From 1451b65fec69ff35e029b4770dcb4927ba57060a Mon Sep 17 00:00:00 2001

From: Robbie Harwood <rharwood@redhat.com>

Date: Fri, 17 Nov 2017 13:53:37 -0500

Subject: [PATCH] Separate cred and ccache manipulation in

 gpp_store_remote_creds()

Signed-off-by: Robbie Harwood <rharwood@redhat.com>

Reviewed-by: Simo Sorce <simo@redhat.com>

(cherry picked from commit 221b553bfb4082085d05b40da9a04c1f7e4af533)

---

 proxy/src/mechglue/gpp_creds.c | 62 +++++++++++++++++++++-------------

 1 file changed, 39 insertions(+), 23 deletions(-)

diff --git a/proxy/src/mechglue/gpp_creds.c b/proxy/src/mechglue/gpp_creds.c

index 6bdff45..3ebd726 100644

--- a/proxy/src/mechglue/gpp_creds.c

+++ b/proxy/src/mechglue/gpp_creds.c

@@ -136,6 +136,40 @@ bool gpp_creds_are_equal(gssx_cred *a, gssx_cred *b)

     return true;

 }

+static krb5_error_code gpp_construct_cred(gssx_cred *creds, krb5_context ctx,

+                                          krb5_creds *cred, char *cred_name)

+{

+    XDR xdrctx;

+    bool xdrok;

+    krb5_error_code ret = 0;

+

+    memset(cred, 0, sizeof(*cred));

+

+    memcpy(cred_name, creds->desired_name.display_name.octet_string_val,

+           creds->desired_name.display_name.octet_string_len);

+    cred_name[creds->desired_name.display_name.octet_string_len] = '\0';

+

+    ret = krb5_parse_name(ctx, cred_name, &cred->client);

+    if (ret) {

+        return ret;

+    }

+

+    ret = krb5_parse_name(ctx, GPKRB_SRV_NAME, &cred->server);

+    if (ret) {

+        return ret;

+    }

+

+    cred->ticket.data = malloc(GPKRB_MAX_CRED_SIZE);

+    xdrmem_create(&xdrctx, cred->ticket.data, GPKRB_MAX_CRED_SIZE,

+                  XDR_ENCODE);

+    xdrok = xdr_gssx_cred(&xdrctx, creds);

+    if (!xdrok) {

+        return ENOSPC;

+    }

+    cred->ticket.length = xdr_getpos(&xdrctx);

+    return 0;

+}

+

 uint32_t gpp_store_remote_creds(uint32_t *min, bool default_creds,

                                 gss_const_key_value_set_t cred_store,

                                 gssx_cred *creds)

@@ -145,17 +179,18 @@ uint32_t gpp_store_remote_creds(uint32_t *min, bool default_creds,

     krb5_creds cred;

     krb5_error_code ret;

     char cred_name[creds->desired_name.display_name.octet_string_len + 1];

-    XDR xdrctx;

-    bool xdrok;

     const char *cc_type;

     *min = 0;

-    memset(&cred, 0, sizeof(cred));

-

     ret = krb5_init_context(&ctx;;

     if (ret) return ret;

+    ret = gpp_construct_cred(creds, ctx, &cred, cred_name);

+    if (ret) {

+        goto done;

+    }

+

     if (cred_store) {

         for (unsigned i = 0; i < cred_store->count; i++) {

             if (strcmp(cred_store->elements[i].key, "ccache") == 0) {

@@ -175,25 +210,6 @@ uint32_t gpp_store_remote_creds(uint32_t *min, bool default_creds,

         if (ret) goto done;

     }

-    memcpy(cred_name, creds->desired_name.display_name.octet_string_val,

-           creds->desired_name.display_name.octet_string_len);

-    cred_name[creds->desired_name.display_name.octet_string_len] = '\0';

-

-    ret = krb5_parse_name(ctx, cred_name, &cred.client);

-    if (ret) goto done;

-

-    ret = krb5_parse_name(ctx, GPKRB_SRV_NAME, &cred.server);

-    if (ret) goto done;

-

-    cred.ticket.data = malloc(GPKRB_MAX_CRED_SIZE);

-    xdrmem_create(&xdrctx, cred.ticket.data, GPKRB_MAX_CRED_SIZE, XDR_ENCODE);

-    xdrok = xdr_gssx_cred(&xdrctx, creds);

-    if (!xdrok) {

-        ret = ENOSPC;

-        goto done;

-    }

-    cred.ticket.length = xdr_getpos(&xdrctx);

-

     cc_type = krb5_cc_get_type(ctx, ccache);

     if (strcmp(cc_type, "FILE") == 0) {

         /* FILE ccaches don't handle updates properly: if they have the same