From 4aa497ac1d8d35510a0d20930fbdd58b7c0c3785 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Sun, 13 Sep 2009 09:36:15 +0000 Subject: [PATCH] make sure lock is acquired before exporting auth data context git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/authdata@22741 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/krb5/init_sec_context.c | 3 ++- src/lib/gssapi/krb5/s4u_gss_glue.c | 9 +++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index eace54f344..93784ad985 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -163,7 +163,8 @@ static krb5_error_code get_credentials(context, cred, server, now, mcreds.client = cred->name->princ; code = krb5_cc_retrieve_cred(context, cred->ccache, - KRB5_TC_MATCH_TIMES, &mcreds, + KRB5_TC_MATCH_TIMES | KRB5_TC_MATCH_AUTHDATA, + &mcreds, &evidence_creds); if (code) goto cleanup; diff --git a/src/lib/gssapi/krb5/s4u_gss_glue.c b/src/lib/gssapi/krb5/s4u_gss_glue.c index f91d4fb345..1f6e9eb7d9 100644 --- a/src/lib/gssapi/krb5/s4u_gss_glue.c +++ b/src/lib/gssapi/krb5/s4u_gss_glue.c @@ -130,17 +130,26 @@ kg_impersonate_name(OM_uint32 *minor_status, if (impersonator_cred->req_enctypes != NULL) in_creds.keyblock.enctype = impersonator_cred->req_enctypes[0]; + code = k5_mutex_lock(&user->lock); + if (code != 0) { + *minor_status = code; + return GSS_S_FAILURE; + } + if (user->ad_context != NULL) { code = krb5_authdata_export_attributes(context, user->ad_context, AD_USAGE_TGS_REQ, &in_creds.authdata); if (code != 0) { + k5_mutex_unlock(&user->lock); *minor_status = code; return GSS_S_FAILURE; } } + k5_mutex_unlock(&user->lock); + code = krb5_get_credentials_for_user(context, KRB5_GC_CANONICALIZE | KRB5_GC_NO_STORE, impersonator_cred->ccache, -- 2.47.2