From 7a8cf3c073d9a4a0059e78ce080b0366e30e53eb Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Tue, 28 Feb 2017 13:36:07 -0500 Subject: [PATCH] Remove some obsoleted patches. Signed-off-by: Jeff Layton --- 0001-aclocal-fix-typo-in-idmap.m4.patch | 28 -- ...-krb5-routines-to-get-default-ccname.patch | 215 --------------- ...-the-krb5_context-a-static-global-va.patch | 214 --------------- ...cifs.upcall-remove-KRB5_TC_OPENCLOSE.patch | 42 --- ...-make-get_tgt_time-take-a-ccache-arg.patch | 77 ------ ...p-passing-around-ccache-name-strings.patch | 248 ------------------ 6 files changed, 824 deletions(-) delete mode 100644 0001-aclocal-fix-typo-in-idmap.m4.patch delete mode 100644 0002-cifs.upcall-use-krb5-routines-to-get-default-ccname.patch delete mode 100644 0003-cifs.upcall-make-the-krb5_context-a-static-global-va.patch delete mode 100644 0004-cifs.upcall-remove-KRB5_TC_OPENCLOSE.patch delete mode 100644 0005-cifs.upcall-make-get_tgt_time-take-a-ccache-arg.patch delete mode 100644 0006-cifs.upcall-stop-passing-around-ccache-name-strings.patch diff --git a/0001-aclocal-fix-typo-in-idmap.m4.patch b/0001-aclocal-fix-typo-in-idmap.m4.patch deleted file mode 100644 index 053a22a..0000000 --- a/0001-aclocal-fix-typo-in-idmap.m4.patch +++ /dev/null @@ -1,28 +0,0 @@ -From bbbf7133aec555c5d27ee3163d6045ecfc4673d9 Mon Sep 17 00:00:00 2001 -From: Jeff Layton -Date: Tue, 12 Jul 2016 16:53:25 -0400 -Subject: [cifs-utils PATCH 1/6] aclocal: fix typo in idmap.m4 - -We really don't want to do the same check twice. - -Signed-off-by: Jeff Layton ---- - aclocal/idmap.m4 | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/aclocal/idmap.m4 b/aclocal/idmap.m4 -index 3ccdae3ab968..4e16a46568a1 100644 ---- a/aclocal/idmap.m4 -+++ b/aclocal/idmap.m4 -@@ -19,7 +19,7 @@ if test $enable_cifsidmap != "no" -o $enable_cifsacl != "no"; then - ]) - fi - --if test $enable_cifsacl != "no" -o $enable_cifsacl != "no"; then -+if test $enable_cifsidmap != "no" -o $enable_cifsacl != "no"; then - ac_wbc_save_LDFLAGS="$LDFLAGS" - ac_wbc_save_LIBS="$LIBS" - LDFLAGS="$LDFLAGS $WBCLIENT_LIBS" --- -2.7.4 - diff --git a/0002-cifs.upcall-use-krb5-routines-to-get-default-ccname.patch b/0002-cifs.upcall-use-krb5-routines-to-get-default-ccname.patch deleted file mode 100644 index bf2eeb3..0000000 --- a/0002-cifs.upcall-use-krb5-routines-to-get-default-ccname.patch +++ /dev/null @@ -1,215 +0,0 @@ -From 9be6e885c3bd63aa6ae9e6351e1b33a4b15d9183 Mon Sep 17 00:00:00 2001 -From: Jeff Layton -Date: Sun, 21 Aug 2016 09:42:59 -0400 -Subject: [cifs-utils PATCH 2/6] cifs.upcall: use krb5 routines to get default - ccname - -Currently we end up groveling around in /tmp, trying to guess what the -credcache will be. Instead, just get the default ccname for the user, -and then see if it has a valid tgt. If it doesn't then we try to use -the keytab to init the credcache before proceeding. - -Signed-off-by: Jeff Layton ---- - cifs.upcall.c | 148 +++++++++++----------------------------------------------- - 1 file changed, 27 insertions(+), 121 deletions(-) - -diff --git a/cifs.upcall.c b/cifs.upcall.c -index e8544c2b68ad..d0f6d089d8e1 100644 ---- a/cifs.upcall.c -+++ b/cifs.upcall.c -@@ -52,12 +52,6 @@ - #include "spnego.h" - #include "cifs_spnego.h" - --#define CIFS_DEFAULT_KRB5_DIR "/tmp" --#define CIFS_DEFAULT_KRB5_USER_DIR "/run/user/%U" --#define CIFS_DEFAULT_KRB5_PREFIX "krb5cc" -- --#define MAX_CCNAME_LEN PATH_MAX + 5 -- - static const char *prog = "cifs.upcall"; - typedef enum _sectype { - NONE = 0, -@@ -178,13 +172,34 @@ err_cache: - return credtime; - } - --static int krb5cc_filter(const struct dirent *dirent) -+static char * -+get_default_cc(void) - { -- /* subtract 1 for the null terminator */ -- return !strncmp(dirent->d_name, CIFS_DEFAULT_KRB5_PREFIX, -- sizeof(CIFS_DEFAULT_KRB5_PREFIX) - 1); -+ krb5_error_code ret; -+ const char *ccname; -+ char *rcc = NULL; -+ krb5_context context = NULL; -+ -+ ret = krb5_init_context(&context); -+ if (ret) { -+ syslog(LOG_DEBUG, "krb5_init_context: %d", (int)ret); -+ return NULL; -+ } -+ -+ ccname = krb5_cc_default_name(context); -+ if (!ccname) { -+ syslog(LOG_DEBUG, "krb5_cc_default returned NULL."); -+ goto out_free_context; -+ } -+ -+ if (get_tgt_time(ccname)) -+ rcc = strdup(ccname); -+out_free_context: -+ krb5_free_context(context); -+ return rcc; - } - -+ - static char * - init_cc_from_keytab(const char *keytab_name, const char *user) - { -@@ -263,109 +278,6 @@ icfk_cleanup: - return ccname; - } - --/* resolve a pattern to an actual directory path */ --static char *resolve_krb5_dir(const char *pattern, uid_t uid) --{ -- char name[MAX_CCNAME_LEN]; -- int i; -- size_t j; -- for (i = 0, j = 0; (pattern[i] != '\0') && (j < sizeof(name)); i++) { -- switch (pattern[i]) { -- case '%': -- switch (pattern[i + 1]) { -- case '%': -- name[j++] = pattern[i]; -- i++; -- break; -- case 'U': -- j += snprintf(name + j, sizeof(name) - j, -- "%lu", (unsigned long) uid); -- i++; -- break; -- } -- break; -- default: -- name[j++] = pattern[i]; -- break; -- } -- } -- if ((j > 0) && (j < sizeof(name))) -- return strndup(name, MAX_CCNAME_LEN); -- else -- return NULL; --} -- --/* search for a credcache that looks like a likely candidate */ --static char *find_krb5_cc(const char *dirname, uid_t uid, -- char **best_cache, time_t *best_time) --{ -- struct dirent **namelist; -- struct stat sbuf; -- char ccname[MAX_CCNAME_LEN], *credpath; -- int i, n; -- time_t cred_time; -- -- n = scandir(dirname, &namelist, krb5cc_filter, NULL); -- if (n < 0) { -- syslog(LOG_DEBUG, "%s: scandir error on directory '%s': %s", -- __func__, dirname, strerror(errno)); -- return NULL; -- } -- -- for (i = 0; i < n; i++) { -- snprintf(ccname, sizeof(ccname), "FILE:%s/%s", dirname, -- namelist[i]->d_name); -- credpath = ccname + 5; -- syslog(LOG_DEBUG, "%s: considering %s", __func__, credpath); -- -- if (lstat(credpath, &sbuf)) { -- syslog(LOG_DEBUG, "%s: stat error on '%s': %s", -- __func__, credpath, strerror(errno)); -- free(namelist[i]); -- continue; -- } -- if (sbuf.st_uid != uid) { -- syslog(LOG_DEBUG, "%s: %s is owned by %u, not %u", -- __func__, credpath, sbuf.st_uid, uid); -- free(namelist[i]); -- continue; -- } -- if (S_ISDIR(sbuf.st_mode)) { -- snprintf(ccname, sizeof(ccname), "DIR:%s/%s", dirname, -- namelist[i]->d_name); -- credpath = ccname + 4; -- } else -- if (!S_ISREG(sbuf.st_mode)) { -- syslog(LOG_DEBUG, "%s: %s is not a regular file", -- __func__, credpath); -- free(namelist[i]); -- continue; -- } -- if (!