krb5 commit: Stop using KRB5_TC_OPENCLOSE
Greg Hudson
ghudson at mit.edu
Mon Nov 3 13:25:37 EST 2014
https://github.com/krb5/krb5/commit/ec3a2e9ea2d4fdb2e00fc7b2a6bfed7feac10880
commit ec3a2e9ea2d4fdb2e00fc7b2a6bfed7feac10880
Author: Greg Hudson <ghudson at mit.edu>
Date: Mon Oct 6 10:05:41 2014 -0400
Stop using KRB5_TC_OPENCLOSE
Since KRB5_TC_OPENCLOSE no longer does anything, stop setting it when
we iterate over ccaches.
ticket: 7804
src/clients/klist/klist.c | 15 ---------------
src/clients/ksu/main.c | 5 -----
src/lib/gssapi/krb5/acquire_cred.c | 7 ++-----
src/lib/krb5/ccache/cc_retr.c | 14 +-------------
src/lib/krb5/ccache/cccopy.c | 26 --------------------------
src/lib/krb5/krb/vfy_increds.c | 25 +++++--------------------
src/windows/cns/cns.c | 15 +--------------
src/windows/cns/tktlist.c | 11 +----------
src/windows/leash/KrbListTickets.cpp | 4 ++--
src/windows/leashdll/lshfunc.c | 4 ++--
10 files changed, 14 insertions(+), 112 deletions(-)
diff --git a/src/clients/klist/klist.c b/src/clients/klist/klist.c
index 1d189b4..0f6ca8a 100644
--- a/src/clients/klist/klist.c
+++ b/src/clients/klist/klist.c
@@ -480,14 +480,8 @@ show_ccache(krb5_ccache cache)
krb5_cc_cursor cur;
krb5_creds creds;
krb5_principal princ;
- krb5_flags flags;
krb5_error_code code;
- flags = 0; /* turns off OPENCLOSE mode */
- if ((code = krb5_cc_set_flags(kcontext, cache, flags))) {
- com_err(progname, code, "");
- return 1;
- }
if ((code = krb5_cc_get_principal(kcontext, cache, &princ))) {
com_err(progname, code, "");
return 1;
@@ -522,11 +516,6 @@ show_ccache(krb5_ccache cache)
com_err(progname, code, _("while finishing ticket retrieval"));
return 1;
}
- flags = KRB5_TC_OPENCLOSE; /* turns on OPENCLOSE mode */
- if ((code = krb5_cc_set_flags(kcontext, cache, flags))) {
- com_err(progname, code, _("while closing ccache"));
- return 1;
- }
return 0;
} else {
com_err(progname, code, _("while retrieving a ticket"));
@@ -544,8 +533,6 @@ check_ccache(krb5_ccache cache)
krb5_principal princ;
krb5_boolean found_tgt, found_current_tgt, found_current_cred;
- if (krb5_cc_set_flags(kcontext, cache, 0) != 0)
- return 1;
if (krb5_cc_get_principal(kcontext, cache, &princ) != 0)
return 1;
if (krb5_cc_start_seq_get(kcontext, cache, &cur) != 0)
@@ -567,8 +554,6 @@ check_ccache(krb5_ccache cache)
return 1;
if (krb5_cc_end_seq_get(kcontext, cache, &cur) != 0)
return 1;
- if (krb5_cc_set_flags(kcontext, cache, KRB5_TC_OPENCLOSE) != 0)
- return 1;
/* If the cache contains at least one local TGT, require that it be
* current. Otherwise accept any current cred. */
diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c
index e1a9352..b6b3379 100644
--- a/src/clients/ksu/main.c
+++ b/src/clients/ksu/main.c
@@ -376,11 +376,6 @@ main (argc, argv)
exit(1);
}
- if (((retval = krb5_cc_set_flags(ksu_context, cc_source, 0x0)) != 0)
- && (retval != KRB5_FCC_NOFILE)) {
- com_err(prog_name, retval, _("while opening ccache"));
- exit(1);
- }
if ((retval = get_best_princ_for_target(ksu_context, source_uid,
target_uid, source_user,
target_user, cc_source,
diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c
index 8bdf7c4..86a0462 100644
--- a/src/lib/gssapi/krb5/acquire_cred.c
+++ b/src/lib/gssapi/krb5/acquire_cred.c
@@ -376,8 +376,7 @@ scan_ccache(krb5_context context, krb5_gss_cred_id_rec *cred)
krb5_timestamp endtime;
krb5_boolean is_tgt;
- /* Turn off OPENCLOSE mode while extensive frobbing is going on.
