From patchwork Thu Aug 25 14:17:45 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jeff Layton <jlayton@samba.org>
X-Patchwork-Id: 9299441
Return-Path: <linux-cifs-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	1029A607D8 for <patchwork-cifs-client@patchwork.kernel.org>;
	Thu, 25 Aug 2016 14:21:24 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 00407292F3
	for <patchwork-cifs-client@patchwork.kernel.org>;
	Thu, 25 Aug 2016 14:21:23 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id E8DB129323; Thu, 25 Aug 2016 14:21:23 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5D0C6292F6
	for <patchwork-cifs-client@patchwork.kernel.org>;
	Thu, 25 Aug 2016 14:21:23 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1759015AbcHYOVM (ORCPT
	<rfc822;patchwork-cifs-client@patchwork.kernel.org>);
	Thu, 25 Aug 2016 10:21:12 -0400
Received: from hr2.samba.org ([144.76.82.148]:30059 "EHLO hr2.samba.org"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1758432AbcHYOTm (ORCPT <rfc822;linux-cifs@vger.kernel.org>);
	Thu, 25 Aug 2016 10:19:42 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=samba.org;
	s=42627210; h=Message-Id:Date:Cc:To:From;
	bh=HqSeliWJxpg8lNBryUaRlfnbLpbiq7SKMABg1UlJoQY=;
	b=C3gsiOwIDuR4iXPj6cbP9v7VPaCThPiZAKYd4Hy59sROzvTv7yNhEGC/a445kAQ4cXwHxU8+EIh8AdBYSDtjVPJ5tKJeUTR/fKTD5VvuDcwKLynUGFC2reafi3DYZYcsVrP1AEojYKo32IIp5pU5IuPh8rzjcpbDVJgCMpS3qGM=;
Received: from [127.0.0.2] (localhost [127.0.0.1])
	by hr2.samba.org with esmtpsa
	(TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim)
	id 1bcvV0-0001dI-0U; Thu, 25 Aug 2016 14:19:18 +0000
From: Jeff Layton <jlayton@samba.org>
To: linux-cifs@vger.kernel.org
Cc: samba-technical@lists.samba.org, jfdey@fredhutch.org
Subject: [cifs-utils PATCHv2 6/6] cifs.upcall: stop passing around ccache
	name strings
Date: Thu, 25 Aug 2016 10:17:45 -0400
Message-Id: <1472134665-4014-7-git-send-email-jlayton@samba.org>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1472134665-4014-1-git-send-email-jlayton@samba.org>
References: <1472134665-4014-1-git-send-email-jlayton@samba.org>
Sender: linux-cifs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-cifs.vger.kernel.org>
X-Mailing-List: linux-cifs@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Instead, get a ccache handle and pass that around. That way we can keep
the cache open until the program is complete as well.

Signed-off-by: Jeff Layton <jlayton@samba.org>
---
 cifs.upcall.c | 98 +++++++++++++++++++++++++----------------------------------
 1 file changed, 41 insertions(+), 57 deletions(-)

diff --git a/cifs.upcall.c b/cifs.upcall.c
index a20576654a95..8f146c92b4a5 100644
--- a/cifs.upcall.c
+++ b/cifs.upcall.c
@@ -117,7 +117,7 @@ static time_t get_tgt_time(krb5_ccache ccache)
 
 	if (krb5_cc_get_principal(context, ccache, &principal)) {
 		syslog(LOG_DEBUG, "%s: unable to get principal", __func__);
-		goto err_princ;
+		goto err_cache;
 	}
 
 	if (krb5_cc_start_seq_get(context, ccache, &cur)) {
@@ -154,32 +154,27 @@ err_cache:
 	return credtime;
 }
 
-static char *
+static krb5_ccache
 get_default_cc(void)
 {
-	const char *ccname;
-	char *rcc = NULL;
-	krb5_ccache ccache;
+	krb5_error_code ret;
+	krb5_ccache cc;
 
