static OM_uint32 create_constrained_deleg_creds(OM_uint32 *minor_status, krb5_gss_cred_id_t verifier_cred_handle, krb5_ticket *ticket, krb5_gss_cred_id_t *out_cred, krb5_context context) { OM_uint32 major_status; krb5_creds krb_creds; krb5_data *data; krb5_error_code code; assert(out_cred != NULL); assert(verifier_cred_handle->usage == GSS_C_BOTH); memset(&krb_creds, 0, sizeof(krb_creds)); krb_creds.client = ticket->enc_part2->client; krb_creds.server = ticket->server; krb_creds.keyblock = *(ticket->enc_part2->session); krb_creds.ticket_flags = ticket->enc_part2->flags; krb_creds.times = ticket->enc_part2->times; krb_creds.magic = KV5M_CREDS; krb_creds.authdata = NULL; code = encode_krb5_ticket(ticket, &data); if (code) { *minor_status = code; return GSS_S_FAILURE; } krb_creds.ticket = *data; major_status = kg_compose_deleg_cred(minor_status, verifier_cred_handle, &krb_creds, GSS_C_INDEFINITE, GSS_C_NO_OID_SET, out_cred, NULL, NULL, context); krb5_free_data(context, data); return major_status; }
static OM_uint32 kg_impersonate_name(OM_uint32 *minor_status, const krb5_gss_cred_id_t impersonator_cred, const krb5_gss_name_t user, OM_uint32 time_req, krb5_gss_cred_id_t *output_cred, OM_uint32 *time_rec, krb5_context context) { OM_uint32 major_status; krb5_error_code code; krb5_creds in_creds, *out_creds = NULL; *output_cred = NULL; memset(&in_creds, 0, sizeof(in_creds)); in_creds.client = user->princ; in_creds.server = impersonator_cred->name->princ; if (impersonator_cred->req_enctypes != NULL) in_creds.keyblock.enctype = impersonator_cred->req_enctypes[0]; code = k5_mutex_lock(&user->lock); if (code != 0) { *minor_status = code; return GSS_S_FAILURE; } if (user->ad_context != NULL) { code = krb5_authdata_export_authdata(context, user->ad_context, AD_USAGE_TGS_REQ, &in_creds.authdata); if (code != 0) { k5_mutex_unlock(&user->lock); *minor_status = code; return GSS_S_FAILURE; } } k5_mutex_unlock(&user->lock); code = krb5_get_credentials_for_user(context, KRB5_GC_CANONICALIZE | KRB5_GC_NO_STORE, impersonator_cred->ccache, &in_creds, NULL, &out_creds); if (code != 0) { krb5_free_authdata(context, in_creds.authdata); *minor_status = code; return GSS_S_FAILURE; } major_status = kg_compose_deleg_cred(minor_status, impersonator_cred, out_creds, time_req, output_cred, time_rec, context); krb5_free_authdata(context, in_creds.authdata); krb5_free_creds(context, out_creds); return major_status; }