From 3bf4292984d7b13ac106a7d16128315028745385 Mon Sep 17 00:00:00 2001 From: Alexandra Ellwood Date: Wed, 19 Jul 2006 18:14:01 +0000 Subject: [PATCH] acquire_cred(), kg_caller_provided_ccache_name(): On further reflection and testing the correct thing appears to be to have gss_krb5_ccache_name() stop gss_acquire_cred() from searching for the desired name in the cache collection. If the caller sets the ccache name then gss_acquire_cred will only look in that ccache. Added kg_caller_provided_ccache_name() to tell whether or not the caller has actually set the ccache. This should fix the problem for both Mac OS X and Windows. ticket: 4024 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18343 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/krb5/acquire_cred.c | 26 +++++++++++++------------- src/lib/gssapi/krb5/gssapiP_krb5.h | 3 +++ src/lib/gssapi/krb5/gssapi_krb5.c | 16 ++++++++++++++++ 3 files changed, 32 insertions(+), 13 deletions(-) diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index 65ba976c7..3f213a12e 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -222,6 +222,7 @@ acquire_init_cred(context, minor_status, desired_name, output_princ, cred) krb5_cc_cursor cur; krb5_creds creds; int got_endtime; + int caller_provided_ccache_name = 0; cred->ccache = NULL; @@ -230,27 +231,26 @@ acquire_init_cred(context, minor_status, desired_name, output_princ, cred) if (GSS_ERROR(kg_sync_ccache_name(context, minor_status))) return(GSS_S_FAILURE); + /* check to see if the caller provided a ccache name if so + * we will just use that and not search the cache collection */ + if (GSS_ERROR(kg_caller_provided_ccache_name (minor_status, &caller_provided_ccache_name))) { + return(GSS_S_FAILURE); + } + #if defined(USE_LOGIN_LIBRARY) || defined(USE_LEASH) - if (desired_name != NULL) { + if (desired_name && !caller_provided_ccache_name) { #if defined(USE_LOGIN_LIBRARY) KLStatus err = klNoErr; - KLPrincipal kl_desired_princ = NULL; - char *default_name = krb5_cc_default_name (context); char *ccache_name = NULL; - + KLPrincipal kl_desired_princ = NULL; + err = __KLCreatePrincipalFromKerberos5Principal ((krb5_principal) desired_name, &kl_desired_princ); if (!err) { - if (default_name) { - err = __KLAcquireInitialTicketsForCacheAndPrincipal (default_name, kerberosVersion_V5, - kl_desired_princ, NULL, NULL, - &ccache_name); - } else { - err = KLAcquireInitialTickets (kl_desired_princ, NULL, NULL, &ccache_name); - } + err = KLAcquireInitialTickets (kl_desired_princ, NULL, NULL, &ccache_name); } - + if (!err) { err = krb5_cc_resolve (context, ccache_name, &ccache); } @@ -260,8 +260,8 @@ acquire_init_cred(context, minor_status, desired_name, output_princ, cred) return(GSS_S_CRED_UNAVAIL); } - if (ccache_name != NULL) { KLDisposeString (ccache_name); } if (kl_desired_princ != NULL) { KLDisposePrincipal (kl_desired_princ); } + if (ccache_name != NULL) { KLDisposeString (ccache_name); } #elif defined(USE_LEASH) if ( hLeashDLL == INVALID_HANDLE_VALUE ) { diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h index 08e76d770..8887a4ddf 100644 --- a/src/lib/gssapi/krb5/gssapiP_krb5.h +++ b/src/lib/gssapi/krb5/gssapiP_krb5.h @@ -319,6 +319,9 @@ krb5_error_code kg_ctx_internalize (krb5_context kcontext, OM_uint32 kg_sync_ccache_name (krb5_context context, OM_uint32 *minor_status); +OM_uint32 kg_caller_provided_ccache_name (OM_uint32 *minor_status, + int *out_caller_provided_name); + OM_uint32 kg_get_ccache_name (OM_uint32 *minor_status, const char **out_name); diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c index f1c27e487..a0953e0b2 100644 --- a/src/lib/gssapi/krb5/gssapi_krb5.c +++ b/src/lib/gssapi/krb5/gssapi_krb5.c @@ -175,6 +175,22 @@ kg_sync_ccache_name (krb5_context context, OM_uint32 *minor_status) return (*minor_status == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE; } +/* This function returns whether or not the caller set a cccache name. Used by + * gss_acquire_cred to figure out if the caller wants to only look at this + * ccache or search the cache collection for the desired name */ +OM_uint32 +kg_caller_provided_ccache_name (OM_uint32 *minor_status, +int *out_caller_provided_name) +{ + if (out_caller_provided_name) { + *out_caller_provided_name = + (k5_getspecific(K5_KEY_GSS_KRB5_CCACHE_NAME) != NULL); + } + + *minor_status = 0; + return GSS_S_COMPLETE; +} + OM_uint32 kg_get_ccache_name (OM_uint32 *minor_status, const char **out_name) { -- 2.26.2