diff options
author | Dana Dahlstrom <dahlstrom@google.com> | 2020-01-30 12:00:00 -0800 |
---|---|---|
committer | Dana Dahlstrom <dahlstrom@google.com> | 2020-02-10 12:00:00 -0800 |
commit | 48adcc45b3935045b1ff2013ecfd05e6f3bdb1cc (patch) | |
tree | 7e47ce0d2a402a9e765541e514aa969ef8325928 /src/share/native/sun/security/krb5/nativeccache.c | |
parent | e5752ae568d3c43497ae4f33d731fadf4ef165d4 (diff) | |
parent | 5b42bd7c94ffa67028549cac0264d79e24b2febd (diff) | |
download | jdk8u_jdk-48adcc45b3935045b1ff2013ecfd05e6f3bdb1cc.tar.gz |
Merge tag jb8u232-b1638.6
Change-Id: I5b42bd7c94ffa67028549cac0264d79e24b2febd
Diffstat (limited to 'src/share/native/sun/security/krb5/nativeccache.c')
-rw-r--r-- | src/share/native/sun/security/krb5/nativeccache.c | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/src/share/native/sun/security/krb5/nativeccache.c b/src/share/native/sun/security/krb5/nativeccache.c index beb5bf0262..1b50a2e176 100644 --- a/src/share/native/sun/security/krb5/nativeccache.c +++ b/src/share/native/sun/security/krb5/nativeccache.c @@ -291,6 +291,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ int netypes; jint *etypes = NULL; + int proxy_flag = 0; /* Initialize the Kerberos 5 context */ err = krb5_init_context (&kcontext); @@ -303,6 +304,48 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ err = krb5_cc_set_flags (kcontext, ccache, flags); /* turn off OPENCLOSE */ } + // First round read. The proxy_impersonator config flag is not supported. + // This ccache will not be used if this flag exists. + if (!err) { + err = krb5_cc_start_seq_get (kcontext, ccache, &cursor); + } + + if (!err) { + while ((err = krb5_cc_next_cred (kcontext, ccache, &cursor, &creds)) == 0) { + char *serverName = NULL; + + if (!err) { + err = krb5_unparse_name (kcontext, creds.server, &serverName); + printiferr (err, "while unparsing server name"); + } + + if (!err) { + if (!strcmp(serverName, "krb5_ccache_conf_data/proxy_impersonator@X-CACHECONF:")) { + proxy_flag = 1; + } + } + + if (serverName != NULL) { krb5_free_unparsed_name (kcontext, serverName); } + + krb5_free_cred_contents (kcontext, &creds); + + if (proxy_flag) break; + } + + if (err == KRB5_CC_END) { err = 0; } + printiferr (err, "while retrieving a ticket"); + } + + if (!err) { + err = krb5_cc_end_seq_get (kcontext, ccache, &cursor); + printiferr (err, "while finishing ticket retrieval"); + } + + if (proxy_flag) { + goto outer_cleanup; + } + // End of first round read + if (!err) { err = krb5_cc_start_seq_get (kcontext, ccache, &cursor); } @@ -430,6 +473,7 @@ cleanup: printiferr (err, "while finishing ticket retrieval"); } +outer_cleanup: if (!err) { flags = KRB5_TC_OPENCLOSE; /* restore OPENCLOSE mode */ err = krb5_cc_set_flags (kcontext, ccache, flags); |