rpms/gssproxy
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Properly initialize ccaches before storing into them

Browse Source
This commit is contained in:
Robbie Harwood 2017-12-05 13:24:39 -05:00
parent f63618cd42
commit 3f4a754576
2 changed files with 43 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
Properly-initialize-ccaches-before-storing-into-them.patch Normal file
View File

@ -0,0 +1,38 @@
From 0c5e9a662010a37f013fd3e517a5aec0bb592964 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Tue, 5 Dec 2017 13:14:29 -0500
Subject: [PATCH] Properly initialize ccaches before storing into them
krb5_cc_new_unique() doesn't initialize ccaches, which results in the
krb5 libraries being aware of their presence within the collection but
being unable to manipulate them.
This is transparent to most gssproxy consumers because we just
re-fetch the ccache on error.
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Merges: #223
(cherry picked from commit be7df45b6a56631033de387d28a2c06b7658c36a)
---
proxy/src/mechglue/gpp_creds.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/proxy/src/mechglue/gpp_creds.c b/proxy/src/mechglue/gpp_creds.c
index 187ada7..f8ab320 100644
--- a/proxy/src/mechglue/gpp_creds.c
+++ b/proxy/src/mechglue/gpp_creds.c
@@ -247,6 +247,13 @@ uint32_t gpp_store_remote_creds(uint32_t *min, bool store_as_default_cred,
ret = krb5_cc_new_unique(ctx, cc_type, NULL, &ccache);
free(cc_type);
+ if (ret)
+ goto done;
+
+ /* krb5_cc_new_unique() doesn't initialize, and we need to initialize
+ * before storing into the ccache. Note that this will only clobber
+ * the ccache handle, not the whole collection. */
+ ret = krb5_cc_initialize(ctx, ccache, cred.client);
}
if (ret)
goto done;

6
gssproxy.spec
View File

@ -1,6 +1,6 @@
Name: gssproxy Name: gssproxy
Version: 0.7.0 Version: 0.7.0
Release: 25%{?dist} Release: 26%{?dist}
Summary: GSSAPI Proxy Summary: GSSAPI Proxy
Group: System Environment/Libraries Group: System Environment/Libraries
@ -41,6 +41,7 @@ Patch23: Fix-error-message-handling-in-gp_config_from_dir.patch
Patch24: Only-empty-FILE-ccaches-when-storing-remote-creds.patch Patch24: Only-empty-FILE-ccaches-when-storing-remote-creds.patch
Patch25: Separate-cred-and-ccache-manipulation-in-gpp_store_r.patch Patch25: Separate-cred-and-ccache-manipulation-in-gpp_store_r.patch
Patch26: Properly-locate-credentials-in-collection-caches-in-.patch Patch26: Properly-locate-credentials-in-collection-caches-in-.patch
Patch27: Properly-initialize-ccaches-before-storing-into-them.patch
### Dependencies ### ### Dependencies ###
Requires: krb5-libs >= 1.12.0 Requires: krb5-libs >= 1.12.0
@ -138,6 +139,9 @@ rm -rf %{buildroot}
%systemd_postun_with_restart gssproxy.service %systemd_postun_with_restart gssproxy.service
%changelog %changelog
* Tue Dec 05 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-26
- Properly initialize ccaches before storing into them
* Fri Dec 01 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-25 * Fri Dec 01 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-25
- Properly locate credentials in collection caches in mechglue - Properly locate credentials in collection caches in mechglue