This is an automated email from the git hooks/post-receive script.
rharwood pushed a commit to branch master
in repository gssproxy.
commit 833f5398fb2b19cdf0680ab01a56ca4e9bfc7922
Author: Simo Sorce <simo(a)redhat.com>
Date: Tue Feb 28 12:12:46 2017 -0500
Always request cred sync on init_sec_context
Signed-off-by: Simo Sorce <simo(a)redhat.com>
Reviewed-by: Robbie Harwood <rharwood(a)redhat.com>
---
proxy/src/client/gpm_init_sec_context.c | 39 ++++++++++++++++++++++++++++++-
proxy/src/client/gssapi_gpm.h | 3 ++-
proxy/src/mechglue/gpp_init_sec_context.c | 3 ++-
proxy/tests/cli_srv_comm.c | 1 +
4 files changed, 43 insertions(+), 3 deletions(-)
diff --git a/proxy/src/client/gpm_init_sec_context.c
b/proxy/src/client/gpm_init_sec_context.c
index 82c84ee..bea2010 100644
--- a/proxy/src/client/gpm_init_sec_context.c
+++ b/proxy/src/client/gpm_init_sec_context.c
@@ -3,6 +3,26 @@
#include "gssapi_gpm.h"
#include "src/gp_conv.h"
+static void return_new_cred_handle(struct gssx_option *val,
+ gssx_cred **out_cred_handle)
+{
+ gssx_cred *creds;
+ XDR xdrctx;
+ bool xdrok;
+
+ creds = calloc(1, sizeof(*creds));
+ if (creds) {
+ xdrmem_create(&xdrctx, val->value.octet_string_val,
+ val->value.octet_string_len, XDR_DECODE);
+ xdrok = xdr_gssx_cred(&xdrctx, creds);
+ if (xdrok) {
+ *out_cred_handle = creds;
+ } else {
+ free(creds);
+ }
+ }
+}
+
OM_uint32 gpm_init_sec_context(OM_uint32 *minor_status,
gssx_cred *cred_handle,
gssx_ctx **context_handle,
@@ -15,7 +35,8 @@ OM_uint32 gpm_init_sec_context(OM_uint32 *minor_status,
gss_OID *actual_mech_type,
gss_buffer_t output_token,
OM_uint32 *ret_flags,
- OM_uint32 *time_rec)
+ OM_uint32 *time_rec,
+ gssx_cred **out_cred_handle)
{
union gp_rpc_arg uarg;
union gp_rpc_res ures;
@@ -40,6 +61,12 @@ OM_uint32 gpm_init_sec_context(OM_uint32 *minor_status,
arg->context_handle = *context_handle;
}
+ /* always try request cred sync, ignore errors, not critical */
+ (void)gp_add_option(&arg->options.options_val,
+ &arg->options.options_len,
+ CRED_SYNC_OPTION, sizeof(CRED_SYNC_OPTION),
+ CRED_SYNC_DEFAULT, sizeof(CRED_SYNC_DEFAULT));
+
arg->target_name = target_name;
ret = gp_conv_oid_to_gssx(mech_type, &arg->mech_type);
@@ -96,6 +123,16 @@ OM_uint32 gpm_init_sec_context(OM_uint32 *minor_status,
}
}
+ /* check if a sync cred was returned to us, don't fail on errors */
+ if (out_cred_handle && res->options.options_len > 0) {
+ struct gssx_option *val = NULL;
+ gp_options_find(val, res->options, CRED_SYNC_PAYLOAD,
+ sizeof(CRED_SYNC_PAYLOAD));
+ if (val) {
+ return_new_cred_handle(val, out_cred_handle);
+ }
+ }
+
ret_maj = res->status.major_status;
ret_min = res->status.minor_status;
gpm_save_status(&res->status);
diff --git a/proxy/src/client/gssapi_gpm.h b/proxy/src/client/gssapi_gpm.h
index 667b0e0..22beecf 100644
--- a/proxy/src/client/gssapi_gpm.h
+++ b/proxy/src/client/gssapi_gpm.h
@@ -158,7 +158,8 @@ OM_uint32 gpm_init_sec_context(OM_uint32 *minor_status,
gss_OID *actual_mech_type,
gss_buffer_t output_token,
OM_uint32 *ret_flags,
- OM_uint32 *time_rec);
+ OM_uint32 *time_rec,
+ gssx_cred **out_cred_handle);
OM_uint32 gpm_inquire_context(OM_uint32 *minor_status,
gssx_ctx *context_handle,
gssx_name **src_name,
diff --git a/proxy/src/mechglue/gpp_init_sec_context.c
b/proxy/src/mechglue/gpp_init_sec_context.c
index 70a83d4..76e0311 100644
--- a/proxy/src/mechglue/gpp_init_sec_context.c
+++ b/proxy/src/mechglue/gpp_init_sec_context.c
@@ -166,7 +166,8 @@ OM_uint32 gssi_init_sec_context(OM_uint32 *minor_status,
actual_mech_type,
output_token,
ret_flags,
- time_rec);
+ time_rec,
+ NULL);
if (maj == GSS_S_COMPLETE || maj == GSS_S_CONTINUE_NEEDED) {
goto done;
}
diff --git a/proxy/tests/cli_srv_comm.c b/proxy/tests/cli_srv_comm.c
index ae0851c..4138743 100644
--- a/proxy/tests/cli_srv_comm.c
+++ b/proxy/tests/cli_srv_comm.c
@@ -154,6 +154,7 @@ void *client_thread(void *pvt)
NULL,
&out_token,
NULL,
+ NULL,
NULL);
if (ret_maj != GSS_S_COMPLETE &&
ret_maj != GSS_S_CONTINUE_NEEDED) {
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.