You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
107 lines
3.6 KiB
107 lines
3.6 KiB
From dfddf297c5876d9a5764a83aa7d436b8df020af9 Mon Sep 17 00:00:00 2001 |
|
From: Robbie Harwood <rharwood@redhat.com> |
|
Date: Fri, 17 Nov 2017 13:53:37 -0500 |
|
Subject: [PATCH] Separate cred and ccache manipulation in |
|
gpp_store_remote_creds() |
|
|
|
Signed-off-by: Robbie Harwood <rharwood@redhat.com> |
|
Reviewed-by: Simo Sorce <simo@redhat.com> |
|
(cherry picked from commit 221b553bfb4082085d05b40da9a04c1f7e4af533) |
|
--- |
|
proxy/src/mechglue/gpp_creds.c | 62 ++++++++++++++++++++++++++---------------- |
|
1 file changed, 39 insertions(+), 23 deletions(-) |
|
|
|
diff --git a/proxy/src/mechglue/gpp_creds.c b/proxy/src/mechglue/gpp_creds.c |
|
index 6bdff45..3ebd726 100644 |
|
--- a/proxy/src/mechglue/gpp_creds.c |
|
+++ b/proxy/src/mechglue/gpp_creds.c |
|
@@ -136,6 +136,40 @@ bool gpp_creds_are_equal(gssx_cred *a, gssx_cred *b) |
|
return true; |
|
} |
|
|
|
+static krb5_error_code gpp_construct_cred(gssx_cred *creds, krb5_context ctx, |
|
+ krb5_creds *cred, char *cred_name) |
|
+{ |
|
+ XDR xdrctx; |
|
+ bool xdrok; |
|
+ krb5_error_code ret = 0; |
|
+ |
|
+ memset(cred, 0, sizeof(*cred)); |
|
+ |
|
+ memcpy(cred_name, creds->desired_name.display_name.octet_string_val, |
|
+ creds->desired_name.display_name.octet_string_len); |
|
+ cred_name[creds->desired_name.display_name.octet_string_len] = '\0'; |
|
+ |
|
+ ret = krb5_parse_name(ctx, cred_name, &cred->client); |
|
+ if (ret) { |
|
+ return ret; |
|
+ } |
|
+ |
|
+ ret = krb5_parse_name(ctx, GPKRB_SRV_NAME, &cred->server); |
|
+ if (ret) { |
|
+ return ret; |
|
+ } |
|
+ |
|
+ cred->ticket.data = malloc(GPKRB_MAX_CRED_SIZE); |
|
+ xdrmem_create(&xdrctx, cred->ticket.data, GPKRB_MAX_CRED_SIZE, |
|
+ XDR_ENCODE); |
|
+ xdrok = xdr_gssx_cred(&xdrctx, creds); |
|
+ if (!xdrok) { |
|
+ return ENOSPC; |
|
+ } |
|
+ cred->ticket.length = xdr_getpos(&xdrctx); |
|
+ return 0; |
|
+} |
|
+ |
|
uint32_t gpp_store_remote_creds(uint32_t *min, bool default_creds, |
|
gss_const_key_value_set_t cred_store, |
|
gssx_cred *creds) |
|
@@ -145,17 +179,18 @@ uint32_t gpp_store_remote_creds(uint32_t *min, bool default_creds, |
|
krb5_creds cred; |
|
krb5_error_code ret; |
|
char cred_name[creds->desired_name.display_name.octet_string_len + 1]; |
|
- XDR xdrctx; |
|
- bool xdrok; |
|
const char *cc_type; |
|
|
|
*min = 0; |
|
|
|
- memset(&cred, 0, sizeof(cred)); |
|
- |
|
ret = krb5_init_context(&ctx); |
|
if (ret) return ret; |
|
|
|
+ ret = gpp_construct_cred(creds, ctx, &cred, cred_name); |
|
+ if (ret) { |
|
+ goto done; |
|
+ } |
|
+ |
|
if (cred_store) { |
|
for (unsigned i = 0; i < cred_store->count; i++) { |
|
if (strcmp(cred_store->elements[i].key, "ccache") == 0) { |
|
@@ -175,25 +210,6 @@ uint32_t gpp_store_remote_creds(uint32_t *min, bool default_creds, |
|
if (ret) goto done; |
|
} |
|
|
|
- memcpy(cred_name, creds->desired_name.display_name.octet_string_val, |
|
- creds->desired_name.display_name.octet_string_len); |
|
- cred_name[creds->desired_name.display_name.octet_string_len] = '\0'; |
|
- |
|
- ret = krb5_parse_name(ctx, cred_name, &cred.client); |
|
- if (ret) goto done; |
|
- |
|
- ret = krb5_parse_name(ctx, GPKRB_SRV_NAME, &cred.server); |
|
- if (ret) goto done; |
|
- |
|
- cred.ticket.data = malloc(GPKRB_MAX_CRED_SIZE); |
|
- xdrmem_create(&xdrctx, cred.ticket.data, GPKRB_MAX_CRED_SIZE, XDR_ENCODE); |
|
- xdrok = xdr_gssx_cred(&xdrctx, creds); |
|
- if (!xdrok) { |
|
- ret = ENOSPC; |
|
- goto done; |
|
- } |
|
- cred.ticket.length = xdr_getpos(&xdrctx); |
|
- |
|
cc_type = krb5_cc_get_type(ctx, ccache); |
|
if (strcmp(cc_type, "FILE") == 0) { |
|
/* FILE ccaches don't handle updates properly: if they have the same
|
|
|