HEIMDAL:lib/gssapi/krb5: add GSS_KRB5_CRED_SKIP_TRANSIT_CHECK_X

[metze/samba/wip.git] / third_party / heimdal / lib / gssapi / krb5 / set_cred_option.c

diff --git a/third_party/heimdal/lib/gssapi/krb5/set_cred_option.c b/third_party/heimdal/lib/gssapi/krb5/set_cred_option.c
index ef177a0ef473155ebc100f52a1ac9cc658d88eaa..77cb6de8a65224af1774fc16835dcaccf991c506 100644 (file)
--- a/third_party/heimdal/lib/gssapi/krb5/set_cred_option.c
+++ b/third_party/heimdal/lib/gssapi/krb5/set_cred_option.c
@@ -217,6 +217,26 @@ no_ci_flags(OM_uint32 *minor_status,
 }
 
 
+static OM_uint32
+skip_transit_check(OM_uint32 *minor_status,
+                  krb5_context context,
+                  gss_cred_id_t *cred_handle,
+                  const gss_buffer_t value)
+{
+    gsskrb5_cred cred;
+
+    if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL) {
+       *minor_status = 0;
+       return GSS_S_FAILURE;
+    }
+
+    cred = (gsskrb5_cred)*cred_handle;
+    cred->cred_flags |= GSS_CF_SKIP_TRANSIT_CHECK;
+
+    *minor_status = 0;
+    return GSS_S_COMPLETE;
+}
+
 OM_uint32 GSSAPI_CALLCONV
 _gsskrb5_set_cred_option
            (OM_uint32 *minor_status,
@@ -243,6 +263,9 @@ _gsskrb5_set_cred_option
        return no_ci_flags(minor_status, context, cred_handle, value);
     }
 
+    if (gss_oid_equal(desired_object, GSS_KRB5_CRED_SKIP_TRANSIT_CHECK_X)) {
+       return skip_transit_check(minor_status, context, cred_handle, value);
+    }
 
     *minor_status = EINVAL;
     return GSS_S_FAILURE;