extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_cred_skip_transit_check_x_oid_desc;
#define GSS_KRB5_CRED_SKIP_TRANSIT_CHECK_X (&__gss_krb5_cred_skip_transit_check_x_oid_desc)
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_cred_iterate_acceptor_keytab_x_oid_desc;
+#define GSS_KRB5_CRED_ITERATE_ACCEPTOR_KEYTAB_X (&__gss_krb5_cred_iterate_acceptor_keytab_x_oid_desc)
+
/*
* OID mappings with name and short description and and slightly longer description
*/
krb5_rd_req_in_ctx in = NULL;
krb5_rd_req_out_ctx out = NULL;
krb5_principal server = NULL;
+ krb5_boolean iterate_keytab = FALSE;
krb5_flags verify_ap_req_flags = 0;
if (acceptor_cred) {
server = acceptor_cred->principal;
+ if (acceptor_cred->cred_flags & GSS_CF_ITERATE_ACCEPTOR_KEYTAB) {
+ iterate_keytab = TRUE;
+ }
+
if (acceptor_cred->cred_flags & GSS_CF_SKIP_TRANSIT_CHECK) {
verify_ap_req_flags |= KRB5_VERIFY_AP_REQ_SKIP_TRANSITED_CHECK;
}
kret = krb5_rd_req_in_ctx_alloc(context, &in);
if (kret == 0)
kret = krb5_rd_req_in_set_keytab(context, in, keytab);
+ if (kret == 0 && iterate_keytab)
+ kret = krb5_rd_req_in_set_iterate_keytab(context, in, TRUE);
if (kret == 0)
kret = krb5_rd_req_in_set_verify_ap_req_flags(context, in,
verify_ap_req_flags);
#define GSS_CF_DESTROY_CRED_ON_RELEASE 1
#define GSS_CF_NO_CI_FLAGS 2
#define GSS_CF_SKIP_TRANSIT_CHECK 4
+#define GSS_CF_ITERATE_ACCEPTOR_KEYTAB 8
struct krb5_keytab_data *keytab;
time_t endtime;
gss_cred_usage_t usage;
}
+static OM_uint32
+iterate_acceptor_keytab(OM_uint32 *minor_status,
+ krb5_context context,
+ gss_cred_id_t *cred_handle,
+ const gss_buffer_t value)
+{
+ gsskrb5_cred cred;
+
+ if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL) {
+ *minor_status = 0;
+ return GSS_S_FAILURE;
+ }
+
+ cred = (gsskrb5_cred)*cred_handle;
+ cred->cred_flags |= GSS_CF_ITERATE_ACCEPTOR_KEYTAB;
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
static OM_uint32
skip_transit_check(OM_uint32 *minor_status,
return skip_transit_check(minor_status, context, cred_handle, value);
}
+ if (gss_oid_equal(desired_object, GSS_KRB5_CRED_ITERATE_ACCEPTOR_KEYTAB_X)) {
+ return iterate_acceptor_keytab(minor_status, context, cred_handle, value);
+ }
+
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
/* GSS_KRB5_CRED_SKIP_TRANSIT_CHECK_X - 1.3.6.1.4.1.7165.4.7.1 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_cred_skip_transit_check_x_oid_desc = { 10, rk_UNCONST("\x2b\x06\x01\x04\x01\xb7\x7d\x04\x07\x01") };
+/* GSS_KRB5_CRED_ITERATE_ACCEPTOR_KEYTAB_X - 1.3.6.1.4.1.7165.4.7.2 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_cred_iterate_acceptor_keytab_x_oid_desc = { 10, rk_UNCONST("\x2b\x06\x01\x04\x01\xb7\x7d\x04\x07\x02") };
+
/* GSS_C_MA_MECH_CONCRETE - 1.3.6.1.5.5.13.1 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_concrete_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x01") };
__gss_c_ntlm_v2_oid_desc;
__gss_c_ntlm_session_key_oid_desc;
__gss_c_ntlm_force_v1_oid_desc;
+ __gss_krb5_cred_iterate_acceptor_keytab_x_oid_desc;
__gss_krb5_cred_no_ci_flags_x_oid_desc;
__gss_krb5_cred_skip_transit_check_x_oid_desc;
__gss_krb5_import_cred_x_oid_desc;