|
|
68bf20 |
From 1451b65fec69ff35e029b4770dcb4927ba57060a Mon Sep 17 00:00:00 2001
|
|
|
1f3433 |
From: Robbie Harwood <rharwood@redhat.com>
|
|
|
1f3433 |
Date: Fri, 17 Nov 2017 13:53:37 -0500
|
|
|
1f3433 |
Subject: [PATCH] Separate cred and ccache manipulation in
|
|
|
1f3433 |
gpp_store_remote_creds()
|
|
|
1f3433 |
|
|
|
1f3433 |
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
|
|
|
1f3433 |
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
1f3433 |
(cherry picked from commit 221b553bfb4082085d05b40da9a04c1f7e4af533)
|
|
|
1f3433 |
---
|
|
|
68bf20 |
proxy/src/mechglue/gpp_creds.c | 62 +++++++++++++++++++++-------------
|
|
|
1f3433 |
1 file changed, 39 insertions(+), 23 deletions(-)
|
|
|
1f3433 |
|
|
|
1f3433 |
diff --git a/proxy/src/mechglue/gpp_creds.c b/proxy/src/mechglue/gpp_creds.c
|
|
|
1f3433 |
index 6bdff45..3ebd726 100644
|
|
|
1f3433 |
--- a/proxy/src/mechglue/gpp_creds.c
|
|
|
1f3433 |
+++ b/proxy/src/mechglue/gpp_creds.c
|
|
|
1f3433 |
@@ -136,6 +136,40 @@ bool gpp_creds_are_equal(gssx_cred *a, gssx_cred *b)
|
|
|
1f3433 |
return true;
|
|
|
1f3433 |
}
|
|
|
1f3433 |
|
|
|
1f3433 |
+static krb5_error_code gpp_construct_cred(gssx_cred *creds, krb5_context ctx,
|
|
|
1f3433 |
+ krb5_creds *cred, char *cred_name)
|
|
|
1f3433 |
+{
|
|
|
1f3433 |
+ XDR xdrctx;
|
|
|
1f3433 |
+ bool xdrok;
|
|
|
1f3433 |
+ krb5_error_code ret = 0;
|
|
|
1f3433 |
+
|
|
|
1f3433 |
+ memset(cred, 0, sizeof(*cred));
|
|
|
1f3433 |
+
|
|
|
1f3433 |
+ memcpy(cred_name, creds->desired_name.display_name.octet_string_val,
|
|
|
1f3433 |
+ creds->desired_name.display_name.octet_string_len);
|
|
|
1f3433 |
+ cred_name[creds->desired_name.display_name.octet_string_len] = '\0';
|
|
|
1f3433 |
+
|
|
|
1f3433 |
+ ret = krb5_parse_name(ctx, cred_name, &cred->client);
|
|
|
1f3433 |
+ if (ret) {
|
|
|
1f3433 |
+ return ret;
|
|
|
1f3433 |
+ }
|
|
|
1f3433 |
+
|
|
|
1f3433 |
+ ret = krb5_parse_name(ctx, GPKRB_SRV_NAME, &cred->server);
|
|
|
1f3433 |
+ if (ret) {
|
|
|
1f3433 |
+ return ret;
|
|
|
1f3433 |
+ }
|
|
|
1f3433 |
+
|
|
|
1f3433 |
+ cred->ticket.data = malloc(GPKRB_MAX_CRED_SIZE);
|
|
|
1f3433 |
+ xdrmem_create(&xdrctx, cred->ticket.data, GPKRB_MAX_CRED_SIZE,
|
|
|
1f3433 |
+ XDR_ENCODE);
|
|
|
1f3433 |
+ xdrok = xdr_gssx_cred(&xdrctx, creds);
|
|
|
1f3433 |
+ if (!xdrok) {
|
|
|
1f3433 |
+ return ENOSPC;
|
|
|
1f3433 |
+ }
|
|
|
1f3433 |
+ cred->ticket.length = xdr_getpos(&xdrctx);
