[PATCH] GSSAPI credentials

Alexey Melnikov alexey.melnikov at isode.com
Tue May 11 07:28:12 EDT 2010 

Howard Chu wrote:

> This patch implements the SASL_GSS_CREDS property, which was defined 
> in sasl.h back in 2005.
>
> http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&searchterm=sasl_gss_creds&msg=7600 
>
>
> Applications need this functionality to make use of Kerberos 
> Services4User features.
>
> http://k5wiki.kerberos.org/wiki/Projects/Services4User
>
> Setting the credential in the SASL client will allow it to use an 
> S4U2Proxy credential, among other things.
>
> Additional patches will still be needed to allow a SASL server to take 
> advantage of this feature, as mentioned in my previous email. But this 
> is a small first step just to get the ball rolling.

Hi Howard,
This looks fine, but let me ask some questions on your patch:

>Index: lib/common.c
>===================================================================
>RCS file: /cvs/src/sasl/lib/common.c,v
>retrieving revision 1.124
>diff -u -r1.124 common.c
>--- lib/common.c	20 Feb 2009 23:10:53 -0000	1.124
>+++ lib/common.c	10 May 2010 08:04:24 -0000
>@@ -1238,6 +1238,13 @@
>       }
>       break;
> 
>+  case SASL_GSS_CREDS:
>+      if(conn->type == SASL_CONN_CLIENT)
>+          ((sasl_client_conn_t *)conn)->cparams->gss_creds = value;
>+      else
>+          ((sasl_server_conn_t *)conn)->sparams->gss_creds = value;
>+      break;
>+
>
What about updating sasl_getprop() to match?

>Index: plugins/gssapi.c
>===================================================================
>RCS file: /cvs/src/sasl/plugins/gssapi.c,v
>retrieving revision 1.109
>diff -u -r1.109 gssapi.c
>--- plugins/gssapi.c	24 Feb 2010 22:41:18 -0000	1.109
>+++ plugins/gssapi.c	10 May 2010 08:04:24 -0000
>@@ -657,6 +657,7 @@
>     OM_uint32 max_input;
>     gss_buffer_desc name_token;
>     int ret, out_flags = 0 ;
>+    gss_cred_id_t server_creds = params->gss_creds;
>
GSS_C_NO_CREDENTIAL is defined as "((gss_cred_id_t) 0)" in RFC 2744, so 
no extra initialization is needed.

Have you compiled this change against both MIT and Heimdal?

More information about the Cyrus-sasl mailing list