How to get client user name using established GSS API context

Question

I'm implementing Windows -> Linux transparent authentication using Kerberos. On Windows side I use SSPI. And I successfully establish context between Windows client and Windows server, retrieving client's user name like that:

SecPkgContext_Names extraData;
res = QueryContextAttributes(&context, SECPKG_ATTR_NAMES, &extraData);

Now it's time to do the same, but on Linux box. I use gss_accept_sec_context and it returns GSS_S_COMPLETE, and variable with type gss_ctx_id_t gets filled. But I struggle to get client name. I excepted that it can be done using gss_inquire_sec_context_by_oid, however, I can't find what to pass as

const gss_OID /*desired_object*/

Could anyone give me the direction?

Answer 1

Okay, I've finally found the solution. It was always on the surface - silly me.

static gss_OID_desc mechDescKERBEROS = { 9, (void*)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" };
static gss_OID      mechKERBEROS = &mechDescKERBEROS;

gss_ctx_id_t        serverContext = GSS_C_NO_CONTEXT;

// Establish context....

// Now we have established context. All lines below are for getting source user name in form of username@DOMAIN.COM (I got it capitalized, yes)
gss_name_t  srcName = NULL;
gss_name_t  targetName = NULL;
OM_uint32   lifetime;
OM_uint32   ctxFlags = 0;
int         locallyInitiated = 0;
int         open = 0;
maj_stat = gss_inquire_context(&min_stat, serverContext, &srcName, &targetName, &lifetime, &mechKERBEROS, &ctxFlags, &locallyInitiated, &open);
if (maj_stat == GSS_S_COMPLETE)
{
    gss_buffer_desc buff = GSS_C_EMPTY_BUFFER;
    maj_stat = gss_display_name(&min_stat, srcName, &buff, &GSS_C_NT_USER_NAME);
    if (maj_stat == GSS_S_COMPLETE)
    {
        std::string tmp((char*)buff.value);
        // tmp now contains our name
        // Release buffer
        maj_stat = gss_release_buffer(&min_stat, &buff);
    }

    // Release names
    if (srcName != NULL)
        maj_stat = gss_release_name(&min_stat, &srcName);
    if (targetName != NULL)
        maj_stat = gss_release_name(&min_stat, &targetName);
}