- * Turn on NOTICKET, as we don't need session keys here. */
+ /* Turn on NOTICKET, as we don't need session keys here. */
code = krb5_cc_set_flags(context, ccache, KRB5_TC_NOTICKET);
if (code)
return code;
@@ -444,10 +443,8 @@ scan_ccache(krb5_context context, krb5_gss_cred_id_rec *cred)
goto cleanup;
}
- (void)krb5_cc_set_flags(context, ccache, KRB5_TC_OPENCLOSE);
-
cleanup:
- (void)krb5_cc_set_flags(context, ccache, KRB5_TC_OPENCLOSE);
+ (void)krb5_cc_set_flags(context, ccache, 0);
krb5_free_principal(context, ccache_princ);
krb5_free_principal(context, tgt_princ);
return code;
diff --git a/src/lib/krb5/ccache/cc_retr.c b/src/lib/krb5/ccache/cc_retr.c
index 960c9c9..1314d24 100644
--- a/src/lib/krb5/ccache/cc_retr.c
+++ b/src/lib/krb5/ccache/cc_retr.c
@@ -214,17 +214,9 @@ krb5_cc_retrieve_cred_seq (krb5_context context, krb5_ccache id,
krb5_flags oflags = 0;
#define fetchcreds (fetched.creds)
- kret = krb5_cc_get_flags(context, id, &oflags);
- if (kret != KRB5_OK)
- return kret;
- if (oflags & KRB5_TC_OPENCLOSE)
- (void) krb5_cc_set_flags(context, id, oflags & ~KRB5_TC_OPENCLOSE);
kret = krb5_cc_start_seq_get(context, id, &cursor);
- if (kret != KRB5_OK) {
- if (oflags & KRB5_TC_OPENCLOSE)
- krb5_cc_set_flags(context, id, oflags);
+ if (kret != KRB5_OK)
return kret;
- }
while (krb5_cc_next_cred(context, id, &cursor, &fetchcreds) == KRB5_OK) {
if (krb5int_cc_creds_match_request(context, whichfields, mcreds, &fetchcreds))
@@ -245,8 +237,6 @@ krb5_cc_retrieve_cred_seq (krb5_context context, krb5_ccache id,
} else {
krb5_cc_end_seq_get(context, id, &cursor);
*creds = fetchcreds;
- if (oflags & KRB5_TC_OPENCLOSE)
- krb5_cc_set_flags(context, id, oflags);
return KRB5_OK;
}
}
@@ -257,8 +247,6 @@ krb5_cc_retrieve_cred_seq (krb5_context context, krb5_ccache id,
/* If we get here, a match wasn't found */
krb5_cc_end_seq_get(context, id, &cursor);
- if (oflags & KRB5_TC_OPENCLOSE)
- krb5_cc_set_flags(context, id, oflags);
if (have_creds) {
*creds = best.creds;
return KRB5_OK;
diff --git a/src/lib/krb5/ccache/cccopy.c b/src/lib/krb5/ccache/cccopy.c
index 36b3f42..d71d439 100644
--- a/src/lib/krb5/ccache/cccopy.c
+++ b/src/lib/krb5/ccache/cccopy.c
@@ -5,21 +5,9 @@ krb5_error_code KRB5_CALLCONV
krb5_cc_copy_creds(krb5_context context, krb5_ccache incc, krb5_ccache outcc)
{
krb5_error_code code;
- krb5_flags flags;
krb5_cc_cursor cur = 0;
krb5_creds creds;
- flags = 0; /* turns off OPENCLOSE mode */
- if ((code = krb5_cc_set_flags(context, incc, flags)))
- return(code);
- /* the code for this will open the file for reading only, which
- is not what I had in mind. So I won't turn off OPENCLOSE
- for the output ccache */
-#if 0
- if ((code = krb5_cc_set_flags(context, outcc, flags)))
- return(code);
-#endif
-
if ((code = krb5_cc_start_seq_get(context, incc, &cur)))
