diff options
Diffstat (limited to 'krb5-master-keyring-kdcsync.patch')
-rw-r--r-- | krb5-master-keyring-kdcsync.patch | 108 |
1 files changed, 108 insertions, 0 deletions
diff --git a/krb5-master-keyring-kdcsync.patch b/krb5-master-keyring-kdcsync.patch new file mode 100644 index 0000000..d0c9f7c --- /dev/null +++ b/krb5-master-keyring-kdcsync.patch @@ -0,0 +1,108 @@ +commit 2ac550e648ff88f84cc2da3c573202845f14e655 +Author: Greg Hudson <ghudson@mit.edu> +Date: Thu Jan 16 17:48:54 2014 -0500 + + Get time offsets for all keyring ccaches + + Move the time offset lookup from krb5_krcc_resolve to make_cache, so + that we fetch time offsets for caches created by + krb5_krcc_ptcursor_next. + + ticket: 7820 + target_version: 1.12.2 + tags: pullup + +diff --git a/src/lib/krb5/ccache/cc_keyring.c b/src/lib/krb5/ccache/cc_keyring.c +index a0c8035..27bad9d 100644 +--- a/src/lib/krb5/ccache/cc_keyring.c ++++ b/src/lib/krb5/ccache/cc_keyring.c +@@ -1077,11 +1077,13 @@ krb5_krcc_destroy(krb5_context context, krb5_ccache id) + + /* Create a cache handle for a cache ID. */ + static krb5_error_code +-make_cache(key_serial_t collection_id, key_serial_t cache_id, +- const char *anchor_name, const char *collection_name, +- const char *subsidiary_name, krb5_ccache *cache_out) ++make_cache(krb5_context context, key_serial_t collection_id, ++ key_serial_t cache_id, const char *anchor_name, ++ const char *collection_name, const char *subsidiary_name, ++ krb5_ccache *cache_out) + { + krb5_error_code ret; ++ krb5_os_context os_ctx = &context->os_context; + krb5_ccache ccache = NULL; + krb5_krcc_data *d; + key_serial_t pkey = 0; +@@ -1108,6 +1110,18 @@ make_cache(key_serial_t collection_id, key_serial_t cache_id, + ccache->data = d; + ccache->magic = KV5M_CCACHE; + *cache_out = ccache; ++ ++ /* Lookup time offsets if necessary. */ ++ if ((context->library_options & KRB5_LIBOPT_SYNC_KDCTIME) && ++ !(os_ctx->os_flags & KRB5_OS_TOFFSET_VALID)) { ++ if (krb5_krcc_get_time_offsets(context, ccache, ++ &os_ctx->time_offset, ++ &os_ctx->usec_offset) == 0) { ++ os_ctx->os_flags &= ~KRB5_OS_TOFFSET_TIME; ++ os_ctx->os_flags |= KRB5_OS_TOFFSET_VALID; ++ } ++ } ++ + return 0; + } + +@@ -1134,7 +1148,6 @@ make_cache(key_serial_t collection_id, key_serial_t cache_id, + static krb5_error_code KRB5_CALLCONV + krb5_krcc_resolve(krb5_context context, krb5_ccache *id, const char *residual) + { +- krb5_os_context os_ctx = &context->os_context; + krb5_error_code ret; + key_serial_t collection_id, cache_id; + char *anchor_name = NULL, *collection_name = NULL, *subsidiary_name = NULL; +@@ -1161,22 +1174,11 @@ krb5_krcc_resolve(krb5_context context, krb5_ccache *id, const char *residual) + if (cache_id < 0) + cache_id = 0; + +- ret = make_cache(collection_id, cache_id, anchor_name, collection_name, +- subsidiary_name, id); ++ ret = make_cache(context, collection_id, cache_id, anchor_name, ++ collection_name, subsidiary_name, id); + if (ret) + goto cleanup; + +- /* Lookup time offsets if necessary. */ +- if ((context->library_options & KRB5_LIBOPT_SYNC_KDCTIME) && +- !(os_ctx->os_flags & KRB5_OS_TOFFSET_VALID)) { +- if (krb5_krcc_get_time_offsets(context, *id, +- &os_ctx->time_offset, +- &os_ctx->usec_offset) == 0) { +- os_ctx->os_flags &= ~KRB5_OS_TOFFSET_TIME; +- os_ctx->os_flags |= KRB5_OS_TOFFSET_VALID; +- } +- } +- + cleanup: + free(anchor_name); + free(collection_name); +@@ -1928,8 +1930,9 @@ krb5_krcc_ptcursor_next(krb5_context context, krb5_cc_ptcursor cursor, + cache_id = keyctl_search(data->collection_id, KRCC_KEY_TYPE_KEYRING, + first_name, 0); + if (cache_id != -1) { +- return make_cache(data->collection_id, cache_id, data->anchor_name, +- data->collection_name, first_name, cache_out); ++ return make_cache(context, data->collection_id, cache_id, ++ data->anchor_name, data->collection_name, ++ first_name, cache_out); + } + } + +@@ -1967,7 +1970,7 @@ krb5_krcc_ptcursor_next(krb5_context context, krb5_cc_ptcursor cursor, + + /* We found a valid key */ + data->next_key++; +- ret = make_cache(data->collection_id, key, data->anchor_name, ++ ret = make_cache(context, data->collection_id, key, data->anchor_name, + data->collection_name, subsidiary_name, cache_out); + free(description); + return ret; |