Add a set_cred_option handler for SPNEGO which forwards to the

underlying mechanism.  Fixes SPNEGO credential delegation in 1.7 and
copying of SPNEGO initiator creds in both 1.7 and trunk.  Patch
provided by nalin@redhat.com.

ticket: 6594
target_version: 1.7.1
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23482 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/gssapi/spnego/gssapiP_spnego.h b/src/lib/gssapi/spnego/gssapiP_spnego.h
index 80c23e2838b3c50f5e8e4d24f22b1ba93d862678..4bfe863f9958a85aef18ae3e8374a6e731651fbb 100644 (file)
--- a/src/lib/gssapi/spnego/gssapiP_spnego.h
+++ b/src/lib/gssapi/spnego/gssapiP_spnego.h
@@ -351,6 +351,15 @@ spnego_gss_inquire_cred_by_oid
        gss_buffer_set_t *data_set
 );
 
+OM_uint32
+spnego_gss_set_cred_option
+(
+       OM_uint32 *minor_status,
+       gss_cred_id_t cred_handle,
+       const gss_OID desired_object,
+       const gss_buffer_t value
+);
+
 OM_uint32
 spnego_gss_set_sec_context_option
 (

diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
index e0f53d579211d9010e4bdd9de397e68eb5b07fc0..669b343d978b69e622d9f64ad833e39197f6430b 100644 (file)
--- a/src/lib/gssapi/spnego/spnego_mech.c
+++ b/src/lib/gssapi/spnego/spnego_mech.c
@@ -250,7 +250,7 @@ static struct gss_config spnego_mechanism =
        spnego_gss_inquire_sec_context_by_oid, /* gss_inquire_sec_context_by_oid */
        spnego_gss_inquire_cred_by_oid, /* gss_inquire_cred_by_oid */
        spnego_gss_set_sec_context_option, /* gss_set_sec_context_option */
-       NULL,                           /* gssspi_set_cred_option */
+       spnego_gss_set_cred_option,     /* gssspi_set_cred_option */
        NULL,                           /* gssspi_mech_invoke */
        spnego_gss_wrap_aead,
        spnego_gss_unwrap_aead,
@@ -2186,6 +2186,21 @@ spnego_gss_inquire_cred_by_oid(
        return (ret);
 }
 
+OM_uint32
+spnego_gss_set_cred_option(
+               OM_uint32 *minor_status,
+               gss_cred_id_t cred_handle,
+               const gss_OID desired_object,
+               const gss_buffer_t value)
+{
+       OM_uint32 ret;
+       ret = gssspi_set_cred_option(minor_status,
+                                    cred_handle,
+                                    desired_object,
+                                    value);
+       return (ret);
+}
+
 OM_uint32
 spnego_gss_set_sec_context_option(
                OM_uint32 *minor_status,