From 4196177adf933f5a9ea4d687b50f84fb2584a544 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Fri, 21 Feb 2003 23:14:50 +0000 Subject: [PATCH] This should fix things, but I don't have an easy way to test * gssapi_krb5.c (kg_get_defcred): Check for invalid or expired defcred if it exists, and call acquire_cred() again if necessary. ticket: 1305 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15199 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/krb5/ChangeLog | 5 ++++ src/lib/gssapi/krb5/gssapi_krb5.c | 47 +++++++++++++++++++++---------- 2 files changed, 37 insertions(+), 15 deletions(-) diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index 5931bf12f..c2391495a 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,8 @@ +2003-02-21 Tom Yu + + * gssapi_krb5.c (kg_get_defcred): Check for invalid or expired + defcred if it exists, and call acquire_cred() again if necessary. + 2003-02-13 Tom Yu * Makefile.in ($(GSSAPI_KRB5_HDR)): Use $(S) to avoid problems on diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c index 189c9449d..e015ea04c 100644 --- a/src/lib/gssapi/krb5/gssapi_krb5.c +++ b/src/lib/gssapi/krb5/gssapi_krb5.c @@ -132,29 +132,46 @@ void *kg_vdb = NULL; static gss_cred_id_t defcred = GSS_C_NO_CREDENTIAL; -/* XXX what happens when the default credentials expire or are invalidated? */ - OM_uint32 kg_get_defcred(minor_status, cred) OM_uint32 *minor_status; gss_cred_id_t *cred; { - if (defcred == GSS_C_NO_CREDENTIAL) { - OM_uint32 major; - - if ((major = krb5_gss_acquire_cred(minor_status, - (gss_name_t) NULL, GSS_C_INDEFINITE, - GSS_C_NULL_OID_SET, GSS_C_INITIATE, - &defcred, NULL, NULL)) && - GSS_ERROR(major)) { - defcred = GSS_C_NO_CREDENTIAL; - return(major); + OM_uint32 major; + + *cred = GSS_C_NO_CREDENTIAL; + *minor_status = 0; + + if (defcred != GSS_C_NO_CREDENTIAL) { + /* + * If a default credential exists, ensure that it is valid and + * not expired. + */ + major = krb5_gss_inquire_cred(minor_status, defcred, + NULL, NULL, NULL, NULL); + if (major != GSS_S_CREDENTIALS_EXPIRED) { + if (GSS_ERROR(major)) + *cred = GSS_C_NO_CREDENTIAL; + else + *cred = defcred; + return major; } + major = kg_release_defcred(minor_status); + if (GSS_ERROR(major)) + return major; + } + major = krb5_gss_acquire_cred(minor_status, + (gss_name_t) NULL, GSS_C_INDEFINITE, + GSS_C_NULL_OID_SET, GSS_C_INITIATE, + &defcred, NULL, NULL); + if (GSS_ERROR(major)) { + defcred = GSS_C_NO_CREDENTIAL; + } else { + *cred = defcred; + *minor_status = 0; } - *cred = defcred; - *minor_status = 0; - return(GSS_S_COMPLETE); + return major; } OM_uint32 -- 2.26.2