From 12383b4f01cfa8551d35ba9f483290c2861a5822 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Fri, 17 Nov 2017 13:53:37 -0500 Subject: [PATCH] Separate cred and ccache manipulation in gpp_store_remote_creds() Signed-off-by: Robbie Harwood Reviewed-by: Simo Sorce (cherry picked from commit 221b553bfb4082085d05b40da9a04c1f7e4af533) --- proxy/src/mechglue/gpp_creds.c | 62 ++++++++++++++++++++++++++---------------- 1 file changed, 39 insertions(+), 23 deletions(-) diff --git a/proxy/src/mechglue/gpp_creds.c b/proxy/src/mechglue/gpp_creds.c index 6bdff45..3ebd726 100644 --- a/proxy/src/mechglue/gpp_creds.c +++ b/proxy/src/mechglue/gpp_creds.c @@ -136,6 +136,40 @@ bool gpp_creds_are_equal(gssx_cred *a, gssx_cred *b) return true; } +static krb5_error_code gpp_construct_cred(gssx_cred *creds, krb5_context ctx, + krb5_creds *cred, char *cred_name) +{ + XDR xdrctx; + bool xdrok; + krb5_error_code ret = 0; + + memset(cred, 0, sizeof(*cred)); + + memcpy(cred_name, creds->desired_name.display_name.octet_string_val, + creds->desired_name.display_name.octet_string_len); + cred_name[creds->desired_name.display_name.octet_string_len] = '\0'; + + ret = krb5_parse_name(ctx, cred_name, &cred->client); + if (ret) { + return ret; + } + + ret = krb5_parse_name(ctx, GPKRB_SRV_NAME, &cred->server); + if (ret) { + return ret; + } + + cred->ticket.data = malloc(GPKRB_MAX_CRED_SIZE); + xdrmem_create(&xdrctx, cred->ticket.data, GPKRB_MAX_CRED_SIZE, + XDR_ENCODE); + xdrok = xdr_gssx_cred(&xdrctx, creds); + if (!xdrok) { + return ENOSPC; + } + cred->ticket.length = xdr_getpos(&xdrctx); + return 0; +} + uint32_t gpp_store_remote_creds(uint32_t *min, bool default_creds, gss_const_key_value_set_t cred_store, gssx_cred *creds) @@ -145,17 +179,18 @@ uint32_t gpp_store_remote_creds(uint32_t *min, bool default_creds, krb5_creds cred; krb5_error_code ret; char cred_name[creds->desired_name.display_name.octet_string_len + 1]; - XDR xdrctx; - bool xdrok; const char *cc_type; *min = 0; - memset(&cred, 0, sizeof(cred)); - ret = krb5_init_context(&ctx); if (ret) return ret; + ret = gpp_construct_cred(creds, ctx, &cred, cred_name); + if (ret) { + goto done; + } + if (cred_store) { for (unsigned i = 0; i < cred_store->count; i++) { if (strcmp(cred_store->elements[i].key, "ccache") == 0) { @@ -175,25 +210,6 @@ uint32_t gpp_store_remote_creds(uint32_t *min, bool default_creds, if (ret) goto done; } - memcpy(cred_name, creds->desired_name.display_name.octet_string_val, - creds->desired_name.display_name.octet_string_len); - cred_name[creds->desired_name.display_name.octet_string_len] = '\0'; - - ret = krb5_parse_name(ctx, cred_name, &cred.client); - if (ret) goto done; - - ret = krb5_parse_name(ctx, GPKRB_SRV_NAME, &cred.server); - if (ret) goto done; - - cred.ticket.data = malloc(GPKRB_MAX_CRED_SIZE); - xdrmem_create(&xdrctx, cred.ticket.data, GPKRB_MAX_CRED_SIZE, XDR_ENCODE); - xdrok = xdr_gssx_cred(&xdrctx, creds); - if (!xdrok) { - ret = ENOSPC; - goto done; - } - cred.ticket.length = xdr_getpos(&xdrctx); - cc_type = krb5_cc_get_type(ctx, ccache); if (strcmp(cc_type, "FILE") == 0) { /* FILE ccaches don't handle updates properly: if they have the same