Simplify password storage in krb5_gss_cred_id_rec

The password is always zero-terminated, so we can store it as a char * instead of a krb5_data.
author: Greg Hudson <ghudson@mit.edu> 2012-06-27 12:36:15 -0400
committer: Greg Hudson <ghudson@mit.edu> 2012-06-27 12:37:02 -0400
commit: 5bff5c5064a58eb206a6e2e1ba5ccf746569b761 (patch)
tree: 22fc491b7c2ff8f38e81b8c1ddd498096fae7cea
parent: b192edd9e9157741521bb08088d26f6a5276a4f9 (diff)
download: krb5-5bff5c5064a58eb206a6e2e1ba5ccf746569b761.zip
krb5-5bff5c5064a58eb206a6e2e1ba5ccf746569b761.tar.gz
krb5-5bff5c5064a58eb206a6e2e1ba5ccf746569b761.tar.bz2
5 files changed, 12 insertions, 17 deletions
diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c
index a7a18a7..c7a156e 100644
--- a/src/lib/gssapi/krb5/acquire_cred.c
+++ b/src/lib/gssapi/krb5/acquire_cred.c
@@ -316,7 +316,7 @@ prep_ccache(krb5_context context, krb5_gss_cred_id_rec *cred,
 {
     krb5_error_code code;
     krb5_principal ccache_princ;
-    krb5_data password_data = make_data(password->value, password->length);
+    krb5_data pwdata = make_data(password->value, password->length), pwcopy;
     krb5_boolean eq;
     const char *cctype;
     krb5_ccache newcache = NULL;
@@ -353,10 +353,10 @@ prep_ccache(krb5_context context, krb5_gss_cred_id_rec *cred,
     }
 
     /* Stash the password for later. */
-    code = krb5int_copy_data_contents_add0(context, &password_data,
-                                           &cred->password);
+    code = krb5int_copy_data_contents_add0(context, &pwdata, &pwcopy);
     if (code)
         return code;
+    cred->password = pwcopy.data;
 
     if (newcache) {
         krb5_cc_close(context, ccache);
diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h
index 54a536a..e263a2b 100644
--- a/src/lib/gssapi/krb5/gssapiP_krb5.h
+++ b/src/lib/gssapi/krb5/gssapiP_krb5.h
@@ -185,7 +185,7 @@ typedef struct _krb5_gss_cred_id_rec {
     krb5_ccache ccache;
     krb5_timestamp tgt_expire;
     krb5_enctype *req_enctypes;  /* limit negotiated enctypes to this list */
-    krb5_data password;
+    char *password;
 } krb5_gss_cred_id_rec, *krb5_gss_cred_id_t;
 
 typedef struct _krb5_gss_ctx_ext_rec {
diff --git a/src/lib/gssapi/krb5/iakerb.c b/src/lib/gssapi/krb5/iakerb.c
index 005c3fc..6081931 100644
--- a/src/lib/gssapi/krb5/iakerb.c
+++ b/src/lib/gssapi/krb5/iakerb.c
@@ -414,7 +414,7 @@ iakerb_init_creds_ctx(iakerb_ctx_id_t ctx,
 {
     krb5_error_code code;
 
-    if (cred->iakerb_mech == 0 || cred->password.data == NULL) {
+    if (cred->iakerb_mech == 0 || cred->password == NULL) {
         code = EINVAL;
         goto cleanup;
     }
@@ -444,8 +444,7 @@ iakerb_init_creds_ctx(iakerb_ctx_id_t ctx,
     if (code != 0)
         goto cleanup;
 
-    code = krb5_init_creds_set_password(ctx->k5c, ctx->icc,
-                                        cred->password.data);
+    code = krb5_init_creds_set_password(ctx->k5c, ctx->icc, cred->password);
     if (code != 0)
         goto cleanup;
 
@@ -678,7 +677,7 @@ iakerb_get_initial_state(iakerb_ctx_id_t ctx,
         code = krb5_get_credentials(ctx->k5c, KRB5_GC_CACHED,
                                     cred->ccache,
                                     &in_creds, &out_creds);
-        if (code == KRB5_CC_NOTFOUND && cred->password.data != NULL) {
+        if (code == KRB5_CC_NOTFOUND && cred->password != NULL) {
             *state = IAKERB_AS_REQ;
             code = 0;
         } else if (code == 0) {
diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c
index 7fb5f71..1091d06 100644
--- a/src/lib/gssapi/krb5/init_sec_context.c
+++ b/src/lib/gssapi/krb5/init_sec_context.c
@@ -194,7 +194,7 @@ static krb5_error_code get_credentials(context, cred, server, now,
 
     code = krb5_get_credentials(context, flags, cred->ccache,
                                 &in_creds, &result_creds);
-    if (code == KRB5_CC_NOTFOUND && cred->password.data != NULL &&
+    if (code == KRB5_CC_NOTFOUND && cred->password != NULL &&
         !cred->iakerb_mech) {
         krb5_creds tgt_creds;
 
@@ -202,10 +202,8 @@ static krb5_error_code get_credentials(context, cred, server, now,
 
         /* No TGT in the ccache, but we can get one with the password. */
         code = krb5_get_init_creds_password(context, &tgt_creds,
-                                            in_creds.client,
-                                            cred->password.data,
-                                            NULL, NULL,
-                                            0, NULL, NULL);
+                                            in_creds.client, cred->password,
+                                            NULL, NULL, 0, NULL, NULL);
         if (code)
             goto cleanup;
 
diff --git a/src/lib/gssapi/krb5/rel_cred.c b/src/lib/gssapi/krb5/rel_cred.c
index 4fd3694..a69fb19 100644
--- a/src/lib/gssapi/krb5/rel_cred.c
+++ b/src/lib/gssapi/krb5/rel_cred.c
@@ -76,10 +76,8 @@ krb5_gss_release_cred(minor_status, cred_handle)
     if (cred->req_enctypes)
         free(cred->req_enctypes);
 
-    if (cred->password.data) {
-        zap(cred->password.data, cred->password.length);
-        krb5_free_data_contents(context, &cred->password);
-    }
+    if (cred->password != NULL)
+        zapfree(cred->password, strlen(cred->password));
 
     xfree(cred);
author	Greg Hudson <ghudson@mit.edu>	2012-06-27 12:36:15 -0400
committer	Greg Hudson <ghudson@mit.edu>	2012-06-27 12:37:02 -0400
commit	5bff5c5064a58eb206a6e2e1ba5ccf746569b761 (patch)
tree	22fc491b7c2ff8f38e81b8c1ddd498096fae7cea
parent	b192edd9e9157741521bb08088d26f6a5276a4f9 (diff)
download	krb5-5bff5c5064a58eb206a6e2e1ba5ccf746569b761.zip krb5-5bff5c5064a58eb206a6e2e1ba5ccf746569b761.tar.gz krb5-5bff5c5064a58eb206a6e2e1ba5ccf746569b761.tar.bz2