EDG_WLL_GSS_FLAG_ANON = 64,
};
-typedef void * edg_wll_GssName;
typedef void * edg_wll_GssCtx;
-typedef void * edg_wll_GssCred;
typedef struct _edg_wll_GssConnection {
edg_wll_GssCtx context;
} edg_wll_GssPrincipal_data;
typedef struct _edg_wll_GssPrincipal_data *edg_wll_GssPrincipal;
+typedef struct _edg_wll_GssCred_data {
+ void *gss_cred;
+ time_t lifetime;
+ char *name;
+} _edg_wll_GssCred_data;
+typedef struct _edg_wll_GssCred_data *edg_wll_GssCred;
+
int
edg_wll_gss_initialize(void);
edg_wll_gss_acquire_cred_gsi(const char *cert_file,
const char *key_file,
edg_wll_GssCred *cred,
- char **name,
edg_wll_GssStatus* gss_code);
int
int
edg_wll_gss_acquire_cred_gsi(const char *cert_file, const char *key_file, edg_wll_GssCred *cred,
- char **name, edg_wll_GssStatus* gss_code)
+ edg_wll_GssStatus* gss_code)
{
OM_uint32 major_status = 0, minor_status, minor_status2;
gss_cred_id_t gss_cred = GSS_C_NO_CREDENTIAL;
gss_buffer_desc buffer = GSS_C_EMPTY_BUFFER;
gss_name_t gss_name = GSS_C_NO_NAME;
+ edg_wll_GssCred tmp_cred = NULL;
OM_uint32 lifetime;
char *proxy_file = NULL;
+ char *name = NULL;
int ret;
if ((cert_file == NULL && key_file != NULL) ||
}
}
- /* gss_import_cred() doesn't check validity of credential loaded, so let's
+ /* gss_import_cred() doesn't check validity of credential loaded, so let's
* verify it now */
major_status = gss_inquire_cred(&minor_status, gss_cred, &gss_name,
&lifetime, NULL, NULL);
goto end;
}
- if (name) {
- major_status = gss_display_name(&minor_status, gss_name, &buffer, NULL);
- if (GSS_ERROR(major_status)) {
- ret = EDG_WLL_GSS_ERROR_GSS;
- goto end;
- }
- *name = buffer.value;
- memset(&buffer, 0, sizeof(buffer));
- }
+ major_status = gss_display_name(&minor_status, gss_name, &buffer, NULL);
+ if (GSS_ERROR(major_status)) {
+ ret = EDG_WLL_GSS_ERROR_GSS;
+ goto end;
+ }
+ name = buffer.value;
+ memset(&buffer, 0, sizeof(buffer));
- *cred = gss_cred;
+ tmp_cred = calloc(1, sizeof(*tmp_cred));
+ if (tmp_cred == NULL) {
+ ret = EDG_WLL_GSS_ERROR_ERRNO;
+ goto end;
+ }
+
+ tmp_cred->gss_cred = gss_cred;
gss_cred = GSS_C_NO_CREDENTIAL;
+ tmp_cred->lifetime = lifetime;
+ tmp_cred->name = name;
+
ret = 0;
end:
/* XXX prepsat na do {} while (maj_stat == CONT) a osetrit chyby*/
while (!context_established) {
/* XXX verify ret_flags match what was requested */
- maj_stat = gss_init_sec_context(&min_stat, cred, &context,
+ maj_stat = gss_init_sec_context(&min_stat, cred->gss_cred, &context,
GSS_C_NO_NAME, GSS_C_NO_OID,
req_flags | GSS_C_MUTUAL_FLAG,
0, GSS_C_NO_CHANNEL_BINDINGS,
goto end;
maj_stat = gss_accept_sec_context(&min_stat, &context,
- cred, &input_token,
+ cred->gss_cred, &input_token,
GSS_C_NO_CHANNEL_BINDINGS,
&client_name, NULL, &output_token,
&ret_flags, NULL, NULL);
OM_uint32 maj_stat, min_stat;
int ret = 0;
- maj_stat = gss_release_cred(&min_stat, cred);
- if (GSS_ERROR(maj_stat)) {
- ret = EDG_WLL_GSS_ERROR_GSS;
- if (gss_code) {
- gss_code->major_status = maj_stat;
- gss_code->minor_status = min_stat;
+ if (gss_code)
+ gss_code->major_status = gss_code->minor_status = 0;
+
+ if (cred == NULL)
+ return ret;
+
+ if (cred->gss_cred) {
+ maj_stat = gss_release_cred(&min_stat, cred->gss_cred);
+ if (GSS_ERROR(maj_stat)) {
+ ret = EDG_WLL_GSS_ERROR_GSS;
+ if (gss_code) {
+ gss_code->major_status = maj_stat;
+ gss_code->minor_status = min_stat;
+ }
}
}
+ if (cred->name)
+ free(cred->name);
+
+ free(cred);
+
return ret;
}
git://scientific.zcu.cz / jra1mw.git / commitdiff