static void acquire_add_release_add(gss_name_t name, gss_cred_usage_t usage) { OM_uint32 maj_stat, min_stat; gss_cred_id_t cred, cred2, cred3; maj_stat = gss_acquire_cred(&min_stat, name, GSS_C_INDEFINITE, GSS_C_NO_OID_SET, usage, &cred, NULL, NULL); if (maj_stat != GSS_S_COMPLETE) gss_err(1, min_stat, "aquire %d != GSS_S_COMPLETE", (int)maj_stat); maj_stat = gss_add_cred(&min_stat, cred, GSS_C_NO_NAME, GSS_KRB5_MECHANISM, usage, GSS_C_INDEFINITE, GSS_C_INDEFINITE, &cred2, NULL, NULL, NULL); if (maj_stat != GSS_S_COMPLETE) gss_err(1, min_stat, "add_cred %d != GSS_S_COMPLETE", (int)maj_stat); maj_stat = gss_release_cred(&min_stat, &cred); if (maj_stat != GSS_S_COMPLETE) gss_err(1, min_stat, "release %d != GSS_S_COMPLETE", (int)maj_stat); maj_stat = gss_add_cred(&min_stat, cred2, GSS_C_NO_NAME, GSS_KRB5_MECHANISM, GSS_C_BOTH, GSS_C_INDEFINITE, GSS_C_INDEFINITE, &cred3, NULL, NULL, NULL); if (maj_stat != GSS_S_COMPLETE) gss_err(1, min_stat, "add_cred 2 %d != GSS_S_COMPLETE", (int)maj_stat); maj_stat = gss_release_cred(&min_stat, &cred2); if (maj_stat != GSS_S_COMPLETE) gss_err(1, min_stat, "release 2 %d != GSS_S_COMPLETE", (int)maj_stat); maj_stat = gss_release_cred(&min_stat, &cred3); if (maj_stat != GSS_S_COMPLETE) gss_err(1, min_stat, "release 3 %d != GSS_S_COMPLETE", (int)maj_stat); }
static void test_add(gss_cred_id_t cred_handle) { OM_uint32 major_status, minor_status; gss_cred_id_t copy_cred; OM_uint32 time_rec; major_status = gss_add_cred (&minor_status, cred_handle, GSS_C_NO_NAME, GSS_KRB5_MECHANISM, GSS_C_INITIATE, 0, 0, ©_cred, NULL, &time_rec, NULL); if (GSS_ERROR(major_status)) errx(1, "add_cred failed"); print_time(time_rec); major_status = gss_release_cred(&minor_status, ©_cred); if (GSS_ERROR(major_status)) errx(1, "release_cred failed"); }
OM_uint32 _gss_spnego_add_cred ( OM_uint32 * minor_status, const gss_cred_id_t input_cred_handle, const gss_name_t desired_name, const gss_OID desired_mech, gss_cred_usage_t cred_usage, OM_uint32 initiator_time_req, OM_uint32 acceptor_time_req, gss_cred_id_t * output_cred_handle, gss_OID_set * actual_mechs, OM_uint32 * initiator_time_rec, OM_uint32 * acceptor_time_rec ) { return gss_add_cred(minor_status, input_cred_handle, desired_name, desired_mech, cred_usage, initiator_time_req, acceptor_time_req, output_cred_handle, actual_mechs, initiator_time_rec, acceptor_time_rec); }
OM_uint32 _gss_spnego_add_cred ( OM_uint32 * minor_status, const gss_cred_id_t input_cred_handle, const gss_name_t desired_name, const gss_OID desired_mech, gss_cred_usage_t cred_usage, OM_uint32 initiator_time_req, OM_uint32 acceptor_time_req, gss_cred_id_t * output_cred_handle, gss_OID_set * actual_mechs, OM_uint32 * initiator_time_rec, OM_uint32 * acceptor_time_rec ) { gss_cred_id_t spnego_output_cred_handle = GSS_C_NO_CREDENTIAL; OM_uint32 ret, tmp; gssspnego_cred input_cred, output_cred; *output_cred_handle = GSS_C_NO_CREDENTIAL; ret = _gss_spnego_alloc_cred(minor_status, GSS_C_NO_CREDENTIAL, &spnego_output_cred_handle); if (ret) return ret; input_cred = (gssspnego_cred)input_cred_handle; output_cred = (gssspnego_cred)spnego_output_cred_handle; ret = gss_add_cred(minor_status, input_cred->negotiated_cred_id, desired_name, desired_mech, cred_usage, initiator_time_req, acceptor_time_req, &output_cred->negotiated_cred_id, actual_mechs, initiator_time_rec, acceptor_time_rec); if (ret) { _gss_spnego_release_cred(&tmp, &spnego_output_cred_handle); return ret; } *output_cred_handle = spnego_output_cred_handle; return GSS_S_COMPLETE; }