(cred_time = get_tgt_time(ccname))) { -- syslog(LOG_DEBUG, "%s: %s is not a valid credcache.", -- __func__, ccname); -- free(namelist[i]); -- continue; -- } -- -- if (cred_time <= *best_time) { -- syslog(LOG_DEBUG, "%s: %s expires sooner than current " -- "best.", __func__, ccname); -- free(namelist[i]); -- continue; -- } -- -- syslog(LOG_DEBUG, "%s: %s is valid ccache", __func__, ccname); -- free(*best_cache); -- *best_cache = strndup(ccname, MAX_CCNAME_LEN); -- *best_time = cred_time; -- free(namelist[i]); -- } -- free(namelist); -- -- return *best_cache; --} -- - static int - cifs_krb5_get_req(const char *host, const char *ccname, - DATA_BLOB * mechtoken, DATA_BLOB * sess_key) -@@ -841,13 +753,12 @@ int main(const int argc, char *const argv[]) - unsigned int have; - long rc = 1; - int c, try_dns = 0, legacy_uid = 0; -- char *buf, *ccdir = NULL, *ccname = NULL, *best_cache = NULL; -+ char *buf, *ccname = NULL; - char hostbuf[NI_MAXHOST], *host; - struct decoded_args arg; - const char *oid; - uid_t uid; - char *keytab_name = NULL; -- time_t best_time = 0; - - hostbuf[0] = '\0'; - memset(&arg, 0, sizeof(arg)); -@@ -954,13 +865,8 @@ int main(const int argc, char *const argv[]) - syslog(LOG_ERR, "setuid: %s", strerror(errno)); - goto out; - } -- ccdir = resolve_krb5_dir(CIFS_DEFAULT_KRB5_USER_DIR, uid); -- if (ccdir != NULL) -- find_krb5_cc(ccdir, uid, &best_cache, &best_time); -- ccname = find_krb5_cc(CIFS_DEFAULT_KRB5_DIR, uid, &best_cache, -- &best_time); -- SAFE_FREE(ccdir); - -+ ccname = get_default_cc(); - /* Couldn't find credcache? Try to use keytab */ - if (ccname == NULL && arg.username != NULL) - ccname = init_cc_from_keytab(keytab_name, arg.username); --- -2.7.4 - diff --git a/0003-cifs.upcall-make-the-krb5_context-a-static-global-va.patch b/0003-cifs.upcall-make-the-krb5_context-a-static-global-va.patch deleted file mode 100644 index 5d2d795..0000000 --- a/0003-cifs.upcall-make-the-krb5_context-a-static-global-va.patch +++ /dev/null @@ -1,214 +0,0 @@ -From a3743af0c579cee61b816080de978ae7a7663b05 Mon Sep 17 00:00:00 2001 -From: Jeff Layton -Date: Mon, 22 Aug 2016 07:34:21 -0400 -Subject: [cifs-utils PATCH 3/6] cifs.upcall: make the krb5_context a static - global variable - -There's no need to keep initing a new context for every function. Just -do it once and reuse as needed. - -Signed-off-by: Jeff Layton ---- - cifs.upcall.c | 61 ++++++++++++++++------------------------------------------- - 1 file changed, 16 insertions(+), 45 deletions(-) - -diff --git a/cifs.upcall.c b/cifs.upcall.c -index d0f6d089d8e1..8448d00f6061 100644 ---- a/cifs.upcall.c -+++ b/cifs.upcall.c -@@ -52,7 +52,9 @@ - #include "spnego.h" - #include "cifs_spnego.h" - --static const char *prog = "cifs.upcall"; -+static krb5_context context; -+static const char *prog = "cifs.upcall"; -+ - typedef enum _sectype { - NONE = 0, - KRB5, -@@ -69,9 +71,7 @@ typedef enum _sectype { - * @return pointer to the realm - * - */ -- --static char *cifs_krb5_principal_get_realm(krb5_context context __attribute__ ((unused)), -- krb5_principal principal) -+static char *cifs_krb5_principal_get_realm(krb5_principal principal) - { - #ifdef HAVE_KRB5_PRINCIPAL_GET_REALM /* Heimdal */ - return krb5_principal_get_realm(context, principal); -@@ -104,7 +104,6 @@ krb5_auth_con_getsendsubkey(krb5_context context, - /* does the ccache have a valid TGT? */ - static time_t get_tgt_time(const char *ccname) - { -- krb5_context context; - krb5_ccache ccache; - krb5_cc_cursor cur; - krb5_creds creds; -@@ -112,11 +111,6 @@ static time_t get_tgt_time(const char *ccname) - time_t credtime = 0; - char *realm = NULL; - -- if (krb5_init_context(&context)) { -- syslog(LOG_DEBUG, "%s: unable to init krb5 context", __func__); -- return 0; -- } -- - if (krb5_cc_resolve(context, ccname, &ccache)) { - syslog(LOG_DEBUG, "%s: unable to resolve krb5 cache", __func__); - goto err_cache; -@@ -137,7 +131,7 @@ static time_t get_tgt_time(const char *ccname) - goto err_ccstart; - } - -- if ((realm = cifs_krb5_principal_get_realm(context, principal)) == NULL) { -+ if ((realm = cifs_krb5_principal_get_realm(principal)) == NULL) { - syslog(LOG_DEBUG, "%s: unable to get realm", __func__); - goto err_ccstart; - } -@@ -168,34 +162,23 @@ err_princ: - #endif - krb5_cc_close(context, ccache); - err_cache: -- krb5_free_context(context); - return credtime; - } - - static char * - get_default_cc(void) - { -- krb5_error_code ret; - const char *ccname; - char *rcc = NULL; -- krb5_context context = NULL; -- -- ret = krb5_init_context(&context); -- if (ret) { -- syslog(LOG_DEBUG, "krb5_init_context: %d", (int)ret); -- return NULL; -- } - - ccname = krb5_cc_default_name(context); - if (!ccname) { - syslog(LOG_DEBUG, "krb5_cc_default returned NULL."); -- goto out_free_context; -+ return NULL; - } - - if (get_tgt_time(ccname)) - rcc = strdup(ccname); --out_free_context: -- krb5_free_context(context); - return rcc; - } - -@@ -203,7 +186,6 @@ out_free_context: - static char * - init_cc_from_keytab(const char *keytab_name, const char *user) - { -- krb5_context context = NULL; - krb5_error_code ret; - krb5_creds my_creds; - krb5_keytab keytab = NULL; -@@ -213,12 +195,6 @@ init_cc_from_keytab(const char *keytab_name, const char *user) - - memset((char *) &my_creds, 0, sizeof(my_creds)); - -- ret = krb5_init_context(&context); -- if (ret) { -- syslog(LOG_DEBUG, "krb5_init_context: %d", (int)ret); -- goto icfk_cleanup; -- } -- - if (keytab_name) - ret = krb5_kt_resolve(context, keytab_name, &keytab); - else -@@ -273,8 +249,6 @@ icfk_cleanup: - krb5_cc_close(context, cc); - if (keytab) - krb5_kt_close(context, keytab); -- if (context) -- krb5_free_context(context); - return ccname; - } - -@@ -284,7 +258,6 @@ cifs_krb5_get_req(const char *host, const char *ccname, - { - krb5_error_code ret; - krb5_keyblock *tokb; -- krb5_context context; - krb5_ccache ccache; - krb5_creds in_creds, *out_creds; - krb5_data apreq_pkt, in_data; -@@ -292,26 +265,19 @@ cifs_krb5_get_req(const char *host, const char *ccname, - #if defined(HAVE_KRB5_AUTH_CON_SETADDRS) && defined(HAVE_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE) - static