Simplify password storage in krb5_gss_cred_id_rec

The password is always zero-terminated, so we can store it as a char *
instead of a krb5_data.

diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c
index a7a18a7b83f6a3d2de254863a20fabdf1666951a..c7a156e0bbeeb8632ce18c03c30e5a229800c7ba 100644 (file)
--- a/src/lib/gssapi/krb5/acquire_cred.c
+++ b/src/lib/gssapi/krb5/acquire_cred.c
@@ -316,7 +316,7 @@ prep_ccache(krb5_context context, krb5_gss_cred_id_rec *cred,
 {
     krb5_error_code code;
     krb5_principal ccache_princ;
-    krb5_data password_data = make_data(password->value, password->length);
+    krb5_data pwdata = make_data(password->value, password->length), pwcopy;
     krb5_boolean eq;
     const char *cctype;
     krb5_ccache newcache = NULL;
@@ -353,10 +353,10 @@ prep_ccache(krb5_context context, krb5_gss_cred_id_rec *cred,
     }
 
     /* Stash the password for later. */
-    code = krb5int_copy_data_contents_add0(context, &password_data,
-                                           &cred->password);
+    code = krb5int_copy_data_contents_add0(context, &pwdata, &pwcopy);
     if (code)
         return code;
+    cred->password = pwcopy.data;
 
     if (newcache) {
         krb5_cc_close(context, ccache);

diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h
index 54a536a92c8a717b627a6a831563928679d6abb3..e263a2bb0908ad0019a2cddbf86502b95f794002 100644 (file)
--- a/src/lib/gssapi/krb5/gssapiP_krb5.h
+++ b/src/lib/gssapi/krb5/gssapiP_krb5.h
@@ -185,7 +185,7 @@ typedef struct _krb5_gss_cred_id_rec {
     krb5_ccache ccache;
     krb5_timestamp tgt_expire;
     krb5_enctype *req_enctypes;  /* limit negotiated enctypes to this list */
-    krb5_data password;
+    char *password;
 } krb5_gss_cred_id_rec, *krb5_gss_cred_id_t;
 
 typedef struct _krb5_gss_ctx_ext_rec {

diff --git a/src/lib/gssapi/krb5/iakerb.c b/src/lib/gssapi/krb5/iakerb.c
index 005c3fca3ed90ab0b316fd57e2a4241ae716bd06..60819318a467923eb742b0dcd1028d8e9cd05317 100644 (file)
--- a/src/lib/gssapi/krb5/iakerb.c
+++ b/src/lib/gssapi/krb5/iakerb.c
@@ -414,7 +414,7 @@ iakerb_init_creds_ctx(iakerb_ctx_id_t ctx,
 {
     krb5_error_code code;
 
-    if (cred->iakerb_mech == 0 || cred->password.data == NULL) {
+    if (cred->iakerb_mech == 0 || cred->password == NULL) {
         code = EINVAL;
         goto cleanup;
     }
@@ -444,8 +444,7 @@ iakerb_init_creds_ctx(iakerb_ctx_id_t ctx,
     if (code != 0)
         goto cleanup;
 
-    code = krb5_init_creds_set_password(ctx->k5c, ctx->icc,
-                                        cred->password.data);
+    code = krb5_init_creds_set_password(ctx->k5c, ctx->icc, cred->password);
     if (code != 0)
         goto cleanup;
 
@@ -678,7 +677,7 @@ iakerb_get_initial_state(iakerb_ctx_id_t ctx,
         code = krb5_get_credentials(ctx->k5c, KRB5_GC_CACHED,
                                     cred->ccache,
                                     &in_creds, &out_creds);
-        if (code == KRB5_CC_NOTFOUND && cred->password.data != NULL) {
+        if (code == KRB5_CC_NOTFOUND && cred->password != NULL) {
             *state = IAKERB_AS_REQ;
             code = 0;
         } else if (code == 0) {

diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c
index 7fb5f7113372a320bc32d0f60f2f0f17630dae59..1091d065ac96594302c37d479cfeea3184c1de46 100644 (file)
--- a/src/lib/gssapi/krb5/init_sec_context.c
+++ b/src/lib/gssapi/krb5/init_sec_context.c
@@ -194,7 +194,7 @@ static krb5_error_code get_credentials(context, cred, server, now,
 
     code = krb5_get_credentials(context, flags, cred->ccache,
                                 &in_creds, &result_creds);
-    if (code == KRB5_CC_NOTFOUND && cred->password.data != NULL &&
+    if (code == KRB5_CC_NOTFOUND && cred->password != NULL &&
         !cred->iakerb_mech) {
         krb5_creds tgt_creds;
 
@@ -202,10 +202,8 @@ static krb5_error_code get_credentials(context, cred, server, now,
 
         /* No TGT in the ccache, but we can get one with the password. */
         code = krb5_get_init_creds_password(context, &tgt_creds,
-                                            in_creds.client,
-                                            cred->password.data,
-                                            NULL, NULL,
-                                            0, NULL, NULL);
+                                            in_creds.client, cred->password,
+                                            NULL, NULL, 0, NULL, NULL);
         if (code)
             goto cleanup;
 

diff --git a/src/lib/gssapi/krb5/rel_cred.c b/src/lib/gssapi/krb5/rel_cred.c
index 4fd3694fb6f35810b3862fcc25a03be5fa2ea12e..a69fb19b946e7261040a96c8623c7b5847c5b64e 100644 (file)
--- a/src/lib/gssapi/krb5/rel_cred.c
+++ b/src/lib/gssapi/krb5/rel_cred.c
@@ -76,10 +76,8 @@ krb5_gss_release_cred(minor_status, cred_handle)
     if (cred->req_enctypes)
         free(cred->req_enctypes);
 
-    if (cred->password.data) {
-        zap(cred->password.data, cred->password.length);
-        krb5_free_data_contents(context, &cred->password);
-    }
+    if (cred->password != NULL)
+        zapfree(cred->password, strlen(cred->password));
 
     xfree(cred);