From 1e44f30d316c0d932de451ffe275eb2a9ee1226d Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mar 04 2017 00:40:01 +0000 Subject: Always request cred sync on init_sec_context Signed-off-by: Simo Sorce Reviewed-by: Robbie Harwood --- diff --git a/src/client/gpm_init_sec_context.c b/src/client/gpm_init_sec_context.c index 82c84ee..bea2010 100644 --- a/src/client/gpm_init_sec_context.c +++ b/src/client/gpm_init_sec_context.c @@ -3,6 +3,26 @@ #include "gssapi_gpm.h" #include "src/gp_conv.h" +static void return_new_cred_handle(struct gssx_option *val, + gssx_cred **out_cred_handle) +{ + gssx_cred *creds; + XDR xdrctx; + bool xdrok; + + creds = calloc(1, sizeof(*creds)); + if (creds) { + xdrmem_create(&xdrctx, val->value.octet_string_val, + val->value.octet_string_len, XDR_DECODE); + xdrok = xdr_gssx_cred(&xdrctx, creds); + if (xdrok) { + *out_cred_handle = creds; + } else { + free(creds); + } + } +} + OM_uint32 gpm_init_sec_context(OM_uint32 *minor_status, gssx_cred *cred_handle, gssx_ctx **context_handle, @@ -15,7 +35,8 @@ OM_uint32 gpm_init_sec_context(OM_uint32 *minor_status, gss_OID *actual_mech_type, gss_buffer_t output_token, OM_uint32 *ret_flags, - OM_uint32 *time_rec) + OM_uint32 *time_rec, + gssx_cred **out_cred_handle) { union gp_rpc_arg uarg; union gp_rpc_res ures; @@ -40,6 +61,12 @@ OM_uint32 gpm_init_sec_context(OM_uint32 *minor_status, arg->context_handle = *context_handle; } + /* always try request cred sync, ignore errors, not critical */ + (void)gp_add_option(&arg->options.options_val, + &arg->options.options_len, + CRED_SYNC_OPTION, sizeof(CRED_SYNC_OPTION), + CRED_SYNC_DEFAULT, sizeof(CRED_SYNC_DEFAULT)); + arg->target_name = target_name; ret = gp_conv_oid_to_gssx(mech_type, &arg->mech_type); @@ -96,6 +123,16 @@ OM_uint32 gpm_init_sec_context(OM_uint32 *minor_status, } } + /* check if a sync cred was returned to us, don't fail on errors */ + if (out_cred_handle && res->options.options_len > 0) { + struct gssx_option *val = NULL; + gp_options_find(val, res->options, CRED_SYNC_PAYLOAD, + sizeof(CRED_SYNC_PAYLOAD)); + if (val) { + return_new_cred_handle(val, out_cred_handle); + } + } + ret_maj = res->status.major_status; ret_min = res->status.minor_status; gpm_save_status(&res->status); diff --git a/src/client/gssapi_gpm.h b/src/client/gssapi_gpm.h index 667b0e0..22beecf 100644 --- a/src/client/gssapi_gpm.h +++ b/src/client/gssapi_gpm.h @@ -158,7 +158,8 @@ OM_uint32 gpm_init_sec_context(OM_uint32 *minor_status, gss_OID *actual_mech_type, gss_buffer_t output_token, OM_uint32 *ret_flags, - OM_uint32 *time_rec); + OM_uint32 *time_rec, + gssx_cred **out_cred_handle); OM_uint32 gpm_inquire_context(OM_uint32 *minor_status, gssx_ctx *context_handle, gssx_name **src_name, diff --git a/src/mechglue/gpp_init_sec_context.c b/src/mechglue/gpp_init_sec_context.c index 70a83d4..76e0311 100644 --- a/src/mechglue/gpp_init_sec_context.c +++ b/src/mechglue/gpp_init_sec_context.c @@ -166,7 +166,8 @@ OM_uint32 gssi_init_sec_context(OM_uint32 *minor_status, actual_mech_type, output_token, ret_flags, - time_rec); + time_rec, + NULL); if (maj == GSS_S_COMPLETE || maj == GSS_S_CONTINUE_NEEDED) { goto done; } diff --git a/tests/cli_srv_comm.c b/tests/cli_srv_comm.c index ae0851c..4138743 100644 --- a/tests/cli_srv_comm.c +++ b/tests/cli_srv_comm.c @@ -154,6 +154,7 @@ void *client_thread(void *pvt) NULL, &out_token, NULL, + NULL, NULL); if (ret_maj != GSS_S_COMPLETE && ret_maj != GSS_S_CONTINUE_NEEDED) {