static void
acquire_add_release_add(gss_name_t name, gss_cred_usage_t usage)
{
OM_uint32 maj_stat, min_stat;
gss_cred_id_t cred, cred2, cred3;
maj_stat = gss_acquire_cred(&min_stat, name,
GSS_C_INDEFINITE,
GSS_C_NO_OID_SET,
usage,
&cred,
NULL,
NULL);
if (maj_stat != GSS_S_COMPLETE)
gss_err(1, min_stat, "aquire %d != GSS_S_COMPLETE", (int)maj_stat);
maj_stat = gss_add_cred(&min_stat,
cred,
GSS_C_NO_NAME,
GSS_KRB5_MECHANISM,
usage,
GSS_C_INDEFINITE,
GSS_C_INDEFINITE,
&cred2,
NULL,
NULL,
NULL);
if (maj_stat != GSS_S_COMPLETE)
gss_err(1, min_stat, "add_cred %d != GSS_S_COMPLETE", (int)maj_stat);
maj_stat = gss_release_cred(&min_stat, &cred);
if (maj_stat != GSS_S_COMPLETE)
gss_err(1, min_stat, "release %d != GSS_S_COMPLETE", (int)maj_stat);
maj_stat = gss_add_cred(&min_stat,
cred2,
GSS_C_NO_NAME,
GSS_KRB5_MECHANISM,
GSS_C_BOTH,
GSS_C_INDEFINITE,
GSS_C_INDEFINITE,
&cred3,
NULL,
NULL,
NULL);
if (maj_stat != GSS_S_COMPLETE)
gss_err(1, min_stat, "add_cred 2 %d != GSS_S_COMPLETE", (int)maj_stat);
maj_stat = gss_release_cred(&min_stat, &cred2);
if (maj_stat != GSS_S_COMPLETE)
gss_err(1, min_stat, "release 2 %d != GSS_S_COMPLETE", (int)maj_stat);
maj_stat = gss_release_cred(&min_stat, &cred3);
if (maj_stat != GSS_S_COMPLETE)
gss_err(1, min_stat, "release 3 %d != GSS_S_COMPLETE", (int)maj_stat);
}
static void
test_add(gss_cred_id_t cred_handle)
{
OM_uint32 major_status, minor_status;
gss_cred_id_t copy_cred;
OM_uint32 time_rec;
major_status = gss_add_cred (&minor_status,
cred_handle,
GSS_C_NO_NAME,
GSS_KRB5_MECHANISM,
GSS_C_INITIATE,
0,
0,
©_cred,
NULL,
&time_rec,
NULL);
if (GSS_ERROR(major_status))
errx(1, "add_cred failed");
print_time(time_rec);
major_status = gss_release_cred(&minor_status,
©_cred);
if (GSS_ERROR(major_status))
errx(1, "release_cred failed");
}
OM_uint32 _gss_spnego_add_cred (
OM_uint32 * minor_status,
const gss_cred_id_t input_cred_handle,
const gss_name_t desired_name,
const gss_OID desired_mech,
gss_cred_usage_t cred_usage,
OM_uint32 initiator_time_req,
OM_uint32 acceptor_time_req,
gss_cred_id_t * output_cred_handle,
gss_OID_set * actual_mechs,
OM_uint32 * initiator_time_rec,
OM_uint32 * acceptor_time_rec
)
{
return gss_add_cred(minor_status,
input_cred_handle,
desired_name,
desired_mech,
cred_usage,
initiator_time_req,
acceptor_time_req,
output_cred_handle,
actual_mechs,
initiator_time_rec,
acceptor_time_rec);
}
OM_uint32 _gss_spnego_add_cred (
OM_uint32 * minor_status,
const gss_cred_id_t input_cred_handle,
const gss_name_t desired_name,
const gss_OID desired_mech,
gss_cred_usage_t cred_usage,
OM_uint32 initiator_time_req,
OM_uint32 acceptor_time_req,
gss_cred_id_t * output_cred_handle,
gss_OID_set * actual_mechs,
OM_uint32 * initiator_time_rec,
OM_uint32 * acceptor_time_rec
)
{
gss_cred_id_t spnego_output_cred_handle = GSS_C_NO_CREDENTIAL;
OM_uint32 ret, tmp;
gssspnego_cred input_cred, output_cred;
*output_cred_handle = GSS_C_NO_CREDENTIAL;
ret = _gss_spnego_alloc_cred(minor_status, GSS_C_NO_CREDENTIAL,
&spnego_output_cred_handle);
if (ret)
return ret;
input_cred = (gssspnego_cred)input_cred_handle;
output_cred = (gssspnego_cred)spnego_output_cred_handle;
ret = gss_add_cred(minor_status,
