[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: gss_inquire_sec_context_by_oid
Not sure if I ever committed this to the mechglue branch.
OM_uint32
gss_krb5_get_subkey(const gss_ctx_id_t context_handle,
krb5_keyblock **key)
{
OM_uint32 ret;
gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
OM_uint32 minor;
ret = gss_inquire_sec_context_by_oid(&minor,
context_handle,
GSS_KRB5_GET_SUBKEY_X,
&data_set);
if (ret) {
return ret;
}
if (data_set == GSS_C_NO_BUFFER_SET ||
data_set->count != 1) {
gss_release_buffer_set(&minor, &data_set);
return GSS_S_FAILURE;
}
assert(sizeof(*key) == data_set->elements[0].length);
memcpy(key, data_set->elements[0].value, data_set->elements[0].length);
gss_release_buffer_set(&minor, &data_set);
return GSS_S_COMPLETE;
}
http://www.padl.com/~lukeh/copy_ccache.c
http://www.padl.com/~lukeh/external.c
http://www.padl.com/~lukeh/inquire_context_by_oid.c
Let me know if there is anything else you need.
-- Luke
>From: Michael B Allen <mba2000@ioplex.com>
>Subject: gss_inquire_sec_context_by_oid
>To: heimdal-discuss@sics.se
>Date: Thu, 2 Mar 2006 22:34:34 -0500
>
>Is there a standard way to extract more mechanism specific information
>like the subkey or authorization-data?
>
>I noticed mechglue exports a gss_inquire_sec_context_by_oid function. This
>appears to be an extension dreamt up by globus? Theres also a function
>that uses it to get what appears to be the AD but unfortunately there
>is no actual implementation of it in Heimdal.
>
>So I was thinking of implementing gss_inquire_sec_context_by_oid to get
>the AD and subkey. Does this sound like a good idea?
>
>Any direction would be appreciated (e.g. what OID to use for the subkey).
>
>Thanks,
>Mike
--