svn commit: lorikeet r489 - in trunk/heimdal/lib/gssapi: .
abartlet at samba.org
abartlet at samba.org
Wed Nov 2 00:29:07 GMT 2005
Author: abartlet
Date: 2005-11-02 00:29:07 +0000 (Wed, 02 Nov 2005)
New Revision: 489
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=489
Log:
As we now have gss_krb5_import_ccache we don't need our Samba4
specific hack in gsskrb5_acquire_cred.
Andrew Bartlett
Modified:
trunk/heimdal/lib/gssapi/acquire_cred.c
trunk/heimdal/lib/gssapi/gssapi.h
trunk/heimdal/lib/gssapi/gssapi_locl.h
trunk/heimdal/lib/gssapi/release_cred.c
Changeset:
Modified: trunk/heimdal/lib/gssapi/acquire_cred.c
===================================================================
--- trunk/heimdal/lib/gssapi/acquire_cred.c 2005-11-02 00:19:35 UTC (rev 488)
+++ trunk/heimdal/lib/gssapi/acquire_cred.c 2005-11-02 00:29:07 UTC (rev 489)
@@ -107,7 +107,6 @@
(OM_uint32 * minor_status,
krb5_context context,
krb5_keytab keytab,
- krb5_ccache ccache,
const gss_name_t desired_name,
OM_uint32 time_req,
const gss_OID_set desired_mechs,
@@ -121,10 +120,11 @@
krb5_creds cred;
krb5_principal def_princ;
krb5_get_init_creds_opt *opt;
+ krb5_ccache ccache;
krb5_error_code kret;
- krb5_boolean made_ccache = FALSE;
krb5_boolean made_keytab = FALSE;
+ ccache = NULL;
def_princ = NULL;
ret = GSS_S_FAILURE;
memset(&cred, 0, sizeof(cred));
@@ -132,29 +132,22 @@
/* If we have a preferred principal, lets try to find it in all
* caches, otherwise, fall back to default cache. Ignore
* errors. */
- if (ccache == NULL && handle->principal) {
+ if (handle->principal)
kret = krb5_cc_cache_match (gssapi_krb5_context,
handle->principal,
NULL,
&ccache);
- if (kret) {
- ccache = NULL;
- } else {
- made_ccache = TRUE;
- }
- }
+
if (ccache == NULL) {
kret = krb5_cc_default(gssapi_krb5_context, &ccache);
if (kret)
goto end;
- made_ccache = TRUE;
}
kret = krb5_cc_get_principal(context, ccache,
&def_princ);
if (kret != 0) {
/* we'll try to use a keytab below */
krb5_cc_destroy(context, ccache);
- made_ccache = FALSE;
ccache = NULL;
kret = 0;
} else if (handle->principal == NULL) {
@@ -179,65 +172,41 @@
if (kret)
goto end;
}
- if (keytab != NULL) {
- kret = get_keytab(context, &keytab);
- if (kret)
- goto end;
- made_keytab = TRUE;
- }
- kret = krb5_get_init_creds_opt_alloc(context, &opt);
+ kret = get_keytab(context, &keytab);
if (kret)
goto end;
- kret = krb5_get_init_creds_keytab(context, &cred,
+ kret = krb5_get_init_creds_opt_alloc(gssapi_krb5_context, &opt);
+ if (kret)
+ goto end;
+ kret = krb5_get_init_creds_keytab(gssapi_krb5_context, &cred,
handle->principal, keytab, 0, NULL, opt);
krb5_get_init_creds_opt_free(opt);
if (kret)
goto end;
- if (ccache == NULL) {
- kret = krb5_cc_gen_new(context, &krb5_mcc_ops,
- &ccache);
- if (kret)
- goto end;
- made_ccache = TRUE;
- }
- kret = krb5_cc_initialize(context, ccache, cred.client);
+ kret = krb5_cc_gen_new(gssapi_krb5_context, &krb5_mcc_ops,
+ &ccache);
if (kret)
goto end;
- kret = krb5_cc_store_cred(context, ccache, &cred);
+ kret = krb5_cc_initialize(gssapi_krb5_context, ccache, cred.client);
if (kret)
goto end;
+ kret = krb5_cc_store_cred(gssapi_krb5_context, ccache, &cred);
+ if (kret)
+ goto end;
handle->lifetime = cred.times.endtime;
+ handle->cred_flags |= GSS_CF_DESTROY_CRED_ON_RELEASE;
} else {
- krb5_creds in_cred, *out_cred;
- krb5_const_realm realm;
- memset(&in_cred, 0, sizeof(in_cred));
- in_cred.client = handle->principal;
-
- realm = krb5_principal_get_realm(context,
- handle->principal);
- if (realm == NULL) {
- kret = KRB5_PRINC_NOMATCH; /* XXX */
+ ret = _gssapi_krb5_ccache_lifetime(minor_status,
