X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=meta-starlingx%2Fmeta-stx-distro%2Frecipes-security%2Fgssproxy%2Ffiles%2FSeparate-cred-and-ccache-manipulation-in-gpp_store_r.patch;fp=meta-starlingx%2Fmeta-stx-distro%2Frecipes-security%2Fgssproxy%2Ffiles%2FSeparate-cred-and-ccache-manipulation-in-gpp_store_r.patch;h=0000000000000000000000000000000000000000;hb=6fc6934434f70595536a387ece31bc30141cafb5;hp=dbc8dd40650cdd5736757663aabe2a1fb39b21e4;hpb=eb1e26510491ba49de693ab3b0498edcb06be6c5;p=pti%2Frtp.git diff --git a/meta-starlingx/meta-stx-distro/recipes-security/gssproxy/files/Separate-cred-and-ccache-manipulation-in-gpp_store_r.patch b/meta-starlingx/meta-stx-distro/recipes-security/gssproxy/files/Separate-cred-and-ccache-manipulation-in-gpp_store_r.patch deleted file mode 100644 index dbc8dd4..0000000 --- a/meta-starlingx/meta-stx-distro/recipes-security/gssproxy/files/Separate-cred-and-ccache-manipulation-in-gpp_store_r.patch +++ /dev/null @@ -1,107 +0,0 @@ -From 1451b65fec69ff35e029b4770dcb4927ba57060a Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Fri, 17 Nov 2017 13:53:37 -0500 -Subject: [PATCH] Separate cred and ccache manipulation in - gpp_store_remote_creds() - -Signed-off-by: Robbie Harwood -Reviewed-by: Simo Sorce -(cherry picked from commit 221b553bfb4082085d05b40da9a04c1f7e4af533) ---- - proxy/src/mechglue/gpp_creds.c | 62 +++++++++++++++++++++------------- - 1 file changed, 39 insertions(+), 23 deletions(-) - -diff --git a/proxy/src/mechglue/gpp_creds.c b/proxy/src/mechglue/gpp_creds.c -index 6bdff45..3ebd726 100644 ---- a/proxy/src/mechglue/gpp_creds.c -+++ b/proxy/src/mechglue/gpp_creds.c -@@ -136,6 +136,40 @@ bool gpp_creds_are_equal(gssx_cred *a, gssx_cred *b) - return true; - } - -+static krb5_error_code gpp_construct_cred(gssx_cred *creds, krb5_context ctx, -+ krb5_creds *cred, char *cred_name) -+{ -+ XDR xdrctx; -+ bool xdrok; -+ krb5_error_code ret = 0; -+ -+ memset(cred, 0, sizeof(*cred)); -+ -+ memcpy(cred_name, creds->desired_name.display_name.octet_string_val, -+ creds->desired_name.display_name.octet_string_len); -+ cred_name[creds->desired_name.display_name.octet_string_len] = '\0'; -+ -+ ret = krb5_parse_name(ctx, cred_name, &cred->client); -+ if (ret) { -+ return ret; -+ } -+ -+ ret = krb5_parse_name(ctx, GPKRB_SRV_NAME, &cred->server); -+ if (ret) { -+ return ret; -+ } -+ -+ cred->ticket.data = malloc(GPKRB_MAX_CRED_SIZE); -+ xdrmem_create(&xdrctx, cred->ticket.data, GPKRB_MAX_CRED_SIZE, -+ XDR_ENCODE); -+ xdrok = xdr_gssx_cred(&xdrctx, creds); -+ if (!xdrok) { -+ return ENOSPC; -+ } -+ cred->ticket.length = xdr_getpos(&xdrctx); -+ return 0; -+} -+ - uint32_t gpp_store_remote_creds(uint32_t *min, bool default_creds, - gss_const_key_value_set_t cred_store, - gssx_cred *creds) -@@ -145,17 +179,18 @@ uint32_t gpp_store_remote_creds(uint32_t *min, bool default_creds, - krb5_creds cred; - krb5_error_code ret; - char cred_name[creds->desired_name.display_name.octet_string_len + 1]; -- XDR xdrctx; -- bool xdrok; - const char *cc_type; - - *min = 0; - -- memset(&cred, 0, sizeof(cred)); -- - ret = krb5_init_context(&ctx); - if (ret) return ret; - -+ ret = gpp_construct_cred(creds, ctx, &cred, cred_name); -+ if (ret) { -+ goto done; -+ } -+ - if (cred_store) { - for (unsigned i = 0; i < cred_store->count; i++) { - if (strcmp(cred_store->elements[i].key, "ccache") == 0) { -@@ -175,25 +210,6 @@ uint32_t gpp_store_remote_creds(uint32_t *min, bool default_creds, - if (ret) goto done; - } - -- memcpy(cred_name, creds->desired_name.display_name.octet_string_val, -- creds->desired_name.display_name.octet_string_len); -- cred_name[creds->desired_name.display_name.octet_string_len] = '\0'; -- -- ret = krb5_parse_name(ctx, cred_name, &cred.client); -- if (ret) goto done; -- -- ret = krb5_parse_name(ctx, GPKRB_SRV_NAME, &cred.server); -- if (ret) goto done; -- -- cred.ticket.data = malloc(GPKRB_MAX_CRED_SIZE); -- xdrmem_create(&xdrctx, cred.ticket.data, GPKRB_MAX_CRED_SIZE, XDR_ENCODE); -- xdrok = xdr_gssx_cred(&xdrctx, creds); -- if (!xdrok) { -- ret = ENOSPC; -- goto done; -- } -- cred.ticket.length = xdr_getpos(&xdrctx); -- - cc_type = krb5_cc_get_type(ctx, ccache); - if (strcmp(cc_type, "FILE") == 0) { - /* FILE ccaches don't handle updates properly: if they have the same