diff options
| author | Alexandra Ellwood <lxs@mit.edu> | 2006-07-19 18:14:01 +0000 |
|---|---|---|
| committer | Alexandra Ellwood <lxs@mit.edu> | 2006-07-19 18:14:01 +0000 |
| commit | 3bf4292984d7b13ac106a7d16128315028745385 (patch) | |
| tree | 4029c06f490033713e3abdece6a58301f4b7139c /src/lib/gssapi/krb5/acquire_cred.c | |
| parent | c90f8a668ee109367c2558b4f1bba7e2dd90fb0a (diff) | |
| download | krb5-3bf4292984d7b13ac106a7d16128315028745385.tar.gz krb5-3bf4292984d7b13ac106a7d16128315028745385.tar.xz krb5-3bf4292984d7b13ac106a7d16128315028745385.zip | |
acquire_cred(), kg_caller_provided_ccache_name(): On further reflection
and testing the correct thing appears to be to have gss_krb5_ccache_name()
stop gss_acquire_cred() from searching for the desired name in the cache
collection. If the caller sets the ccache name then gss_acquire_cred will only
look in that ccache. Added kg_caller_provided_ccache_name() to tell whether
or not the caller has actually set the ccache. This should fix the problem for
both Mac OS X and Windows.
ticket: 4024
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18343 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/gssapi/krb5/acquire_cred.c')
| -rw-r--r-- | src/lib/gssapi/krb5/acquire_cred.c | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index 65ba976c7..3f213a12e 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -222,6 +222,7 @@ acquire_init_cred(context, minor_status, desired_name, output_princ, cred) krb5_cc_cursor cur; krb5_creds creds; int got_endtime; + int caller_provided_ccache_name = 0; cred->ccache = NULL; @@ -230,27 +231,26 @@ acquire_init_cred(context, minor_status, desired_name, output_princ, cred) if (GSS_ERROR(kg_sync_ccache_name(context, minor_status))) return(GSS_S_FAILURE); + /* check to see if the caller provided a ccache name if so + * we will just use that and not search the cache collection */ + if (GSS_ERROR(kg_caller_provided_ccache_name (minor_status, &caller_provided_ccache_name))) { + return(GSS_S_FAILURE); + } + #if defined(USE_LOGIN_LIBRARY) || defined(USE_LEASH) - if (desired_name != NULL) { + if (desired_name && !caller_provided_ccache_name) { #if defined(USE_LOGIN_LIBRARY) KLStatus err = klNoErr; - KLPrincipal kl_desired_princ = NULL; - char *default_name = krb5_cc_default_name (context); char *ccache_name = NULL; - + KLPrincipal kl_desired_princ = NULL; + err = __KLCreatePrincipalFromKerberos5Principal ((krb5_principal) desired_name, &kl_desired_princ); if (!err) { - if (default_name) { - err = __KLAcquireInitialTicketsForCacheAndPrincipal (default_name, kerberosVersion_V5, - kl_desired_princ, NULL, NULL, - &ccache_name); - } else { - err = KLAcquireInitialTickets (kl_desired_princ, NULL, NULL, &ccache_name); - } + err = KLAcquireInitialTickets (kl_desired_princ, NULL, NULL, &ccache_name); } - + if (!err) { err = krb5_cc_resolve (context, ccache_name, &ccache); } @@ -260,8 +260,8 @@ acquire_init_cred(context, minor_status, desired_name, output_princ, cred) return(GSS_S_CRED_UNAVAIL); } - if (ccache_name != NULL) { KLDisposeString (ccache_name); } if (kl_desired_princ != NULL) { KLDisposePrincipal (kl_desired_princ); } + if (ccache_name != NULL) { KLDisposeString (ccache_name); } #elif defined(USE_LEASH) if ( hLeashDLL == INVALID_HANDLE_VALUE ) { |