auth/credentials: also do a shallow copy of the krb5_ccache.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 3b7d42a29a5a0b525b687a11c71a196f96c86855..bfa397cc92d7a58ea44213f9d222944a04aac14b 100644 (file)
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -129,21 +129,6 @@ _PUBLIC_ void *_cli_credentials_callback_data(struct cli_credentials *cred)
        return cred->priv_data;
 }
 
-_PUBLIC_ struct cli_credentials *cli_credentials_shallow_copy(TALLOC_CTX *mem_ctx,
-                                               struct cli_credentials *src)
-{
-       struct cli_credentials *dst;
-
-       dst = talloc(mem_ctx, struct cli_credentials);
-       if (dst == NULL) {
-               return NULL;
-       }
-
-       *dst = *src;
-
-       return dst;
-}
-
 /**
  * Create a new anonymous credential
  * @param mem_ctx TALLOC_CTX parent for credentials structure 

diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h
index 3779ec048e65a9b4b0c1143cd48e596b410a4e82..523793f090da6d68b6d7b27b50ccda0459eff8ac 100644 (file)
--- a/auth/credentials/credentials.h
+++ b/auth/credentials/credentials.h
@@ -286,9 +286,6 @@ void *_cli_credentials_callback_data(struct cli_credentials *cred);
 #define cli_credentials_callback_data_void(_cred) \
        _cli_credentials_callback_data(_cred)
 
-struct cli_credentials *cli_credentials_shallow_copy(TALLOC_CTX *mem_ctx,
-                                               struct cli_credentials *src);
-
 /**
  * Return attached NETLOGON credentials 
  */

diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c
index 6d0ef6f953e6c510f1dc7c40c17b87e62fa403a0..0bd659577763c84a5d3edbcf2d81dc1f325e9460 100644 (file)
--- a/auth/credentials/credentials_krb5.c
+++ b/auth/credentials/credentials_krb5.c
@@ -731,6 +731,73 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
        return ret;
 }
 
+static int cli_credentials_shallow_ccache(struct cli_credentials *cred)
+{
+       krb5_error_code ret;
+       const struct ccache_container *old_ccc = NULL;
+       struct ccache_container *ccc = NULL;
+       char *ccache_name = NULL;
+
+       old_ccc = cred->ccache;
+       if (old_ccc == NULL) {
+               return 0;
+       }
+
+       ccc = talloc(cred, struct ccache_container);
+       if (ccc == NULL) {
+               return ENOMEM;
+       }
+       *ccc = *old_ccc;
+       ccc->ccache = NULL;
+
+       ccache_name = talloc_asprintf(ccc, "MEMORY:%p", ccc);
+
+       ret = krb5_cc_resolve(ccc->smb_krb5_context->krb5_context,
+                             ccache_name, &ccc->ccache);
+       if (ret != 0) {
+               TALLOC_FREE(ccc);
+               return ret;
+       }
+
+       talloc_set_destructor(ccc, free_mccache);
+
+       TALLOC_FREE(ccache_name);
+
+       ret = krb5_cc_copy_cache(ccc->smb_krb5_context->krb5_context,
+                                old_ccc->ccache, ccc->ccache);
+       if (ret != 0) {
+               TALLOC_FREE(ccc);
+               return ret;
+       }
+
+       cred->ccache = ccc;
+       cred->client_gss_creds = NULL;
+       cred->client_gss_creds_obtained = CRED_UNINITIALISED;
+       return ret;
+}
+
+_PUBLIC_ struct cli_credentials *cli_credentials_shallow_copy(TALLOC_CTX *mem_ctx,
+                                               struct cli_credentials *src)
+{
+       struct cli_credentials *dst;
+       int ret;
+
+       dst = talloc(mem_ctx, struct cli_credentials);
+       if (dst == NULL) {
+               return NULL;
+       }
+
+       *dst = *src;
+
+       ret = cli_credentials_shallow_ccache(dst);
+       if (ret != 0) {
+               TALLOC_FREE(dst);
+               return NULL;
+       }
+
+       return dst;
+}
+
 static int smb_krb5_create_salt_principal(TALLOC_CTX *mem_ctx,
                                          const char *samAccountName,
                                          const char *realm,

diff --git a/auth/credentials/credentials_krb5.h b/auth/credentials/credentials_krb5.h
index fc7d0be220af01776d616d69d74d042288eb24ef..ae60104760601515defdf709ecf0525af1fcc0f5 100644 (file)
--- a/auth/credentials/credentials_krb5.h
+++ b/auth/credentials/credentials_krb5.h
@@ -38,4 +38,8 @@ int cli_credentials_set_client_gss_creds(struct cli_credentials *cred,
                                         enum credentials_obtained obtained,
                                         const char **error_string);
 
+struct cli_credentials *cli_credentials_shallow_copy(TALLOC_CTX *mem_ctx,
+                                               struct cli_credentials *src);
+
+
 #endif /* __CREDENTIALS_KRB5_H__ */

diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c
index 829c969ecf567a2931a3ec801aabf2be8fb04375..da81c52bd5abba8f0ff457c12c0c41cea49eeb1d 100644 (file)
--- a/source4/torture/rpc/schannel.c
+++ b/source4/torture/rpc/schannel.c
@@ -24,6 +24,7 @@
 #include "librpc/gen_ndr/ndr_lsa_c.h"
 #include "librpc/gen_ndr/ndr_samr_c.h"
 #include "auth/credentials/credentials.h"
+#include "auth/credentials/credentials_krb5.h"
 #include "torture/rpc/torture_rpc.h"
 #include "lib/cmdline/popt_common.h"
 #include "../libcli/auth/schannel.h"

diff --git a/source4/torture/smb2/session.c b/source4/torture/smb2/session.c
index 9d7cc4b53429610eda35758848d9406a72fb643d..e35ec85c6a3b634c66e4276d648bed6fbfe7cff5 100644 (file)
--- a/source4/torture/smb2/session.c
+++ b/source4/torture/smb2/session.c
@@ -27,6 +27,7 @@
 #include "../libcli/smb/smbXcli_base.h"
 #include "lib/cmdline/popt_common.h"
 #include "auth/credentials/credentials.h"
+#include "auth/credentials/credentials_krb5.h"
 #include "libcli/security/security.h"
 #include "libcli/resolve/resolve.h"
 #include "lib/param/param.h"