goto cleanup;
@@ -41,23 +29,9 @@ krb5_cc_copy_creds(krb5_context context, krb5_ccache incc, krb5_ccache outcc)
code = 0;
cleanup:
- flags = KRB5_TC_OPENCLOSE;
-
/* If set then we are in an error pathway */
if (cur)
krb5_cc_end_seq_get(context, incc, &cur);
- if (code)
- krb5_cc_set_flags(context, incc, flags);
- else
- code = krb5_cc_set_flags(context, incc, flags);
-
-#if 0
- if (code)
- krb5_cc_set_flags(context, outcc, flags);
- else
- code = krb5_cc_set_flags(context, outcc, flags);
-#endif
-
return(code);
}
diff --git a/src/lib/krb5/krb/vfy_increds.c b/src/lib/krb5/krb/vfy_increds.c
index 8ceab7d..9786d63 100644
--- a/src/lib/krb5/krb/vfy_increds.c
+++ b/src/lib/krb5/krb/vfy_increds.c
@@ -59,35 +59,20 @@ copy_creds_except(krb5_context context, krb5_ccache incc,
krb5_cc_cursor cur = NULL;
krb5_creds creds;
- /* Turn off TC_OPENCLOSE on input ccache. */
- ret = krb5_cc_set_flags(context, incc, 0);
- if (ret)
- return ret;
ret = krb5_cc_start_seq_get(context, incc, &cur);
if (ret)
- goto cleanup;
+ return ret;
while (!(ret = krb5_cc_next_cred(context, incc, &cur, &creds))) {
- if (krb5_principal_compare(context, princ, creds.server))
- ret = 0;
- else
+ if (!krb5_principal_compare(context, princ, creds.server))
ret = krb5_cc_store_cred(context, outcc, &creds);
krb5_free_cred_contents(context, &creds);
if (ret)
- goto cleanup;
+ break;
}
- if (ret != KRB5_CC_END)
- goto cleanup;
-
- ret = krb5_cc_end_seq_get(context, incc, &cur);
- cur = NULL;
-
-cleanup:
- if (cur != NULL)
- (void)krb5_cc_end_seq_get(context, incc, &cur);
- ret2 = krb5_cc_set_flags(context, incc, KRB5_TC_OPENCLOSE);
- return (ret == 0) ? ret2 : ret;
+ ret2 = krb5_cc_end_seq_get(context, incc, &cur);
+ return (ret == KRB5_CC_END) ? ret2 : ret;
}
static krb5_error_code
diff --git a/src/windows/cns/cns.c b/src/windows/cns/cns.c
index d1a7a86..8e40a80 100644
--- a/src/windows/cns/cns.c
+++ b/src/windows/cns/cns.c
@@ -2021,19 +2021,10 @@ k5_get_num_cred(int verbose)
krb5_creds c;
int ncreds = 0;
- /* Turn off OPENCLOSE and leave open while we use ccache */
- if (code = krb5_cc_set_flags(k5_context, k5_ccache, 0)) {
+ if (code = krb5_cc_start_seq_get(k5_context, k5_ccache, &cursor)) {
if (code == KRB5_FCC_NOFILE)
return 0;
if (verbose)
- com_err(NULL, code,
- "while setting cache flags (ticket cache %s)",
- krb5_cc_get_name(k5_context, k5_ccache));
- return -1;
- }
-
- if (code = krb5_cc_start_seq_get(k5_context, k5_ccache, &cursor)) {
- if (verbose)
com_err(NULL, code, "while starting to retrieve tickets.");
return -1;
}
@@ -2054,10 +2045,6 @@ k5_get_num_cred(int verbose)
if (code = krb5_cc_end_seq_get(k5_context, k5_ccache, &cursor)) {
if (verbose)
com_err(NULL, code, "while closing ccache.");
- } else if (code = krb5_cc_set_flags(k5_context, k5_ccache,
- KRB5_TC_OPENCLOSE)) {