uint32_t sapgss_add_cred( uint32_t *minor_status, gss_cred_id_t input_cred_handle, gss_name_t desired_name, sapgss_OID desired_mech, gss_cred_usage_t cred_usage, uint32_t initiator_time_req, uint32_t acceptor_time_req, gss_cred_id_t *output_cred_handle, sapgss_OID_set *actual_mechs, uint32_t *initiator_time_rec, uint32_t *acceptor_time_rec) { gss_OID desired_mech_loc; gss_OID_set actual_mechs_loc; uint32_t major_status; int ret; ret = gss_OID_sap_to_loc(desired_mech, &desired_mech_loc); if (ret != 0) { *minor_status = ret; return GSS_S_FAILURE; } major_status = gss_add_cred(minor_status, input_cred_handle, desired_name, desired_mech_loc, cred_usage, initiator_time_req, acceptor_time_req, output_cred_handle, &actual_mechs_loc, initiator_time_rec, acceptor_time_rec); /* Comply with the gss_OID_sap_to_loc contract and free desired_mech_loc */ gss_OID_loc_release(&desired_mech_loc); ret = gss_OID_set_loc_to_sap(actual_mechs_loc, actual_mechs); if (ret != 0) { *minor_status = ret; return GSS_S_FAILURE; } return major_status; }
int main(int argc, char **argv) { OM_uint32 major, minor; gss_cred_id_t from_cred = GSS_C_NO_CREDENTIAL; gss_cred_id_t to_cred = GSS_C_NO_CREDENTIAL; gss_cred_id_t cred = GSS_C_NO_CREDENTIAL; char *from_env; char *to_env; int optidx = 0; setprogname(argv[0]); if (getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) usage(1); if (help_flag) usage (0); if (version_flag){ print_version(NULL); exit(0); } argc -= optidx; argv += optidx; if (argc < 2) errx(1, "required arguments missing"); if (argc > 2) errx(1, "too many arguments"); if (asprintf(&from_env, "KRB5CCNAME=%s", argv[0]) == -1 || from_env == NULL) err(1, "out of memory"); if (asprintf(&to_env, "KRB5CCNAME=%s", argv[1]) == -1 || to_env == NULL) err(1, "out of memory"); putenv(from_env); major = gss_add_cred(&minor, GSS_C_NO_CREDENTIAL, GSS_C_NO_NAME, GSS_KRB5_MECHANISM, GSS_C_INITIATE, GSS_C_INDEFINITE, GSS_C_INDEFINITE, &from_cred, NULL, NULL, NULL); if (major != GSS_S_COMPLETE) gss_err(1, major, minor, GSS_KRB5_MECHANISM, "failed to acquire creds from %s", argv[0]); putenv(to_env); major = gss_store_cred(&minor, from_cred, GSS_C_INITIATE, GSS_KRB5_MECHANISM, 1, 1, NULL, NULL); if (major != GSS_S_COMPLETE) gss_err(1, major, minor, GSS_KRB5_MECHANISM, "failed to store creds into %s", argv[1]); (void) gss_release_cred(&minor, &from_cred); (void) gss_release_cred(&minor, &to_cred); major = gss_add_cred(&minor, GSS_C_NO_CREDENTIAL, GSS_C_NO_NAME, GSS_KRB5_MECHANISM, GSS_C_INITIATE, GSS_C_INDEFINITE, GSS_C_INDEFINITE, &cred, NULL, NULL, NULL); if (major != GSS_S_COMPLETE) gss_err(1, major, minor, GSS_KRB5_MECHANISM, "failed to acquire creds from %s", argv[1]); (void) gss_release_cred(&minor, &cred); putenv("KRB5CCNAME"); free(from_env); free(to_env); return 0; }