The gss_add_cred() function adds a credential-element to a credential. The credential-element is identified by the name of the principal to which it refers. This routine is not intended as a function to login to the network; a function for login to the network would involve
creating new mechanism-specific authentication data rather than merely acquiring a handle to existing data.
If the value of desired_name is GSS_C_NO_NAME, the call is interpreted as a request to add a credential element that will invoke default behavior when passed to gss_init_sec_context(3GSS) (if the value of cred_usage is GSS_C_INITIATE or GSS_C_BOTH) or gss_accept_sec_context(3GSS) (if the value of cred_usage is GSS_C_ACCEPT or GSS_C_BOTH).
The gss_add_cred() function is expected to be used primarily by context acceptors, since the GSS-API provides mechanism-specific ways to obtain GSS-API initiator credentials through the system login process. Consequently, the GSS-API therefore does not support acquiring GSS_C_INITIATE or GSS_C_BOTH credentials by means of gss_acquire_cred(3GSS) for any name other
than GSS_C_NO_NAME, or from name produced by gss_inquire_cred(3GSS) applied to a valid credential or gss_inquire_context(3GSS) applied to an active context.
If credential acquisition is time-consuming for a mechanism, the mechanism may choose to delay the actual acquisition until the credential is required, for example, by gss_init_sec_context(3GSS) or by gss_accept_sec_context(3GSS). Such mechanism-specific implementation decisions are, however, invisible to the calling application; thus a call
to gss_inquire_cred(3GSS) immediately following the call of gss_add_cred() will return valid credential data as well as incur the overhead of deferred credential
acquisition.
The gss_add_cred() routine can be used either to compose a new credential that contains all credential-elements of the original in addition to the newly-acquired credential-element, or to add the new credential-element to an existing credential. If the value of the output_cred_handle parameter argument is NULL, the new credential-element will be added to the credential identified by input_cred_handle; if a valid pointer is specified for the output_cred_handle parameter,
a new credential handle will be created.
If the value of input_cred_handle is GSS_C_NO_CREDENTIAL, gss_add_cred() will compose a credential and set the output_cred_handle parameter based on the default behavior. That is, the call will have the same effect
as if the application had first made a call to gss_acquire_cred(3GSS) specifying the same usage and passing GSS_C_NO_NAME as the desired_name
parameter to obtain an explicit credential handle that incorporates the default behaviors, then passed this credential handle to gss_add_cred(), and finally called gss_release_cred(3GSS) on the first credential handle.
If the value of the input_cred_handle parameter is GSS_C_NO_CREDENTIAL, you must supply a non-NULL value for the output_cred_handle parameter.
|