krb5/krb5-master-keyring-kdcsync.patch
Christian Kornacker 869a682f2d - update to version 1.12.1
* Make KDC log service principal names more consistently during
    some error conditions, instead of "<unknown server>"
  * Fix several bugs related to building AES-NI support on less
    common configurations
  * Fix several bugs related to keyring credential caches
- upstream obsoletes:
  krb5-1.12-copy_context.patch
  krb5-1.12-enable-NX.patch
  krb5-1.12-pic-aes-ni.patch
  krb5-master-no-malloc0.patch
  krb5-master-ignore-empty-unnecessary-final-token.patch

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=117
2014-01-21 15:06:23 +00:00

109 lines
4.4 KiB
Diff

commit e99c688913a7761c6adea9488ea9355f43539883
Author: Greg Hudson <ghudson@mit.edu>
Date: Thu Jan 16 17:48:54 2014 -0500
Get time offsets for all keyring ccaches
Move the time offset lookup from krb5_krcc_resolve to make_cache, so
that we fetch time offsets for caches created by
krb5_krcc_ptcursor_next.
ticket: 7820
target_version: 1.12.2
tags: pullup
diff --git a/src/lib/krb5/ccache/cc_keyring.c b/src/lib/krb5/ccache/cc_keyring.c
index a0c8035..27bad9d 100644
--- a/src/lib/krb5/ccache/cc_keyring.c
+++ b/src/lib/krb5/ccache/cc_keyring.c
@@ -1077,11 +1077,13 @@ krb5_krcc_destroy(krb5_context context, krb5_ccache id)
/* Create a cache handle for a cache ID. */
static krb5_error_code
-make_cache(key_serial_t collection_id, key_serial_t cache_id,
- const char *anchor_name, const char *collection_name,
- const char *subsidiary_name, krb5_ccache *cache_out)
+make_cache(krb5_context context, key_serial_t collection_id,
+ key_serial_t cache_id, const char *anchor_name,
+ const char *collection_name, const char *subsidiary_name,
+ krb5_ccache *cache_out)
{
krb5_error_code ret;
+ krb5_os_context os_ctx = &context->os_context;
krb5_ccache ccache = NULL;
krb5_krcc_data *d;
key_serial_t pkey = 0;
@@ -1108,6 +1110,18 @@ make_cache(key_serial_t collection_id, key_serial_t cache_id,
ccache->data = d;
ccache->magic = KV5M_CCACHE;
*cache_out = ccache;
+
+ /* Lookup time offsets if necessary. */
+ if ((context->library_options & KRB5_LIBOPT_SYNC_KDCTIME) &&
+ !(os_ctx->os_flags & KRB5_OS_TOFFSET_VALID)) {
+ if (krb5_krcc_get_time_offsets(context, ccache,
+ &os_ctx->time_offset,
+ &os_ctx->usec_offset) == 0) {
+ os_ctx->os_flags &= ~KRB5_OS_TOFFSET_TIME;
+ os_ctx->os_flags |= KRB5_OS_TOFFSET_VALID;
+ }
+ }
+
return 0;
}
@@ -1134,7 +1148,6 @@ make_cache(key_serial_t collection_id, key_serial_t cache_id,
static krb5_error_code KRB5_CALLCONV
krb5_krcc_resolve(krb5_context context, krb5_ccache *id, const char *residual)
{
- krb5_os_context os_ctx = &context->os_context;
krb5_error_code ret;
key_serial_t collection_id, cache_id;
char *anchor_name = NULL, *collection_name = NULL, *subsidiary_name = NULL;
@@ -1161,22 +1174,11 @@ krb5_krcc_resolve(krb5_context context, krb5_ccache *id, const char *residual)
if (cache_id < 0)
cache_id = 0;
- ret = make_cache(collection_id, cache_id, anchor_name, collection_name,
- subsidiary_name, id);
+ ret = make_cache(context, collection_id, cache_id, anchor_name,
+ collection_name, subsidiary_name, id);
if (ret)
goto cleanup;
- /* Lookup time offsets if necessary. */
- if ((context->library_options & KRB5_LIBOPT_SYNC_KDCTIME) &&
- !(os_ctx->os_flags & KRB5_OS_TOFFSET_VALID)) {
- if (krb5_krcc_get_time_offsets(context, *id,
- &os_ctx->time_offset,
- &os_ctx->usec_offset) == 0) {
- os_ctx->os_flags &= ~KRB5_OS_TOFFSET_TIME;
- os_ctx->os_flags |= KRB5_OS_TOFFSET_VALID;
- }
- }
-
cleanup:
free(anchor_name);
free(collection_name);
@@ -1928,8 +1930,9 @@ krb5_krcc_ptcursor_next(krb5_context context, krb5_cc_ptcursor cursor,
cache_id = keyctl_search(data->collection_id, KRCC_KEY_TYPE_KEYRING,
first_name, 0);
if (cache_id != -1) {
- return make_cache(data->collection_id, cache_id, data->anchor_name,
- data->collection_name, first_name, cache_out);
+ return make_cache(context, data->collection_id, cache_id,
+ data->anchor_name, data->collection_name,
+ first_name, cache_out);
}
}
@@ -1967,7 +1970,7 @@ krb5_krcc_ptcursor_next(krb5_context context, krb5_cc_ptcursor cursor,
/* We found a valid key */
data->next_key++;
- ret = make_cache(data->collection_id, key, data->anchor_name,
+ ret = make_cache(context, data->collection_id, key, data->anchor_name,
data->collection_name, subsidiary_name, cache_out);
free(description);
return ret;