summaryrefslogtreecommitdiff
path: root/client
diff options
context:
space:
mode:
authorJeff Layton <jlayton@redhat.com>2009-08-14 07:59:50 -0400
committerJeff Layton <jlayton@redhat.com>2009-08-14 07:59:50 -0400
commitacbf026012af1c87b680b8d80ea9e4123e24b91a (patch)
tree7326167071f3703fb086ec68df750d5ed682c840 /client
parentb10bdef4e75ffe48d563b2f0825b82519a71c9a7 (diff)
downloadsamba-acbf026012af1c87b680b8d80ea9e4123e24b91a.tar.gz
samba-acbf026012af1c87b680b8d80ea9e4123e24b91a.tar.bz2
samba-acbf026012af1c87b680b8d80ea9e4123e24b91a.zip
cifs.upcall: clean up flag handling
Add a new stack var to hold the flags returned by the decoder routine so that we don't need to worry so much about preserving "rc". With this, we can drop privs before trying to find the location of the credcache. Signed-off-by: Jeff Layton <jlayton@redhat.com>
Diffstat (limited to 'client')
-rw-r--r--client/cifs.upcall.c20
1 files changed, 10 insertions, 10 deletions
diff --git a/client/cifs.upcall.c b/client/cifs.upcall.c
index e60fb50e57..904ec8e1c1 100644
--- a/client/cifs.upcall.c
+++ b/client/cifs.upcall.c
@@ -164,7 +164,7 @@ static struct decoded_args {
sectype_t sec;
};
-static int
+static unsigned int
decode_key_description(const char *desc, struct decoded_args *arg)
{
int retval = 0;
@@ -302,6 +302,7 @@ int main(const int argc, char *const argv[])
DATA_BLOB sess_key = data_blob_null;
key_serial_t key = 0;
size_t datalen;
+ unsigned int have;
long rc = 1;
int c;
char *buf, *princ, *ccname = NULL;
@@ -355,15 +356,14 @@ int main(const int argc, char *const argv[])
goto out;
}
- rc = decode_key_description(buf, &arg);
- if ((rc & DKD_MUSTHAVE_SET) != DKD_MUSTHAVE_SET) {
+ have = decode_key_description(buf, &arg);
+ SAFE_FREE(buf);
+ if ((have & DKD_MUSTHAVE_SET) != DKD_MUSTHAVE_SET) {
syslog(LOG_ERR, "unable to get necessary params from key "
- "description (0x%x)", rc);
+ "description (0x%x)", have);
rc = 1;
- SAFE_FREE(buf);
goto out;
}
- SAFE_FREE(buf);
if (arg.ver > CIFS_SPNEGO_UPCALL_VERSION) {
syslog(LOG_ERR, "incompatible kernel upcall version: 0x%x",
@@ -372,10 +372,7 @@ int main(const int argc, char *const argv[])
goto out;
}
- if (rc & DKD_HAVE_PID)
- ccname = get_krb5_ccname(arg.pid);
-
- if (rc & DKD_HAVE_UID) {
+ if (have & DKD_HAVE_UID) {
rc = setuid(arg.uid);
if (rc == -1) {
syslog(LOG_ERR, "setuid: %s", strerror(errno));
@@ -383,6 +380,9 @@ int main(const int argc, char *const argv[])
}
}
+ if (have & DKD_HAVE_PID)
+ ccname = get_krb5_ccname(arg.pid);
+
// do mech specific authorization
switch (arg.sec) {
case MS_KRB5: