diff options
Diffstat (limited to 'lib/ZMkAuth.c')
-rw-r--r-- | lib/ZMkAuth.c | 47 |
1 files changed, 34 insertions, 13 deletions
diff --git a/lib/ZMkAuth.c b/lib/ZMkAuth.c index 0a39487..e5ad2df 100644 --- a/lib/ZMkAuth.c +++ b/lib/ZMkAuth.c @@ -147,21 +147,30 @@ ZMakeZcodeRealmAuthentication(register ZNotice_t *notice, result = krb5_mk_req_extended(Z_krb5_ctx, &authctx, 0 /* options */, 0 /* in_data */, creds, authent); krb5_auth_con_free(Z_krb5_ctx, authctx); + /* HOLDING: creds, authent */ if (result) { - krb5_free_creds(Z_krb5_ctx, creds); - return (result); + free(authent); + authent = NULL; } - /* HOLDING: creds, authent */ - - /* Encode the authenticator */ - notice->z_auth = 1; - notice->z_authent_len = authent->length; - zcode_len = authent->length * 2 + 2; /* 2x growth plus Z and null */ - notice->z_ascii_authent = (char *)malloc(zcode_len); - if (!notice->z_ascii_authent) { - krb5_free_data(Z_krb5_ctx, authent); + /* HOLDING: creds */ + if (result == 0 || result == KRB5KRB_AP_ERR_TKT_EXPIRED) { + /* Encode the authenticator */ + notice->z_auth = 1; + if (result == 0) + notice->z_authent_len = authent->length; + else + notice->z_authent_len = 0; + zcode_len = authent->length * 2 + 2; /* 2x growth plus Z and null */ + notice->z_ascii_authent = (char *)malloc(zcode_len); + if (!notice->z_ascii_authent) { + if (authent) + krb5_free_data(Z_krb5_ctx, authent); + krb5_free_creds(Z_krb5_ctx, creds); + return (ENOMEM); + } + } else { krb5_free_creds(Z_krb5_ctx, creds); - return (ENOMEM); + return result; } /* HOLDING: creds, authent, notice->z_ascii_authent */ result = ZMakeZcode(notice->z_ascii_authent, zcode_len, @@ -210,6 +219,7 @@ ZGetCredsRealm(krb5_creds **creds_out, char *realm) { krb5_creds creds_in; + krb5_creds creds_tmp; krb5_ccache ccache; /* XXX make this a global or static?*/ int result; @@ -229,7 +239,18 @@ ZGetCredsRealm(krb5_creds **creds_out, } result = krb5_cc_get_principal(Z_krb5_ctx, ccache, &creds_in.client); - if (!result) + if (!result) { + result = krb5_cc_retrieve_cred(Z_krb5_ctx, ccache, + KRB5_TC_SUPPORTED_KTYPES, &creds_in, &creds_tmp); + if (!result) { + *creds_out = malloc(sizeof(creds_tmp)); + if (*creds_out == NULL) + result = errno; + else + memcpy(*creds_out, &creds_tmp, sizeof(creds_tmp)); + } + } + if (result == KRB5_CC_NOTFOUND) result = krb5_get_credentials(Z_krb5_ctx, 0, ccache, &creds_in, creds_out); krb5_cc_close(Z_krb5_ctx, ccache); |