diff options
author | Greg Hudson <ghudson@mit.edu> | 2012-06-27 12:36:15 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2012-06-27 12:37:02 -0400 |
commit | 5bff5c5064a58eb206a6e2e1ba5ccf746569b761 (patch) | |
tree | 22fc491b7c2ff8f38e81b8c1ddd498096fae7cea | |
parent | b192edd9e9157741521bb08088d26f6a5276a4f9 (diff) | |
download | krb5-5bff5c5064a58eb206a6e2e1ba5ccf746569b761.zip krb5-5bff5c5064a58eb206a6e2e1ba5ccf746569b761.tar.gz krb5-5bff5c5064a58eb206a6e2e1ba5ccf746569b761.tar.bz2 |
Simplify password storage in krb5_gss_cred_id_rec
The password is always zero-terminated, so we can store it as a char *
instead of a krb5_data.
-rw-r--r-- | src/lib/gssapi/krb5/acquire_cred.c | 6 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/gssapiP_krb5.h | 2 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/iakerb.c | 7 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/init_sec_context.c | 8 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/rel_cred.c | 6 |
5 files changed, 12 insertions, 17 deletions
diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index a7a18a7..c7a156e 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -316,7 +316,7 @@ prep_ccache(krb5_context context, krb5_gss_cred_id_rec *cred, { krb5_error_code code; krb5_principal ccache_princ; - krb5_data password_data = make_data(password->value, password->length); + krb5_data pwdata = make_data(password->value, password->length), pwcopy; krb5_boolean eq; const char *cctype; krb5_ccache newcache = NULL; @@ -353,10 +353,10 @@ prep_ccache(krb5_context context, krb5_gss_cred_id_rec *cred, } /* Stash the password for later. */ - code = krb5int_copy_data_contents_add0(context, &password_data, - &cred->password); + code = krb5int_copy_data_contents_add0(context, &pwdata, &pwcopy); if (code) return code; + cred->password = pwcopy.data; if (newcache) { krb5_cc_close(context, ccache); diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h index 54a536a..e263a2b 100644 --- a/src/lib/gssapi/krb5/gssapiP_krb5.h +++ b/src/lib/gssapi/krb5/gssapiP_krb5.h @@ -185,7 +185,7 @@ typedef struct _krb5_gss_cred_id_rec { krb5_ccache ccache; krb5_timestamp tgt_expire; krb5_enctype *req_enctypes; /* limit negotiated enctypes to this list */ - krb5_data password; + char *password; } krb5_gss_cred_id_rec, *krb5_gss_cred_id_t; typedef struct _krb5_gss_ctx_ext_rec { diff --git a/src/lib/gssapi/krb5/iakerb.c b/src/lib/gssapi/krb5/iakerb.c index 005c3fc..6081931 100644 --- a/src/lib/gssapi/krb5/iakerb.c +++ b/src/lib/gssapi/krb5/iakerb.c @@ -414,7 +414,7 @@ iakerb_init_creds_ctx(iakerb_ctx_id_t ctx, { krb5_error_code code; - if (cred->iakerb_mech == 0 || cred->password.data == NULL) { + if (cred->iakerb_mech == 0 || cred->password == NULL) { code = EINVAL; goto cleanup; } @@ -444,8 +444,7 @@ iakerb_init_creds_ctx(iakerb_ctx_id_t ctx, if (code != 0) goto cleanup; - code = krb5_init_creds_set_password(ctx->k5c, ctx->icc, - cred->password.data); + code = krb5_init_creds_set_password(ctx->k5c, ctx->icc, cred->password); if (code != 0) goto cleanup; @@ -678,7 +677,7 @@ iakerb_get_initial_state(iakerb_ctx_id_t ctx, code = krb5_get_credentials(ctx->k5c, KRB5_GC_CACHED, cred->ccache, &in_creds, &out_creds); - if (code == KRB5_CC_NOTFOUND && cred->password.data != NULL) { + if (code == KRB5_CC_NOTFOUND && cred->password != NULL) { *state = IAKERB_AS_REQ; code = 0; } else if (code == 0) { diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index 7fb5f71..1091d06 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -194,7 +194,7 @@ static krb5_error_code get_credentials(context, cred, server, now, code = krb5_get_credentials(context, flags, cred->ccache, &in_creds, &result_creds); - if (code == KRB5_CC_NOTFOUND && cred->password.data != NULL && + if (code == KRB5_CC_NOTFOUND && cred->password != NULL && !cred->iakerb_mech) { krb5_creds tgt_creds; @@ -202,10 +202,8 @@ static krb5_error_code get_credentials(context, cred, server, now, /* No TGT in the ccache, but we can get one with the password. */ code = krb5_get_init_creds_password(context, &tgt_creds, - in_creds.client, - cred->password.data, - NULL, NULL, - 0, NULL, NULL); + in_creds.client, cred->password, + NULL, NULL, 0, NULL, NULL); if (code) goto cleanup; diff --git a/src/lib/gssapi/krb5/rel_cred.c b/src/lib/gssapi/krb5/rel_cred.c index 4fd3694..a69fb19 100644 --- a/src/lib/gssapi/krb5/rel_cred.c +++ b/src/lib/gssapi/krb5/rel_cred.c @@ -76,10 +76,8 @@ krb5_gss_release_cred(minor_status, cred_handle) if (cred->req_enctypes) free(cred->req_enctypes); - if (cred->password.data) { - zap(cred->password.data, cred->password.length); - krb5_free_data_contents(context, &cred->password); - } + if (cred->password != NULL) + zapfree(cred->password, strlen(cred->password)); xfree(cred); |