From: Greg Hudson Date: Mon, 6 Oct 2014 14:05:41 +0000 (-0400) Subject: Stop using KRB5_TC_OPENCLOSE X-Git-Tag: krb5-1.14-alpha1~212 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ec3a2e9ea2d4fdb2e00fc7b2a6bfed7feac10880;p=thirdparty%2Fkrb5.git Stop using KRB5_TC_OPENCLOSE Since KRB5_TC_OPENCLOSE no longer does anything, stop setting it when we iterate over ccaches. ticket: 7804 --- diff --git a/src/clients/klist/klist.c b/src/clients/klist/klist.c index 1d189b44ec..0f6ca8a9b4 100644 --- a/src/clients/klist/klist.c +++ b/src/clients/klist/klist.c @@ -480,14 +480,8 @@ show_ccache(krb5_ccache cache) krb5_cc_cursor cur; krb5_creds creds; krb5_principal princ; - krb5_flags flags; krb5_error_code code; - flags = 0; /* turns off OPENCLOSE mode */ - if ((code = krb5_cc_set_flags(kcontext, cache, flags))) { - com_err(progname, code, ""); - return 1; - } if ((code = krb5_cc_get_principal(kcontext, cache, &princ))) { com_err(progname, code, ""); return 1; @@ -522,11 +516,6 @@ show_ccache(krb5_ccache cache) com_err(progname, code, _("while finishing ticket retrieval")); return 1; } - flags = KRB5_TC_OPENCLOSE; /* turns on OPENCLOSE mode */ - if ((code = krb5_cc_set_flags(kcontext, cache, flags))) { - com_err(progname, code, _("while closing ccache")); - return 1; - } return 0; } else { com_err(progname, code, _("while retrieving a ticket")); @@ -544,8 +533,6 @@ check_ccache(krb5_ccache cache) krb5_principal princ; krb5_boolean found_tgt, found_current_tgt, found_current_cred; - if (krb5_cc_set_flags(kcontext, cache, 0) != 0) - return 1; if (krb5_cc_get_principal(kcontext, cache, &princ) != 0) return 1; if (krb5_cc_start_seq_get(kcontext, cache, &cur) != 0) @@ -567,8 +554,6 @@ check_ccache(krb5_ccache cache) return 1; if (krb5_cc_end_seq_get(kcontext, cache, &cur) != 0) return 1; - if (krb5_cc_set_flags(kcontext, cache, KRB5_TC_OPENCLOSE) != 0) - return 1; /* If the cache contains at least one local TGT, require that it be * current. Otherwise accept any current cred. */ diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c index e1a9352200..b6b3379f73 100644 --- a/src/clients/ksu/main.c +++ b/src/clients/ksu/main.c @@ -376,11 +376,6 @@ main (argc, argv) exit(1); } - if (((retval = krb5_cc_set_flags(ksu_context, cc_source, 0x0)) != 0) - && (retval != KRB5_FCC_NOFILE)) { - com_err(prog_name, retval, _("while opening ccache")); - exit(1); - } if ((retval = get_best_princ_for_target(ksu_context, source_uid, target_uid, source_user, target_user, cc_source, diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index 8bdf7c4177..86a0462b50 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -376,8 +376,7 @@ scan_ccache(krb5_context context, krb5_gss_cred_id_rec *cred) krb5_timestamp endtime; krb5_boolean is_tgt; - /* Turn off OPENCLOSE mode while extensive frobbing is going on. - * Turn on NOTICKET, as we don't need session keys here. */ + /* Turn on NOTICKET, as we don't need session keys here. */ code = krb5_cc_set_flags(context, ccache, KRB5_TC_NOTICKET); if (code) return code; @@ -444,10 +443,8 @@ scan_ccache(krb5_context context, krb5_gss_cred_id_rec *cred) goto cleanup; } - (void)krb5_cc_set_flags(context, ccache, KRB5_TC_OPENCLOSE); - cleanup: - (void)krb5_cc_set_flags(context, ccache, KRB5_TC_OPENCLOSE); + (void)krb5_cc_set_flags(context, ccache, 0); krb5_free_principal(context, ccache_princ); krb5_free_principal(context, tgt_princ); return code; diff --git a/src/lib/krb5/ccache/cc_retr.c b/src/lib/krb5/ccache/cc_retr.c index 960c9c925a..1314d24bd6 100644 --- a/src/lib/krb5/ccache/cc_retr.c +++ b/src/lib/krb5/ccache/cc_retr.c @@ -214,17 +214,9 @@ krb5_cc_retrieve_cred_seq (krb5_context context, krb5_ccache id, krb5_flags oflags = 0; #define fetchcreds (fetched.creds) - kret = krb5_cc_get_flags(context, id, &oflags); - if (kret != KRB5_OK) - return kret; - if (oflags & KRB5_TC_OPENCLOSE) - (void) krb5_cc_set_flags(context, id, oflags & ~KRB5_TC_OPENCLOSE); kret = krb5_cc_start_seq_get(context, id, &cursor); - if (kret != KRB5_OK) { - if (oflags & KRB5_TC_OPENCLOSE) - krb5_cc_set_flags(context, id, oflags); + if (kret != KRB5_OK) return kret; - } while (krb5_cc_next_cred(context, id, &cursor, &fetchcreds) == KRB5_OK) { if (krb5int_cc_creds_match_request(context, whichfields, mcreds, &fetchcreds)) @@ -245,8 +237,6 @@ krb5_cc_retrieve_cred_seq (krb5_context context, krb5_ccache id, } else { krb5_cc_end_seq_get(context, id, &cursor); *creds = fetchcreds; - if (oflags & KRB5_TC_OPENCLOSE) - krb5_cc_set_flags(context, id, oflags); return KRB5_OK; } } @@ -257,8 +247,6 @@ krb5_cc_retrieve_cred_seq (krb5_context context, krb5_ccache id, /* If we get here, a match wasn't found */ krb5_cc_end_seq_get(context, id, &cursor); - if (oflags & KRB5_TC_OPENCLOSE) - krb5_cc_set_flags(context, id, oflags); if (have_creds) { *creds = best.creds; return KRB5_OK; diff --git a/src/lib/krb5/ccache/cccopy.c b/src/lib/krb5/ccache/cccopy.c index 36b3f42705..d71d439ddd 100644 --- a/src/lib/krb5/ccache/cccopy.c +++ b/src/lib/krb5/ccache/cccopy.c @@ -5,21 +5,9 @@ krb5_error_code KRB5_CALLCONV krb5_cc_copy_creds(krb5_context context, krb5_ccache incc, krb5_ccache outcc) { krb5_error_code code; - krb5_flags flags; krb5_cc_cursor cur = 0; krb5_creds creds; - flags = 0; /* turns off OPENCLOSE mode */ - if ((code = krb5_cc_set_flags(context, incc, flags))) - return(code); - /* the code for this will open the file for reading only, which - is not what I had in mind. So I won't turn off OPENCLOSE - for the output ccache */ -#if 0 - if ((code = krb5_cc_set_flags(context, outcc, flags))) - return(code); -#endif - if ((code = krb5_cc_start_seq_get(context, incc, &cur))) goto cleanup; @@ -41,23 +29,9 @@ krb5_cc_copy_creds(krb5_context context, krb5_ccache incc, krb5_ccache outcc) code = 0; cleanup: - flags = KRB5_TC_OPENCLOSE; - /* If set then we are in an error pathway */ if (cur) krb5_cc_end_seq_get(context, incc, &cur); - if (code) - krb5_cc_set_flags(context, incc, flags); - else - code = krb5_cc_set_flags(context, incc, flags); - -#if 0 - if (code) - krb5_cc_set_flags(context, outcc, flags); - else - code = krb5_cc_set_flags(context, outcc, flags); -#endif - return(code); } diff --git a/src/lib/krb5/krb/vfy_increds.c b/src/lib/krb5/krb/vfy_increds.c index 8ceab7d8a9..9786d63b5c 100644 --- a/src/lib/krb5/krb/vfy_increds.c +++ b/src/lib/krb5/krb/vfy_increds.c @@ -59,35 +59,20 @@ copy_creds_except(krb5_context context, krb5_ccache incc, krb5_cc_cursor cur = NULL; krb5_creds creds; - /* Turn off TC_OPENCLOSE on input ccache. */ - ret = krb5_cc_set_flags(context, incc, 0); - if (ret) - return ret; ret = krb5_cc_start_seq_get(context, incc, &cur); if (ret) - goto cleanup; + return ret; while (!(ret = krb5_cc_next_cred(context, incc, &cur, &creds))) { - if (krb5_principal_compare(context, princ, creds.server)) - ret = 0; - else + if (!krb5_principal_compare(context, princ, creds.server)) ret = krb5_cc_store_cred(context, outcc, &creds); krb5_free_cred_contents(context, &creds); if (ret) - goto cleanup; + break; } - if (ret != KRB5_CC_END) - goto cleanup; - - ret = krb5_cc_end_seq_get(context, incc, &cur); - cur = NULL; - -cleanup: - if (cur != NULL) - (void)krb5_cc_end_seq_get(context, incc, &cur); - ret2 = krb5_cc_set_flags(context, incc, KRB5_TC_OPENCLOSE); - return (ret == 0) ? ret2 : ret; + ret2 = krb5_cc_end_seq_get(context, incc, &cur); + return (ret == KRB5_CC_END) ? ret2 : ret; } static krb5_error_code diff --git a/src/windows/cns/cns.c b/src/windows/cns/cns.c