svn rev #23944: branches/iakerb/src/ appl/gss-sample/ lib/gssapi/krb5/

Mon Apr 26 15:15:41 EDT 2010

http://src.mit.edu/fisheye/changelog/krb5/?cs=23944
Commit By: ghudson
Log Message:
If gss_acquire_cred_with_password is used with no default ccache,
initialize the default ccache and fill it in, instead of creating a
memory ccache.  Adjust gss-sample test cases to expect that there will
be cached creds.



Changed Files:
U   branches/iakerb/src/appl/gss-sample/t_gss_sample.py
U   branches/iakerb/src/lib/gssapi/krb5/acquire_cred.c
Modified: branches/iakerb/src/appl/gss-sample/t_gss_sample.py
===================================================================

--- branches/iakerb/src/appl/gss-sample/t_gss_sample.py	2010-04-26 18:55:10 UTC (rev 23943)
+++ branches/iakerb/src/appl/gss-sample/t_gss_sample.py	2010-04-26 19:15:41 UTC (rev 23944)
@@ -29,7 +29,8 @@
 
 # Run a gss-server process and a gss-client process, with additional
 # gss-client flags given by options.  Verify that gss-client displayed
-# the expected output for a successful negotiation.
+# the expected output for a successful negotiation, and that we
+# obtained credentials for the host service.
 def server_client_test(realm, options):
     portstr = str(realm.server_port())
     server = realm.start_server([gss_server, '-port', portstr, 'host'],
@@ -39,6 +40,7 @@
     if 'Signature verified.' not in output:
         fail('Expected message not seen in gss-client output')
     stop_daemon(server)
+    realm.klist(realm.user_princ, realm.host_princ)
 
 # Make up a filename to hold user's initial credentials.
 def ccache_savefile(realm):
@@ -56,18 +58,13 @@
 def tgs_test(realm, options):
     ccache_restore(realm)
     server_client_test(realm, options)
-    realm.klist(realm.user_princ, realm.host_princ)
 
 # Perform a test of the server and client with initial credentials
 # obtained through gss_acquire_cred_with_password().
 def as_test(realm, options):
-    if os.path.exists(realm.ccache):
-        os.remove(realm.ccache)
+    os.remove(realm.ccache)
     server_client_test(realm, options + ['-user', realm.user_princ,
                                          '-pass', password('user')])
-    # Currently, gss_acquire_cred_with_password() doesn't cache the
-    # resulting creds if the default ccache doesn't exist.
-    # realm.klist(realm.user_princ, realm.host_princ)
 
 for realm in multipass_realms():
     ccache_save(realm)

Modified: branches/iakerb/src/lib/gssapi/krb5/acquire_cred.c
===================================================================
--- branches/iakerb/src/lib/gssapi/krb5/acquire_cred.c	2010-04-26 18:55:10 UTC (rev 23943)
+++ branches/iakerb/src/lib/gssapi/krb5/acquire_cred.c	2010-04-26 19:15:41 UTC (rev 23944)
@@ -339,10 +339,10 @@
     code = krb5_cc_set_flags(context, ccache, 0);
     if (code == KRB5_FCC_NOFILE &&
         password != GSS_C_NO_BUFFER && desired_name != NULL) {
-        /* Well, we can create a memory ccache. */
-        code = krb5_cc_new_unique(context, "MEMORY", NULL, &ccache);
+        /* We will get initial creds later. */
+        code = krb5_cc_initialize(context, ccache, desired_name->princ);
         if (code == 0)
-            code = krb5_cc_initialize(context, ccache, desired_name->princ);
+            code = krb5_cc_set_flags(context, ccache, 0);
     }
     if (code != 0) {
         (void)krb5_cc_close(context, ccache);