const uint8_t gss_cksum[24] = { 0x10, 0x00, /* ... */}; - #endif -- -- ret = krb5_init_context(&context); -- if (ret) { -- syslog(LOG_DEBUG, "%s: unable to init krb5 context", __func__); -- return ret; -- } -- - if (ccname) { - ret = krb5_cc_resolve(context, ccname, &ccache); - if (ret) { - syslog(LOG_DEBUG, "%s: unable to resolve %s to ccache\n", - __func__, ccname); -- goto out_free_context; -+ return ret; - } - } else { - ret = krb5_cc_default(context, &ccache); - if (ret) { - syslog(LOG_DEBUG, "%s: krb5_cc_default: %d", - __func__, (int)ret); -- goto out_free_context; -+ return ret; - } - } - -@@ -383,7 +349,6 @@ cifs_krb5_get_req(const char *host, const char *ccname, - /* MIT krb5 < 1.7 is missing the prototype, but still has the symbol */ - #if !HAVE_DECL_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE - krb5_error_code krb5_auth_con_set_req_cksumtype( -- krb5_context context, - krb5_auth_context auth_context, - krb5_cksumtype cksumtype); - #endif -@@ -427,8 +392,6 @@ out_free_ccache: - krb5_cc_set_flags(context, ccache, KRB5_TC_OPENCLOSE); - #endif - krb5_cc_close(context, ccache); --out_free_context: -- krb5_free_context(context); - return ret; - } - -@@ -866,6 +829,12 @@ int main(const int argc, char *const argv[]) - goto out; - } - -+ rc = krb5_init_context(&context); -+ if (rc) { -+ syslog(LOG_ERR, "unable to init krb5 context: %ld", rc); -+ goto out; -+ } -+ - ccname = get_default_cc(); - /* Couldn't find credcache? Try to use keytab */ - if (ccname == NULL && arg.username != NULL) -@@ -1006,6 +975,8 @@ out: - } - data_blob_free(&secblob); - data_blob_free(&sess_key); -+ if (context) -+ krb5_free_context(context); - SAFE_FREE(ccname); - SAFE_FREE(arg.hostname); - SAFE_FREE(arg.ip); --- -2.7.4 - diff --git a/0004-cifs.upcall-remove-KRB5_TC_OPENCLOSE.patch b/0004-cifs.upcall-remove-KRB5_TC_OPENCLOSE.patch deleted file mode 100644 index ecbf252..0000000 --- a/0004-cifs.upcall-remove-KRB5_TC_OPENCLOSE.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 3db6b3a814a2908b230fcfbdb82846775e56dd93 Mon Sep 17 00:00:00 2001 -From: Jeff Layton -Date: Wed, 24 Aug 2016 11:39:06 -0400 -Subject: [cifs-utils PATCH 4/6] cifs.upcall: remove KRB5_TC_OPENCLOSE - -The header file says that this is deprecated, and all of the info I've -seen about it mentioned that it was for performance more than -correctness. It dates back to the original code dump from Igor, so I -think we're safe to just drop it at this point. - -Signed-off-by: Jeff Layton ---- - cifs.upcall.c | 6 ------ - 1 file changed, 6 deletions(-) - -diff --git a/cifs.upcall.c b/cifs.upcall.c -index 8448d00f6061..a25833592440 100644 ---- a/cifs.upcall.c -+++ b/cifs.upcall.c -@@ -157,9 +157,6 @@ err_endseq: - err_ccstart: - krb5_free_principal(context, principal); - err_princ: --#if defined(KRB5_TC_OPENCLOSE) -- krb5_cc_set_flags(context, ccache, KRB5_TC_OPENCLOSE); --#endif - krb5_cc_close(context, ccache); - err_cache: - return credtime; -@@ -388,9 +385,6 @@ out_free_creds: - out_free_principal: - krb5_free_principal(context, in_creds.client); - out_free_ccache: --#if defined(KRB5_TC_OPENCLOSE) -- krb5_cc_set_flags(context, ccache, KRB5_TC_OPENCLOSE); --#endif - krb5_cc_close(context, ccache); - return ret; - } --- -2.7.4 - diff --git a/0005-cifs.upcall-make-get_tgt_time-take-a-ccache-arg.patch b/0005-cifs.upcall-make-get_tgt_time-take-a-ccache-arg.patch deleted file mode 100644 index 3fe8735..0000000 --- a/0005-cifs.upcall-make-get_tgt_time-take-a-ccache-arg.patch +++ /dev/null @@ -1,77 +0,0 @@ -From 39dbb7b47bea9d6d7cf93ddd53cda501c3898bd6 Mon Sep 17 00:00:00 2001 -From: Jeff Layton -Date: Wed, 24 Aug 2016 11:41:53 -0400 -Subject: [cifs-utils PATCH 5/6] cifs.upcall: make get_tgt_time take a ccache - arg - -...instead of dealing with the ccname. Push resolution of the cache -into the caller. - -Signed-off-by: Jeff Layton ---- - cifs.upcall.c | 21 ++++++++++----------- - 1 file changed, 10 insertions(+), 11 deletions(-) - -diff --git a/cifs.upcall.c b/cifs.upcall.c -index a25833592440..a20576654a95 100644 ---- a/cifs.upcall.c -+++ b/cifs.upcall.c -@@ -102,20 +102,14 @@ krb5_auth_con_getsendsubkey(krb5_context context, - #endif - - /* does the ccache have a valid TGT? */ --static time_t get_tgt_time(const char *ccname) -+static time_t get_tgt_time(krb5_ccache ccache) - { -- krb5_ccache ccache; - krb5_cc_cursor cur; - krb5_creds creds; - krb5_principal principal; - time_t credtime = 0; - char *realm = NULL; - -- if (krb5_cc_resolve(context, ccname, &ccache)) { -- syslog(LOG_DEBUG, "%s: unable to resolve krb5 cache", __func__); -- goto err_cache; -- } -- - if (krb5_cc_set_flags(context, ccache, 0)) { - syslog(LOG_DEBUG, "%s: unable to set flags", __func__); - goto err_cache; -@@ -156,8 +150,6 @@ err_endseq: - krb5_cc_end_seq_get(context, ccache, &cur); - err_ccstart: - krb5_free_principal(context, principal); --err_princ: -- krb5_cc_close(context, ccache); - err_cache: - return credtime; - } -@@ -167,15 +159,22 @@ get_default_cc(void) - { - const char *ccname; - char *rcc = NULL; -+ krb5_ccache ccache; - - ccname = krb5_cc_default_name(context); - if (!ccname) { -- syslog(LOG_DEBUG, "krb5_cc_default returned NULL."); -+ syslog(LOG_DEBUG, "%s: krb5_cc_default returned NULL.", __func__); - return NULL; - } - -- if (get_tgt_time(ccname)) -+ if (krb5_cc_resolve(context, ccname, &ccache)) { -+ syslog(LOG_DEBUG, "%s: unable to resolve krb5 cache", __func__); -+ return NULL; -+ } -+ -+ if (get_tgt_time(ccache)) - rcc = strdup(ccname); -+ krb5_cc_close(context, ccache); - return rcc; - } - --- -2.7.4 - diff --git a/0006-cifs.upcall-stop-passing-around-ccache-name-strings.patch b/0006-cifs.upcall-stop-passing-around-ccache-name-strings.patch deleted file mode 100644 index 73a0c9b..0000000 --- a/0006-cifs.upcall-stop-passing-around-ccache-name-strings.patch +++ /dev/null @@ -1,248 +0,0 @@ -From 7852becab01989634aacc1fb8ff9581a11a7cdcf Mon Sep 17 00:00:00 2001 -From: Jeff Layton -Date: Wed, 24 Aug 2016 12:56:54 -0400 -Subject: [cifs-utils PATCH 6/6] cifs.upcall: stop passing around ccache name - strings - -Instead, get a ccache handle and pass that around. That way we can keep -the cache open until the program is complete as well. - -Signed-off-by: Jeff Layton ---- - cifs.upcall.c | 98 +++++++++++++++++++++++++---------------------------------- - 