in src/kerberosgss.c [863:938]
int authenticate_gss_server_store_delegate(gss_server_state *state)
{
gss_cred_id_t delegated_cred = state->client_creds;
char *princ_name = state->username;
OM_uint32 maj_stat, min_stat;
krb5_principal princ = NULL;
krb5_ccache ccache = NULL;
krb5_error_code problem;
krb5_context context;
int ret = 500;
if (delegated_cred == GSS_C_NO_CREDENTIAL){
PyErr_SetObject(
KrbException_class,
Py_BuildValue("(s)", "Ticket is not delegatable")
);
return AUTH_GSS_ERROR;
}
problem = krb5_init_context(&context);
if (problem) {
PyErr_SetObject(
KrbException_class,
Py_BuildValue("(s)", "Cannot initialize krb5 context")
);
return AUTH_GSS_ERROR;
}
problem = krb5_parse_name(context, princ_name, &princ);
if (problem) {
PyErr_SetObject(
KrbException_class,
Py_BuildValue(
"(s:s)", "Cannot parse delegated username",
krb5_get_err_text(context, problem)
)
);
ret = AUTH_GSS_ERROR;
goto end;
}
problem = create_krb5_ccache(state, context, princ, &ccache);
if (problem) {
PyErr_SetObject(
KrbException_class,
Py_BuildValue(
"(s:s)", "Error in creating krb5 cache",
krb5_get_err_text(context, problem)
)
);
ret = AUTH_GSS_ERROR;
goto end;
}
maj_stat = gss_krb5_copy_ccache(&min_stat, delegated_cred, ccache);
if (GSS_ERROR(maj_stat)) {
set_gss_error(maj_stat, min_stat);
ret = AUTH_GSS_ERROR;
goto end;
}
krb5_cc_close(context, ccache);
ccache = NULL;
ret = 0;
end:
if (princ) {
krb5_free_principal(context, princ);
}
if (ccache) {
krb5_cc_destroy(context, ccache);
}
krb5_free_context(context);
return ret;
}