From 9adf7f38b4842f257560c901c51aacbb8d341b78 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Thu, 23 Sep 2010 13:35:18 +0200 Subject: [PATCH] gss_store_cred implementation --- mech_eap/TODO | 3 +-- mech_eap/store_cred.c | 19 +++++++++++++++++++ mech_eap/util_reauth.c | 29 +++++++++++++++++++++++++++++ mech_eap/util_reauth.h | 10 ++++++++++ 4 files changed, 59 insertions(+), 2 deletions(-) diff --git a/mech_eap/TODO b/mech_eap/TODO index bbfbc03..cdc5491 100644 --- a/mech_eap/TODO +++ b/mech_eap/TODO @@ -1,5 +1,4 @@ - hook up libradius, AVP parsing logic - better handling of mechanism-specific error namespace - better interfaces for initiator EAP configuration/credential management -- libradius library handle is a global variable -- radius expiry time +- make CBT ASN.1 diff --git a/mech_eap/store_cred.c b/mech_eap/store_cred.c index 4ddac48..aec3277 100644 --- a/mech_eap/store_cred.c +++ b/mech_eap/store_cred.c @@ -42,6 +42,25 @@ gss_store_cred(OM_uint32 *minor, gss_OID_set *elements_stored, gss_cred_usage_t *cred_usage_stored) { + if (elements_stored != NULL) + *elements_stored = GSS_C_NO_OID_SET; + if (cred_usage_stored != NULL) + *cred_usage_stored = input_usage; + + if (input_cred_handle == GSS_C_NO_CREDENTIAL) + return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CRED; + + if (input_cred_handle->krbCred != GSS_C_NO_CREDENTIAL) { + return gssStoreCred(minor, + input_cred_handle->krbCred, + input_usage, + gss_mech_krb5, + overwrite_cred, + default_cred, + elements_stored, + cred_usage_stored); + } + *minor = 0; return GSS_S_UNAVAILABLE; } diff --git a/mech_eap/util_reauth.c b/mech_eap/util_reauth.c index 5208dc8..cd73da6 100644 --- a/mech_eap/util_reauth.c +++ b/mech_eap/util_reauth.c @@ -398,6 +398,16 @@ static OM_uint32 (*gssKrbExtractAuthzDataFromSecContextNext)( int ad_type, gss_buffer_t ad_data); +static OM_uint32 (*gssStoreCredNext)( + OM_uint32 *minor, + const gss_cred_id_t input_cred_handle, + gss_cred_usage_t input_usage, + const gss_OID desired_mech, + OM_uint32 overwrite_cred, + OM_uint32 default_cred, + gss_OID_set *elements_stored, + gss_cred_usage_t *cred_usage_stored); + #define NEXT_SYMBOL(local, global) ((local) = dlsym(RTLD_NEXT, (global))) OM_uint32 @@ -412,6 +422,7 @@ gssEapReauthInitialize(OM_uint32 *minor) NEXT_SYMBOL(gssDisplayNameNext, "gss_display_name"); NEXT_SYMBOL(gssImportNameNext, "gss_import_name"); NEXT_SYMBOL(gssKrbExtractAuthzDataFromSecContextNext, "gsskrb5_extract_authz_data_from_sec_context"); + NEXT_SYMBOL(gssStoreCredNext, "gss_store_cred"); return GSS_S_COMPLETE; } @@ -545,6 +556,24 @@ gssKrbExtractAuthzDataFromSecContext(OM_uint32 *minor, } OM_uint32 +gssStoreCred(OM_uint32 *minor, + const gss_cred_id_t input_cred_handle, + gss_cred_usage_t input_usage, + const gss_OID desired_mech, + OM_uint32 overwrite_cred, + OM_uint32 default_cred, + gss_OID_set *elements_stored, + gss_cred_usage_t *cred_usage_stored) +{ + if (gssStoreCredNext == NULL) + return GSS_S_UNAVAILABLE; + + return gssStoreCredNext(minor, input_cred_handle, input_usage, + desired_mech, overwrite_cred, default_cred, + elements_stored, cred_usage_stored); +} + +OM_uint32 gssEapGlueToMechName(OM_uint32 *minor, gss_name_t glueName, gss_name_t *pMechName) diff --git a/mech_eap/util_reauth.h b/mech_eap/util_reauth.h index 6e3ea2b..e37dd49 100644 --- a/mech_eap/util_reauth.h +++ b/mech_eap/util_reauth.h @@ -91,6 +91,16 @@ gssKrbExtractAuthzDataFromSecContext(OM_uint32 *minor, gss_buffer_t ad_data); OM_uint32 +gssStoreCred(OM_uint32 *minor, + const gss_cred_id_t input_cred_handle, + gss_cred_usage_t input_usage, + const gss_OID desired_mech, + OM_uint32 overwrite_cred, + OM_uint32 default_cred, + gss_OID_set *elements_stored, + gss_cred_usage_t *cred_usage_stored); + +OM_uint32 gssEapMakeReauthCreds(OM_uint32 *minor, gss_ctx_id_t ctx, gss_cred_id_t cred, -- 2.1.4