reorder some things for future reauth cred support

author Luke Howard <lukeh@padl.com>

Mon, 27 Sep 2010 23:18:09 +0000 (01:18 +0200)

committer Luke Howard <lukeh@padl.com>

Mon, 27 Sep 2010 23:18:09 +0000 (01:18 +0200)
author Luke Howard <lukeh@padl.com>
Mon, 27 Sep 2010 23:18:09 +0000 (01:18 +0200)
committer Luke Howard <lukeh@padl.com>
Mon, 27 Sep 2010 23:18:09 +0000 (01:18 +0200)
diff --git a/util_cred.c b/util_cred.c

index bf2d8e5..d674648 100644 (file)
--- a/util_cred.c
+++ b/util_cred.c
@@ -82,8 +82,12 @@ gssEapReleaseCred(OM_uint32 *minor, gss_cred_id_t *pCred)
          GSSEAP_FREE(cred->radiusConfigFile);
  
  #ifdef GSSEAP_ENABLE_REAUTH
-    if (cred->krbCredCache != NULL)
-        krb5_cc_destroy(krbContext, cred->krbCredCache);
+    if (cred->krbCredCache != NULL) {
+        if (cred->flags & CRED_FLAG_DEFAULT_CCACHE)
+            krb5_cc_close(krbContext, cred->krbCredCache);
+        else
+            krb5_cc_destroy(krbContext, cred->krbCredCache);
+    }
      if (cred->krbCred != GSS_C_NO_CREDENTIAL)
          gssReleaseCred(&tmpMinor, &cred->krbCred);
  #endif
@@ -118,6 +122,26 @@ gssEapAcquireCred(OM_uint32 *minor,
      if (GSS_ERROR(major))
          goto cleanup;
  
+    if (desiredName != GSS_C_NO_NAME) {
+        major = gssEapDuplicateName(minor, desiredName, &cred->name);
+        if (GSS_ERROR(major))
+            goto cleanup;
+    } else {
+        if (cred->flags & CRED_FLAG_INITIATE) {
+            gss_buffer_desc buf;
+
+            buf.value = getlogin(); /* XXX */
+            buf.length = strlen((char *)buf.value);
+
+            major = gssEapImportName(minor, &buf,
+                                     GSS_C_NT_USER_NAME, &cred->name);
+            if (GSS_ERROR(major))
+                goto cleanup;
+        }
+
+        cred->flags |= CRED_FLAG_DEFAULT_IDENTITY;
+    }
+
      if (password != GSS_C_NO_BUFFER) {
          major = duplicateBuffer(minor, password, &cred->password);
          if (GSS_ERROR(major))
@@ -130,6 +154,9 @@ gssEapAcquireCred(OM_uint32 *minor,
           * will acquire them, so GS2 can know whether to prompt for a
           * password or not.
           */
+#if 0
+        && !gssEapCanReauthP(cred, GSS_C_NO_NAME, timeReq)
+#endif
          major = GSS_S_CRED_UNAVAIL;
          goto cleanup;
      }
@@ -150,26 +177,6 @@ gssEapAcquireCred(OM_uint32 *minor,
          break;
      }
  
-    if (desiredName != GSS_C_NO_NAME) {
-        major = gssEapDuplicateName(minor, desiredName, &cred->name);
-        if (GSS_ERROR(major))
-            goto cleanup;
-    } else {
-        if (cred->flags & CRED_FLAG_INITIATE) {
-            gss_buffer_desc buf;
-
-            buf.value = getlogin(); /* XXX */
-            buf.length = strlen((char *)buf.value);
-
-            major = gssEapImportName(minor, &buf,
-                                     GSS_C_NT_USER_NAME, &cred->name);
-            if (GSS_ERROR(major))
-                goto cleanup;
-        }
-
-        cred->flags |= CRED_FLAG_DEFAULT_IDENTITY;
-    }
-
      major = gssEapValidateMechs(minor, desiredMechs);
      if (GSS_ERROR(major))
          goto cleanup;
@@ -197,6 +204,10 @@ cleanup:
      return major;
  }
  
+/*
+ * Return TRUE if cred available for mechanism. Caller need no acquire
+ * lock because mechanisms list is immutable.
+ */
  int
  gssEapCredAvailable(gss_cred_id_t cred, gss_OID mech)
  {
author	Luke Howard <lukeh@padl.com>
	Mon, 27 Sep 2010 23:18:09 +0000 (01:18 +0200)
committer	Luke Howard <lukeh@padl.com>
	Mon, 27 Sep 2010 23:18:09 +0000 (01:18 +0200)