+ ccache,
+ handle->principal,
+ &handle->lifetime);
+ if (ret != GSS_S_COMPLETE)
goto end;
- }
-
- kret = krb5_make_principal(context, &in_cred.server,
- realm, KRB5_TGS_NAME, realm, NULL);
- if (kret)
- goto end;
-
- kret = krb5_get_credentials(context, 0,
- ccache, &in_cred, &out_cred);
- krb5_free_principal(context, in_cred.server);
- if (kret)
- goto end;
-
- handle->lifetime = out_cred->times.endtime;
- krb5_free_creds(context, out_cred);
+ kret = 0;
}
handle->ccache = ccache;
- handle->made_ccache = made_ccache;
ret = GSS_S_COMPLETE;
end:
@@ -248,8 +217,8 @@
if (made_keytab)
krb5_kt_close(context, keytab);
if (ret != GSS_S_COMPLETE) {
- if (made_ccache)
- krb5_cc_close(context, ccache);
+ if (ccache != NULL)
+ krb5_cc_close(gssapi_krb5_context, ccache);
if (kret != 0) {
*minor_status = kret;
gssapi_krb5_set_error_string ();
@@ -301,7 +270,6 @@
OM_uint32 gsskrb5_acquire_cred
(OM_uint32 * minor_status,
struct krb5_keytab_data *keytab,
- struct krb5_ccache_data *ccache,
const gss_name_t desired_name,
OM_uint32 time_req,
const gss_OID_set desired_mechs,
@@ -360,7 +328,7 @@
}
if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH) {
ret = acquire_initiator_cred(minor_status, gssapi_krb5_context,
- keytab, ccache,
+ keytab,
desired_name, time_req,
desired_mechs, cred_usage,
handle, actual_mechs, time_rec);
@@ -425,7 +393,7 @@
)
{
return gsskrb5_acquire_cred(minor_status,
- NULL, NULL,
+ NULL,
desired_name,
time_req,
desired_mechs,
Modified: trunk/heimdal/lib/gssapi/gssapi.h
===================================================================
--- trunk/heimdal/lib/gssapi/gssapi.h 2005-11-02 00:19:35 UTC (rev 488)
+++ trunk/heimdal/lib/gssapi/gssapi.h 2005-11-02 00:29:07 UTC (rev 489)
@@ -778,7 +778,6 @@
OM_uint32 gsskrb5_acquire_cred
(OM_uint32 * minor_status,
struct krb5_keytab_data *keytab,
- struct krb5_ccache_data *ccache,
const gss_name_t desired_name,
OM_uint32 time_req,
const gss_OID_set desired_mechs,
Modified: trunk/heimdal/lib/gssapi/gssapi_locl.h
===================================================================
--- trunk/heimdal/lib/gssapi/gssapi_locl.h 2005-11-02 00:19:35 UTC (rev 488)
+++ trunk/heimdal/lib/gssapi/gssapi_locl.h 2005-11-02 00:29:07 UTC (rev 489)
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -79,12 +79,13 @@
typedef struct gss_cred_id_t_desc_struct {
gss_name_t principal;
+ int cred_flags;
+#define GSS_CF_DESTROY_CRED_ON_RELEASE 1
krb5_boolean made_keytab;
struct krb5_keytab_data *keytab;
OM_uint32 lifetime;
gss_cred_usage_t usage;
gss_OID_set mechanisms;
- krb5_boolean made_ccache;
struct krb5_ccache_data *ccache;
HEIMDAL_MUTEX cred_id_mutex;
} gss_cred_id_t_desc;
Modified: trunk/heimdal/lib/gssapi/release_cred.c
===================================================================
--- trunk/heimdal/lib/gssapi/release_cred.c 2005-11-02 00:19:35 UTC (rev 488)
+++ trunk/heimdal/lib/gssapi/release_cred.c 2005-11-02 00:29:07 UTC (rev 489)
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -54,10 +54,10 @@
krb5_free_principal(gssapi_krb5_context, (*cred_handle)->principal);
if ((*cred_handle)->made_keytab)
krb5_kt_close(gssapi_krb5_context, (*cred_handle)->keytab);
- if ((*cred_handle)->made_ccache) {
+ if ((*cred_handle)->ccache != NULL) {
const krb5_cc_ops *ops;
ops = krb5_cc_get_ops(gssapi_krb5_context, (*cred_handle)->ccache);
- if (ops == &krb5_mcc_ops)
+ if ((*cred_handle)->cred_flags & GSS_CF_DESTROY_CRED_ON_RELEASE)
krb5_cc_destroy(gssapi_krb5_context, (*cred_handle)->ccache);
else
krb5_cc_close(gssapi_krb5_context, (*cred_handle)->ccache);
More information about the samba-cvs
mailing list