merged OPENSSH_5_2P1_GSSAPI_20090831 to GPT-branch

[gssapi-openssh.git] / openssh / gss-serv-krb5.c

diff --git a/openssh/gss-serv-krb5.c b/openssh/gss-serv-krb5.c
index bea0eaebd25acc85797a42bc3e5b187edd47761c..a439393756bb988782a808b907f40ba1292d2c3f 100644 (file)
--- a/openssh/gss-serv-krb5.c
+++ b/openssh/gss-serv-krb5.c
@@ -1,7 +1,7 @@
 /* $OpenBSD: gss-serv-krb5.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */
 
 /*
- * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
+ * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -69,7 +69,8 @@ ssh_gssapi_mech gssapi_kerberos_mech = {
        NULL,
        &ssh_gssapi_krb5_userok,
        &ssh_gssapi_krb5_localname,
-       &ssh_gssapi_krb5_storecreds
+       &ssh_gssapi_krb5_storecreds,
+       &ssh_gssapi_krb5_updatecreds
 };
 
 /* Initialise the krb5 library, for the stuff that GSSAPI won't do */
@@ -242,6 +243,71 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
        return;
 }
 
+int
+ssh_gssapi_krb5_updatecreds(ssh_gssapi_ccache *store, 
+    ssh_gssapi_client *client)
+{
+       krb5_ccache ccache = NULL;
+       krb5_principal principal = NULL;
+       char *name = NULL;
+       krb5_error_code problem;
+       OM_uint32 maj_status, min_status;
+
+       if ((problem = krb5_cc_resolve(krb_context, store->envval, &ccache))) {
+                logit("krb5_cc_resolve(): %.100s",
+                    krb5_get_err_text(krb_context, problem));
+                return 0;
+               }
+       
+       /* Find out who the principal in this cache is */
+       if ((problem = krb5_cc_get_principal(krb_context, ccache, 
+           &principal))) {
+               logit("krb5_cc_get_principal(): %.100s",
+                   krb5_get_err_text(krb_context, problem));
+               krb5_cc_close(krb_context, ccache);
+               return 0;
+       }
+
+       if ((problem = krb5_unparse_name(krb_context, principal, &name))) {
+               logit("krb5_unparse_name(): %.100s",
+                   krb5_get_err_text(krb_context, problem));
+               krb5_free_principal(krb_context, principal);
+               krb5_cc_close(krb_context, ccache);
+               return 0;
+       }
+
+
+       if (strcmp(name,client->exportedname.value)!=0) {
+               debug("Name in local credentials cache differs. Not storing");
+               krb5_free_principal(krb_context, principal);
+               krb5_cc_close(krb_context, ccache);
+               krb5_free_unparsed_name(krb_context, name);
+               return 0;
+       }
+       krb5_free_unparsed_name(krb_context, name);
+
+       /* Name matches, so lets get on with it! */
+
+       if ((problem = krb5_cc_initialize(krb_context, ccache, principal))) {
+               logit("krb5_cc_initialize(): %.100s",
+                   krb5_get_err_text(krb_context, problem));
+               krb5_free_principal(krb_context, principal);
+               krb5_cc_close(krb_context, ccache);
+               return 0;
+       }
+
+       krb5_free_principal(krb_context, principal);
+
+       if ((maj_status = gss_krb5_copy_ccache(&min_status, client->creds,
+           ccache))) {
+               logit("gss_krb5_copy_ccache() failed. Sorry!");
+               krb5_cc_close(krb_context, ccache);
+               return 0;
+       }
+
+       return 1;
+}
+
 #endif /* KRB5 */
 
 #endif /* GSSAPI */