sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-09-02 01:49:29 +03:00
Code Activity

s3:gse: don't call krb5_cc_resolve() as server

Browse Source 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This commit is contained in:
Stefan Metzmacher
2024-02-29 16:15:37 +01:00
parent 6ced3c6af2
commit e3f97f35b1
1 changed files with 16 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
source3/librpc/crypto/gse.c
View File

@ -176,7 +176,6 @@ static NTSTATUS gse_setup_server_principal(TALLOC_CTX *mem_ctx,
static NTSTATUS gse_context_init(struct gensec_security *gensec_security, static NTSTATUS gse_context_init(struct gensec_security *gensec_security,
bool do_sign, bool do_seal, bool do_sign, bool do_seal,
const char *ccache_name,
uint32_t add_gss_c_flags, uint32_t add_gss_c_flags,
struct gse_context **_gse_ctx) struct gse_context **_gse_ctx)
{ {
@ -254,18 +253,6 @@ static NTSTATUS gse_context_init(struct gensec_security *gensec_security,
} }
#endif #endif
if (!ccache_name) {
ccache_name = krb5_cc_default_name(gse_ctx->k5ctx);
}
k5ret = krb5_cc_resolve(gse_ctx->k5ctx, ccache_name,
&gse_ctx->ccache);
if (k5ret) {
DEBUG(1, ("Failed to resolve credential cache '%s'! (%s)\n",
ccache_name, error_message(k5ret)));
status = NT_STATUS_INTERNAL_ERROR;
goto err_out;
}
/* TODO: Should we enforce a enc_types list ? /* TODO: Should we enforce a enc_types list ?
ret = krb5_set_default_tgs_ktypes(gse_ctx->k5ctx, enc_types); ret = krb5_set_default_tgs_ktypes(gse_ctx->k5ctx, enc_types);
*/ */
@ -290,15 +277,29 @@ static NTSTATUS gse_init_client(struct gensec_security *gensec_security,
gss_buffer_desc empty_buffer = GSS_C_EMPTY_BUFFER; gss_buffer_desc empty_buffer = GSS_C_EMPTY_BUFFER;
gss_OID oid = discard_const(GSS_KRB5_CRED_NO_CI_FLAGS_X); gss_OID oid = discard_const(GSS_KRB5_CRED_NO_CI_FLAGS_X);
#endif #endif
krb5_error_code k5ret;
NTSTATUS status; NTSTATUS status;
status = gse_context_init(gensec_security, do_sign, do_seal, status = gse_context_init(gensec_security, do_sign, do_seal,
ccache_name, add_gss_c_flags, add_gss_c_flags,
&gse_ctx); &gse_ctx);
if (!NT_STATUS_IS_OK(status)) { if (!NT_STATUS_IS_OK(status)) {
return NT_STATUS_NO_MEMORY; return NT_STATUS_NO_MEMORY;
} }
if (ccache_name == NULL) {
ccache_name = krb5_cc_default_name(gse_ctx->k5ctx);
}
k5ret = krb5_cc_resolve(gse_ctx->k5ctx,
ccache_name,
&gse_ctx->ccache);
if (k5ret) {
DBG_WARNING("Failed to resolve credential cache '%s'! (%s)\n",
ccache_name, error_message(k5ret));
return NT_STATUS_INTERNAL_ERROR;
}
#ifdef SAMBA4_USES_HEIMDAL #ifdef SAMBA4_USES_HEIMDAL
{ {
int ret; int ret;
@ -652,7 +653,7 @@ static NTSTATUS gse_init_server(struct gensec_security *gensec_security,
NTSTATUS status; NTSTATUS status;
status = gse_context_init(gensec_security, do_sign, do_seal, status = gse_context_init(gensec_security, do_sign, do_seal,
NULL, add_gss_c_flags, &gse_ctx); add_gss_c_flags, &gse_ctx);
if (!NT_STATUS_IS_OK(status)) { if (!NT_STATUS_IS_OK(status)) {
return NT_STATUS_NO_MEMORY; return NT_STATUS_NO_MEMORY;
} }