[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: resolution for gss_acquire_cred incompatibility?
- To: Derrick J Brashear <shadow@dementia.org>
- Subject: Re: resolution for gss_acquire_cred incompatibility?
- From: Assar Westerlund <assar@sics.se>
- Date: 03 Jul 2001 23:47:29 +0200
- Cc: heimdal-discuss@sics.se
- In-Reply-To: Derrick J Brashear's message of "Thu, 7 Jun 2001 17:25:59 -0400 (EDT)"
- References: <Pine.LNX.4.21L-021.0106071722580.1808-100000@trafford.andrew.cmu.edu>
- Sender: owner-heimdal-discuss@sics.se
- User-Agent: Gnus/5.070098 (Pterodactyl Gnus v0.98) Emacs/20.6
Derrick J Brashear <shadow@dementia.org> writes:
> Right now, the gssapi library from MIT krb5 will use a keytab value set
> from register_acceptor_identity in acquire_cred and not just in
> accept_sec_context, while Heimdal does only the latter. This is biting me
> in the behind to the extent that I have a local patch for it. Is there any
> intent to change how Heimdal's gss library behaves?
The function name (gsskrb5_register_acceptor_identity) is confusing.
I guess there should be another one, but for now I was thinking of
doing something like this. Comments?
/assar
Index: accept_sec_context.c
===================================================================
RCS file: /afs/pdc.kth.se/src/packages/kth-krb/SourceRepository/heimdal/lib/gssapi/accept_sec_context.c,v
retrieving revision 1.25
diff -u -w -r1.25 accept_sec_context.c
--- accept_sec_context.c 2001/06/18 02:49:53 1.25
+++ accept_sec_context.c 2001/07/03 21:46:45
@@ -35,20 +35,20 @@
RCSID("$Id: accept_sec_context.c,v 1.25 2001/06/18 02:49:53 assar Exp $");
-static krb5_keytab gss_keytab;
+krb5_keytab gssapi_krb5_keytab;
OM_uint32
gsskrb5_register_acceptor_identity (char *identity)
{
char *p;
- if(gss_keytab != NULL) {
- krb5_kt_close(gssapi_krb5_context, gss_keytab);
- gss_keytab = NULL;
+ if(gssapi_krb5_keytab != NULL) {
+ krb5_kt_close(gssapi_krb5_context, gssapi_krb5_keytab);
+ gssapi_krb5_keytab = NULL;
}
asprintf(&p, "FILE:%s", identity);
if(p == NULL)
return GSS_S_FAILURE;
- krb5_kt_resolve(gssapi_krb5_context, p, &gss_keytab);
+ krb5_kt_resolve(gssapi_krb5_context, p, &gssapi_krb5_keytab);
free(p);
return GSS_S_COMPLETE;
}
@@ -199,8 +199,8 @@
}
if (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) {
- if (gss_keytab != NULL) {
- keytab = gss_keytab;
+ if (gssapi_krb5_keytab != NULL) {
+ keytab = gssapi_krb5_keytab;
}
} else if (acceptor_cred_handle->keytab != NULL) {
keytab = acceptor_cred_handle->keytab;
Index: acquire_cred.c
===================================================================
RCS file: /afs/pdc.kth.se/src/packages/kth-krb/SourceRepository/heimdal/lib/gssapi/acquire_cred.c,v
retrieving revision 1.6
diff -u -w -r1.6 acquire_cred.c
--- acquire_cred.c 2001/05/11 09:16:45 1.6
+++ acquire_cred.c 2001/07/03 21:46:45
@@ -85,9 +85,23 @@
krb5_get_init_creds_opt opt;
try_keytab:
+ if (gssapi_krb5_keytab != NULL) {
+ char kt_name[256];
+
+ kret = krb5_kt_get_name(gssapi_krb5_context,
+ gssapi_krb5_keytab,
+ kt_name, sizeof(kt_name));
+ if (kret)
+ goto krb5_bad;
+ kret = krb5_kt_resolve(gssapi_krb5_context, kt_name,
+ &handle->keytab);
+ if (kret)
+ goto krb5_bad;
+ } else {
kret = krb5_kt_default(gssapi_krb5_context, &handle->keytab);
if (kret != 0)
goto krb5_bad;
+ }
krb5_get_init_creds_opt_init(&opt);
memset(&cred, 0, sizeof(cred));
Index: gssapi_locl.h
===================================================================
RCS file: /afs/pdc.kth.se/src/packages/kth-krb/SourceRepository/heimdal/lib/gssapi/gssapi_locl.h,v
retrieving revision 1.17
diff -u -w -r1.17 gssapi_locl.h
--- gssapi_locl.h 2001/06/18 02:50:46 1.17
+++ gssapi_locl.h 2001/07/03 21:46:45
@@ -46,6 +46,8 @@
extern krb5_context gssapi_krb5_context;
+extern krb5_keytab gssapi_krb5_keytab;
+
void gssapi_krb5_init (void);
krb5_error_code