svn rev #25164: trunk/src/lib/gssapi/krb5/
ghudson@MIT.EDU
ghudson at MIT.EDU
Tue Sep 6 11:14:10 EDT 2011
http://src.mit.edu/fisheye/changelog/krb5/?cs=25164
Commit By: ghudson
Log Message:
Fix several bugs in gss-krb5 inq_cred.
cred could be used uninitialized if krb5_timeofday() failed. defcred
had the wrong type. kg_cred_resolve() should be used instead of
krb5_gss_validate_cred() to do delayed name/ccache resolution and get
a lock.
Changed Files:
U trunk/src/lib/gssapi/krb5/inq_cred.c
Modified: trunk/src/lib/gssapi/krb5/inq_cred.c
===================================================================
--- trunk/src/lib/gssapi/krb5/inq_cred.c 2011-09-06 11:34:32 UTC (rev 25163)
+++ trunk/src/lib/gssapi/krb5/inq_cred.c 2011-09-06 15:14:10 UTC (rev 25164)
@@ -83,7 +83,8 @@
gss_OID_set *mechanisms;
{
krb5_context context;
- krb5_gss_cred_id_t defcred = GSS_C_NO_CREDENTIAL, cred;
+ gss_cred_id_t defcred = GSS_C_NO_CREDENTIAL;
+ krb5_gss_cred_id_t cred = NULL;
krb5_error_code code;
krb5_timestamp now;
krb5_deltat lifetime;
@@ -104,12 +105,6 @@
if (name) *name = NULL;
if (mechanisms) *mechanisms = NULL;
- if ((code = krb5_timeofday(context, &now))) {
- *minor_status = code;
- ret = GSS_S_FAILURE;
- goto fail;
- }
-
/* check for default credential */
/*SUPPRESS 29*/
if (cred_handle == GSS_C_NO_CREDENTIAL) {
@@ -121,7 +116,7 @@
cred_handle = defcred;
}
- major = krb5_gss_validate_cred(minor_status, cred_handle);
+ major = kg_cred_resolve(minor_status, context, cred_handle, GSS_C_NO_NAME);
if (GSS_ERROR(major)) {
krb5_gss_release_cred(minor_status, &defcred);
krb5_free_context(context);
@@ -129,6 +124,12 @@
}
cred = (krb5_gss_cred_id_t)cred_handle;
+ if ((code = krb5_timeofday(context, &now))) {
+ *minor_status = code;
+ ret = GSS_S_FAILURE;
+ goto fail;
+ }
+
if (cred->tgt_expire > 0) {
if ((lifetime = cred->tgt_expire - now) < 0)
lifetime = 0;
More information about the cvs-krb5
mailing list