-ssh_gssapi_krb5_storecreds() {
- krb5_ccache ccache;
- krb5_error_code problem;
- krb5_principal princ;
- char ccname[35];
- static char name[40];
- int tmpfd;
- OM_uint32 maj_status,min_status;
-
-
- if (gssapi_client_creds==NULL) {
- debug("No credentials stored");
- return;
- }
-
- if (ssh_gssapi_krb5_init() == 0)
- return;
-
- if (options.gss_use_session_ccache) {
- snprintf(ccname,sizeof(ccname),"/tmp/krb5cc_%d_XXXXXX",geteuid());
-
- if ((tmpfd = mkstemp(ccname))==-1) {
- log("mkstemp(): %.100s", strerror(errno));
- return;
- }
- if (fchmod(tmpfd, S_IRUSR | S_IWUSR) == -1) {
- log("fchmod(): %.100s", strerror(errno));
- close(tmpfd);
- return;
- }
- } else {
- snprintf(ccname,sizeof(ccname),"/tmp/krb5cc_%d",geteuid());
- tmpfd = open(ccname, O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR);
- if (tmpfd == -1) {
- log("open(): %.100s", strerror(errno));
- return;
- }
- }
-
- close(tmpfd);
- snprintf(name, sizeof(name), "FILE:%s",ccname);
-
- if ((problem = krb5_cc_resolve(krb_context, name, &ccache))) {
- log("krb5_cc_default(): %.100s",
- krb5_get_err_text(krb_context,problem));
- return;
- }
-
- if ((problem = krb5_parse_name(krb_context, gssapi_client_name.value,
- &princ))) {
- log("krb5_parse_name(): %.100s",
- krb5_get_err_text(krb_context,problem));
- krb5_cc_destroy(krb_context,ccache);
- return;
- }
-
- if ((problem = krb5_cc_initialize(krb_context, ccache, princ))) {
- log("krb5_cc_initialize(): %.100s",
- krb5_get_err_text(krb_context,problem));
- krb5_free_principal(krb_context,princ);
- krb5_cc_destroy(krb_context,ccache);
- return;
- }
-
- krb5_free_principal(krb_context,princ);
-
- #ifdef HEIMDAL
- if ((problem = krb5_cc_copy_cache(krb_context,
- gssapi_client_creds->ccache,
- ccache))) {
- log("krb5_cc_copy_cache(): %.100s",
- krb5_get_err_text(krb_context,problem));
- krb5_cc_destroy(krb_context,ccache);
- return;
- }
- #else
- if ((maj_status = gss_krb5_copy_ccache(&min_status,
- gssapi_client_creds,
- ccache))) {
- log("gss_krb5_copy_ccache() failed");
- ssh_gssapi_error(maj_status,min_status);
- krb5_cc_destroy(krb_context,ccache);
- return;
+ssh_gssapi_supported_oids(gss_OID_set *oidset)
+{
+ int i = 0;
+ OM_uint32 min_status;
+ int present;
+ gss_OID_set supported;
+
+ gss_create_empty_oid_set(&min_status, oidset);
+ /* Ask priviledged process what mechanisms it supports. */
+ PRIVSEP(gss_indicate_mechs(&min_status, &supported));
+
+ while (supported_mechs[i]->name != NULL) {
+ if (GSS_ERROR(gss_test_oid_set_member(&min_status,
+ &supported_mechs[i]->oid, supported, &present)))
+ present = 0;
+ if (present)
+ gss_add_oid_set_member(&min_status,
+ &supported_mechs[i]->oid, oidset);
+ i++;