Allow krb5_gss_register_acceptor_identity to unset keytab name
authorGreg Hudson <ghudson@mit.edu>
Thu, 19 Aug 2010 16:38:30 +0000 (16:38 +0000)
committerGreg Hudson <ghudson@mit.edu>
Thu, 19 Aug 2010 16:38:30 +0000 (16:38 +0000)
krb5_gss_register_acceptor_identity sets a mutex-locked global (not
thread-specific) variable containing a keytab name.  This change
allows the variable to be unset by passing a null value.

A more elegant long-term solution to the problem is Heimdal's
gss_krb5_import_cred function.

ticket: 6758

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24242 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/gssapi/krb5/acquire_cred.c
src/lib/gssapi/krb5/krb5_gss_glue.c

index 28e25052abd7547112282b89381f0755126f5c13..bceab6173f0b024294d7e62fb2beb2f93d806628 100644 (file)
@@ -103,19 +103,18 @@ gss_krb5int_register_acceptor_identity(OM_uint32 *minor_status,
                                        const gss_OID desired_object,
                                        gss_buffer_t value)
 {
-    char *new, *old;
+    char *new = NULL, *old;
     int err;
 
     err = gss_krb5int_initialize_library();
     if (err != 0)
         return GSS_S_FAILURE;
 
-    if (value->value == NULL)
-        return GSS_S_FAILURE;
-
-    new = strdup((char *)value->value);
-    if (new == NULL)
-        return GSS_S_FAILURE;
+    if (value->value != NULL) {
+        new = strdup((char *)value->value);
+        if (new == NULL)
+            return GSS_S_FAILURE;
+    }
 
     err = k5_mutex_lock(&gssint_krb5_keytab_lock);
     if (err) {
@@ -125,8 +124,7 @@ gss_krb5int_register_acceptor_identity(OM_uint32 *minor_status,
     old = krb5_gss_keytab;
     krb5_gss_keytab = new;
     k5_mutex_unlock(&gssint_krb5_keytab_lock);
-    if (old != NULL)
-        free(old);
+    free(old);
     return GSS_S_COMPLETE;
 }
 
index 0d87f90c96d2b2cd52c0d4c286d0ffc0c964f87a..d2a47acb8407b21db430696da932d0610e1cd0be 100644 (file)
@@ -253,7 +253,7 @@ krb5_gss_register_acceptor_identity(const char *keytab)
     OM_uint32 minor_status;
     gss_buffer_desc req_buffer;
 
-    req_buffer.length = strlen(keytab);
+    req_buffer.length = (keytab == NULL) ? 0 : strlen(keytab);
     req_buffer.value = (char *)keytab;
 
     major_status = gssspi_mech_invoke(&minor_status,