in src/kerberosgss.c [580:636]
int authenticate_gss_server_init(const char *service, gss_server_state *state)
{
OM_uint32 maj_stat;
OM_uint32 min_stat;
gss_buffer_desc name_token = GSS_C_EMPTY_BUFFER;
int ret = AUTH_GSS_COMPLETE;
state->context = GSS_C_NO_CONTEXT;
state->server_name = GSS_C_NO_NAME;
state->client_name = GSS_C_NO_NAME;
state->server_creds = GSS_C_NO_CREDENTIAL;
state->client_creds = GSS_C_NO_CREDENTIAL;
state->username = NULL;
state->targetname = NULL;
state->response = NULL;
state->ccname = NULL;
int cred_usage = GSS_C_ACCEPT;
// Server name may be empty which means we aren't going to create our own creds
size_t service_len = strlen(service);
if (service_len != 0) {
// Import server name first
if (strcmp(service, "DELEGATE") == 0) {
cred_usage = GSS_C_BOTH;
}
else {
name_token.length = strlen(service);
name_token.value = (char *)service;
maj_stat = gss_import_name(
&min_stat, &name_token, GSS_C_NT_HOSTBASED_SERVICE,
&state->server_name
);
if (GSS_ERROR(maj_stat)) {
set_gss_error(maj_stat, min_stat);
ret = AUTH_GSS_ERROR;
goto end;
}
}
// Get credentials
maj_stat = gss_acquire_cred(
&min_stat, state->server_name, GSS_C_INDEFINITE, GSS_C_NO_OID_SET,
cred_usage, &state->server_creds, NULL, NULL
);
if (GSS_ERROR(maj_stat)) {
set_gss_error(maj_stat, min_stat);
ret = AUTH_GSS_ERROR;
goto end;
}
}
end:
return ret;
}