 *minor_status,
+ const gss_name_t input_name,
+ gss_name_t *output_name)
+{
+ OM_uint32 status;
+
+ dsyslog("Entering duplicate_name\n");
+
+ status = gss_duplicate_name(minor_status, input_name, output_name);
+
+ dsyslog("Leaving duplicate_name\n");
+ return (status);
+}
+
OM_uint32
spnego_gss_inquire_cred(
OM_uint32 *minor_status,