Add code to support appropriate behavior when the input credentials is
authorTheodore Tso <tytso@mit.edu>
Fri, 3 May 1996 21:03:00 +0000 (21:03 +0000)
committerTheodore Tso <tytso@mit.edu>
Fri, 3 May 1996 21:03:00 +0000 (21:03 +0000)
NULL (i.e., the default credential).  We use the default credential
for the "default mechanism", which is the first mechanism registered
with the library.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7887 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/gssapi/mechglue/ChangeLog
src/lib/gssapi/mechglue/g_inq_cred.c

index 93351081dc130424f8bd5ed48b7ebb04aca26cf7..edeb659ee35689115e6acfb98b37a6078cf8130b 100644 (file)
@@ -1,3 +1,11 @@
+Fri May  3 16:43:43 1996  Theodore Y. Ts'o  <tytso@mit.edu>
+
+       * g_inq_cred.c (gss_inquire_cred): Add code to support appropriate
+               behavior when the input credentials is NULL (i.e., the
+               default credential).  We use the default credential for
+               the "default mechanism", which is the first mechanism
+               registered with the library.
+
 Thu Apr 11 20:11:00 1996  Theodore Y. Ts'o  <tytso@dcl>
 
        * g_acquire_cred.c (gss_add_cred): Fixed code to correctly handle
index ae64937426e1dd1243d8a595fecb4ba876e87967..27412df02c2f853d6b45821a1585bc598d79adc6 100644 (file)
@@ -50,28 +50,58 @@ int *                       cred_usage;
 gss_OID_set *          mechanisms;
 
 {
-    OM_uint32          elapsed_time, temp_minor_status;
+    OM_uint32          status, elapsed_time, temp_minor_status;
     gss_union_cred_t   union_cred;
+    gss_mechanism      mech;
+    gss_name_t         internal_name;
     int                        i;
     
     gss_initialize();
 
-    if(cred_handle == GSS_C_NO_CREDENTIAL)
-       
-       /* This action doesn't conform to the spec. We are supposed
-        * to return information about the default credential.
-        * However, we don't know what mechanism the default
-        * credential is associated with, so we can't call
-        * the mechanism specific version of gss_inquire_cred().
-        * Consequently, we just return NO_CRED.
+    if (cred_handle == GSS_C_NO_CREDENTIAL) {
+       /*
+        * No credential was supplied. This means we can't get a mechanism
+        * pointer to call the mechanism specific gss_inquire_cred.
+        * So, call get_mechanism with an arguement of GSS_C_NULL_OID.
+        * get_mechanism will return the first mechanism in the mech
+        * array, which becomes the default mechanism.
         */
+
+       if ((mech = __gss_get_mechanism(GSS_C_NULL_OID)) == NULL)
+           return(GSS_S_NO_CRED);
+
+       if (!mech->gss_inquire_cred)
+               return (GSS_S_FAILURE);
        
-       return(GSS_S_NO_CRED);
-    else
+       status = mech->gss_inquire_cred(mech->context, minor_status,
+                                       GSS_C_NO_CREDENTIAL,
+                                       name ? &internal_name : NULL,
+                                       lifetime, cred_usage, mechanisms);
+
+       if (status != GSS_S_COMPLETE)
+           return(status);
+
+       if (name) {
+           /*
+            * Convert internal_name into a union_name equivalent.
+            */
+           status = __gss_convert_name_to_union_name(&temp_minor_status,
+                                                     mech, internal_name,
+                                                     name);
+           if (status != GSS_S_COMPLETE) {
+               if (minor_status)
+                   *minor_status = temp_minor_status;
+               __gss_release_internal_name(&temp_minor_status,
+                                           &mech->mech_type, &internal_name);
+               return (status);
+           }
+       }
+       return(GSS_S_COMPLETE);
+    } 
        
-       /* get the cred_handle cast as a union_credentials structure */
+    /* get the cred_handle cast as a union_credentials structure */
        
-       union_cred = (gss_union_cred_t) cred_handle;
+    union_cred = (gss_union_cred_t) cred_handle;
     
     /*
      * get the information out of the union_cred structure that was