diff options
| author | Tom Yu <tlyu@mit.edu> | 1998-01-22 00:26:26 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 1998-01-22 00:26:26 +0000 |
| commit | c14b8920c3f1f712d0ee514aff98be5ab67db46b (patch) | |
| tree | f6f5719a52d0aef7bbf620c6da0fda6433f734f7 /src/lib | |
| parent | 2f22fbabece76ad92c7c27307a36082c8f6b793b (diff) | |
* gssapiP_krb5.h: Add rcache member to the creds
structure. [krb5-libs/370]
* accept_sec_context.c (krb5_gss_accept_sec_context): Actually set
an rcache in auth context from the one saved in the creds
structure. [krb5-libs/370]
* acquire_cred.c (acquire_accept_cred): Set up an rcache for use
later. [krb5-libs/370]
* delete_sec_context.c (krb5_gss_delete_sec_context): Don't delete
the rcache when freeing the auth_context. [krb5-libs/370]
* rel_cred.c (krb5_gss_release_cred): Properly close the
rcache. [krb5-libs/370]
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10371 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/gssapi/krb5/ChangeLog | 18 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/accept_sec_context.c | 8 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/acquire_cred.c | 9 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/delete_sec_context.c | 4 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/gssapiP_krb5.h | 1 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/rel_cred.c | 8 |
6 files changed, 46 insertions, 2 deletions
diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index ff41d8df7..5602578da 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,21 @@ +Wed Jan 21 19:14:09 1998 Tom Yu <tlyu@mit.edu> + + * gssapiP_krb5.h: Add rcache member to the creds + structure. [krb5-libs/370] + + * accept_sec_context.c (krb5_gss_accept_sec_context): Actually set + an rcache in auth context from the one saved in the creds + structure. [krb5-libs/370] + + * acquire_cred.c (acquire_accept_cred): Set up an rcache for use + later. [krb5-libs/370] + + * delete_sec_context.c (krb5_gss_delete_sec_context): Don't delete + the rcache when freeing the auth_context. [krb5-libs/370] + + * rel_cred.c (krb5_gss_release_cred): Properly close the + rcache. [krb5-libs/370] + Mon Dec 29 10:30:43 1997 Ezra Peisach <epeisach@kangaroo.mit.edu> * Makefile.in (OBJS): Changed val_cred.$(OBJECT) to diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index bf984d87a..e3cf97257 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -291,6 +291,14 @@ krb5_gss_accept_sec_context(minor_status, context_handle, /* decode the message */ + if ((code = krb5_auth_con_init(context, &auth_context))) { + *minor_status = code; + return(GSS_S_FAILURE); + } + if ((code = krb5_auth_con_setrcache(context, auth_context, cred->rcache))) { + *minor_status = code; + return(GSS_S_FAILURE); + } if ((code = krb5_rd_req(context, &auth_context, &ap_req, cred->princ, cred->keytab, NULL, &ticket))) goto fail; diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index 402ac3ab2..272ea426d 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -89,6 +89,15 @@ acquire_accept_cred(context, minor_status, desired_name, output_princ, cred) /* hooray. we made it */ cred->keytab = kt; + + /* Open the replay cache for this principal. */ + if ((code = krb5_get_server_rcache(context, + krb5_princ_component(context, princ, 0), + &cred->rcache))) { + *minor_status = code; + return(GSS_S_FAILURE); + } + return(GSS_S_COMPLETE); } diff --git a/src/lib/gssapi/krb5/delete_sec_context.c b/src/lib/gssapi/krb5/delete_sec_context.c index 9a9e07ce5..16964995a 100644 --- a/src/lib/gssapi/krb5/delete_sec_context.c +++ b/src/lib/gssapi/krb5/delete_sec_context.c @@ -97,8 +97,10 @@ krb5_gss_delete_sec_context(minor_status, context_handle, output_token) if (ctx->subkey) krb5_free_keyblock(context, ctx->subkey); - if (ctx->auth_context) + if (ctx->auth_context) { + (void)krb5_auth_con_setrcache(context, ctx->auth_context, NULL); krb5_auth_con_free(context, ctx->auth_context); + } if (ctx->mech_used) gss_release_oid(minor_status, &ctx->mech_used); diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h index 69b003118..9f3c75711 100644 --- a/src/lib/gssapi/krb5/gssapiP_krb5.h +++ b/src/lib/gssapi/krb5/gssapiP_krb5.h @@ -88,6 +88,7 @@ typedef struct _krb5_gss_cred_id_rec { /* ccache (init) data */ krb5_ccache ccache; krb5_timestamp tgt_expire; + krb5_rcache rcache; } krb5_gss_cred_id_rec, *krb5_gss_cred_id_t; typedef struct _krb5_gss_enc_desc { diff --git a/src/lib/gssapi/krb5/rel_cred.c b/src/lib/gssapi/krb5/rel_cred.c index df301987b..0d81399af 100644 --- a/src/lib/gssapi/krb5/rel_cred.c +++ b/src/lib/gssapi/krb5/rel_cred.c @@ -29,7 +29,7 @@ krb5_gss_release_cred(minor_status, cred_handle) { krb5_context context; krb5_gss_cred_id_t cred; - krb5_error_code code1, code2; + krb5_error_code code1, code2, code3; if (GSS_ERROR(kg_get_context(minor_status, &context))) return(GSS_S_FAILURE); @@ -54,6 +54,10 @@ krb5_gss_release_cred(minor_status, cred_handle) else code2 = 0; + if (cred->rcache) + code3 = krb5_rc_close(context, cred->rcache); + else + code3 = 0; if (cred->princ) krb5_free_principal(context, cred->princ); xfree(cred); @@ -65,6 +69,8 @@ krb5_gss_release_cred(minor_status, cred_handle) *minor_status = code1; if (code2) *minor_status = code2; + if (code3) + *minor_status = code3; return(*minor_status?GSS_S_FAILURE:GSS_S_COMPLETE); } |