From: Tom Yu Date: Thu, 6 Mar 2003 01:36:51 +0000 (+0000) Subject: * acquire_cred.c (krb5_gss_register_acceptor_identity): New X-Git-Tag: krb5-1.3-alpha1~41 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=74cb6881569b70f41fb9781ebc9a5b95bba59c7d;p=krb5.git * acquire_cred.c (krb5_gss_register_acceptor_identity): New function. Allows global override of default keytab for gss_acquire_cred() purposes. (acquire_accept_cred): Implement override. * gssapi_krb5.h: Add krb5_gss_register_acceptor_identity. ticket: 880 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15236 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index 095f916e8..7e33383ec 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,12 @@ +2003-03-05 Tom Yu + + * acquire_cred.c (krb5_gss_register_acceptor_identity): New + function. Allows global override of default keytab for + gss_acquire_cred() purposes. + (acquire_accept_cred): Implement override. + + * gssapi_krb5.h: Add krb5_gss_register_acceptor_identity. + 2003-03-04 Sam Hartman * accept_sec_context.c (rd_and_store_for_creds): Do not expect sequence number in incoming krb_cred message. diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index 23a17b863..2c620b940 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -78,6 +78,29 @@ #include #endif +static char *krb5_gss_keytab = NULL; + +/* Heimdal calls this gsskrb5_register_acceptor_identity. */ +OM_uint32 KRB5_CALLCONV +krb5_gss_register_acceptor_identity(const char *keytab) +{ + size_t len; + + if (keytab == NULL) + return GSS_S_FAILURE; + if (krb5_gss_keytab != NULL) + free(krb5_gss_keytab); + + len = strlen(keytab); + krb5_gss_keytab = malloc(len); + if (krb5_gss_keytab == NULL) + return GSS_S_FAILURE; + + strcpy(krb5_gss_keytab, keytab); + + return GSS_S_COMPLETE; +} + /* get credentials corresponding to a key in the krb5 keytab. If the default name is requested, return the name in output_princ. If output_princ is non-NULL, the caller will use or free it, regardless @@ -103,32 +126,37 @@ acquire_accept_cred(context, minor_status, desired_name, output_princ, cred) /* open the default keytab */ - if ((code = krb5_kt_default(context, &kt))) { + if (krb5_gss_keytab != NULL) + code = krb5_kt_resolve(context, krb5_gss_keytab, &kt); + else + code = krb5_kt_default(context, &kt); + + if (code) { *minor_status = code; return(GSS_S_CRED_UNAVAIL); } -if (desired_name != GSS_C_NO_NAME) { - princ = (krb5_principal) desired_name; - if ((code = krb5_kt_get_entry(context, kt, princ, 0, 0, &entry))) { - (void) krb5_kt_close(context, kt); - if (code == KRB5_KT_NOTFOUND) + if (desired_name != GSS_C_NO_NAME) { + princ = (krb5_principal) desired_name; + if ((code = krb5_kt_get_entry(context, kt, princ, 0, 0, &entry))) { + (void) krb5_kt_close(context, kt); + if (code == KRB5_KT_NOTFOUND) *minor_status = KG_KEYTAB_NOMATCH; - else + else *minor_status = code; - return(GSS_S_CRED_UNAVAIL); - } - krb5_kt_free_entry(context, &entry); - - /* Open the replay cache for this principal. */ - if ((code = krb5_get_server_rcache(context, - krb5_princ_component(context, princ, 0), - &cred->rcache))) { - *minor_status = code; - return(GSS_S_FAILURE); - } + return(GSS_S_CRED_UNAVAIL); + } + krb5_kt_free_entry(context, &entry); -} + /* Open the replay cache for this principal. */ + if ((code = krb5_get_server_rcache(context, + krb5_princ_component(context, princ, 0), + &cred->rcache))) { + *minor_status = code; + return(GSS_S_FAILURE); + } + + } /* hooray. we made it */ diff --git a/src/lib/gssapi/krb5/gssapi_krb5.h b/src/lib/gssapi/krb5/gssapi_krb5.h index 1de52d42e..489f65434 100644 --- a/src/lib/gssapi/krb5/gssapi_krb5.h +++ b/src/lib/gssapi/krb5/gssapi_krb5.h @@ -100,6 +100,11 @@ extern const gss_OID_desc krb5_gss_oid_array[]; #define gss_krb5_nt_machine_uid_name gss_nt_machine_uid_name #define gss_krb5_nt_string_uid_name gss_nt_string_uid_name +/* Alias for Heimdal compat. */ +#define gsskrb5_register_acceptor_identity krb5_gss_register_acceptor_identity + +OM_uint32 KRB5_CALLCONV krb5_gss_register_acceptor_identity(const char *); + OM_uint32 KRB5_CALLCONV gss_krb5_get_tkt_flags (OM_uint32 *minor_status, gss_ctx_id_t context_handle,