extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_sanon_x25519_mechanism_oid_desc;
#define GSS_SANON_X25519_MECHANISM (&__gss_sanon_x25519_mechanism_oid_desc)
+/*
+ * From Samba
+ */
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_cred_skip_transit_check_x_oid_desc;
+#define GSS_KRB5_CRED_SKIP_TRANSIT_CHECK_X (&__gss_krb5_cred_skip_transit_check_x_oid_desc)
+
/*
* OID mappings with name and short description and and slightly longer description
*/
krb5_rd_req_in_ctx in = NULL;
krb5_rd_req_out_ctx out = NULL;
krb5_principal server = NULL;
+ krb5_flags verify_ap_req_flags = 0;
- if (acceptor_cred)
+ if (acceptor_cred) {
server = acceptor_cred->principal;
+ if (acceptor_cred->cred_flags & GSS_CF_SKIP_TRANSIT_CHECK) {
+ verify_ap_req_flags |= KRB5_VERIFY_AP_REQ_SKIP_TRANSITED_CHECK;
+ }
+ }
+
kret = krb5_rd_req_in_ctx_alloc(context, &in);
if (kret == 0)
kret = krb5_rd_req_in_set_keytab(context, in, keytab);
+ if (kret == 0)
+ kret = krb5_rd_req_in_set_verify_ap_req_flags(context, in,
+ verify_ap_req_flags);
if (kret) {
if (in)
krb5_rd_req_in_ctx_free(context, in);
int cred_flags;
#define GSS_CF_DESTROY_CRED_ON_RELEASE 1
#define GSS_CF_NO_CI_FLAGS 2
+#define GSS_CF_SKIP_TRANSIT_CHECK 4
struct krb5_keytab_data *keytab;
time_t endtime;
gss_cred_usage_t usage;
}
+static OM_uint32
+skip_transit_check(OM_uint32 *minor_status,
+ krb5_context context,
+ gss_cred_id_t *cred_handle,
+ const gss_buffer_t value)
+{
+ gsskrb5_cred cred;
+
+ if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL) {
+ *minor_status = 0;
+ return GSS_S_FAILURE;
+ }
+
+ cred = (gsskrb5_cred)*cred_handle;
+ cred->cred_flags |= GSS_CF_SKIP_TRANSIT_CHECK;
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
+
OM_uint32 GSSAPI_CALLCONV
_gsskrb5_set_cred_option
(OM_uint32 *minor_status,
return no_ci_flags(minor_status, context, cred_handle, value);
}
+ if (gss_oid_equal(desired_object, GSS_KRB5_CRED_SKIP_TRANSIT_CHECK_X)) {
+ return skip_transit_check(minor_status, context, cred_handle, value);
+ }
*minor_status = EINVAL;
return GSS_S_FAILURE;
/* GSS_SANON_X25519_MECHANISM - 1.3.6.1.4.1.5322.26.1.110 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_sanon_x25519_mechanism_oid_desc = { 10, rk_UNCONST("\x2b\x06\x01\x04\x01\xa9\x4a\x1a\x01\x6e") };
+/* GSS_KRB5_CRED_SKIP_TRANSIT_CHECK_X - 1.3.6.1.4.1.7165.4.7.1 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_cred_skip_transit_check_x_oid_desc = { 10, rk_UNCONST("\x2b\x06\x01\x04\x01\xb7\x7d\x04\x07\x01") };
+
/* GSS_C_MA_MECH_CONCRETE - 1.3.6.1.5.5.13.1 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_concrete_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x01") };
__gss_c_ntlm_session_key_oid_desc;
__gss_c_ntlm_force_v1_oid_desc;
__gss_krb5_cred_no_ci_flags_x_oid_desc;
+ __gss_krb5_cred_skip_transit_check_x_oid_desc;
__gss_krb5_import_cred_x_oid_desc;
__gss_c_ma_sasl_mech_name_oid_desc;
__gss_c_ma_mech_name_oid_desc;