From 4c6a364bf548e5e2f11897bb0e307892bd59e1df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Tue, 27 Jun 2006 13:49:06 +0000 Subject: [PATCH] (gss_userok): create a local krb5_context and use that instead of the libgssapi context (that might not exist). git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17690 ec53bebd-3082-4978-b11e-865c3cabbd6b --- appl/ftp/ftpd/gss_userok.c | 128 +++++++++++++++++++------------------ 1 file changed, 66 insertions(+), 62 deletions(-) diff --git a/appl/ftp/ftpd/gss_userok.c b/appl/ftp/ftpd/gss_userok.c index 6da50ee98..9aa753e58 100644 --- a/appl/ftp/ftpd/gss_userok.c +++ b/appl/ftp/ftpd/gss_userok.c @@ -41,8 +41,6 @@ RCSID("$Id$"); What is the correct way to do this? */ -extern krb5_context gssapi_krb5_context; - /* XXX sync with gssapi.c */ struct gss_data { gss_ctx_id_t context_hdl; @@ -56,67 +54,73 @@ int gss_userok(void *app_data, char *username) { struct gss_data *data = app_data; - if(gssapi_krb5_context) { - krb5_principal client; - krb5_error_code ret; - OM_uint32 minor_status; - - ret = krb5_parse_name(gssapi_krb5_context, data->client_name, &client); - if(ret) - return 1; - ret = krb5_kuserok(gssapi_krb5_context, client, username); - if (!ret) { - krb5_free_principal(gssapi_krb5_context, client); - return 1; - } - - ret = 0; - - /* more of krb-depend stuff :-( */ - /* gss_add_cred() ? */ - if (data->delegated_cred_handle != GSS_C_NO_CREDENTIAL) { - krb5_ccache ccache = NULL; - const char* ticketfile; - struct passwd *kpw; - - ret = krb5_cc_gen_new(gssapi_krb5_context, &krb5_fcc_ops, &ccache); - if (ret) - goto fail; - - ticketfile = krb5_cc_get_name(gssapi_krb5_context, ccache); - - ret = gss_krb5_copy_ccache(&minor_status, - data->delegated_cred_handle, - ccache); - if (ret) { - ret = 0; - goto fail; - } - - do_destroy_tickets = 1; + krb5_context context; + krb5_error_code ret; + krb5_principal client; + OM_uint32 minor_status; - kpw = getpwnam(username); - - if (kpw == NULL) { - unlink(ticketfile); - ret = 1; - goto fail; - } + ret = krb5_init_context(&context); + if (ret) + return 1; - chown (ticketfile, kpw->pw_uid, kpw->pw_gid); - - if (asprintf(&k5ccname, "FILE:%s", ticketfile) != -1) { - esetenv ("KRB5CCNAME", k5ccname, 1); - } - afslog(NULL, 1); -fail: - if (ccache) - krb5_cc_close(gssapi_krb5_context, ccache); - } - - gss_release_cred(&minor_status, &data->delegated_cred_handle); - krb5_free_principal(gssapi_krb5_context, client); - return ret; + ret = krb5_parse_name(context, data->client_name, &client); + if(ret) { + krb5_free_context(context); + return 1; } - return 1; + ret = krb5_kuserok(context, client, username); + if (!ret) { + krb5_free_principal(context, client); + krb5_free_context(context); + return 1; + } + + ret = 0; + + /* more of krb-depend stuff :-( */ + /* gss_add_cred() ? */ + if (data->delegated_cred_handle != GSS_C_NO_CREDENTIAL) { + krb5_ccache ccache = NULL; + const char* ticketfile; + struct passwd *kpw; + + ret = krb5_cc_gen_new(context, &krb5_fcc_ops, &ccache); + if (ret) + goto fail; + + ticketfile = krb5_cc_get_name(context, ccache); + + ret = gss_krb5_copy_ccache(&minor_status, + data->delegated_cred_handle, + ccache); + if (ret) { + ret = 0; + goto fail; + } + + do_destroy_tickets = 1; + + kpw = getpwnam(username); + + if (kpw == NULL) { + unlink(ticketfile); + ret = 1; + goto fail; + } + + chown (ticketfile, kpw->pw_uid, kpw->pw_gid); + + if (asprintf(&k5ccname, "FILE:%s", ticketfile) != -1) { + esetenv ("KRB5CCNAME", k5ccname, 1); + } + afslog(NULL, 1); + fail: + if (ccache) + krb5_cc_close(context, ccache); + } + + gss_release_cred(&minor_status, &data->delegated_cred_handle); + krb5_free_principal(context, client); + krb5_free_context(context); + return ret; }