sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-03 04:22:09 +03:00
Code Activity

auth-credentials: Support using pre-fetched ccache when obtaining kerberos credentials

Browse Source 
When credentials API is used by a client-side program that already as fetched required
tickets into a ccache, we need to skip re-initializing ccache. This is used in FreeIPA
when Samba 4 Python bindings are run after mod_auth_kerb has obtained user tickets
already.
This commit is contained in:
Alexander Bokovoy
2012-05-18 10:05:38 +03:00
parent 2d9a0d8d0c
commit ec989e7c40
1 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
auth/credentials/credentials_krb5.c
View File

@ -486,8 +486,18 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
} }
} }
ret = cli_credentials_get_ccache(cred, event_ctx, lp_ctx,
&ccache, error_string); if (cred->ccache_obtained == CRED_UNINITIALISED) {
/* Only attempt to re-acquire ccache if it is not already in place.
* this is important for client-side use within frameworks with already acquired tickets
* like Apache+mod_auth_kerb+Python
*/
ret = cli_credentials_get_ccache(cred, event_ctx, lp_ctx,
&ccache, error_string);
} else {
ccache = cred->ccache;
}
if (ret) { if (ret) {
if (cli_credentials_get_kerberos_state(cred) == CRED_MUST_USE_KERBEROS) { if (cli_credentials_get_kerberos_state(cred) == CRED_MUST_USE_KERBEROS) {
DEBUG(1, ("Failed to get kerberos credentials (kerberos required): %s\n", *error_string)); DEBUG(1, ("Failed to get kerberos credentials (kerberos required): %s\n", *error_string));