-	ccname = krb5_cc_default_name(context);
-	if (!ccname) {
-		syslog(LOG_DEBUG, "%s: krb5_cc_default returned NULL.", __func__);
+	ret = krb5_cc_default(context, &cc);
+	if (ret) {
+		syslog(LOG_DEBUG, "%s: krb5_cc_default returned %d", __func__, ret);
 		return NULL;
 	}
 
-	if (krb5_cc_resolve(context, ccname, &ccache)) {
-		syslog(LOG_DEBUG, "%s: unable to resolve krb5 cache", __func__);
-		return NULL;
+	if (!get_tgt_time(cc)) {
+		krb5_cc_close(context, cc);
+		cc = NULL;
 	}
-
-	if (get_tgt_time(ccache))
-		rcc = strdup(ccname);
-	krb5_cc_close(context, ccache);
-	return rcc;
+	return cc;
 }
 
 
-static char *
+static krb5_ccache
 init_cc_from_keytab(const char *keytab_name, const char *user)
 {
 	krb5_error_code ret;
@@ -187,7 +182,6 @@ init_cc_from_keytab(const char *keytab_name, const char *user)
 	krb5_keytab keytab = NULL;
 	krb5_principal me = NULL;
 	krb5_ccache cc = NULL;
-	char *ccname = NULL;
 
 	memset((char *) &my_creds, 0, sizeof(my_creds));
 
@@ -229,61 +223,46 @@ init_cc_from_keytab(const char *keytab_name, const char *user)
 	}
 
 	ret = krb5_cc_store_cred(context, cc, &my_creds);
-	if (ret)
+	if (ret) {
 		syslog(LOG_DEBUG, "krb5_cc_store_cred: %d", (int)ret);
-
-	ccname = strdup(krb5_cc_default_name(context));
-	if (ccname == NULL)
-		syslog(LOG_ERR, "Unable to allocate memory");
-icfk_cleanup:
+		goto icfk_cleanup;
+	}
+out:
 	my_creds.client = (krb5_principal)0;
 	krb5_free_cred_contents(context, &my_creds);
 
 	if (me)
 		krb5_free_principal(context, me);
-	if (cc)
-		krb5_cc_close(context, cc);
 	if (keytab)
 		krb5_kt_close(context, keytab);
-	return ccname;
+	return cc;
+icfk_cleanup:
+	if (cc) {
+		krb5_cc_close(context, cc);
+		cc = NULL;
+	}
+	goto out;
 }
 
 static int
-cifs_krb5_get_req(const char *host, const char *ccname,
+cifs_krb5_get_req(const char *host, krb5_ccache ccache,
 		  DATA_BLOB * mechtoken, DATA_BLOB * sess_key)
 {
 	krb5_error_code ret;
 	krb5_keyblock *tokb;
-	krb5_ccache ccache;
 	krb5_creds in_creds, *out_creds;
 	krb5_data apreq_pkt, in_data;
 	krb5_auth_context auth_context = NULL;
 #if defined(HAVE_KRB5_AUTH_CON_SETADDRS) && defined(HAVE_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE)
 	static const uint8_t gss_cksum[24] = { 0x10, 0x00, /* ... */};
 #endif
-	if (ccname) {
-		ret = krb5_cc_resolve(context, ccname, &ccache);
-		if (ret) {
-			syslog(LOG_DEBUG, "%s: unable to resolve %s to ccache\n",
-			       __func__, ccname);
-			return ret;
-		}
-	} else {
-		ret = krb5_cc_default(context, &ccache);
-		if (ret) {
-			syslog(LOG_DEBUG, "%s: krb5_cc_default: %d",
-				__func__, (int)ret);
-			return ret;
-		}
-	}
-
 	memset(&in_creds, 0, sizeof(in_creds));
 
 	ret = krb5_cc_get_principal(context, ccache, &in_creds.client);
 	if (ret) {
 		syslog(LOG_DEBUG, "%s: unable to get client principal name",
 		       __func__);
-		goto out_free_ccache;
+		return ret;
 	}
 
 	ret = krb5_sname_to_principal(context, host, "cifs", KRB5_NT_UNKNOWN,
@@ -383,8 +362,6 @@ out_free_creds:
 	krb5_free_creds(context, out_creds);
 out_free_principal:
 	krb5_free_principal(context, in_creds.client);
-out_free_ccache:
-	krb5_cc_close(context, ccache);
 	return ret;
 }
 