input_cred->negotiated_cred_id,
desired_name,
desired_mech,
cred_usage,
initiator_time_req,
acceptor_time_req,
&output_cred->negotiated_cred_id,
actual_mechs,
initiator_time_rec,
acceptor_time_rec);
if (ret) {
_gss_spnego_release_cred(&tmp, &spnego_output_cred_handle);
return ret;
}
*output_cred_handle = spnego_output_cred_handle;
return GSS_S_COMPLETE;
}
uint32_t
sapgss_add_cred(
uint32_t *minor_status,
gss_cred_id_t input_cred_handle,
gss_name_t desired_name,
sapgss_OID desired_mech,
gss_cred_usage_t cred_usage,
uint32_t initiator_time_req,
uint32_t acceptor_time_req,
gss_cred_id_t *output_cred_handle,
sapgss_OID_set *actual_mechs,
uint32_t *initiator_time_rec,
uint32_t *acceptor_time_rec)
{
gss_OID desired_mech_loc;
gss_OID_set actual_mechs_loc;
uint32_t major_status;
int ret;
ret = gss_OID_sap_to_loc(desired_mech, &desired_mech_loc);
if (ret != 0) {
*minor_status = ret;
return GSS_S_FAILURE;
}
major_status = gss_add_cred(minor_status, input_cred_handle, desired_name,
desired_mech_loc, cred_usage,
initiator_time_req, acceptor_time_req,
output_cred_handle, &actual_mechs_loc,
initiator_time_rec, acceptor_time_rec);
/* Comply with the gss_OID_sap_to_loc contract and free desired_mech_loc */
gss_OID_loc_release(&desired_mech_loc);
ret = gss_OID_set_loc_to_sap(actual_mechs_loc, actual_mechs);
if (ret != 0) {
*minor_status = ret;
return GSS_S_FAILURE;
}
return major_status;
}
int
main(int argc, char **argv)
{
OM_uint32 major, minor;
gss_cred_id_t from_cred = GSS_C_NO_CREDENTIAL;
gss_cred_id_t to_cred = GSS_C_NO_CREDENTIAL;
gss_cred_id_t cred = GSS_C_NO_CREDENTIAL;
char *from_env;
char *to_env;
int optidx = 0;
setprogname(argv[0]);
if (getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
usage(1);
if (help_flag)
usage (0);
if (version_flag){
print_version(NULL);
exit(0);
}
argc -= optidx;
argv += optidx;
if (argc < 2)
errx(1, "required arguments missing");
if (argc > 2)
errx(1, "too many arguments");
if (asprintf(&from_env, "KRB5CCNAME=%s", argv[0]) == -1 || from_env == NULL)
err(1, "out of memory");
if (asprintf(&to_env, "KRB5CCNAME=%s", argv[1]) == -1 || to_env == NULL)
err(1, "out of memory");
putenv(from_env);
major = gss_add_cred(&minor, GSS_C_NO_CREDENTIAL, GSS_C_NO_NAME,
GSS_KRB5_MECHANISM, GSS_C_INITIATE, GSS_C_INDEFINITE,
GSS_C_INDEFINITE, &from_cred, NULL, NULL, NULL);
if (major != GSS_S_COMPLETE)
gss_err(1, major, minor, GSS_KRB5_MECHANISM,
"failed to acquire creds from %s", argv[0]);
putenv(to_env);
major = gss_store_cred(&minor, from_cred, GSS_C_INITIATE,
GSS_KRB5_MECHANISM, 1, 1, NULL, NULL);
if (major != GSS_S_COMPLETE)
gss_err(1, major, minor, GSS_KRB5_MECHANISM,
"failed to store creds into %s", argv[1]);
(void) gss_release_cred(&minor, &from_cred);
(void) gss_release_cred(&minor, &to_cred);
major = gss_add_cred(&minor, GSS_C_NO_CREDENTIAL, GSS_C_NO_NAME,
GSS_KRB5_MECHANISM, GSS_C_INITIATE, GSS_C_INDEFINITE,
GSS_C_INDEFINITE, &cred, NULL, NULL, NULL);
if (major != GSS_S_COMPLETE)
gss_err(1, major, minor, GSS_KRB5_MECHANISM,
"failed to acquire creds from %s", argv[1]);
(void) gss_release_cred(&minor, &cred);
putenv("KRB5CCNAME");
free(from_env);
free(to_env);
return 0;
}
