From: Theodore Tso Date: Fri, 3 May 1996 21:03:00 +0000 (+0000) Subject: Add code to support appropriate behavior when the input credentials is X-Git-Tag: krb5-1.0-beta6~155 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=79c2315fd4538016165b7ed4fd3c42e49b6ff642;p=krb5.git Add code to support appropriate behavior when the input credentials is NULL (i.e., the default credential). We use the default credential for the "default mechanism", which is the first mechanism registered with the library. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7887 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/gssapi/mechglue/ChangeLog b/src/lib/gssapi/mechglue/ChangeLog index 93351081d..edeb659ee 100644 --- a/src/lib/gssapi/mechglue/ChangeLog +++ b/src/lib/gssapi/mechglue/ChangeLog @@ -1,3 +1,11 @@ +Fri May 3 16:43:43 1996 Theodore Y. Ts'o + + * g_inq_cred.c (gss_inquire_cred): Add code to support appropriate + behavior when the input credentials is NULL (i.e., the + default credential). We use the default credential for + the "default mechanism", which is the first mechanism + registered with the library. + Thu Apr 11 20:11:00 1996 Theodore Y. Ts'o * g_acquire_cred.c (gss_add_cred): Fixed code to correctly handle diff --git a/src/lib/gssapi/mechglue/g_inq_cred.c b/src/lib/gssapi/mechglue/g_inq_cred.c index ae6493742..27412df02 100644 --- a/src/lib/gssapi/mechglue/g_inq_cred.c +++ b/src/lib/gssapi/mechglue/g_inq_cred.c @@ -50,28 +50,58 @@ int * cred_usage; gss_OID_set * mechanisms; { - OM_uint32 elapsed_time, temp_minor_status; + OM_uint32 status, elapsed_time, temp_minor_status; gss_union_cred_t union_cred; + gss_mechanism mech; + gss_name_t internal_name; int i; gss_initialize(); - if(cred_handle == GSS_C_NO_CREDENTIAL) - - /* This action doesn't conform to the spec. We are supposed - * to return information about the default credential. - * However, we don't know what mechanism the default - * credential is associated with, so we can't call - * the mechanism specific version of gss_inquire_cred(). - * Consequently, we just return NO_CRED. + if (cred_handle == GSS_C_NO_CREDENTIAL) { + /* + * No credential was supplied. This means we can't get a mechanism + * pointer to call the mechanism specific gss_inquire_cred. + * So, call get_mechanism with an arguement of GSS_C_NULL_OID. + * get_mechanism will return the first mechanism in the mech + * array, which becomes the default mechanism. */ + + if ((mech = __gss_get_mechanism(GSS_C_NULL_OID)) == NULL) + return(GSS_S_NO_CRED); + + if (!mech->gss_inquire_cred) + return (GSS_S_FAILURE); - return(GSS_S_NO_CRED); - else + status = mech->gss_inquire_cred(mech->context, minor_status, + GSS_C_NO_CREDENTIAL, + name ? &internal_name : NULL, + lifetime, cred_usage, mechanisms); + + if (status != GSS_S_COMPLETE) + return(status); + + if (name) { + /* + * Convert internal_name into a union_name equivalent. + */ + status = __gss_convert_name_to_union_name(&temp_minor_status, + mech, internal_name, + name); + if (status != GSS_S_COMPLETE) { + if (minor_status) + *minor_status = temp_minor_status; + __gss_release_internal_name(&temp_minor_status, + &mech->mech_type, &internal_name); + return (status); + } + } + return(GSS_S_COMPLETE); + } - /* get the cred_handle cast as a union_credentials structure */ + /* get the cred_handle cast as a union_credentials structure */ - union_cred = (gss_union_cred_t) cred_handle; + union_cred = (gss_union_cred_t) cred_handle; /* * get the information out of the union_cred structure that was