@@ -410,7 +387,7 @@ out_free_ccache:
  */
 static int
 handle_krb5_mech(const char *oid, const char *host, DATA_BLOB * secblob,
-		 DATA_BLOB * sess_key, const char *ccname)
+		 DATA_BLOB * sess_key, krb5_ccache ccache)
 {
 	int retval;
 	DATA_BLOB tkt, tkt_wrapped;
@@ -418,7 +395,7 @@ handle_krb5_mech(const char *oid, const char *host, DATA_BLOB * secblob,
 	syslog(LOG_DEBUG, "%s: getting service ticket for %s", __func__, host);
 
 	/* get a kerberos ticket for the service and extract the session key */
-	retval = cifs_krb5_get_req(host, ccname, &tkt, sess_key);
+	retval = cifs_krb5_get_req(host, ccache, &tkt, sess_key);
 	if (retval) {
 		syslog(LOG_DEBUG, "%s: failed to obtain service ticket (%d)",
 		       __func__, retval);
@@ -709,12 +686,13 @@ int main(const int argc, char *const argv[])
 	unsigned int have;
 	long rc = 1;
 	int c, try_dns = 0, legacy_uid = 0;
-	char *buf, *ccname = NULL;
+	char *buf;
 	char hostbuf[NI_MAXHOST], *host;
 	struct decoded_args arg;
 	const char *oid;
 	uid_t uid;
 	char *keytab_name = NULL;
+	krb5_ccache ccache = NULL;
 
 	hostbuf[0] = '\0';
 	memset(&arg, 0, sizeof(arg));
@@ -828,10 +806,15 @@ int main(const int argc, char *const argv[])
 		goto out;
 	}
 
-	ccname = get_default_cc();
+	ccache = get_default_cc();
 	/* Couldn't find credcache? Try to use keytab */
-	if (ccname == NULL && arg.username != NULL)
-		ccname = init_cc_from_keytab(keytab_name, arg.username);
+	if (ccache == NULL && arg.username != NULL)
+		ccache = init_cc_from_keytab(keytab_name, arg.username);
+
+	if (ccache == NULL) {
+		rc = 1;
+		goto out;
+	}
 
 	host = arg.hostname;
 
@@ -859,7 +842,7 @@ int main(const int argc, char *const argv[])
 
 retry_new_hostname:
 		lowercase_string(host);
-		rc = handle_krb5_mech(oid, host, &secblob, &sess_key, ccname);
+		rc = handle_krb5_mech(oid, host, &secblob, &sess_key, ccache);
 		if (!rc)
 			break;
 
@@ -904,7 +887,7 @@ retry_new_hostname:
 				break;
 			}
 
-			rc = handle_krb5_mech(oid, fqdn, &secblob, &sess_key, ccname);
+			rc = handle_krb5_mech(oid, fqdn, &secblob, &sess_key, ccache);
 			if (!rc)
 				break;
 		}
@@ -968,9 +951,10 @@ out:
 	}
 	data_blob_free(&secblob);
 	data_blob_free(&sess_key);
+	if (ccache)
+		krb5_cc_close(context, ccache);
 	if (context)
 		krb5_free_context(context);
-	SAFE_FREE(ccname);
 	SAFE_FREE(arg.hostname);
 	SAFE_FREE(arg.ip);
 	SAFE_FREE(arg.username);