* acquire_cred.c (krb5_gss_register_acceptor_identity): New

author Tom Yu <tlyu@mit.edu>

Thu, 6 Mar 2003 01:36:51 +0000 (01:36 +0000)

committer Tom Yu <tlyu@mit.edu>

Thu, 6 Mar 2003 01:36:51 +0000 (01:36 +0000)
author Tom Yu <tlyu@mit.edu>
Thu, 6 Mar 2003 01:36:51 +0000 (01:36 +0000)
committer Tom Yu <tlyu@mit.edu>
Thu, 6 Mar 2003 01:36:51 +0000 (01:36 +0000)
diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog

index 095f916e8635deff5169bacef1b992ab7fe3d5ee..7e33383ec95fe5e0498215aa011fd5a86fed135b 100644 (file)
--- a/src/lib/gssapi/krb5/ChangeLog
+++ b/src/lib/gssapi/krb5/ChangeLog
@@ -1,3 +1,12 @@
+2003-03-05  Tom Yu  <tlyu@mit.edu>
+
+       * acquire_cred.c (krb5_gss_register_acceptor_identity): New
+       function.  Allows global override of default keytab for
+       gss_acquire_cred() purposes.
+       (acquire_accept_cred): Implement override.
+
+       * gssapi_krb5.h: Add krb5_gss_register_acceptor_identity.
+
  2003-03-04  Sam Hartman  <hartmans@mit.edu>
  
         * accept_sec_context.c (rd_and_store_for_creds): Do not expect sequence number in incoming krb_cred message.
diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c

index 23a17b86368f58556a1aeeed391b487d00976536..2c620b940567fcd6540b2927aca2733c39d66994 100644 (file)
--- a/src/lib/gssapi/krb5/acquire_cred.c
+++ b/src/lib/gssapi/krb5/acquire_cred.c
@@ -78,6 +78,29 @@
  #include <strings.h>
  #endif
  
+static char *krb5_gss_keytab = NULL;
+
+/* Heimdal calls this gsskrb5_register_acceptor_identity. */
+OM_uint32 KRB5_CALLCONV
+krb5_gss_register_acceptor_identity(const char *keytab)
+{
+    size_t     len;
+
+    if (keytab == NULL)
+       return GSS_S_FAILURE;
+    if (krb5_gss_keytab != NULL)
+       free(krb5_gss_keytab);
+
+    len = strlen(keytab);
+    krb5_gss_keytab = malloc(len);
+    if (krb5_gss_keytab == NULL)
+       return GSS_S_FAILURE;
+
+    strcpy(krb5_gss_keytab, keytab);
+
+    return GSS_S_COMPLETE;
+}
+
  /* get credentials corresponding to a key in the krb5 keytab.
     If the default name is requested, return the name in output_princ.
       If output_princ is non-NULL, the caller will use or free it, regardless
@@ -103,32 +126,37 @@ acquire_accept_cred(context, minor_status, desired_name, output_princ, cred)
  
     /* open the default keytab */
  
-   if ((code = krb5_kt_default(context, &kt))) {
+   if (krb5_gss_keytab != NULL)
+      code = krb5_kt_resolve(context, krb5_gss_keytab, &kt);
+   else
+      code = krb5_kt_default(context, &kt);
+
+   if (code) {
        *minor_status = code;
        return(GSS_S_CRED_UNAVAIL);
     }
  
-if (desired_name != GSS_C_NO_NAME) {
-    princ = (krb5_principal) desired_name;
-    if ((code = krb5_kt_get_entry(context, kt, princ, 0, 0, &entry))) {
-       (void) krb5_kt_close(context, kt);
-       if (code == KRB5_KT_NOTFOUND)
+   if (desired_name != GSS_C_NO_NAME) {
+      princ = (krb5_principal) desired_name;
+      if ((code = krb5_kt_get_entry(context, kt, princ, 0, 0, &entry))) {
+        (void) krb5_kt_close(context, kt);
+        if (code == KRB5_KT_NOTFOUND)
             *minor_status = KG_KEYTAB_NOMATCH;
-       else
+        else
             *minor_status = code;
-       return(GSS_S_CRED_UNAVAIL);
-    }
-    krb5_kt_free_entry(context, &entry);
-
-    /* Open the replay cache for this principal. */
-    if ((code = krb5_get_server_rcache(context,
-                                      krb5_princ_component(context, princ, 0),
-                                      &cred->rcache))) {
-       *minor_status = code;
-       return(GSS_S_FAILURE);
-    }
+        return(GSS_S_CRED_UNAVAIL);
+      }
+      krb5_kt_free_entry(context, &entry);
  
-}
+      /* Open the replay cache for this principal. */
+      if ((code = krb5_get_server_rcache(context,
+                                        krb5_princ_component(context, princ, 0),
+                                        &cred->rcache))) {
+        *minor_status = code;
+        return(GSS_S_FAILURE);
+      }
+
+   }
  
  /* hooray.  we made it */
  
diff --git a/src/lib/gssapi/krb5/gssapi_krb5.h b/src/lib/gssapi/krb5/gssapi_krb5.h

index 1de52d42eadc3c911f92dc99c5ffb1f0f1a1b432..489f65434a7a9aeda19dcf53f97b78d762f6d3b8 100644 (file)
--- a/src/lib/gssapi/krb5/gssapi_krb5.h
+++ b/src/lib/gssapi/krb5/gssapi_krb5.h
@@ -100,6 +100,11 @@ extern const gss_OID_desc krb5_gss_oid_array[];
  #define gss_krb5_nt_machine_uid_name   gss_nt_machine_uid_name
  #define gss_krb5_nt_string_uid_name    gss_nt_string_uid_name
  
+/* Alias for Heimdal compat. */
+#define gsskrb5_register_acceptor_identity krb5_gss_register_acceptor_identity
+
+OM_uint32 KRB5_CALLCONV krb5_gss_register_acceptor_identity(const char *);
+
  OM_uint32 KRB5_CALLCONV gss_krb5_get_tkt_flags 
         (OM_uint32 *minor_status,
                    gss_ctx_id_t context_handle,
author	Tom Yu <tlyu@mit.edu>
	Thu, 6 Mar 2003 01:36:51 +0000 (01:36 +0000)
committer	Tom Yu <tlyu@mit.edu>
	Thu, 6 Mar 2003 01:36:51 +0000 (01:36 +0000)
src/lib/gssapi/krb5/ChangeLog		patch \| blob \| history
src/lib/gssapi/krb5/acquire_cred.c		patch \| blob \| history
src/lib/gssapi/krb5/gssapi_krb5.h		patch \| blob \| history