Get rid of the global krb5 context used by the GSSAPI Kerberos mechanism. I
authorKen Raeburn <raeburn@mit.edu>
Thu, 15 Jul 2004 01:00:54 +0000 (01:00 +0000)
committerKen Raeburn <raeburn@mit.edu>
Thu, 15 Jul 2004 01:00:54 +0000 (01:00 +0000)
*think* I've gotten all the places where a ccache or keytab name that's been
stored gets applied to whichever context needs it.

* gssapi_krb5.c (kg_sync_ccache_name): Add context argument instead of calling
kg_get_context.
(kg_get_ccache_name): Use a locally created krb5 context instead of calling
kg_get_context.
(kg_get_context): Deleted.
* acquire_cred.c (acquire_init_cred): Pass current context.
(krb5_gss_acquire_cred): Use a locally created krb5 context instead of calling
kg_get_context.
* add_cred.c (krb5_gss_add_cred): Call kg_sync_ccache_name.
* init_sec_context.c (krb5_gss_init_sec_context): Likewise.
* gssapiP_krb5.h (kg_sync_ccache_name): Update prototype.
(kg_get_context): Delete declaration.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16597 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/gssapi/krb5/ChangeLog
src/lib/gssapi/krb5/acquire_cred.c
src/lib/gssapi/krb5/add_cred.c
src/lib/gssapi/krb5/gssapiP_krb5.h
src/lib/gssapi/krb5/gssapi_krb5.c
src/lib/gssapi/krb5/init_sec_context.c

index b4f4ee27ebd5980b6230e6bacea285dc04c5956b..075416d15440ebd112b5b57f2e1fa4096955c115 100644 (file)
@@ -1,3 +1,18 @@
+2004-07-14  Ken Raeburn  <raeburn@mit.edu>
+
+       * gssapi_krb5.c (kg_sync_ccache_name): Add context argument
+       instead of calling kg_get_context.
+       (kg_get_ccache_name): Use a locally created krb5 context instead
+       of calling kg_get_context.
+       (kg_get_context): Deleted.
+       * acquire_cred.c (acquire_init_cred): Pass current context.
+       (krb5_gss_acquire_cred): Use a locally created krb5 context
+       instead of calling kg_get_context.
+       * add_cred.c (krb5_gss_add_cred): Call kg_sync_ccache_name.
+       * init_sec_context.c (krb5_gss_init_sec_context): Likewise.
+       * gssapiP_krb5.h (kg_sync_ccache_name): Update prototype.
+       (kg_get_context): Delete declaration.
+
 2004-07-13  Ken Raeburn  <raeburn@mit.edu>
 
        * acquire_cred.c: Include gss_libinit.h.
index e86419e1932bf206e68284fb82d7c0aefb7c08c8..0b0b57a31ff238752e2356a2c8407b183a60c422 100644 (file)
@@ -220,7 +220,7 @@ acquire_init_cred(context, minor_status, desired_name, output_princ, cred)
 
    /* load the GSS ccache name into the kg_context */
    
-   if (GSS_ERROR(kg_sync_ccache_name(minor_status)))
+   if (GSS_ERROR(kg_sync_ccache_name(context, minor_status)))
        return(GSS_S_FAILURE);
 
     /* open the default credential cache */
@@ -359,8 +359,11 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req,
    OM_uint32 ret;
    krb5_error_code code;
 
-   if (GSS_ERROR(kg_get_context(minor_status, &context)))
-      return(GSS_S_FAILURE);
+   code = krb5_init_context(&context);
+   if (code) {
+       *minor_status = code;
+       return GSS_S_FAILURE;
+   }
 
    /* make sure all outputs are valid */
 
@@ -376,6 +379,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req,
    if ((desired_name != (gss_name_t) NULL) &&
        (! kg_validate_name(desired_name))) {
       *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+      krb5_free_context(context);
       return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
    }
 
@@ -398,6 +402,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req,
 
       if (!req_old && !req_new) {
         *minor_status = 0;
+        krb5_free_context(context);
         return(GSS_S_BAD_MECH);
       }
    }
@@ -407,6 +412,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req,
    if ((cred =
        (krb5_gss_cred_id_t) xmalloc(sizeof(krb5_gss_cred_id_rec))) == NULL) {
       *minor_status = ENOMEM;
+      krb5_free_context(context);
       return(GSS_S_FAILURE);
    }
    memset(cred, 0, sizeof(krb5_gss_cred_id_rec));
@@ -424,6 +430,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req,
        (cred_usage != GSS_C_BOTH)) {
       xfree(cred);
       *minor_status = (OM_uint32) G_BAD_USAGE;
+      krb5_free_context(context);
       return(GSS_S_FAILURE);
    }
 
@@ -439,6 +446,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req,
            krb5_free_principal(context, cred->princ);
         xfree(cred);
         /* minor_status set by acquire_accept_cred() */
+        krb5_free_context(context);
         return(ret);
       }
 
@@ -459,6 +467,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req,
            krb5_free_principal(context, cred->princ);
         xfree(cred);
         /* minor_status set by acquire_init_cred() */
+        krb5_free_context(context);
         return(ret);
       }
 
@@ -473,6 +482,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req,
            (void)krb5_kt_close(context, cred->keytab);
         xfree(cred);
         *minor_status = code;
+        krb5_free_context(context);
         return(GSS_S_FAILURE);
       }
 
