summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/gssapi/krb5/ChangeLog10
-rw-r--r--src/lib/gssapi/krb5/gssapi_krb5.c49
-rw-r--r--src/lib/gssapi/krb5/init_sec_context.c7
3 files changed, 34 insertions, 32 deletions
diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog
index c2391495a..26afbfa72 100644
--- a/src/lib/gssapi/krb5/ChangeLog
+++ b/src/lib/gssapi/krb5/ChangeLog
@@ -1,3 +1,13 @@
+2003-02-24 Tom Yu <tlyu@mit.edu>
+
+ * gssapi_krb5.c (kg_get_defcred): Revert previous; it's probably
+ not appropriate for inquire_cred() to cause new credentials to be
+ fetched.
+
+ * init_sec_context.c (krb5_gss_init_sec_context): Explicitly
+ release default cred in the NO_CREDENTIAL case, so it is always
+ refreshed.
+
2003-02-21 Tom Yu <tlyu@mit.edu>
* gssapi_krb5.c (kg_get_defcred): Check for invalid or expired
diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c
index e015ea04c..db6eabd5d 100644
--- a/src/lib/gssapi/krb5/gssapi_krb5.c
+++ b/src/lib/gssapi/krb5/gssapi_krb5.c
@@ -132,46 +132,31 @@ void *kg_vdb = NULL;
static gss_cred_id_t defcred = GSS_C_NO_CREDENTIAL;
+/*
+ * init_sec_context() will explicitly re-acquire default credentials,
+ * so handling the expiration/invalidation condition here isn't needed.
+ */
OM_uint32
kg_get_defcred(minor_status, cred)
OM_uint32 *minor_status;
gss_cred_id_t *cred;
{
- OM_uint32 major;
-
- *cred = GSS_C_NO_CREDENTIAL;
- *minor_status = 0;
-
- if (defcred != GSS_C_NO_CREDENTIAL) {
- /*
- * If a default credential exists, ensure that it is valid and
- * not expired.
- */
- major = krb5_gss_inquire_cred(minor_status, defcred,
- NULL, NULL, NULL, NULL);
- if (major != GSS_S_CREDENTIALS_EXPIRED) {
- if (GSS_ERROR(major))
- *cred = GSS_C_NO_CREDENTIAL;
- else
- *cred = defcred;
- return major;
+ if (defcred == GSS_C_NO_CREDENTIAL) {
+ OM_uint32 major;
+
+ if ((major = krb5_gss_acquire_cred(minor_status,
+ (gss_name_t) NULL, GSS_C_INDEFINITE,
+ GSS_C_NULL_OID_SET, GSS_C_INITIATE,
+ &defcred, NULL, NULL)) &&
+ GSS_ERROR(major)) {
+ defcred = GSS_C_NO_CREDENTIAL;
+ return(major);
}
- major = kg_release_defcred(minor_status);
- if (GSS_ERROR(major))
- return major;
- }
- major = krb5_gss_acquire_cred(minor_status,
- (gss_name_t) NULL, GSS_C_INDEFINITE,
- GSS_C_NULL_OID_SET, GSS_C_INITIATE,
- &defcred, NULL, NULL);
- if (GSS_ERROR(major)) {
- defcred = GSS_C_NO_CREDENTIAL;
- } else {
- *cred = defcred;
- *minor_status = 0;
}
- return major;
+ *cred = defcred;
+ *minor_status = 0;
+ return(GSS_S_COMPLETE);
}
OM_uint32
diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c
index 2af8baca6..8877052ba 100644
--- a/src/lib/gssapi/krb5/init_sec_context.c
+++ b/src/lib/gssapi/krb5/init_sec_context.c
@@ -382,6 +382,13 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
if (claimant_cred_handle == GSS_C_NO_CREDENTIAL) {
OM_uint32 major;
+ /*
+ * Release default cred prior to re-acquiring it, to notice when
+ * the ccache has changed.
+ */
+ major = kg_release_defcred(minor_status);
+ if (GSS_ERROR(major))
+ return major;
if ((major = kg_get_defcred(minor_status, &claimant_cred_handle)) &&
GSS_ERROR(major)) {
return(major);
generated by cgit (git 2.34.1) at 2024-10-09 22:17:42 +0000