From 1dcc7970e3c2a3aa2a91bea76d541cbc748592c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Sun, 6 Apr 2003 00:29:17 +0000 Subject: [PATCH] (gss_add_cred): don't create a new ccache, just open the old one; better check if output handle is compatible with new (copied) handle git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11970 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/gssapi/add_cred.c | 41 +++++++++++++++++++++++++------------- lib/gssapi/krb5/add_cred.c | 41 +++++++++++++++++++++++++------------- 2 files changed, 54 insertions(+), 28 deletions(-) diff --git a/lib/gssapi/add_cred.c b/lib/gssapi/add_cred.c index ce58f2051..b207415c2 100644 --- a/lib/gssapi/add_cred.c +++ b/lib/gssapi/add_cred.c @@ -64,12 +64,14 @@ OM_uint32 gss_add_cred ( return GSS_S_NO_CRED; } - if (cred->usage == cred_usage - || (cred->usage == GSS_C_BOTH && output_cred_handle != NULL)) { + /* check if requested output usage is compatible with output usage */ + if (output_cred_handle != NULL && + (cred->usage != cred_usage && cred->usage != GSS_C_BOTH)) { *minor_status = GSS_KRB5_S_G_BAD_USAGE; return(GSS_S_FAILURE); } + /* check that we have the same name */ if (desired_name != GSS_C_NO_NAME && krb5_principal_compare(gssapi_krb5_context, desired_name, cred->principal) != FALSE) { @@ -139,25 +141,36 @@ OM_uint32 gss_add_cred ( if (cred->ccache) { krb5_error_code kret; + const char *type, *name; + char *type_name; ret = GSS_S_FAILURE; - kret = krb5_cc_gen_new(gssapi_krb5_context, - krb5_cc_get_ops(gssapi_krb5_context, - cred->ccache), + type = krb5_cc_get_type(gssapi_krb5_context, cred->ccache); + if (type == NULL){ + *minor_status = ENOMEM; + goto failure; + } + + name = krb5_cc_get_name(gssapi_krb5_context, cred->ccache); + if (name == NULL) { + *minor_status = ENOMEM; + goto failure; + } + + asprintf(&type_name, "%s:%s", type, name); + if (type_name == NULL) { + *minor_status = ENOMEM; + goto failure; + } + + kret = krb5_cc_resolve(gssapi_krb5_context, type_name, &handle->ccache); + free(type_name); if (kret) { *minor_status = kret; goto failure; - } - - kret = krb5_cc_copy_cache(gssapi_krb5_context, cred->ccache, - handle->ccache); - if (kret) { - *minor_status = kret; - goto failure; - } - + } } ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms); diff --git a/lib/gssapi/krb5/add_cred.c b/lib/gssapi/krb5/add_cred.c index ce58f2051..b207415c2 100644 --- a/lib/gssapi/krb5/add_cred.c +++ b/lib/gssapi/krb5/add_cred.c @@ -64,12 +64,14 @@ OM_uint32 gss_add_cred ( return GSS_S_NO_CRED; } - if (cred->usage == cred_usage - || (cred->usage == GSS_C_BOTH && output_cred_handle != NULL)) { + /* check if requested output usage is compatible with output usage */ + if (output_cred_handle != NULL && + (cred->usage != cred_usage && cred->usage != GSS_C_BOTH)) { *minor_status = GSS_KRB5_S_G_BAD_USAGE; return(GSS_S_FAILURE); } + /* check that we have the same name */ if (desired_name != GSS_C_NO_NAME && krb5_principal_compare(gssapi_krb5_context, desired_name, cred->principal) != FALSE) { @@ -139,25 +141,36 @@ OM_uint32 gss_add_cred ( if (cred->ccache) { krb5_error_code kret; + const char *type, *name; + char *type_name; ret = GSS_S_FAILURE; - kret = krb5_cc_gen_new(gssapi_krb5_context, - krb5_cc_get_ops(gssapi_krb5_context, - cred->ccache), + type = krb5_cc_get_type(gssapi_krb5_context, cred->ccache); + if (type == NULL){ + *minor_status = ENOMEM; + goto failure; + } + + name = krb5_cc_get_name(gssapi_krb5_context, cred->ccache); + if (name == NULL) { + *minor_status = ENOMEM; + goto failure; + } + + asprintf(&type_name, "%s:%s", type, name); + if (type_name == NULL) { + *minor_status = ENOMEM; + goto failure; + } + + kret = krb5_cc_resolve(gssapi_krb5_context, type_name, &handle->ccache); + free(type_name); if (kret) { *minor_status = kret; goto failure; - } - - kret = krb5_cc_copy_cache(gssapi_krb5_context, cred->ccache, - handle->ccache); - if (kret) { - *minor_status = kret; - goto failure; - } - + } } ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);