From: Stefan Metzmacher Date: Thu, 21 Jul 2016 13:08:32 +0000 (+0200) Subject: auth/credentials: also do a shallow copy of the krb5_ccache. X-Git-Tag: tdb-1.3.10~177 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2d9958e46c2e66d0476cc9ec3934ed16a352c077;p=thirdparty%2Fsamba.git auth/credentials: also do a shallow copy of the krb5_ccache. Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c index 3b7d42a29a5..bfa397cc92d 100644 --- a/auth/credentials/credentials.c +++ b/auth/credentials/credentials.c @@ -129,21 +129,6 @@ _PUBLIC_ void *_cli_credentials_callback_data(struct cli_credentials *cred) return cred->priv_data; } -_PUBLIC_ struct cli_credentials *cli_credentials_shallow_copy(TALLOC_CTX *mem_ctx, - struct cli_credentials *src) -{ - struct cli_credentials *dst; - - dst = talloc(mem_ctx, struct cli_credentials); - if (dst == NULL) { - return NULL; - } - - *dst = *src; - - return dst; -} - /** * Create a new anonymous credential * @param mem_ctx TALLOC_CTX parent for credentials structure diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h index 3779ec048e6..523793f090d 100644 --- a/auth/credentials/credentials.h +++ b/auth/credentials/credentials.h @@ -286,9 +286,6 @@ void *_cli_credentials_callback_data(struct cli_credentials *cred); #define cli_credentials_callback_data_void(_cred) \ _cli_credentials_callback_data(_cred) -struct cli_credentials *cli_credentials_shallow_copy(TALLOC_CTX *mem_ctx, - struct cli_credentials *src); - /** * Return attached NETLOGON credentials */ diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c index 6d0ef6f953e..0bd65957776 100644 --- a/auth/credentials/credentials_krb5.c +++ b/auth/credentials/credentials_krb5.c @@ -731,6 +731,73 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, return ret; } +static int cli_credentials_shallow_ccache(struct cli_credentials *cred) +{ + krb5_error_code ret; + const struct ccache_container *old_ccc = NULL; + struct ccache_container *ccc = NULL; + char *ccache_name = NULL; + + old_ccc = cred->ccache; + if (old_ccc == NULL) { + return 0; + } + + ccc = talloc(cred, struct ccache_container); + if (ccc == NULL) { + return ENOMEM; + } + *ccc = *old_ccc; + ccc->ccache = NULL; + + ccache_name = talloc_asprintf(ccc, "MEMORY:%p", ccc); + + ret = krb5_cc_resolve(ccc->smb_krb5_context->krb5_context, + ccache_name, &ccc->ccache); + if (ret != 0) { + TALLOC_FREE(ccc); + return ret; + } + + talloc_set_destructor(ccc, free_mccache); + + TALLOC_FREE(ccache_name); + + ret = krb5_cc_copy_cache(ccc->smb_krb5_context->krb5_context, + old_ccc->ccache, ccc->ccache); + if (ret != 0) { + TALLOC_FREE(ccc); + return ret; + } + + cred->ccache = ccc; + cred->client_gss_creds = NULL; + cred->client_gss_creds_obtained = CRED_UNINITIALISED; + return ret; +} + +_PUBLIC_ struct cli_credentials *cli_credentials_shallow_copy(TALLOC_CTX *mem_ctx, + struct cli_credentials *src) +{ + struct cli_credentials *dst; + int ret; + + dst = talloc(mem_ctx, struct cli_credentials); + if (dst == NULL) { + return NULL; + } + + *dst = *src; + + ret = cli_credentials_shallow_ccache(dst); + if (ret != 0) { + TALLOC_FREE(dst); + return NULL; + } + + return dst; +} + static int smb_krb5_create_salt_principal(TALLOC_CTX *mem_ctx, const char *samAccountName, const char *realm, diff --git a/auth/credentials/credentials_krb5.h b/auth/credentials/credentials_krb5.h index fc7d0be220a..ae601047606 100644 --- a/auth/credentials/credentials_krb5.h +++ b/auth/credentials/credentials_krb5.h @@ -38,4 +38,8 @@ int cli_credentials_set_client_gss_creds(struct cli_credentials *cred, enum credentials_obtained obtained, const char **error_string); +struct cli_credentials *cli_credentials_shallow_copy(TALLOC_CTX *mem_ctx, + struct cli_credentials *src); + + #endif /* __CREDENTIALS_KRB5_H__ */ diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c index 829c969ecf5..da81c52bd5a 100644 --- a/source4/torture/rpc/schannel.c +++ b/source4/torture/rpc/schannel.c @@ -24,6 +24,7 @@ #include "librpc/gen_ndr/ndr_lsa_c.h" #include "librpc/gen_ndr/ndr_samr_c.h" #include "auth/credentials/credentials.h" +#include "auth/credentials/credentials_krb5.h" #include "torture/rpc/torture_rpc.h" #include "lib/cmdline/popt_common.h" #include "../libcli/auth/schannel.h" diff --git a/source4/torture/smb2/session.c b/source4/torture/smb2/session.c index 9d7cc4b5342..e35ec85c6a3 100644 --- a/source4/torture/smb2/session.c +++ b/source4/torture/smb2/session.c @@ -27,6 +27,7 @@ #include "../libcli/smb/smbXcli_base.h" #include "lib/cmdline/popt_common.h" #include "auth/credentials/credentials.h" +#include "auth/credentials/credentials_krb5.h" #include "libcli/security/security.h" #include "libcli/resolve/resolve.h" #include "lib/param/param.h"