|
|
|
1f3433 |
+ return 0;
|
|
|
1f3433 |
+}
|
|
|
1f3433 |
+
|
|
|
1f3433 |
uint32_t gpp_store_remote_creds(uint32_t *min, bool default_creds,
|
|
|
1f3433 |
gss_const_key_value_set_t cred_store,
|
|
|
1f3433 |
gssx_cred *creds)
|
|
|
1f3433 |
@@ -145,17 +179,18 @@ uint32_t gpp_store_remote_creds(uint32_t *min, bool default_creds,
|
|
|
1f3433 |
krb5_creds cred;
|
|
|
1f3433 |
krb5_error_code ret;
|
|
|
1f3433 |
char cred_name[creds->desired_name.display_name.octet_string_len + 1];
|
|
|
1f3433 |
- XDR xdrctx;
|
|
|
1f3433 |
- bool xdrok;
|
|
|
1f3433 |
const char *cc_type;
|
|
|
1f3433 |
|
|
|
1f3433 |
*min = 0;
|
|
|
1f3433 |
|
|
|
1f3433 |
- memset(&cred, 0, sizeof(cred));
|
|
|
1f3433 |
-
|
|
|
1f3433 |
ret = krb5_init_context(&ctx;;
|
|
|
1f3433 |
if (ret) return ret;
|
|
|
1f3433 |
|
|
|
1f3433 |
+ ret = gpp_construct_cred(creds, ctx, &cred, cred_name);
|
|
|
1f3433 |
+ if (ret) {
|
|
|
1f3433 |
+ goto done;
|
|
|
1f3433 |
+ }
|
|
|
1f3433 |
+
|
|
|
1f3433 |
if (cred_store) {
|
|
|
1f3433 |
for (unsigned i = 0; i < cred_store->count; i++) {
|
|
|
1f3433 |
if (strcmp(cred_store->elements[i].key, "ccache") == 0) {
|
|
|
1f3433 |
@@ -175,25 +210,6 @@ uint32_t gpp_store_remote_creds(uint32_t *min, bool default_creds,
|
|
|
1f3433 |
if (ret) goto done;
|
|
|
1f3433 |
}
|
|
|
1f3433 |
|
|
|
1f3433 |
- memcpy(cred_name, creds->desired_name.display_name.octet_string_val,
|
|
|
1f3433 |
- creds->desired_name.display_name.octet_string_len);
|
|
|
1f3433 |
- cred_name[creds->desired_name.display_name.octet_string_len] = '\0';
|
|
|
1f3433 |
-
|
|
|
1f3433 |
- ret = krb5_parse_name(ctx, cred_name, &cred.client);
|
|
|
1f3433 |
- if (ret) goto done;
|
|
|
1f3433 |
-
|
|
|
1f3433 |
- ret = krb5_parse_name(ctx, GPKRB_SRV_NAME, &cred.server);
|
|
|
1f3433 |
- if (ret) goto done;
|
|
|
1f3433 |
-
|
|
|
1f3433 |
- cred.ticket.data = malloc(GPKRB_MAX_CRED_SIZE);
|
|
|
1f3433 |
- xdrmem_create(&xdrctx, cred.ticket.data, GPKRB_MAX_CRED_SIZE, XDR_ENCODE);
|
|
|
1f3433 |
- xdrok = xdr_gssx_cred(&xdrctx, creds);
|
|
|
1f3433 |
- if (!xdrok) {
|
|
|
1f3433 |
- ret = ENOSPC;
|
|
|
1f3433 |
- goto done;
|
|
|
1f3433 |
- }
|
|
|
1f3433 |
- cred.ticket.length = xdr_getpos(&xdrctx);
|
|
|
1f3433 |
-
|
|
|
1f3433 |
cc_type = krb5_cc_get_type(ctx, ccache);
|
|
|
1f3433 |
if (strcmp(cc_type, "FILE") == 0) {
|
|
|
1f3433 |
/* FILE ccaches don't handle updates properly: if they have the same
|