869a682f2d
* Make KDC log service principal names more consistently during some error conditions, instead of "<unknown server>" * Fix several bugs related to building AES-NI support on less common configurations * Fix several bugs related to keyring credential caches - upstream obsoletes: krb5-1.12-copy_context.patch krb5-1.12-enable-NX.patch krb5-1.12-pic-aes-ni.patch krb5-master-no-malloc0.patch krb5-master-ignore-empty-unnecessary-final-token.patch OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=117
109 lines
4.4 KiB
Diff
109 lines
4.4 KiB
Diff
commit e99c688913a7761c6adea9488ea9355f43539883
|
|
Author: Greg Hudson <ghudson@mit.edu>
|
|
Date: Thu Jan 16 17:48:54 2014 -0500
|
|
|
|
Get time offsets for all keyring ccaches
|
|
|
|
Move the time offset lookup from krb5_krcc_resolve to make_cache, so
|
|
that we fetch time offsets for caches created by
|
|
krb5_krcc_ptcursor_next.
|
|
|
|
ticket: 7820
|
|
target_version: 1.12.2
|
|
tags: pullup
|
|
|
|
diff --git a/src/lib/krb5/ccache/cc_keyring.c b/src/lib/krb5/ccache/cc_keyring.c
|
|
index a0c8035..27bad9d 100644
|
|
--- a/src/lib/krb5/ccache/cc_keyring.c
|
|
+++ b/src/lib/krb5/ccache/cc_keyring.c
|
|
@@ -1077,11 +1077,13 @@ krb5_krcc_destroy(krb5_context context, krb5_ccache id)
|
|
|
|
/* Create a cache handle for a cache ID. */
|
|
static krb5_error_code
|
|
-make_cache(key_serial_t collection_id, key_serial_t cache_id,
|
|
- const char *anchor_name, const char *collection_name,
|
|
- const char *subsidiary_name, krb5_ccache *cache_out)
|
|
+make_cache(krb5_context context, key_serial_t collection_id,
|
|
+ key_serial_t cache_id, const char *anchor_name,
|
|
+ const char *collection_name, const char *subsidiary_name,
|
|
+ krb5_ccache *cache_out)
|
|
{
|
|
krb5_error_code ret;
|
|
+ krb5_os_context os_ctx = &context->os_context;
|
|
krb5_ccache ccache = NULL;
|
|
krb5_krcc_data *d;
|
|
key_serial_t pkey = 0;
|
|
@@ -1108,6 +1110,18 @@ make_cache(key_serial_t collection_id, key_serial_t cache_id,
|
|
ccache->data = d;
|
|
ccache->magic = KV5M_CCACHE;
|
|
*cache_out = ccache;
|
|
+
|
|
+ /* Lookup time offsets if necessary. */
|
|
+ if ((context->library_options & KRB5_LIBOPT_SYNC_KDCTIME) &&
|
|
+ !(os_ctx->os_flags & KRB5_OS_TOFFSET_VALID)) {
|
|
+ if (krb5_krcc_get_time_offsets(context, ccache,
|
|
+ &os_ctx->time_offset,
|
|
+ &os_ctx->usec_offset) == 0) {
|
|
+ os_ctx->os_flags &= ~KRB5_OS_TOFFSET_TIME;
|
|
+ os_ctx->os_flags |= KRB5_OS_TOFFSET_VALID;
|
|
+ }
|
|
+ }
|
|
+
|
|
return 0;
|
|
}
|
|
|
|
@@ -1134,7 +1148,6 @@ make_cache(key_serial_t collection_id, key_serial_t cache_id,
|
|
static krb5_error_code KRB5_CALLCONV
|
|
krb5_krcc_resolve(krb5_context context, krb5_ccache *id, const char *residual)
|
|
{
|
|
- krb5_os_context os_ctx = &context->os_context;
|
|
krb5_error_code ret;
|
|
key_serial_t collection_id, cache_id;
|
|
char *anchor_name = NULL, *collection_name = NULL, *subsidiary_name = NULL;
|
|
@@ -1161,22 +1174,11 @@ krb5_krcc_resolve(krb5_context context, krb5_ccache *id, const char *residual)
|
|
if (cache_id < 0)
|
|
cache_id = 0;
|
|
|
|
- ret = make_cache(collection_id, cache_id, anchor_name, collection_name,
|
|
- subsidiary_name, id);
|
|
+ ret = make_cache(context, collection_id, cache_id, anchor_name,
|
|
+ collection_name, subsidiary_name, id);
|
|
if (ret)
|
|
goto cleanup;
|
|
|
|
- /* Lookup time offsets if necessary. */
|
|
- if ((context->library_options & KRB5_LIBOPT_SYNC_KDCTIME) &&
|
|
- !(os_ctx->os_flags & KRB5_OS_TOFFSET_VALID)) {
|
|
- if (krb5_krcc_get_time_offsets(context, *id,
|
|
- &os_ctx->time_offset,
|
|
- &os_ctx->usec_offset) == 0) {
|
|
- os_ctx->os_flags &= ~KRB5_OS_TOFFSET_TIME;
|
|
- os_ctx->os_flags |= KRB5_OS_TOFFSET_VALID;
|
|
- }
|
|
- }
|
|
-
|
|
cleanup:
|
|
free(anchor_name);
|
|
free(collection_name);
|
|
@@ -1928,8 +1930,9 @@ krb5_krcc_ptcursor_next(krb5_context context, krb5_cc_ptcursor cursor,
|
|
cache_id = keyctl_search(data->collection_id, KRCC_KEY_TYPE_KEYRING,
|
|
first_name, 0);
|
|
if (cache_id != -1) {
|
|
- return make_cache(data->collection_id, cache_id, data->anchor_name,
|
|
- data->collection_name, first_name, cache_out);
|
|
+ return make_cache(context, data->collection_id, cache_id,
|
|
+ data->anchor_name, data->collection_name,
|
|
+ first_name, cache_out);
|
|
}
|
|
}
|
|
|
|
@@ -1967,7 +1970,7 @@ krb5_krcc_ptcursor_next(krb5_context context, krb5_cc_ptcursor cursor,
|
|
|
|
/* We found a valid key */
|
|
data->next_key++;
|
|
- ret = make_cache(data->collection_id, key, data->anchor_name,
|
|
+ ret = make_cache(context, data->collection_id, key, data->anchor_name,
|
|
data->collection_name, subsidiary_name, cache_out);
|
|
free(description);
|
|
return ret;
|