in src/kerberosgss.c [129:200]
int authenticate_gss_client_init(
const char* service, const char* principal, long int gss_flags,
gss_server_state* delegatestate, gss_OID mech_oid, gss_client_state* state
)
{
OM_uint32 maj_stat;
OM_uint32 min_stat;
gss_buffer_desc name_token = GSS_C_EMPTY_BUFFER;
gss_buffer_desc principal_token = GSS_C_EMPTY_BUFFER;
int ret = AUTH_GSS_COMPLETE;
state->server_name = GSS_C_NO_NAME;
state->mech_oid = mech_oid;
state->context = GSS_C_NO_CONTEXT;
state->gss_flags = gss_flags;
state->client_creds = GSS_C_NO_CREDENTIAL;
state->username = NULL;
state->response = NULL;
// Import server name first
name_token.length = strlen(service);
name_token.value = (char *)service;
maj_stat = gss_import_name(
&min_stat, &name_token, gss_krb5_nt_service_name, &state->server_name
);
if (GSS_ERROR(maj_stat)) {
set_gss_error(maj_stat, min_stat);
ret = AUTH_GSS_ERROR;
goto end;
}
// Use the delegate credentials if they exist
if (delegatestate && delegatestate->client_creds != GSS_C_NO_CREDENTIAL) {
state->client_creds = delegatestate->client_creds;
}
// If available use the principal to extract its associated credentials
else if (principal && *principal) {
gss_name_t name;
principal_token.length = strlen(principal);
principal_token.value = (char *)principal;
maj_stat = gss_import_name(
&min_stat, &principal_token, GSS_C_NT_USER_NAME, &name
);
if (GSS_ERROR(maj_stat)) {
set_gss_error(maj_stat, min_stat);
ret = AUTH_GSS_ERROR;
goto end;
}
maj_stat = gss_acquire_cred(
&min_stat, name, GSS_C_INDEFINITE, GSS_C_NO_OID_SET,
GSS_C_INITIATE, &state->client_creds, NULL, NULL
);
if (GSS_ERROR(maj_stat)) {
set_gss_error(maj_stat, min_stat);
ret = AUTH_GSS_ERROR;
goto end;
}
maj_stat = gss_release_name(&min_stat, &name);
if (GSS_ERROR(maj_stat)) {
set_gss_error(maj_stat, min_stat);
ret = AUTH_GSS_ERROR;
goto end;
}
}
end:
return ret;
}