diff options
| author | Greg Hudson <ghudson@mit.edu> | 2014-06-05 12:03:16 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2014-06-10 23:54:41 -0400 |
| commit | 02de9935648c307098fb69da26f74424da8dde64 (patch) | |
| tree | e0c7c0ccbba3f914986d474b0e2edfe157cd6729 /src/lib | |
| parent | 4799121941cfd846f9d3d7a905ac4c84342ff306 (diff) | |
| download | krb5-02de9935648c307098fb69da26f74424da8dde64.tar.gz krb5-02de9935648c307098fb69da26f74424da8dde64.tar.xz krb5-02de9935648c307098fb69da26f74424da8dde64.zip | |
Simplify ticket retrieval from AP-REQs
After krb5_rd_req_decoded or krb5_rd_req_decoded_anyflag, the ticket
(with enc_part2 if we could decrypt it) is accessible via
request->ticket; there is no need to copy it. Stop using the ticket
parameter of those functions. Where we need to save the ticket beyond
the lifetime of the krb5_ap_req, steal the pointer before freeing the
request.
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/gssapi/krb5/accept_sec_context.c | 7 | ||||
| -rw-r--r-- | src/lib/krb5/krb/rd_req.c | 7 |
2 files changed, 9 insertions, 5 deletions
diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index af7f0dcd5..b8086509e 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -607,6 +607,7 @@ kg_accept_krb5(minor_status, context_handle, major_status = GSS_S_FAILURE; goto done; } + ticket = request->ticket; /* decode the message */ @@ -644,7 +645,7 @@ kg_accept_krb5(minor_status, context_handle, } code = krb5_rd_req_decoded(context, &auth_context, request, accprinc, - cred->keytab, &ap_req_options, &ticket); + cred->keytab, &ap_req_options, NULL); krb5_free_principal(context, accprinc); if (code) { @@ -968,8 +969,6 @@ kg_accept_krb5(minor_status, context_handle, ctx->gss_flags |= GSS_C_DELEG_FLAG; } - krb5_free_ticket(context, ticket); /* Done with ticket */ - { krb5_int32 seq_temp; krb5_auth_con_getremoteseqnumber(context, auth_context, &seq_temp); @@ -1234,7 +1233,7 @@ fail: (void) krb5_us_timeofday(context, &krb_error_data.stime, &krb_error_data.susec); - krb_error_data.server = request->ticket->server; + krb_error_data.server = ticket->server; code = krb5_mk_error(context, &krb_error_data, &scratch); if (code) goto done; diff --git a/src/lib/krb5/krb/rd_req.c b/src/lib/krb5/krb/rd_req.c index 5ad77c106..c0fc97932 100644 --- a/src/lib/krb5/krb/rd_req.c +++ b/src/lib/krb5/krb/rd_req.c @@ -85,7 +85,12 @@ krb5_rd_req(krb5_context context, krb5_auth_context *auth_context, #endif /* LEAN_CLIENT */ retval = krb5_rd_req_decoded(context, auth_context, request, server, - keytab, ap_req_options, ticket); + keytab, ap_req_options, NULL); + if (!retval && ticket != NULL) { + /* Steal the ticket pointer for the caller. */ + *ticket = request->ticket; + request->ticket = NULL; + } #ifndef LEAN_CLIENT if (new_keytab != NULL) |