|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
Howard Chu wrote:
This patch implements the SASL_GSS_CREDS property, which was defined in sasl.h back in 2005.http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&searchterm=sasl_gss_creds&msg=7600Applications need this functionality to make use of Kerberos Services4User features.http://k5wiki.kerberos.org/wiki/Projects/Services4UserSetting the credential in the SASL client will allow it to use an S4U2Proxy credential, among other things.Additional patches will still be needed to allow a SASL server to take advantage of this feature, as mentioned in my previous email. But this is a small first step just to get the ball rolling.
Hi Howard, This looks fine, but let me ask some questions on your patch:
Index: lib/common.c =================================================================== RCS file: /cvs/src/sasl/lib/common.c,v retrieving revision 1.124 diff -u -r1.124 common.c --- lib/common.c 20 Feb 2009 23:10:53 -0000 1.124 +++ lib/common.c 10 May 2010 08:04:24 -0000 @@ -1238,6 +1238,13 @@ } break; + case SASL_GSS_CREDS: + if(conn->type == SASL_CONN_CLIENT) + ((sasl_client_conn_t *)conn)->cparams->gss_creds = value; + else + ((sasl_server_conn_t *)conn)->sparams->gss_creds = value; + break; +
What about updating sasl_getprop() to match?
GSS_C_NO_CREDENTIAL is defined as "((gss_cred_id_t) 0)" in RFC 2744, so no extra initialization is needed.Index: plugins/gssapi.c =================================================================== RCS file: /cvs/src/sasl/plugins/gssapi.c,v retrieving revision 1.109 diff -u -r1.109 gssapi.c --- plugins/gssapi.c 24 Feb 2010 22:41:18 -0000 1.109 +++ plugins/gssapi.c 10 May 2010 08:04:24 -0000 @@ -657,6 +657,7 @@ OM_uint32 max_input; gss_buffer_desc name_token; int ret, out_flags = 0 ; + gss_cred_id_t server_creds = params->gss_creds;
Have you compiled this change against both MIT and Heimdal?