From 55f2286542acf416169bc0cc6af3d02d4f8fe686 Mon Sep 17 00:00:00 2001 From: Ken Raeburn Date: Thu, 15 Jul 2004 01:00:54 +0000 Subject: [PATCH] Get rid of the global krb5 context used by the GSSAPI Kerberos mechanism. I *think* I've gotten all the places where a ccache or keytab name that's been stored gets applied to whichever context needs it. * gssapi_krb5.c (kg_sync_ccache_name): Add context argument instead of calling kg_get_context. (kg_get_ccache_name): Use a locally created krb5 context instead of calling kg_get_context. (kg_get_context): Deleted. * acquire_cred.c (acquire_init_cred): Pass current context. (krb5_gss_acquire_cred): Use a locally created krb5 context instead of calling kg_get_context. * add_cred.c (krb5_gss_add_cred): Call kg_sync_ccache_name. * init_sec_context.c (krb5_gss_init_sec_context): Likewise. * gssapiP_krb5.h (kg_sync_ccache_name): Update prototype. (kg_get_context): Delete declaration. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16597 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/krb5/ChangeLog | 15 ++++++++ src/lib/gssapi/krb5/acquire_cred.c | 20 ++++++++-- src/lib/gssapi/krb5/add_cred.c | 2 + src/lib/gssapi/krb5/gssapiP_krb5.h | 5 +-- src/lib/gssapi/krb5/gssapi_krb5.c | 53 ++++++-------------------- src/lib/gssapi/krb5/init_sec_context.c | 2 + 6 files changed, 49 insertions(+), 48 deletions(-) diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index b4f4ee27e..075416d15 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,18 @@ +2004-07-14 Ken Raeburn + + * gssapi_krb5.c (kg_sync_ccache_name): Add context argument + instead of calling kg_get_context. + (kg_get_ccache_name): Use a locally created krb5 context instead + of calling kg_get_context. + (kg_get_context): Deleted. + * acquire_cred.c (acquire_init_cred): Pass current context. + (krb5_gss_acquire_cred): Use a locally created krb5 context + instead of calling kg_get_context. + * add_cred.c (krb5_gss_add_cred): Call kg_sync_ccache_name. + * init_sec_context.c (krb5_gss_init_sec_context): Likewise. + * gssapiP_krb5.h (kg_sync_ccache_name): Update prototype. + (kg_get_context): Delete declaration. + 2004-07-13 Ken Raeburn * acquire_cred.c: Include gss_libinit.h. diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index e86419e19..0b0b57a31 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -220,7 +220,7 @@ acquire_init_cred(context, minor_status, desired_name, output_princ, cred) /* load the GSS ccache name into the kg_context */ - if (GSS_ERROR(kg_sync_ccache_name(minor_status))) + if (GSS_ERROR(kg_sync_ccache_name(context, minor_status))) return(GSS_S_FAILURE); /* open the default credential cache */ @@ -359,8 +359,11 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, OM_uint32 ret; krb5_error_code code; - if (GSS_ERROR(kg_get_context(minor_status, &context))) - return(GSS_S_FAILURE); + code = krb5_init_context(&context); + if (code) { + *minor_status = code; + return GSS_S_FAILURE; + } /* make sure all outputs are valid */ @@ -376,6 +379,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, if ((desired_name != (gss_name_t) NULL) && (! kg_validate_name(desired_name))) { *minor_status = (OM_uint32) G_VALIDATE_FAILED; + krb5_free_context(context); return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME); } @@ -398,6 +402,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, if (!req_old && !req_new) { *minor_status = 0; + krb5_free_context(context); return(GSS_S_BAD_MECH); } } @@ -407,6 +412,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, if ((cred = (krb5_gss_cred_id_t) xmalloc(sizeof(krb5_gss_cred_id_rec))) == NULL) { *minor_status = ENOMEM; + krb5_free_context(context); return(GSS_S_FAILURE); } memset(cred, 0, sizeof(krb5_gss_cred_id_rec)); @@ -424,6 +430,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, (cred_usage != GSS_C_BOTH)) { xfree(cred); *minor_status = (OM_uint32) G_BAD_USAGE; + krb5_free_context(context); return(GSS_S_FAILURE); } @@ -439,6 +446,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, krb5_free_principal(context, cred->princ); xfree(cred); /* minor_status set by acquire_accept_cred() */ + krb5_free_context(context); return(ret); } @@ -459,6 +467,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, krb5_free_principal(context, cred->princ); xfree(cred); /* minor_status set by acquire_init_cred() */ + krb5_free_context(context); return(ret); } @@ -473,6 +482,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, (void)krb5_kt_close(context, cred->keytab); xfree(cred); *minor_status = code; + krb5_free_context(context); return(GSS_S_FAILURE); } @@ -495,6 +505,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, krb5_free_principal(context, cred->princ); xfree(cred); *minor_status = code; + krb5_free_context(context); return(GSS_S_FAILURE); } @@ -523,6 +534,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, krb5_free_principal(context, cred->princ); xfree(cred); /* *minor_status set above */ + krb5_free_context(context); return(ret); } } @@ -540,6 +552,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, krb5_free_principal(context, cred->princ); xfree(cred); *minor_status = (OM_uint32) G_VALIDATE_FAILED; + krb5_free_context(context); return(GSS_S_FAILURE); } @@ -550,5 +563,6 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, if (actual_mechs) *actual_mechs = ret_mechs; + krb5_free_context(context); return(GSS_S_COMPLETE); } diff --git a/src/lib/gssapi/krb5/add_cred.c b/src/lib/gssapi/krb5/add_cred.c index 085b96d31..4ec230a1e 100644 --- a/src/lib/gssapi/krb5/add_cred.c +++ b/src/lib/gssapi/krb5/add_cred.c @@ -143,6 +143,8 @@ krb5_gss_add_cred(minor_status, input_cred_handle, *minor_status = code; return GSS_S_FAILURE; } + if (GSS_ERROR(kg_sync_ccache_name(context, minor_status))) + return GSS_S_FAILURE; /* verify the desired_name */ diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h index 11f33b995..2e5e3292b 100644 --- a/src/lib/gssapi/krb5/gssapiP_krb5.h +++ b/src/lib/gssapi/krb5/gssapiP_krb5.h @@ -303,10 +303,7 @@ krb5_error_code kg_ctx_internalize (krb5_context kcontext, krb5_octet **buffer, size_t *lenremain); -OM_uint32 kg_get_context (OM_uint32 *minor_status, - krb5_context *context); - -OM_uint32 kg_sync_ccache_name (OM_uint32 *minor_status); +OM_uint32 kg_sync_ccache_name (krb5_context context, OM_uint32 *minor_status); OM_uint32 kg_get_ccache_name (OM_uint32 *minor_status, const char **out_name); diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c index 2ce34e24e..b19f1a73f 100644 --- a/src/lib/gssapi/krb5/gssapi_krb5.c +++ b/src/lib/gssapi/krb5/gssapi_krb5.c @@ -151,47 +151,18 @@ kg_get_defcred(minor_status, cred) } OM_uint32 -kg_get_context(minor_status, context) - OM_uint32 *minor_status; - krb5_context *context; +kg_sync_ccache_name (krb5_context context, OM_uint32 *minor_status) { - static krb5_context kg_context = NULL; - krb5_error_code code; - - if (!kg_context) { - if ((code = krb5_init_context(&kg_context))) - goto fail; - } - *context = kg_context; - *minor_status = 0; - return GSS_S_COMPLETE; - -fail: - *minor_status = (OM_uint32) code; - return GSS_S_FAILURE; -} - -OM_uint32 -kg_sync_ccache_name (OM_uint32 *minor_status) -{ - krb5_context context = NULL; OM_uint32 err = 0; - OM_uint32 minor; /* - * Sync up the kg_context ccache name with the GSSAPI ccache name. + * Sync up the context ccache name with the GSSAPI ccache name. * If kg_ccache_name is NULL -- normal unless someone has called * gss_krb5_ccache_name() -- then the system default ccache will * be picked up and used by resetting the context default ccache. * This is needed for platforms which support multiple ccaches. */ - if (!err) { - if (GSS_ERROR(kg_get_context (&minor, &context))) { - err = minor; - } - } - if (!err) { /* kg_ccache_name == NULL resets the context default ccache */ err = krb5_cc_set_default_name(context, kg_ccache_name); @@ -204,24 +175,24 @@ kg_sync_ccache_name (OM_uint32 *minor_status) OM_uint32 kg_get_ccache_name (OM_uint32 *minor_status, const char **out_name) { - krb5_context context = NULL; const char *name = NULL; OM_uint32 err = 0; - OM_uint32 minor; - if (GSS_ERROR(kg_get_context (&minor, &context))) { - err = minor; - } - if (!err) { if (kg_ccache_name != NULL) { name = kg_ccache_name; } else { - /* reset the context default ccache (see text above) */ - err = krb5_cc_set_default_name (context, NULL); - if (!err) { + krb5_context context = NULL; + + /* Reset the context default ccache (see text above), and + then retrieve it. */ + err = krb5_init_context(&context); + if (!err) + err = krb5_cc_set_default_name (context, NULL); + if (!err) name = krb5_cc_default_name(context); - } + if (context) + krb5_free_context(context); } } diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index 966bc8ffd..90c3e7d72 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -849,6 +849,8 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, *minor_status = kerr; return GSS_S_FAILURE; } + if (GSS_ERROR(kg_sync_ccache_name(context, minor_status))) + return GSS_S_FAILURE; } else { context = ((krb5_gss_ctx_id_rec *)*context_handle)->k5_context; } -- 2.26.2