diff options
| author | Greg Hudson <ghudson@mit.edu> | 2011-09-05 16:35:40 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2011-09-05 16:35:40 +0000 |
| commit | 1cd2821c19b2b95e39d5fc2f451a035585a40fa5 (patch) | |
| tree | da78b3780a8cbf0c57977ad4504c5336b03fb49b /src/lib/gssapi/krb5/iakerb.c | |
| parent | 7c5926d866b1874e66ef5d05416ff024faab01ff (diff) | |
| download | krb5-1cd2821c19b2b95e39d5fc2f451a035585a40fa5.tar.gz krb5-1cd2821c19b2b95e39d5fc2f451a035585a40fa5.tar.xz krb5-1cd2821c19b2b95e39d5fc2f451a035585a40fa5.zip | |
Make gss-krb5 use cache collection
For default credentials, defer ccache resolution until we need the
information. If this happens in init_sec_context when we have the
target principal in hand, use krb5_cc_select() to pick a cache. If
the target principal is not known, use the default cache.
For credentials with a specified principal, use krb5_cc_cache_match()
to find the cache. If no cache is found and a password is specified,
create a new cache within the collection to hold the new credentials,
if the default cache type supports a collection.
ticket: 6958
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25160 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/gssapi/krb5/iakerb.c')
| -rw-r--r-- | src/lib/gssapi/krb5/iakerb.c | 20 |
1 files changed, 9 insertions, 11 deletions
diff --git a/src/lib/gssapi/krb5/iakerb.c b/src/lib/gssapi/krb5/iakerb.c index e0aede9fb2..84a96ac1bf 100644 --- a/src/lib/gssapi/krb5/iakerb.c +++ b/src/lib/gssapi/krb5/iakerb.c @@ -914,16 +914,7 @@ iakerb_gss_init_sec_context(OM_uint32 *minor_status, kname = (krb5_gss_name_t)target_name; - if (claimant_cred_handle != GSS_C_NO_CREDENTIAL) { - major_status = krb5_gss_validate_cred_1(minor_status, - claimant_cred_handle, - ctx->k5c); - if (GSS_ERROR(major_status)) - goto cleanup; - - cred_locked = TRUE; - kcred = (krb5_gss_cred_id_t)claimant_cred_handle; - } else { + if (claimant_cred_handle == GSS_C_NO_CREDENTIAL) { major_status = krb5_gss_acquire_cred(minor_status, NULL, GSS_C_INDEFINITE, GSS_C_NULL_OID_SET, @@ -931,9 +922,16 @@ iakerb_gss_init_sec_context(OM_uint32 *minor_status, &defcred, NULL, NULL); if (GSS_ERROR(major_status)) goto cleanup; - kcred = (krb5_gss_cred_id_t)defcred; + claimant_cred_handle = defcred; } + major_status = kg_cred_resolve(minor_status, ctx->k5c, + claimant_cred_handle, target_name); + if (GSS_ERROR(major_status)) + goto cleanup; + cred_locked = TRUE; + kcred = (krb5_gss_cred_id_t)claimant_cred_handle; + major_status = GSS_S_FAILURE; if (initialContextToken) { |