- OM_uint32 major_status;
- OM_uint32 minor_status;
-
- if (gssapi_client_creds != NULL)
- {
- char *creds_env = NULL;
-
- /*
- * This is the current hack with the GSI gssapi library to
- * export credentials to disk.
- */
-
- debug("Exporting delegated credentials");
-
- minor_status = 0xdee0; /* Magic value */
- major_status =
- gss_inquire_cred(&minor_status,
- gssapi_client_creds,
- (gss_name_t *) &creds_env,
- NULL,
- NULL,
- NULL);
-
- if ((major_status == GSS_S_COMPLETE) &&
- (minor_status == 0xdee1) &&
- (creds_env != NULL))
- {
- char *value;
-
- /*
- * String is of the form:
- * X509_USER_DELEG_PROXY=filename
- * so we parse out the filename
- * and then set X509_USER_PROXY
- * to point at it.
- */
- value = strchr(creds_env, '=');
-
- if (value != NULL)
- {
- *value = '\0';
- value++;
- export_buffer->length=
- strlen("X509_USER_PROXY")+strlen(value)+1;
- export_buffer->value =
- xmalloc(export_buffer->length+1);
- sprintf(export_buffer->value, "%s=%s",
- "X509_USER_PROXY", value);
-
- return GSS_S_COMPLETE;
- }
- else
- {
- log("Failed to parse delegated credentials string '%s'",
- creds_env);
- }
- }
- else
- {
- log("Failed to export delegated credentials (error %d)",
- major_status);
+ int i = 0;
+ int equal = 0;
+ gss_name_t new_name = GSS_C_NO_NAME;
+ gss_buffer_desc ename = GSS_C_EMPTY_BUFFER;
+
+ if (options.gss_store_rekey && client->used && ctx->client_creds) {
+ if (client->mech->oid.length != ctx->oid->length ||
+ (memcmp(client->mech->oid.elements,
+ ctx->oid->elements, ctx->oid->length) !=0)) {
+ debug("Rekeyed credentials have different mechanism");
+ return GSS_S_COMPLETE;