Index: include/saslplug.h =================================================================== RCS file: /cvs/src/sasl/include/saslplug.h,v retrieving revision 1.45 diff -u -r1.45 saslplug.h --- include/saslplug.h 10 Mar 2009 14:10:52 -0000 1.45 +++ include/saslplug.h 11 May 2010 16:42:40 -0000 @@ -253,8 +253,10 @@ sasl_security_properties_t props; sasl_ssf_t external_ssf; /* external SSF active */ + /* GSS credentials */ + void *gss_creds; + /* for additions which don't require a version upgrade; set to 0 */ - void *spare_ptr1; void *spare_ptr2; void *spare_ptr3; void *spare_ptr4; @@ -552,8 +554,10 @@ */ struct propctx *propctx; + /* GSS credentials */ + void *gss_creds; + /* for additions which don't require a version upgrade; set to 0 */ - void *spare_ptr1; void *spare_ptr2; void *spare_ptr3; void *spare_ptr4; Index: lib/common.c =================================================================== RCS file: /cvs/src/sasl/lib/common.c,v retrieving revision 1.124 diff -u -r1.124 common.c --- lib/common.c 20 Feb 2009 23:10:53 -0000 1.124 +++ lib/common.c 11 May 2010 16:42:40 -0000 @@ -1027,6 +1027,14 @@ case SASL_SEC_PROPS: *((const sasl_security_properties_t **)pvalue) = &conn->props; break; + case SASL_GSS_CREDS: + if(conn->type == SASL_CONN_CLIENT) + *(void **)pvalue = + ((sasl_client_conn_t *)conn)->cparams->gss_creds; + else + *(void **)pvalue = + ((sasl_server_conn_t *)conn)->sparams->gss_creds; + break; default: result = SASL_BADPARAM; } @@ -1238,6 +1246,13 @@ } break; + case SASL_GSS_CREDS: + if(conn->type == SASL_CONN_CLIENT) + ((sasl_client_conn_t *)conn)->cparams->gss_creds = value; + else + ((sasl_server_conn_t *)conn)->sparams->gss_creds = value; + break; + default: sasl_seterror(conn, 0, "Unknown parameter type"); result = SASL_BADPARAM; Index: plugins/gssapi.c =================================================================== RCS file: /cvs/src/sasl/plugins/gssapi.c,v retrieving revision 1.109 diff -u -r1.109 gssapi.c --- plugins/gssapi.c 24 Feb 2010 22:41:18 -0000 1.109 +++ plugins/gssapi.c 11 May 2010 16:42:40 -0000 @@ -657,6 +657,7 @@ OM_uint32 max_input; gss_buffer_desc name_token; int ret, out_flags = 0 ; + gss_cred_id_t server_creds = params->gss_creds; input_token = &real_input_token; output_token = &real_output_token; @@ -716,22 +717,26 @@ GSS_UNLOCK_MUTEX(params->utils); text->server_creds = GSS_C_NO_CREDENTIAL; } + + /* If caller didn't provide creds already */ + if ( server_creds == GSS_C_NO_CREDENTIAL) { + GSS_LOCK_MUTEX(params->utils); + maj_stat = gss_acquire_cred(&min_stat, + text->server_name, + GSS_C_INDEFINITE, + GSS_C_NO_OID_SET, + GSS_C_ACCEPT, + &text->server_creds, + NULL, + NULL); + GSS_UNLOCK_MUTEX(params->utils); - GSS_LOCK_MUTEX(params->utils); - maj_stat = gss_acquire_cred(&min_stat, - text->server_name, - GSS_C_INDEFINITE, - GSS_C_NO_OID_SET, - GSS_C_ACCEPT, - &text->server_creds, - NULL, - NULL); - GSS_UNLOCK_MUTEX(params->utils); - - if (GSS_ERROR(maj_stat)) { - sasl_gss_seterror(text->utils, maj_stat, min_stat); - sasl_gss_free_context_contents(text); - return SASL_FAIL; + if (GSS_ERROR(maj_stat)) { + sasl_gss_seterror(text->utils, maj_stat, min_stat); + sasl_gss_free_context_contents(text); + return SASL_FAIL; + } + server_creds = text->server-creds; } } @@ -745,7 +750,7 @@ maj_stat = gss_accept_sec_context(&min_stat, &(text->gss_ctx), - text->server_creds, + server_creds, input_token, GSS_C_NO_CHANNEL_BINDINGS, &text->client_name, @@ -1380,6 +1385,7 @@ output_token->value = NULL; input_token->value = NULL; input_token->length = 0; + gss_cred_id_t client_creds = (gss_cred_id_t)params->gss_creds; *clientout = NULL; *clientoutlen = 0; @@ -1493,7 +1499,7 @@ GSS_LOCK_MUTEX(params->utils); maj_stat = gss_init_sec_context(&min_stat, - GSS_C_NO_CREDENTIAL, + client_creds, /* GSS_C_NO_CREDENTIAL */ &text->gss_ctx, text->server_name, GSS_C_NO_OID,