1 file changed, 41 insertions(+), 57 deletions(-) - -diff --git a/cifs.upcall.c b/cifs.upcall.c -index a20576654a95..8f146c92b4a5 100644 ---- a/cifs.upcall.c -+++ b/cifs.upcall.c -@@ -117,7 +117,7 @@ static time_t get_tgt_time(krb5_ccache ccache) - - if (krb5_cc_get_principal(context, ccache, &principal)) { - syslog(LOG_DEBUG, "%s: unable to get principal", __func__); -- goto err_princ; -+ goto err_cache; - } - - if (krb5_cc_start_seq_get(context, ccache, &cur)) { -@@ -154,32 +154,27 @@ err_cache: - return credtime; - } - --static char * -+static krb5_ccache - get_default_cc(void) - { -- const char *ccname; -- char *rcc = NULL; -- krb5_ccache ccache; -+ krb5_error_code ret; -+ krb5_ccache cc; - -- ccname = krb5_cc_default_name(context); -- if (!ccname) { -- syslog(LOG_DEBUG, "%s: krb5_cc_default returned NULL.", __func__); -+ ret = krb5_cc_default(context, &cc); -+ if (ret) { -+ syslog(LOG_DEBUG, "%s: krb5_cc_default returned %d", __func__, ret); - return NULL; - } - -- if (krb5_cc_resolve(context, ccname, &ccache)) { -- syslog(LOG_DEBUG, "%s: unable to resolve krb5 cache", __func__); -- return NULL; -+ if (!get_tgt_time(cc)) { -+ krb5_cc_close(context, cc); -+ cc = NULL; - } -- -- if (get_tgt_time(ccache)) -- rcc = strdup(ccname); -- krb5_cc_close(context, ccache); -- return rcc; -+ return cc; - } - - --static char * -+static krb5_ccache - init_cc_from_keytab(const char *keytab_name, const char *user) - { - krb5_error_code ret; -@@ -187,7 +182,6 @@ init_cc_from_keytab(const char *keytab_name, const char *user) - krb5_keytab keytab = NULL; - krb5_principal me = NULL; - krb5_ccache cc = NULL; -- char *ccname = NULL; - - memset((char *) &my_creds, 0, sizeof(my_creds)); - -@@ -229,61 +223,46 @@ init_cc_from_keytab(const char *keytab_name, const char *user) - } - - ret = krb5_cc_store_cred(context, cc, &my_creds); -- if (ret) -+ if (ret) { - syslog(LOG_DEBUG, "krb5_cc_store_cred: %d", (int)ret); -- -- ccname = strdup(krb5_cc_default_name(context)); -- if (ccname == NULL) -- syslog(LOG_ERR, "Unable to allocate memory"); --icfk_cleanup: -+ goto icfk_cleanup; -+ } -+out: - my_creds.client = (krb5_principal)0; - krb5_free_cred_contents(context, &my_creds); - - if (me) - krb5_free_principal(context, me); -- if (cc) -- krb5_cc_close(context, cc); - if (keytab) - krb5_kt_close(context, keytab); -- return ccname; -+ return cc; -+icfk_cleanup: -+ if (cc) { -+ krb5_cc_close(context, cc); -+ cc = NULL; -+ } -+ goto out; - } - - static int --cifs_krb5_get_req(const char *host, const char *ccname, -+cifs_krb5_get_req(const char *host, krb5_ccache ccache, - DATA_BLOB * mechtoken, DATA_BLOB * sess_key) - { - krb5_error_code ret; - krb5_keyblock *tokb; -- krb5_ccache ccache; - krb5_creds in_creds, *out_creds; - krb5_data apreq_pkt, in_data; - krb5_auth_context auth_context = NULL; - #if defined(HAVE_KRB5_AUTH_CON_SETADDRS) && defined(HAVE_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE) - static const uint8_t gss_cksum[24] = { 0x10, 0x00, /* ... */}; - #endif -- if (ccname) { -- ret = krb5_cc_resolve(context, ccname, &ccache); -- if (ret) { -- syslog(LOG_DEBUG, "%s: unable to resolve %s to