Blame SOURCES/Separate-cred-and-ccache-manipulation-in-gpp_store_r.patch

68bf20
From 1451b65fec69ff35e029b4770dcb4927ba57060a Mon Sep 17 00:00:00 2001
1f3433
From: Robbie Harwood <rharwood@redhat.com>
1f3433
Date: Fri, 17 Nov 2017 13:53:37 -0500
1f3433
Subject: [PATCH] Separate cred and ccache manipulation in
1f3433
 gpp_store_remote_creds()
1f3433
1f3433
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
1f3433
Reviewed-by: Simo Sorce <simo@redhat.com>
1f3433
(cherry picked from commit 221b553bfb4082085d05b40da9a04c1f7e4af533)
1f3433
---
68bf20
 proxy/src/mechglue/gpp_creds.c | 62 +++++++++++++++++++++-------------
1f3433
 1 file changed, 39 insertions(+), 23 deletions(-)
1f3433
1f3433
diff --git a/proxy/src/mechglue/gpp_creds.c b/proxy/src/mechglue/gpp_creds.c
1f3433
index 6bdff45..3ebd726 100644
1f3433
--- a/proxy/src/mechglue/gpp_creds.c
1f3433
+++ b/proxy/src/mechglue/gpp_creds.c
1f3433
@@ -136,6 +136,40 @@ bool gpp_creds_are_equal(gssx_cred *a, gssx_cred *b)
1f3433
     return true;
1f3433
 }
1f3433
 
1f3433
+static krb5_error_code gpp_construct_cred(gssx_cred *creds, krb5_context ctx,
1f3433
+                                          krb5_creds *cred, char *cred_name)
1f3433
+{
1f3433
+    XDR xdrctx;
1f3433
+    bool xdrok;
1f3433
+    krb5_error_code ret = 0;
1f3433
+
1f3433
+    memset(cred, 0, sizeof(*cred));
1f3433
+
1f3433
+    memcpy(cred_name, creds->desired_name.display_name.octet_string_val,
1f3433
+           creds->desired_name.display_name.octet_string_len);
1f3433
+    cred_name[creds->desired_name.display_name.octet_string_len] = '\0';
1f3433
+
1f3433
+    ret = krb5_parse_name(ctx, cred_name, &cred->client);
1f3433
+    if (ret) {
1f3433
+        return ret;
1f3433
+    }
1f3433
+
1f3433
+    ret = krb5_parse_name(ctx, GPKRB_SRV_NAME, &cred->server);
1f3433
+    if (ret) {
1f3433
+        return ret;
1f3433
+    }
1f3433
+
1f3433
+    cred->ticket.data = malloc(GPKRB_MAX_CRED_SIZE);
1f3433
+    xdrmem_create(&xdrctx, cred->ticket.data, GPKRB_MAX_CRED_SIZE,
1f3433
+                  XDR_ENCODE);
1f3433
+    xdrok = xdr_gssx_cred(&xdrctx, creds);
1f3433
+    if (!xdrok) {
1f3433
+        return ENOSPC;
1f3433
+    }
1f3433
+    cred->ticket.length = xdr_getpos(&xdrctx);
1f3433
+    return 0;
1f3433
+}
1f3433
+
1f3433
 uint32_t gpp_store_remote_creds(uint32_t *min, bool default_creds,
1f3433
                                 gss_const_key_value_set_t cred_store,
1f3433
                                 gssx_cred *creds)
1f3433
@@ -145,17 +179,18 @@ uint32_t gpp_store_remote_creds(uint32_t *min, bool default_creds,
1f3433
     krb5_creds cred;
1f3433
     krb5_error_code ret;
1f3433
     char cred_name[creds->desired_name.display_name.octet_string_len + 1];
1f3433
-    XDR xdrctx;
1f3433
-    bool xdrok;
1f3433
     const char *cc_type;
1f3433
 
1f3433
     *min = 0;
1f3433
 
1f3433
-    memset(&cred, 0, sizeof(cred));
1f3433
-
1f3433
     ret = krb5_init_context(&ctx;;
1f3433
     if (ret) return ret;
1f3433
 
1f3433
+    ret = gpp_construct_cred(creds, ctx, &cred, cred_name);
1f3433
+    if (ret) {
1f3433
+        goto done;
1f3433
+    }
1f3433
+
1f3433
     if (cred_store) {
1f3433
         for (unsigned i = 0; i < cred_store->count; i++) {
1f3433
             if (strcmp(cred_store->elements[i].key, "ccache") == 0) {
1f3433
@@ -175,25 +210,6 @@ uint32_t gpp_store_remote_creds(uint32_t *min, bool default_creds,
1f3433
         if (ret) goto done;
1f3433
     }
1f3433
 
1f3433
-    memcpy(cred_name, creds->desired_name.display_name.octet_string_val,
1f3433
-           creds->desired_name.display_name.octet_string_len);
1f3433
-    cred_name[creds->desired_name.display_name.octet_string_len] = '\0';
1f3433
-
1f3433
-    ret = krb5_parse_name(ctx, cred_name, &cred.client);
1f3433
-    if (ret) goto done;
1f3433
-
1f3433
-    ret = krb5_parse_name(ctx, GPKRB_SRV_NAME, &cred.server);
1f3433
-    if (ret) goto done;
1f3433
-
1f3433
-    cred.ticket.data = malloc(GPKRB_MAX_CRED_SIZE);
1f3433
-    xdrmem_create(&xdrctx, cred.ticket.data, GPKRB_MAX_CRED_SIZE, XDR_ENCODE);
1f3433
-    xdrok = xdr_gssx_cred(&xdrctx, creds);
1f3433
-    if (!xdrok) {
1f3433
-        ret = ENOSPC;
1f3433
-        goto done;
1f3433
-    }
1f3433
-    cred.ticket.length = xdr_getpos(&xdrctx);
1f3433
-
1f3433
     cc_type = krb5_cc_get_type(ctx, ccache);
1f3433
     if (strcmp(cc_type, "FILE") == 0) {
1f3433
         /* FILE ccaches don't handle updates properly: if they have the same