index d1a7a86149..8e40a807a8 100644 --- a/src/windows/cns/cns.c +++ b/src/windows/cns/cns.c @@ -2021,18 +2021,9 @@ k5_get_num_cred(int verbose) krb5_creds c; int ncreds = 0; - /* Turn off OPENCLOSE and leave open while we use ccache */ - if (code = krb5_cc_set_flags(k5_context, k5_ccache, 0)) { + if (code = krb5_cc_start_seq_get(k5_context, k5_ccache, &cursor)) { if (code == KRB5_FCC_NOFILE) return 0; - if (verbose) - com_err(NULL, code, - "while setting cache flags (ticket cache %s)", - krb5_cc_get_name(k5_context, k5_ccache)); - return -1; - } - - if (code = krb5_cc_start_seq_get(k5_context, k5_ccache, &cursor)) { if (verbose) com_err(NULL, code, "while starting to retrieve tickets."); return -1; @@ -2054,10 +2045,6 @@ k5_get_num_cred(int verbose) if (code = krb5_cc_end_seq_get(k5_context, k5_ccache, &cursor)) { if (verbose) com_err(NULL, code, "while closing ccache."); - } else if (code = krb5_cc_set_flags(k5_context, k5_ccache, - KRB5_TC_OPENCLOSE)) { - if (verbose) - com_err(NULL, code, "while closing ccache."); } return ncreds; diff --git a/src/windows/cns/tktlist.c b/src/windows/cns/tktlist.c index 16c8f33e10..f2805f5cd4 100644 --- a/src/windows/cns/tktlist.c +++ b/src/windows/cns/tktlist.c @@ -99,7 +99,6 @@ ticket_init_list (HWND hwnd) krb5_cc_cursor cursor; krb5_error_code code; krb5_creds c; - krb5_flags flags; char *sname; /* Name of the service */ char *flags_string(krb5_creds *cred); #endif @@ -156,15 +155,11 @@ ticket_init_list (HWND hwnd) #ifdef KRB5 ncred = 0; - flags = 0; - if (code = krb5_cc_set_flags(k5_context, k5_ccache, flags)) { + if (code = krb5_cc_start_seq_get(k5_context, k5_ccache, &cursor)) { if (code != KRB5_FCC_NOFILE) { return -1; } } else { - if (code = krb5_cc_start_seq_get(k5_context, k5_ccache, &cursor)) { - return -1; - } while (1) { code = krb5_cc_next_cred(k5_context, k5_ccache, &cursor, &c); if (code != 0) @@ -211,10 +206,6 @@ ticket_init_list (HWND hwnd) if (code = krb5_cc_end_seq_get(k5_context, k5_ccache, &cursor)) { return -1; } - flags = KRB5_TC_OPENCLOSE; /* turns on OPENCLOSE mode */ - if (code = krb5_cc_set_flags(k5_context, k5_ccache, flags)) { - return -1; - } } else { return -1; } diff --git a/src/windows/leash/KrbListTickets.cpp b/src/windows/leash/KrbListTickets.cpp index 71a4c635cc..63ce046207 100644 --- a/src/windows/leash/KrbListTickets.cpp +++ b/src/windows/leash/KrbListTickets.cpp @@ -197,7 +197,7 @@ do_ccache(krb5_context ctx, TICKETINFO *ticketinfo = NULL; int retval = 1; - // Don't need the actual ticket, also turns off OPENCLOSE mode + // Don't need the actual ticket. flags = KRB5_TC_NOTICKET; code = pkrb5_cc_set_flags(ctx, cache, flags); if (code) { @@ -264,7 +264,7 @@ do_ccache(krb5_context ctx, functionName = "krb5_cc_end_seq_get"; goto cleanup; } - flags = KRB5_TC_OPENCLOSE; /* turns on OPENCLOSE mode */ + flags = 0; code = pkrb5_cc_set_flags(ctx, cache, flags); if (code) { functionName = "krb5_cc_set_flags"; diff --git a/src/windows/leashdll/lshfunc.c b/src/windows/leashdll/lshfunc.c index ca9f67e6e7..6e32933751 100644 --- a/src/windows/leashdll/lshfunc.c +++ b/src/windows/leashdll/lshfunc.c @@ -2886,7 +2886,7 @@ static BOOL cc_have_tickets(krb5_context ctx, krb5_ccache cache) krb5_error_code code; BOOL have_tickets = FALSE; - // Don't need the actual ticket, also turns off OPENCLOSE mode + // Don't need the actual ticket. flags = KRB5_TC_NOTICKET; code = pkrb5_cc_set_flags(ctx, cache, flags); if (code) @@ -2907,7 +2907,7 @@ static BOOL cc_have_tickets(krb5_context ctx, krb5_ccache cache) code = pkrb5_cc_end_seq_get(ctx, cache, &cur); if (code) goto cleanup; - flags = KRB5_TC_OPENCLOSE; /* turns on OPENCLOSE mode */ + flags = 0; code = pkrb5_cc_set_flags(ctx, cache, flags); if (code) goto cleanup;