ccache\n", -- __func__, ccname); -- return ret; -- } -- } else { -- ret = krb5_cc_default(context, &ccache); -- if (ret) { -- syslog(LOG_DEBUG, "%s: krb5_cc_default: %d", -- __func__, (int)ret); -- return ret; -- } -- } -- - memset(&in_creds, 0, sizeof(in_creds)); - - ret = krb5_cc_get_principal(context, ccache, &in_creds.client); - if (ret) { - syslog(LOG_DEBUG, "%s: unable to get client principal name", - __func__); -- goto out_free_ccache; -+ return ret; - } - - ret = krb5_sname_to_principal(context, host, "cifs", KRB5_NT_UNKNOWN, -@@ -383,8 +362,6 @@ out_free_creds: - krb5_free_creds(context, out_creds); - out_free_principal: - krb5_free_principal(context, in_creds.client); --out_free_ccache: -- krb5_cc_close(context, ccache); - return ret; - } - -@@ -410,7 +387,7 @@ out_free_ccache: - */ - static int - handle_krb5_mech(const char *oid, const char *host, DATA_BLOB * secblob, -- DATA_BLOB * sess_key, const char *ccname) -+ DATA_BLOB * sess_key, krb5_ccache ccache) - { - int retval; - DATA_BLOB tkt, tkt_wrapped; -@@ -418,7 +395,7 @@ handle_krb5_mech(const char *oid, const char *host, DATA_BLOB * secblob, - syslog(LOG_DEBUG, "%s: getting service ticket for %s", __func__, host); - - /* get a kerberos ticket for the service and extract the session key */ -- retval = cifs_krb5_get_req(host, ccname, &tkt, sess_key); -+ retval = cifs_krb5_get_req(host, ccache, &tkt, sess_key); - if (retval) { - syslog(LOG_DEBUG, "%s: failed to obtain service ticket (%d)", - __func__, retval); -@@ -709,12 +686,13 @@ int main(const int argc, char *const argv[]) - unsigned int have; - long rc = 1; - int c, try_dns = 0, legacy_uid = 0; -- char *buf, *ccname = NULL; -+ char *buf; - char hostbuf[NI_MAXHOST], *host; - struct decoded_args arg; - const char *oid; - uid_t uid; - char *keytab_name = NULL; -+ krb5_ccache ccache = NULL; - - hostbuf[0] = '\0'; - memset(&arg, 0, sizeof(arg)); -@@ -828,10 +806,15 @@ int main(const int argc, char *const argv[]) - goto out; - } - -- ccname = get_default_cc(); -+ ccache = get_default_cc(); - /* Couldn't find credcache? Try to use keytab */ -- if (ccname == NULL && arg.username != NULL) -- ccname = init_cc_from_keytab(keytab_name, arg.username); -+ if (ccache == NULL && arg.username != NULL) -+ ccache = init_cc_from_keytab(keytab_name, arg.username); -+ -+ if (ccache == NULL) { -+ rc = 1; -+ goto out; -+ } - - host = arg.hostname; - -@@ -859,7 +842,7 @@ int main(const int argc, char *const argv[]) - - retry_new_hostname: - lowercase_string(host); -- rc = handle_krb5_mech(oid, host, &secblob, &sess_key, ccname); -+ rc = handle_krb5_mech(oid, host, &secblob, &sess_key, ccache); - if (!rc) - break; - -@@ -904,7 +887,7 @@ retry_new_hostname: - break; - } - -- rc = handle_krb5_mech(oid, fqdn, &secblob, &sess_key, ccname); -+ rc = handle_krb5_mech(oid, fqdn, &secblob, &sess_key, ccache); - if (!rc) - break; - } -@@ -968,9 +951,10 @@ out: - } - data_blob_free(&secblob); - data_blob_free(&sess_key); -+ if (ccache) -+ krb5_cc_close(context, ccache); - if (context) - krb5_free_context(context); -- SAFE_FREE(ccname); - SAFE_FREE(arg.hostname); - SAFE_FREE(arg.ip); - SAFE_FREE(arg.username); --- -2.7.4 -