- if (verbose)
- com_err(NULL, code, "while closing ccache.");
}
return ncreds;
diff --git a/src/windows/cns/tktlist.c b/src/windows/cns/tktlist.c
index 16c8f33..f2805f5 100644
--- a/src/windows/cns/tktlist.c
+++ b/src/windows/cns/tktlist.c
@@ -99,7 +99,6 @@ ticket_init_list (HWND hwnd)
krb5_cc_cursor cursor;
krb5_error_code code;
krb5_creds c;
- krb5_flags flags;
char *sname; /* Name of the service */
char *flags_string(krb5_creds *cred);
#endif
@@ -156,15 +155,11 @@ ticket_init_list (HWND hwnd)
#ifdef KRB5
ncred = 0;
- flags = 0;
- if (code = krb5_cc_set_flags(k5_context, k5_ccache, flags)) {
+ if (code = krb5_cc_start_seq_get(k5_context, k5_ccache, &cursor)) {
if (code != KRB5_FCC_NOFILE) {
return -1;
}
} else {
- if (code = krb5_cc_start_seq_get(k5_context, k5_ccache, &cursor)) {
- return -1;
- }
while (1) {
code = krb5_cc_next_cred(k5_context, k5_ccache, &cursor, &c);
if (code != 0)
@@ -211,10 +206,6 @@ ticket_init_list (HWND hwnd)
if (code = krb5_cc_end_seq_get(k5_context, k5_ccache, &cursor)) {
return -1;
}
- flags = KRB5_TC_OPENCLOSE; /* turns on OPENCLOSE mode */
- if (code = krb5_cc_set_flags(k5_context, k5_ccache, flags)) {
- return -1;
- }
} else {
return -1;
}
diff --git a/src/windows/leash/KrbListTickets.cpp b/src/windows/leash/KrbListTickets.cpp
index 71a4c63..63ce046 100644
--- a/src/windows/leash/KrbListTickets.cpp
+++ b/src/windows/leash/KrbListTickets.cpp
@@ -197,7 +197,7 @@ do_ccache(krb5_context ctx,
TICKETINFO *ticketinfo = NULL;
int retval = 1;
- // Don't need the actual ticket, also turns off OPENCLOSE mode
+ // Don't need the actual ticket.
flags = KRB5_TC_NOTICKET;
code = pkrb5_cc_set_flags(ctx, cache, flags);
if (code) {
@@ -264,7 +264,7 @@ do_ccache(krb5_context ctx,
functionName = "krb5_cc_end_seq_get";
goto cleanup;
}
- flags = KRB5_TC_OPENCLOSE; /* turns on OPENCLOSE mode */
+ flags = 0;
code = pkrb5_cc_set_flags(ctx, cache, flags);
if (code) {
functionName = "krb5_cc_set_flags";
diff --git a/src/windows/leashdll/lshfunc.c b/src/windows/leashdll/lshfunc.c
index ca9f67e..6e32933 100644
--- a/src/windows/leashdll/lshfunc.c
+++ b/src/windows/leashdll/lshfunc.c
@@ -2886,7 +2886,7 @@ static BOOL cc_have_tickets(krb5_context ctx, krb5_ccache cache)
krb5_error_code code;
BOOL have_tickets = FALSE;
- // Don't need the actual ticket, also turns off OPENCLOSE mode
+ // Don't need the actual ticket.
flags = KRB5_TC_NOTICKET;
code = pkrb5_cc_set_flags(ctx, cache, flags);
if (code)
@@ -2907,7 +2907,7 @@ static BOOL cc_have_tickets(krb5_context ctx, krb5_ccache cache)
code = pkrb5_cc_end_seq_get(ctx, cache, &cur);
if (code)
goto cleanup;
- flags = KRB5_TC_OPENCLOSE; /* turns on OPENCLOSE mode */
+ flags = 0;
code = pkrb5_cc_set_flags(ctx, cache, flags);
if (code)
goto cleanup;
More information about the cvs-krb5
mailing list