cifs.upcall: clean up flag handling

Add a new stack var to hold the flags returned by the decoder routine
so that we don't need to worry so much about preserving "rc".

With this, we can drop privs before trying to find the location of
the credcache.

Signed-off-by: Jeff Layton <jlayton@redhat.com>

diff --git a/source3/client/cifs.upcall.c b/source3/client/cifs.upcall.c
index 732b2a090b706117056a3bf3fd2c714820be9b57..d62ec8128c69e1d8dba228983b0ae1bd6b1bcfaf 100644 (file)
--- a/source3/client/cifs.upcall.c
+++ b/source3/client/cifs.upcall.c
@@ -164,7 +164,7 @@ static struct decoded_args {
        sectype_t       sec;
 };
 
-static int
+static unsigned int
 decode_key_description(const char *desc, struct decoded_args *arg)
 {
        int retval = 0;
@@ -302,6 +302,7 @@ int main(const int argc, char *const argv[])
        DATA_BLOB sess_key = data_blob_null;
        key_serial_t key = 0;
        size_t datalen;
+       unsigned int have;
        long rc = 1;
        int c;
        char *buf, *princ, *ccname = NULL;
@@ -355,15 +356,14 @@ int main(const int argc, char *const argv[])
                goto out;
        }
 
-       rc = decode_key_description(buf, &arg);
-       if ((rc & DKD_MUSTHAVE_SET) != DKD_MUSTHAVE_SET) {
+       have = decode_key_description(buf, &arg);
+       SAFE_FREE(buf);
+       if ((have & DKD_MUSTHAVE_SET) != DKD_MUSTHAVE_SET) {
                syslog(LOG_ERR, "unable to get necessary params from key "
-                               "description (0x%x)", rc);
+                               "description (0x%x)", have);
                rc = 1;
-               SAFE_FREE(buf);
                goto out;
        }
-       SAFE_FREE(buf);
 
        if (arg.ver > CIFS_SPNEGO_UPCALL_VERSION) {
                syslog(LOG_ERR, "incompatible kernel upcall version: 0x%x",
@@ -372,10 +372,7 @@ int main(const int argc, char *const argv[])
                goto out;
        }
 
-       if (rc & DKD_HAVE_PID)
-               ccname = get_krb5_ccname(arg.pid);
-
-       if (rc & DKD_HAVE_UID) {
+       if (have & DKD_HAVE_UID) {
                rc = setuid(arg.uid);
                if (rc == -1) {
                        syslog(LOG_ERR, "setuid: %s", strerror(errno));
@@ -383,6 +380,9 @@ int main(const int argc, char *const argv[])
                }
        }
 
+       if (have & DKD_HAVE_PID)
+               ccname = get_krb5_ccname(arg.pid);
+
        // do mech specific authorization
        switch (arg.sec) {
        case MS_KRB5: