* gssapi_krb5.c (kg_get_defcred): Revert previous; it's probably

author Tom Yu <tlyu@mit.edu>

Mon, 24 Feb 2003 22:36:30 +0000 (22:36 +0000)

committer Tom Yu <tlyu@mit.edu>

Mon, 24 Feb 2003 22:36:30 +0000 (22:36 +0000)
author Tom Yu <tlyu@mit.edu>
Mon, 24 Feb 2003 22:36:30 +0000 (22:36 +0000)
committer Tom Yu <tlyu@mit.edu>
Mon, 24 Feb 2003 22:36:30 +0000 (22:36 +0000)
diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog

index c2391495a21fca572f6551a0c24fd86d5e04ea1d..26afbfa723831fa429aa771f26ca3c7508a76ec4 100644 (file)
--- a/src/lib/gssapi/krb5/ChangeLog
+++ b/src/lib/gssapi/krb5/ChangeLog
@@ -1,3 +1,13 @@
+2003-02-24  Tom Yu  <tlyu@mit.edu>
+
+       * gssapi_krb5.c (kg_get_defcred): Revert previous; it's probably
+       not appropriate for inquire_cred() to cause new credentials to be
+       fetched.
+
+       * init_sec_context.c (krb5_gss_init_sec_context): Explicitly
+       release default cred in the NO_CREDENTIAL case, so it is always
+       refreshed.
+
  2003-02-21  Tom Yu  <tlyu@mit.edu>
  
         * gssapi_krb5.c (kg_get_defcred): Check for invalid or expired
diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c

index e015ea04c7618a7d36018cae33d9ca28cf634996..db6eabd5d438bb6fcae0e65da9c51a9a49bdb763 100644 (file)
--- a/src/lib/gssapi/krb5/gssapi_krb5.c
+++ b/src/lib/gssapi/krb5/gssapi_krb5.c
@@ -132,46 +132,31 @@ void *kg_vdb = NULL;
  
  static gss_cred_id_t defcred = GSS_C_NO_CREDENTIAL;
  
+/*
+ * init_sec_context() will explicitly re-acquire default credentials,
+ * so handling the expiration/invalidation condition here isn't needed.
+ */
  OM_uint32
  kg_get_defcred(minor_status, cred)
       OM_uint32 *minor_status;
       gss_cred_id_t *cred;
  {
-   OM_uint32 major;
-
-   *cred = GSS_C_NO_CREDENTIAL;
-   *minor_status = 0;
-
-   if (defcred != GSS_C_NO_CREDENTIAL) {
-      /*
-       * If a default credential exists, ensure that it is valid and
-       * not expired.
-       */
-      major = krb5_gss_inquire_cred(minor_status, defcred,
-                                   NULL, NULL, NULL, NULL);
-      if (major != GSS_S_CREDENTIALS_EXPIRED) {
-        if (GSS_ERROR(major))
-           *cred = GSS_C_NO_CREDENTIAL;
-        else
-           *cred = defcred;
-        return major;
+   if (defcred == GSS_C_NO_CREDENTIAL) {
+      OM_uint32 major;
+
+      if ((major = krb5_gss_acquire_cred(minor_status, 
+                                        (gss_name_t) NULL, GSS_C_INDEFINITE, 
+                                        GSS_C_NULL_OID_SET, GSS_C_INITIATE, 
+                                        &defcred, NULL, NULL)) &&
+         GSS_ERROR(major)) {
+        defcred = GSS_C_NO_CREDENTIAL;
+        return(major);
        }
-      major = kg_release_defcred(minor_status);
-      if (GSS_ERROR(major))
-        return major;
-   }
-   major = krb5_gss_acquire_cred(minor_status,
-                                (gss_name_t) NULL, GSS_C_INDEFINITE,
-                                GSS_C_NULL_OID_SET, GSS_C_INITIATE,
-                                &defcred, NULL, NULL);
-   if (GSS_ERROR(major)) {
-      defcred = GSS_C_NO_CREDENTIAL;
-   } else {
-      *cred = defcred;
-      *minor_status = 0;
     }
  
-   return major;
+   *cred = defcred;
+   *minor_status = 0;
+   return(GSS_S_COMPLETE);
  }
  
  OM_uint32
diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c

index 2af8baca6585dc0dc3876a3940bd10d167710ca7..8877052ba6adb64dbdd3ea421f0aaea1fbed8989 100644 (file)
--- a/src/lib/gssapi/krb5/init_sec_context.c
+++ b/src/lib/gssapi/krb5/init_sec_context.c
@@ -382,6 +382,13 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
     if (claimant_cred_handle == GSS_C_NO_CREDENTIAL) {
        OM_uint32 major;
  
+      /*
+       * Release default cred prior to re-acquiring it, to notice when
+       * the ccache has changed.
+       */
+      major = kg_release_defcred(minor_status);
+      if (GSS_ERROR(major))
+        return major;
        if ((major = kg_get_defcred(minor_status, &claimant_cred_handle)) &&
           GSS_ERROR(major)) {
          return(major);
author	Tom Yu <tlyu@mit.edu>
	Mon, 24 Feb 2003 22:36:30 +0000 (22:36 +0000)
committer	Tom Yu <tlyu@mit.edu>
	Mon, 24 Feb 2003 22:36:30 +0000 (22:36 +0000)
src/lib/gssapi/krb5/ChangeLog		patch \| blob \| history
src/lib/gssapi/krb5/gssapi_krb5.c		patch \| blob \| history
src/lib/gssapi/krb5/init_sec_context.c		patch \| blob \| history