static OM_uint32
copy_initiator_creds(OM_uint32 *minor_status,
gss_cred_id_t input_cred_handle,
const gss_OID desired_mech,
OM_uint32 overwrite_cred,
OM_uint32 default_cred)
{
OM_uint32 major_status;
krb5_error_code code;
krb5_gss_cred_id_t kcred = NULL;
krb5_context context = NULL;
krb5_ccache ccache = NULL;
if (!default_cred) {
*minor_status = G_STORE_NON_DEFAULT_CRED_NOSUPP;
major_status = GSS_S_FAILURE;
goto cleanup;
}
code = krb5_gss_init_context(&context);
if (code != 0) {
*minor_status = code;
major_status = GSS_S_FAILURE;
goto cleanup;
}
major_status = krb5_gss_validate_cred_1(minor_status,
input_cred_handle,
context);
if (GSS_ERROR(major_status))
goto cleanup;
kcred = (krb5_gss_cred_id_t)input_cred_handle;
if (kcred->ccache == NULL || kcred->proxy_cred) {
*minor_status = KG_CCACHE_NOMATCH;
major_status = GSS_S_DEFECTIVE_CREDENTIAL;
goto cleanup;
}
if (!overwrite_cred &&
has_unexpired_creds(kcred, desired_mech, default_cred)) {
major_status = GSS_S_DUPLICATE_ELEMENT;
goto cleanup;
}
code = krb5int_cc_default(context, &ccache);
if (code != 0) {
*minor_status = code;
major_status = GSS_S_FAILURE;
goto cleanup;
}
code = krb5_cc_copy_creds(context, kcred->ccache, ccache);
if (code != 0) {
*minor_status = code;
major_status = GSS_S_FAILURE;
goto cleanup;
}
*minor_status = 0;
major_status = GSS_S_COMPLETE;
cleanup:
if (kcred != NULL)
k5_mutex_unlock(&kcred->lock);
if (ccache != NULL)
krb5_cc_close(context, ccache);
krb5_free_context(context);
return major_status;
}
static OM_uint32
copy_initiator_creds(OM_uint32 *minor_status,
gss_cred_id_t input_cred_handle,
const gss_OID desired_mech,
OM_uint32 overwrite_cred,
OM_uint32 default_cred,
gss_const_key_value_set_t cred_store)
{
OM_uint32 major_status;
krb5_error_code code;
krb5_gss_cred_id_t kcred = NULL;
krb5_context context = NULL;
krb5_ccache ccache = NULL;
const char *ccache_name;
*minor_status = 0;
if (!default_cred && cred_store == GSS_C_NO_CRED_STORE) {
*minor_status = G_STORE_NON_DEFAULT_CRED_NOSUPP;
major_status = GSS_S_FAILURE;
goto cleanup;
}
code = krb5_gss_init_context(&context);
if (code != 0) {
*minor_status = code;
major_status = GSS_S_FAILURE;
goto cleanup;
}
major_status = krb5_gss_validate_cred_1(minor_status,
input_cred_handle,
context);
if (GSS_ERROR(major_status))
goto cleanup;
kcred = (krb5_gss_cred_id_t)input_cred_handle;
if (kcred->ccache == NULL) {
*minor_status = KG_CCACHE_NOMATCH;
major_status = GSS_S_DEFECTIVE_CREDENTIAL;
goto cleanup;
}
if (!overwrite_cred &&
has_unexpired_creds(kcred, desired_mech, default_cred, cred_store)) {
major_status = GSS_S_DUPLICATE_ELEMENT;
goto cleanup;
}
major_status = kg_value_from_cred_store(cred_store,
KRB5_CS_CCACHE_URN, &ccache_name);
if (GSS_ERROR(major_status))
goto cleanup;
if (ccache_name != NULL) {
code = krb5_cc_resolve(context, ccache_name, &ccache);
if (code != 0) {
*minor_status = code;
major_status = GSS_S_CRED_UNAVAIL;
goto cleanup;
}
code = krb5_cc_initialize(context, ccache,
kcred->name->princ);
if (code != 0) {
*minor_status = code;
major_status = GSS_S_CRED_UNAVAIL;
goto cleanup;
}
}
if (ccache == NULL) {
if (!default_cred) {
*minor_status = G_STORE_NON_DEFAULT_CRED_NOSUPP;
major_status = GSS_S_FAILURE;
goto cleanup;
}
code = krb5int_cc_default(context, &ccache);
if (code != 0) {
*minor_status = code;
major_status = GSS_S_FAILURE;
goto cleanup;
}
}
code = krb5_cc_copy_creds(context, kcred->ccache, ccache);
if (code != 0) {
*minor_status = code;
major_status = GSS_S_FAILURE;
goto cleanup;
}
*minor_status = 0;
major_status = GSS_S_COMPLETE;
cleanup:
if (kcred != NULL)
k5_mutex_unlock(&kcred->lock);
if (ccache != NULL)
krb5_cc_close(context, ccache);
krb5_free_context(context);
return major_status;
}