auth/credentials: also do a shallow copy of the krb5_ccache.

Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2016-07-21 15:08:32 +0200
committer: Andrew Bartlett <abartlet@samba.org> 2016-07-22 23:34:20 +0200
commit: 2d9958e46c2e66d0476cc9ec3934ed16a352c077 (patch)
tree: 2b7b11d4c0b1fb1393445d0faf49145e1888ff4f
parent: 0dd1c658c76ab24095ca591aa6e5a85ed59ff5f8 (diff)
download: samba-2d9958e46c2e66d0476cc9ec3934ed16a352c077.tar.gz
6 files changed, 73 insertions, 18 deletions
diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 3b7d42a29a5..bfa397cc92d 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -129,21 +129,6 @@ _PUBLIC_ void *_cli_credentials_callback_data(struct cli_credentials *cred)
 	return cred->priv_data;
 }
 
-_PUBLIC_ struct cli_credentials *cli_credentials_shallow_copy(TALLOC_CTX *mem_ctx,
-						struct cli_credentials *src)
-{
-	struct cli_credentials *dst;
-
-	dst = talloc(mem_ctx, struct cli_credentials);
-	if (dst == NULL) {
-		return NULL;
-	}
-
-	*dst = *src;
-
-	return dst;
-}
-
 /**
  * Create a new anonymous credential
  * @param mem_ctx TALLOC_CTX parent for credentials structure 
diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h
index 3779ec048e6..523793f090d 100644
--- a/auth/credentials/credentials.h
+++ b/auth/credentials/credentials.h
@@ -286,9 +286,6 @@ void *_cli_credentials_callback_data(struct cli_credentials *cred);
 #define cli_credentials_callback_data_void(_cred) \
 	_cli_credentials_callback_data(_cred)
 
-struct cli_credentials *cli_credentials_shallow_copy(TALLOC_CTX *mem_ctx,
-						struct cli_credentials *src);
-
 /**
  * Return attached NETLOGON credentials 
  */
diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c
index 6d0ef6f953e..0bd65957776 100644
--- a/auth/credentials/credentials_krb5.c
+++ b/auth/credentials/credentials_krb5.c
@@ -731,6 +731,73 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
 	return ret;
 }
 
+static int cli_credentials_shallow_ccache(struct cli_credentials *cred)
+{
+	krb5_error_code ret;
+	const struct ccache_container *old_ccc = NULL;
+	struct ccache_container *ccc = NULL;
+	char *ccache_name = NULL;
+
+	old_ccc = cred->ccache;
+	if (old_ccc == NULL) {
+		return 0;
+	}
+
+	ccc = talloc(cred, struct ccache_container);
+	if (ccc == NULL) {
+		return ENOMEM;
+	}
+	*ccc = *old_ccc;
+	ccc->ccache = NULL;
+
+	ccache_name = talloc_asprintf(ccc, "MEMORY:%p", ccc);
+
+	ret = krb5_cc_resolve(ccc->smb_krb5_context->krb5_context,
+			      ccache_name, &ccc->ccache);
+	if (ret != 0) {
+		TALLOC_FREE(ccc);
+		return ret;
+	}
+
+	talloc_set_destructor(ccc, free_mccache);
+
+	TALLOC_FREE(ccache_name);
+
+	ret = krb5_cc_copy_cache(ccc->smb_krb5_context->krb5_context,
+				 old_ccc->ccache, ccc->ccache);
+	if (ret != 0) {
+		TALLOC_FREE(ccc);
+		return ret;
+	}
+
+	cred->ccache = ccc;
+	cred->client_gss_creds = NULL;
+	cred->client_gss_creds_obtained = CRED_UNINITIALISED;
+	return ret;
+}
+
+_PUBLIC_ struct cli_credentials *cli_credentials_shallow_copy(TALLOC_CTX *mem_ctx,
+						struct cli_credentials *src)
+{
+	struct cli_credentials *dst;
+	int ret;
+
+	dst = talloc(mem_ctx, struct cli_credentials);
+	if (dst == NULL) {
+		return NULL;
+	}
+
+	*dst = *src;
+
+	ret = cli_credentials_shallow_ccache(dst);
+	if (ret != 0) {
+		TALLOC_FREE(dst);
+		return NULL;
+	}
+
+	return dst;
+}
+
 static int smb_krb5_create_salt_principal(TALLOC_CTX *mem_ctx,
 					  const char *samAccountName,
 					  const char *realm,
diff --git a/auth/credentials/credentials_krb5.h b/auth/credentials/credentials_krb5.h
index fc7d0be220a..ae601047606 100644
--- a/auth/credentials/credentials_krb5.h
+++ b/auth/credentials/credentials_krb5.h
@@ -38,4 +38,8 @@ int cli_credentials_set_client_gss_creds(struct cli_credentials *cred,
 					 enum credentials_obtained obtained,
 					 const char **error_string);
 
+struct cli_credentials *cli_credentials_shallow_copy(TALLOC_CTX *mem_ctx,
+						struct cli_credentials *src);
+
+
 #endif /* __CREDENTIALS_KRB5_H__ */
diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c
index 829c969ecf5..da81c52bd5a 100644
--- a/source4/torture/rpc/schannel.c
+++ b/source4/torture/rpc/schannel.c
@@ -24,6 +24,7 @@
 #include "librpc/gen_ndr/ndr_lsa_c.h"
 #include "librpc/gen_ndr/ndr_samr_c.h"
 #include "auth/credentials/credentials.h"
+#include "auth/credentials/credentials_krb5.h"
 #include "torture/rpc/torture_rpc.h"
 #include "lib/cmdline/popt_common.h"
 #include "../libcli/auth/schannel.h"
diff --git a/source4/torture/smb2/session.c b/source4/torture/smb2/session.c
index 9d7cc4b5342..e35ec85c6a3 100644
--- a/source4/torture/smb2/session.c
+++ b/source4/torture/smb2/session.c
@@ -27,6 +27,7 @@
 #include "../libcli/smb/smbXcli_base.h"
 #include "lib/cmdline/popt_common.h"
 #include "auth/credentials/credentials.h"
+#include "auth/credentials/credentials_krb5.h"
 #include "libcli/security/security.h"
 #include "libcli/resolve/resolve.h"
 #include "lib/param/param.h"
author	Stefan Metzmacher <metze@samba.org>	2016-07-21 15:08:32 +0200
committer	Andrew Bartlett <abartlet@samba.org>	2016-07-22 23:34:20 +0200
commit	2d9958e46c2e66d0476cc9ec3934ed16a352c077 (patch)
tree	2b7b11d4c0b1fb1393445d0faf49145e1888ff4f
parent	0dd1c658c76ab24095ca591aa6e5a85ed59ff5f8 (diff)
download	samba-2d9958e46c2e66d0476cc9ec3934ed16a352c077.tar.gz