OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status,
gss_ctx_id_t *context_handle,
const gss_cred_id_t acceptor_cred_handle,
const gss_buffer_t input_token,
const gss_channel_bindings_t input_chan_bindings,
gss_name_t *src_name,
gss_OID *mech_type,
gss_buffer_t output_token,
OM_uint32 *ret_flags,
OM_uint32 *time_rec,
gss_cred_id_t *delegated_cred_handle)
{
OM_uint32 major_status, mech_ret_flags;
struct _gss_mech_switch *m;
struct _gss_context *ctx = (struct _gss_context *) *context_handle;
struct _gss_cred *cred = (struct _gss_cred *) acceptor_cred_handle;
struct _gss_mechanism_cred *mc;
gss_cred_id_t acceptor_mc, delegated_mc;
gss_name_t src_mn;
*minor_status = 0;
if (src_name)
*src_name = GSS_C_NO_NAME;
if (mech_type)
*mech_type = GSS_C_NO_OID;
if (ret_flags)
*ret_flags = 0;
if (time_rec)
*time_rec = 0;
if (delegated_cred_handle)
*delegated_cred_handle = GSS_C_NO_CREDENTIAL;
_gss_buffer_zero(output_token);
/*
* If this is the first call (*context_handle is NULL), we must
* parse the input token to figure out the mechanism to use.
*/
if (*context_handle == GSS_C_NO_CONTEXT) {
gss_OID_desc mech_oid;
major_status = choose_mech(input_token, &mech_oid);
if (major_status != GSS_S_COMPLETE)
return (major_status);
/*
* Now that we have a mechanism, we can find the
* implementation.
*/
ctx = malloc(sizeof(struct _gss_context));
if (!ctx) {
*minor_status = ENOMEM;
return (GSS_S_DEFECTIVE_TOKEN);
}
memset(ctx, 0, sizeof(struct _gss_context));
m = ctx->gc_mech = _gss_find_mech_switch(&mech_oid);
if (!m) {
free(ctx);
return (GSS_S_BAD_MECH);
}
} else
m = ctx->gc_mech;
if (cred) {
SLIST_FOREACH(mc, &cred->gc_mc, gmc_link)
if (mc->gmc_mech == m)
break;
if (!mc)
return (GSS_S_BAD_MECH);
acceptor_mc = mc->gmc_cred;
} else {
CURLcode
Curl_sec_login(struct connectdata *conn)
{
return choose_mech(conn);
}
