This is an automated email from the git hooks/post-receive script.
simo pushed a commit to branch master
in repository gssproxy.
commit 8016f172d5acbf35b56247b696ab626b7e1f4764
Author: Robbie Harwood <rharwood(a)redhat.com>
Date: Tue Jan 17 21:26:35 2017 +0000
Default to a MEMORY cred_store ccache
Signed-off-by: Robbie Harwood <rharwood(a)redhat.com>
Reviewed-by: Simo Sorce <simo(a)redhat.com>
---
proxy/src/gp_creds.c | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++
proxy/src/gp_proxy.h | 2 ++
proxy/src/gp_workers.c | 4 +++
3 files changed, 91 insertions(+)
diff --git a/proxy/src/gp_creds.c b/proxy/src/gp_creds.c
index 7236ee1..95d5585 100644
--- a/proxy/src/gp_creds.c
+++ b/proxy/src/gp_creds.c
@@ -3,10 +3,12 @@
#include "config.h"
#include <stdio.h>
#include <sys/socket.h>
+#include <sys/syscall.h>
#include <sys/types.h>
#include <errno.h>
#include <string.h>
#include <pwd.h>
+#include <unistd.h>
#include <krb5/krb5.h>
#include <gssapi/gssapi_krb5.h>
#include "gp_proxy.h"
@@ -216,6 +218,81 @@ static bool try_impersonate(struct gp_service *svc,
return false;
}
+static void safe_free_mem_ccache(void *data)
+{
+ krb5_error_code e;
+ krb5_context ctx = NULL;
+ krb5_ccache cc = NULL;
+ char *ccname = (char *) data;
+
+ if (!ccname) {
+ return;
+ }
+
+ e = krb5_init_context(&ctx);
+ if (e != 0) {
+ goto done;
+ }
+
+ e = krb5_cc_resolve(ctx, ccname, &cc);
+ if (e != 0) {
+ goto done;
+ }
+
+ /* also closes handle */
+ krb5_cc_destroy(ctx, cc);
+
+done:
+ if (ctx) {
+ krb5_free_context(ctx);
+ }
+ free(ccname);
+}
+
+static int ensure_segregated_ccache(struct gp_call_ctx *gpcall,
+ int cc_num,
+ struct gp_service *svc,
+ gss_key_value_set_desc *cs)
+{
+ int ret;
+ char *buf;
+ pid_t tid = -1;
+
+ if (cc_num != -1) {
+ return 0;
+ }
+
+ /* We always have space for at least 1 more entry in cs. */
+ cc_num = cs->count;
+
+ cs->elements[cc_num].key = strdup("ccache");
+ if (!cs->elements[cc_num].key) {
+ return ENOMEM;
+ }
+
+ do {
+ errno = 0;
+ tid = syscall(SYS_gettid);
+ } while (tid == -1 && errno == EINTR);
+
+ ret = asprintf(&buf, "MEMORY:internal_%d", tid);
+ if (!buf) {
+ return ENOMEM;
+ }
+
+ gpcall->destroy_callback = safe_free_mem_ccache;
+ gpcall->destroy_callback_data = buf;
+
+ cs->elements[cc_num].value = strdup(buf);
+ if (!cs->elements[cc_num].value) {
+ return ENOMEM;
+ }
+
+ cs->count = cc_num + 1;
+
+ return 0;
+}
+
static int gp_get_cred_environment(struct gp_call_ctx *gpcall,
gssx_name *desired_name,
gss_name_t *requested_name,
@@ -234,6 +311,7 @@ static int gp_get_cred_environment(struct gp_call_ctx *gpcall,
int ret = -1;
int k_num = -1;
int ck_num = -1;
+ int cc_num = -1;
int d;
memset(cs, 0, sizeof(gss_key_value_set_desc));
@@ -346,6 +424,8 @@ static int gp_get_cred_environment(struct gp_call_ctx *gpcall,
ck_num = cs->count;
} else if (strcmp(svc->krb5.store.elements[d].key, "keytab") == 0)
{
k_num = cs->count;
+ } else if (strcmp(svc->krb5.store.elements[d].key, "ccache") == 0)
{
+ cc_num = cs->count;
}
cs->elements[cs->count].key = strdup(svc->krb5.store.elements[d].key);
@@ -401,6 +481,11 @@ static int gp_get_cred_environment(struct gp_call_ctx *gpcall,
}
}
+ ret = ensure_segregated_ccache(gpcall, cc_num, svc, cs);
+ if (ret != 0) {
+ goto done;
+ }
+
ret = 0;
done:
diff --git a/proxy/src/gp_proxy.h b/proxy/src/gp_proxy.h
index ad6806a..869000d 100644
--- a/proxy/src/gp_proxy.h
+++ b/proxy/src/gp_proxy.h
@@ -81,6 +81,8 @@ struct gp_call_ctx {
struct gssproxy_ctx *gpctx;
struct gp_service *service;
struct gp_conn *connection;
+ void (*destroy_callback)(void *);
+ void *destroy_callback_data;
};
/* from gp_config.c */
diff --git a/proxy/src/gp_workers.c b/proxy/src/gp_workers.c
index a778865..9230cab 100644
--- a/proxy/src/gp_workers.c
+++ b/proxy/src/gp_workers.c
@@ -432,5 +432,9 @@ static void gp_handle_query(struct gp_workers *w, struct gp_query *q)
q->buffer = buffer;
q->buflen = buflen;
}
+
+ if (gpcall.destroy_callback) {
+ gpcall.destroy_callback(gpcall.destroy_callback_data);
+ }
}
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.