@@ -495,6 +505,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req,
            krb5_free_principal(context, cred->princ);
         xfree(cred);
         *minor_status = code;
+        krb5_free_context(context);
         return(GSS_S_FAILURE);
       }
 
@@ -523,6 +534,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req,
               krb5_free_principal(context, cred->princ);
           xfree(cred);
           /* *minor_status set above */
+          krb5_free_context(context);
           return(ret);
        }
    }
@@ -540,6 +552,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req,
         krb5_free_principal(context, cred->princ);
       xfree(cred);
       *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+      krb5_free_context(context);
       return(GSS_S_FAILURE);
    }
 
@@ -550,5 +563,6 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req,
    if (actual_mechs)
       *actual_mechs = ret_mechs;
 
+   krb5_free_context(context);
    return(GSS_S_COMPLETE);
 }
index 085b96d31b9c8d98f7000a6d319d85cea8b71fe5..4ec230a1e2cf346757ca347bf4cc059484a3e087 100644 (file)
@@ -143,6 +143,8 @@ krb5_gss_add_cred(minor_status, input_cred_handle,
        *minor_status = code;
        return GSS_S_FAILURE;
     }
+    if (GSS_ERROR(kg_sync_ccache_name(context, minor_status)))
+       return GSS_S_FAILURE;
 
     /* verify the desired_name */
 
index 11f33b995cd5488b87ac2fad7f87075f3ab19b5c..2e5e3292bacb0ea7e66f6cb36f8b5864e8f462ac 100644 (file)
@@ -303,10 +303,7 @@ krb5_error_code kg_ctx_internalize (krb5_context kcontext,
                                              krb5_octet **buffer,
                                              size_t *lenremain);
 
-OM_uint32 kg_get_context (OM_uint32 *minor_status,
-                                   krb5_context *context);
-
-OM_uint32 kg_sync_ccache_name (OM_uint32 *minor_status);
+OM_uint32 kg_sync_ccache_name (krb5_context context, OM_uint32 *minor_status);
 
 OM_uint32 kg_get_ccache_name (OM_uint32 *minor_status, 
                               const char **out_name);
index 2ce34e24e8bdf4e527fef4d44053fda6eee70dde..b19f1a73f789cb912f6eafc881cc94c40165b6cd 100644 (file)
@@ -151,47 +151,18 @@ kg_get_defcred(minor_status, cred)
 }
 
 OM_uint32
-kg_get_context(minor_status, context)
-   OM_uint32 *minor_status;
-   krb5_context *context;
+kg_sync_ccache_name (krb5_context context, OM_uint32 *minor_status)
 {
-   static krb5_context kg_context = NULL;
-   krb5_error_code code;
-
-   if (!kg_context) {
-          if ((code = krb5_init_context(&kg_context)))
-                  goto fail;
-   }
-   *context = kg_context;
-   *minor_status = 0;
-   return GSS_S_COMPLETE;
-   
-fail:
-   *minor_status = (OM_uint32) code;
-   return GSS_S_FAILURE;
-}
-
-OM_uint32
-kg_sync_ccache_name (OM_uint32 *minor_status)
-{
-    krb5_context context = NULL;
     OM_uint32 err = 0;
-    OM_uint32 minor;
     
     /* 
-     * Sync up the kg_context ccache name with the GSSAPI ccache name.
+     * Sync up the context ccache name with the GSSAPI ccache name.
      * If kg_ccache_name is NULL -- normal unless someone has called 
      * gss_krb5_ccache_name() -- then the system default ccache will 
      * be picked up and used by resetting the context default ccache.
      * This is needed for platforms which support multiple ccaches.
      */
     
-    if (!err) {
-        if (GSS_ERROR(kg_get_context (&minor, &context))) {
-            err = minor;
-        }
-    }
-    
     if (!err) {
         /* kg_ccache_name == NULL resets the context default ccache */
         err = krb5_cc_set_default_name(context, kg_ccache_name);
@@ -204,24 +175,24 @@ kg_sync_ccache_name (OM_uint32 *minor_status)
 OM_uint32
 kg_get_ccache_name (OM_uint32 *minor_status, const char **out_name)
 {
-    krb5_context context = NULL;
     const char *name = NULL;
     OM_uint32 err = 0;
-    OM_uint32 minor;
     
-    if (GSS_ERROR(kg_get_context (&minor, &context))) {
-       err = minor;
-    }
-
     if (!err) {
         if (kg_ccache_name != NULL) {
             name = kg_ccache_name;
         } else {
-            /* reset the context default ccache (see text above) */
-            err = krb5_cc_set_default_name (context, NULL);
-            if (!err) {
+           krb5_context context = NULL;
+
+            /* Reset the context default ccache (see text above), and
+              then retrieve it.  */
+           err = krb5_init_context(&context);
+           if (!err)
+               err = krb5_cc_set_default_name (context, NULL);
+            if (!err)
                 name = krb5_cc_default_name(context);
-            }
+           if (context)
+               krb5_free_context(context);
         }
     }
 
index 966bc8ffd53b363449514e42e1f110644816e0dc..90c3e7d721a62c0978195d9c02e7bdf80f25fcca 100644 (file)
@@ -849,6 +849,8 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
           *minor_status = kerr;
           return GSS_S_FAILURE;
        }
+       if (GSS_ERROR(kg_sync_ccache_name(context, minor_status)))
+          return GSS_S_FAILURE;
    } else {
        context = ((krb5_gss_ctx_id_rec *)*context_handle)->k5_context;
    }