diff options
-rwxr-xr-x | src/appl/gss-sample/t_gss_sample.py | 11 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/acquire_cred.c | 24 |
2 files changed, 23 insertions, 12 deletions
diff --git a/src/appl/gss-sample/t_gss_sample.py b/src/appl/gss-sample/t_gss_sample.py index c53edd6..f6cd18c 100755 --- a/src/appl/gss-sample/t_gss_sample.py +++ b/src/appl/gss-sample/t_gss_sample.py @@ -41,7 +41,6 @@ def server_client_test(realm, options): if 'Signature verified.' not in output: fail('Expected message not seen in gss-client output') stop_daemon(server) - realm.klist(realm.user_princ, realm.host_princ) # Make up a filename to hold user's initial credentials. def ccache_savefile(realm): @@ -59,19 +58,25 @@ def ccache_restore(realm): def tgs_test(realm, options): ccache_restore(realm) server_client_test(realm, options) + realm.klist(realm.user_princ, realm.host_princ) # Perform a test of the server and client with initial credentials # obtained through gss_acquire_cred_with_password(). def pw_test(realm, options): - os.remove(realm.ccache) + if os.path.exists(realm.ccache): + os.remove(realm.ccache) server_client_test(realm, options + ['-user', realm.user_princ, '-pass', password('user')]) + if os.path.exists(realm.ccache): + fail('gss_acquire_cred_with_password created ccache') # Perform a test of the server and client with initial credentials # obtained with the client keytab def kt_test(realm, options): - os.remove(realm.ccache) + if os.path.exists(realm.ccache): + os.remove(realm.ccache) server_client_test(realm, options) + realm.klist(realm.user_princ, realm.host_princ) for realm in multipass_realms(): ccache_save(realm) diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index ff51901..5bcfec9 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -655,7 +655,21 @@ acquire_init_cred(krb5_context context, if (GSS_ERROR(kg_caller_provided_ccache_name(minor_status, &caller_ccname))) return GSS_S_FAILURE; - if (req_ccache != NULL) { + + if (password != GSS_C_NO_BUFFER) { + pwdata = make_data(password->value, password->length); + code = krb5int_copy_data_contents_add0(context, &pwdata, &pwcopy); + if (code) + goto error; + cred->password = pwcopy.data; + + /* We will fetch the credential into a private memory ccache. */ + assert(req_ccache == NULL); + code = krb5_cc_new_unique(context, "MEMORY", NULL, &cred->ccache); + if (code) + goto error; + cred->destroy_ccache = 1; + } else if (req_ccache != NULL) { code = krb5_cc_dup(context, req_ccache, &cred->ccache); if (code) goto error; @@ -673,14 +687,6 @@ acquire_init_cred(krb5_context context, if (code) goto error; - if (password != GSS_C_NO_BUFFER) { - pwdata = make_data(password->value, password->length); - code = krb5int_copy_data_contents_add0(context, &pwdata, &pwcopy); - if (code) - goto error; - cred->password = pwcopy.data; - } - if (cred->ccache != NULL) { /* The caller specified a ccache; check what's in it. */ code = scan_ccache(context, cred); |