From: Alexandra Ellwood Date: Thu, 27 Oct 2005 22:41:16 +0000 (+0000) Subject: When passed GSS_C_INITIATE and a non-NULL desired name, gss_acquire_cred X-Git-Tag: ms-bug-test-20060525~84 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=e898f8ab1add347b79d89c5e9a7c411b6ba00ff9;p=krb5.git When passed GSS_C_INITIATE and a non-NULL desired name, gss_acquire_cred should search the available credentials caches rather than simply failing if tickets for the desired client principal are not in the default ccache. (this is the KfM-specific portion of the patch -- still need KfW portion) ticket: 3223 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17466 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index 56d6a473c..5318b6d77 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -79,6 +79,10 @@ #include #endif +#ifdef USE_LOGIN_LIBRARY +#include +#endif + k5_mutex_t gssint_krb5_keytab_lock = K5_MUTEX_PARTIAL_INITIALIZER; static char *krb5_gss_keytab = NULL; @@ -223,12 +227,44 @@ acquire_init_cred(context, minor_status, desired_name, output_princ, cred) if (GSS_ERROR(kg_sync_ccache_name(context, minor_status))) return(GSS_S_FAILURE); +#ifdef USE_LOGIN_LIBRARY + if (desired_name != NULL) { + char *ccache_name = NULL; + KLPrincipal kl_desired_princ = NULL; + + if ((code = __KLCreatePrincipalFromKerberos5Principal ((krb5_principal) desired_name, + &kl_desired_princ))) { + *minor_status = code; + return(GSS_S_CRED_UNAVAIL); + } + + if ((code = KLAcquireInitialTickets (kl_desired_princ, NULL, NULL, &ccache_name))) { + KLDisposePrincipal (kl_desired_princ); + *minor_status = code; + return(GSS_S_CRED_UNAVAIL); + } + + if ((code = krb5_cc_resolve (context, ccache_name, &ccache))) { + KLDisposeString (ccache_name); + KLDisposePrincipal (kl_desired_princ); + *minor_status = code; + return(GSS_S_CRED_UNAVAIL); + } + + if (kl_desired_princ != NULL) { KLDisposePrincipal (kl_desired_princ); } + if (ccache_name != NULL) { KLDisposeString (ccache_name); } + + } else { +#endif /* open the default credential cache */ if ((code = krb5int_cc_default(context, &ccache))) { *minor_status = code; return(GSS_S_CRED_UNAVAIL); } +#ifdef USE_LOGIN_LIBRARY + } +#endif /* turn off OPENCLOSE mode while extensive frobbing is going on */