diff options
| author | Greg Hudson <ghudson@mit.edu> | 2011-09-06 15:14:10 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2011-09-06 15:14:10 +0000 |
| commit | eef156a09779d93b4b0743f0c14df799ce1222a6 (patch) | |
| tree | 6b1ebd4788a78e7801a18db860ea665be91c637f | |
| parent | 50e0e4fe668ca28c42d3a19230e58559097486a4 (diff) | |
| download | krb5-eef156a09779d93b4b0743f0c14df799ce1222a6.tar.gz krb5-eef156a09779d93b4b0743f0c14df799ce1222a6.tar.xz krb5-eef156a09779d93b4b0743f0c14df799ce1222a6.zip | |
Fix several bugs in gss-krb5 inq_cred
cred could be used uninitialized if krb5_timeofday() failed. defcred
had the wrong type. kg_cred_resolve() should be used instead of
krb5_gss_validate_cred() to do delayed name/ccache resolution and get
a lock.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25164 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | src/lib/gssapi/krb5/inq_cred.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/src/lib/gssapi/krb5/inq_cred.c b/src/lib/gssapi/krb5/inq_cred.c index f523a545cf..057e51bfa1 100644 --- a/src/lib/gssapi/krb5/inq_cred.c +++ b/src/lib/gssapi/krb5/inq_cred.c @@ -83,7 +83,8 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, gss_OID_set *mechanisms; { krb5_context context; - krb5_gss_cred_id_t defcred = GSS_C_NO_CREDENTIAL, cred; + gss_cred_id_t defcred = GSS_C_NO_CREDENTIAL; + krb5_gss_cred_id_t cred = NULL; krb5_error_code code; krb5_timestamp now; krb5_deltat lifetime; @@ -104,12 +105,6 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, if (name) *name = NULL; if (mechanisms) *mechanisms = NULL; - if ((code = krb5_timeofday(context, &now))) { - *minor_status = code; - ret = GSS_S_FAILURE; - goto fail; - } - /* check for default credential */ /*SUPPRESS 29*/ if (cred_handle == GSS_C_NO_CREDENTIAL) { @@ -121,7 +116,7 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, cred_handle = defcred; } - major = krb5_gss_validate_cred(minor_status, cred_handle); + major = kg_cred_resolve(minor_status, context, cred_handle, GSS_C_NO_NAME); if (GSS_ERROR(major)) { krb5_gss_release_cred(minor_status, &defcred); krb5_free_context(context); @@ -129,6 +124,12 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, } cred = (krb5_gss_cred_id_t)cred_handle; + if ((code = krb5_timeofday(context, &now))) { + *minor_status = code; + ret = GSS_S_FAILURE; + goto fail; + } + if (cred->tgt_expire > 0) { if ((lifetime = cred->tgt_expire - now) < 0) lifetime = 0; |