[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
GSSAPI and forwarded credentials
Hello,
gss_accept_sec_context() fails to allocate credentials when
GSS_C_DELEG_FLAG is set and a pointer-to-NULL is given, e.g.
gss_cred_id_t fwd_cred;
fwd_cred = (fwd_cred)0;
gss_accept_sec_context(..., /*delegated_cred_handle*/ &fwd_cred);
/* fwd_cred will not contain the forwarded credentials in any case */
I've used the following patch locally to correct the problem.
--- accept_sec_context.c.orig Mon Jul 16 22:28:38 2001
+++ accept_sec_context.c Tue Jul 17 08:10:32 2001
@@ -283,12 +283,27 @@
krb5_ccache ccache;
- if (delegated_cred_handle == NULL || *delegated_cred_handle == NULL)
+ if (delegated_cred_handle == NULL)
/* XXX Create a new delegated_cred_handle? */
kret = krb5_cc_default (gssapi_krb5_context, &ccache);
-
- else {
- if ((*delegated_cred_handle)->ccache == NULL)
+ else if (*delegated_cred_handle == NULL) {
+ if ((*delegated_cred_handle =
+ calloc(1, sizeof(**delegated_cred_handle))) == NULL) {
+ kret = ENOMEM;
+ krb5_set_error_string(gssapi_krb5_context, "out of memory");
+ gssapi_krb5_set_error_string();
+ goto failure;
+ }
+ if ((kret = gss_duplicate_name(minor_status, ticket->client,
+ &(*delegated_cred_handle)->principal)) != 0) {
+ flags &= ~GSS_C_DELEG_FLAG;
+ free(*delegated_cred_handle);
+ *delegated_cred_handle = NULL;
+ goto end_fwd;
+ }
+ }
+ if (delegated_cred_handle != NULL &&
+ (*delegated_cred_handle)->ccache == NULL) {
kret = krb5_cc_gen_new (gssapi_krb5_context,
&krb5_mcc_ops,
&(*delegated_cred_handle)->ccache);
Cheers,
--
Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org