X-Git-Url: http://andersk.mit.edu/gitweb/gssapi-openssh.git/blobdiff_plain/0b90ac9305f607f2e88da800bd56520fd0228d71..99a781071582d870e3aa172c8f3564914b0eeb75:/openssh/gss-serv-krb5.c

diff --git a/openssh/gss-serv-krb5.c b/openssh/gss-serv-krb5.c
index bea0eae..dbf866c 100644
--- a/openssh/gss-serv-krb5.c
+++ b/openssh/gss-serv-krb5.c
@@ -1,7 +1,7 @@
 /* $OpenBSD: gss-serv-krb5.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */
 
 /*
- * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
+ * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -61,6 +61,8 @@ static int ssh_gssapi_krb5_init();
 static int ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *name);
 static int ssh_gssapi_krb5_localname(ssh_gssapi_client *client, char **user);
 static void ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client);
+static int ssh_gssapi_krb5_updatecreds(ssh_gssapi_ccache *store,
+                                       ssh_gssapi_client *client);
 
 ssh_gssapi_mech gssapi_kerberos_mech = {
 	"toWM5Slw5Ew8Mqkay+al2g==",
@@ -69,7 +71,8 @@ ssh_gssapi_mech gssapi_kerberos_mech = {
 	NULL,
 	&ssh_gssapi_krb5_userok,
 	&ssh_gssapi_krb5_localname,
-	&ssh_gssapi_krb5_storecreds
+	&ssh_gssapi_krb5_storecreds,
+	&ssh_gssapi_krb5_updatecreds
 };
 
 /* Initialise the krb5 library, for the stuff that GSSAPI won't do */
@@ -242,6 +245,71 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
 	return;
 }
 
+static int
+ssh_gssapi_krb5_updatecreds(ssh_gssapi_ccache *store, 
+    ssh_gssapi_client *client)
+{
+	krb5_ccache ccache = NULL;
+	krb5_principal principal = NULL;
+	char *name = NULL;
+	krb5_error_code problem;
+	OM_uint32 maj_status, min_status;
+
+   	if ((problem = krb5_cc_resolve(krb_context, store->envval, &ccache))) {
+                logit("krb5_cc_resolve(): %.100s",
+                    krb5_get_err_text(krb_context, problem));
+                return 0;
+       	}
+	
+	/* Find out who the principal in this cache is */
+	if ((problem = krb5_cc_get_principal(krb_context, ccache, 
+	    &principal))) {
+		logit("krb5_cc_get_principal(): %.100s",
+		    krb5_get_err_text(krb_context, problem));
+		krb5_cc_close(krb_context, ccache);
+		return 0;
+	}
+
+	if ((problem = krb5_unparse_name(krb_context, principal, &name))) {
+		logit("krb5_unparse_name(): %.100s",
+		    krb5_get_err_text(krb_context, problem));
+		krb5_free_principal(krb_context, principal);
+		krb5_cc_close(krb_context, ccache);
+		return 0;
+	}
+
+
+	if (strcmp(name,client->exportedname.value)!=0) {
+		debug("Name in local credentials cache differs. Not storing");
+		krb5_free_principal(krb_context, principal);
+		krb5_cc_close(krb_context, ccache);
+		krb5_free_unparsed_name(krb_context, name);
+		return 0;
+	}
+	krb5_free_unparsed_name(krb_context, name);
+
+	/* Name matches, so lets get on with it! */
+
+	if ((problem = krb5_cc_initialize(krb_context, ccache, principal))) {
+		logit("krb5_cc_initialize(): %.100s",
+		    krb5_get_err_text(krb_context, problem));
+		krb5_free_principal(krb_context, principal);
+		krb5_cc_close(krb_context, ccache);
+		return 0;
+	}
+
+	krb5_free_principal(krb_context, principal);
+
+	if ((maj_status = gss_krb5_copy_ccache(&min_status, client->creds,
+	    ccache))) {
+		logit("gss_krb5_copy_ccache() failed. Sorry!");
+		krb5_cc_close(krb_context, ccache);
+		return 0;
+	}
+
+	return 1;
+}
+
 #endif /* KRB5 */
 
 #endif /* GSSAPI */