80 lines
3.1 KiB
Diff
80 lines
3.1 KiB
Diff
|
From c5d80e916e087b584f8890c383fe699ec17a97ad Mon Sep 17 00:00:00 2001
|
||
|
|
From: Simo Sorce <simo@redhat.com>
|
||
|
|
Date: Thu, 23 Feb 2017 13:56:34 -0500
|
||
|
|
Subject: [PATCH] Always check if we have a remote credential
|
||
|
|
|
||
|
|
Even if we are not given an explicit ccache, check if the ccache we are
|
||
|
|
going to use for operations on the client side has a stored remote
|
||
|
|
credential. If one is found use it.
|
||
|
|
|
||
|
|
Signed-off-by: Simo Sorce <simo@redhat.com>
|
||
|
|
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
|
||
|
|
PR: #51
|
||
|
|
(cherry picked from commit ba27dee8a32750493664e720f751db2ff652d9a0)
|
||
|
|
---
|
||
|
|
proxy/src/mechglue/gpp_acquire_cred.c | 43 +++++++++++++++++------------------
|
||
|
|
1 file changed, 21 insertions(+), 22 deletions(-)
|
||
|
|
|
||
|
|
diff --git a/proxy/src/mechglue/gpp_acquire_cred.c b/proxy/src/mechglue/gpp_acquire_cred.c
|
||
|
|
index 1444728..277e61a 100644
|
||
|
|
--- a/proxy/src/mechglue/gpp_acquire_cred.c
|
||
|
|
+++ b/proxy/src/mechglue/gpp_acquire_cred.c
|
||
|
|
@@ -88,6 +88,7 @@ OM_uint32 gssi_acquire_cred_from(OM_uint32 *minor_status,
|
||
|
|
struct gpp_name_handle *name;
|
||
|
|
struct gpp_cred_handle *out_cred_handle = NULL;
|
||
|
|
struct gssx_cred *in_cred_remote = NULL;
|
||
|
|
+ const char *ccache_name = NULL;
|
||
|
|
OM_uint32 maj, min;
|
||
|
|
OM_uint32 tmaj, tmin;
|
||
|
|
|
||
|
|
@@ -111,29 +112,27 @@ OM_uint32 gssi_acquire_cred_from(OM_uint32 *minor_status,
|
||
|
|
name = (struct gpp_name_handle *)desired_name;
|
||
|
|
behavior = gpp_get_behavior();
|
||
|
|
|
||
|
|
- /* if a cred_store option is passed in, check if it references
|
||
|
|
- * valid credentials, if so switch behavior appropriately */
|
||
|
|
- if (cred_store) {
|
||
|
|
- for (unsigned i = 0; i < cred_store->count; i++) {
|
||
|
|
- if (strcmp(cred_store->elements[i].key, "ccache") == 0) {
|
||
|
|
- gssx_cred remote = {0};
|
||
|
|
- maj = gppint_retrieve_remote_creds(&min,
|
||
|
|
- cred_store->elements[i].value, NULL, &remote);
|
||
|
|
- if (maj == GSS_S_COMPLETE) {
|
||
|
|
- in_cred_remote = malloc(sizeof(gssx_cred));
|
||
|
|
- if (!in_cred_remote) {
|
||
|
|
- maj = GSS_S_FAILURE;
|
||
|
|
- min = ENOMEM;
|
||
|
|
- goto done;
|
||
|
|
- }
|
||
|
|
- *in_cred_remote = remote;
|
||
|
|
- break;
|
||
|
|
- }
|
||
|
|
- }
|
||
|
|
+ /* Always check if we have remote creds stored in the local ccache */
|
||
|
|
+ for (unsigned i = 0; cred_store && i < cred_store->count; i++) {
|
||
|
|
+ if (strcmp(cred_store->elements[i].key, "ccache") == 0) {
|
||
|
|
+ ccache_name = cred_store->elements[i].value;
|
||
|
|
+ break;
|
||
|
|
}
|
||
|
|
- if (in_cred_remote) {
|
||
|
|
- behavior = GPP_REMOTE_ONLY;
|
||
|
|
- } else {
|
||
|
|
+ }
|
||
|
|
+
|
||
|
|
+ in_cred_remote = calloc(1, sizeof(gssx_cred));
|
||
|
|
+ if (!in_cred_remote) {
|
||
|
|
+ maj = GSS_S_FAILURE;
|
||
|
|
+ min = ENOMEM;
|
||
|
|
+ goto done;
|
||
|
|
+ }
|
||
|
|
+ maj = gppint_retrieve_remote_creds(&min, ccache_name, NULL,
|
||
|
|
+ in_cred_remote);
|
||
|
|
+ if (maj == GSS_S_COMPLETE) {
|
||
|
|
+ behavior = GPP_REMOTE_ONLY;
|
||
|
|
+ } else {
|
||
|
|
+ safefree(in_cred_remote);
|
||
|
|
+ if (ccache_name) {
|
||
|
|
behavior = GPP_LOCAL_ONLY;
|
||
|
|
}
|
||
|
|
}
|