[PATCH] Simplify Kerberos credentials cache code

[sxw at inf.ed.ac.uk]

The attached patch removes the duplicated credentials cache generation 
code in auth-krb5.c and gss-serv-krb5.c, by turning it into a procedure 
which is then called by both sections of code.

It's against the latest portable CVS tree.

Cheers,

Simon.
-------------- next part --------------
Index: auth-krb5.c
===================================================================
RCS file: /cvs/openssh/auth-krb5.c,v
retrieving revision 1.25
diff -u -r1.25 auth-krb5.c
--- auth-krb5.c	11 Sep 2004 13:32:09 -0000	1.25
+++ auth-krb5.c	6 Jul 2005 10:31:51 -0000
@@ -67,9 +67,6 @@
 #ifndef HEIMDAL
 	krb5_creds creds;
 	krb5_principal server;
-	char ccname[40];
-	int tmpfd;
-	mode_t old_umask;
 #endif
 	krb5_error_code problem;
 	krb5_ccache ccache = NULL;
@@ -146,28 +143,7 @@
 		goto out;
 	}
 
-	snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid());
-
-	old_umask = umask(0177);
-	tmpfd = mkstemp(ccname + strlen("FILE:"));
-	umask(old_umask);
-	if (tmpfd == -1) {
-		logit("mkstemp(): %.100s", strerror(errno));
-		problem = errno;
-		goto out;
-	}
-
-	if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) {
-		logit("fchmod(): %.100s", strerror(errno));
-		close(tmpfd);
-		problem = errno;
-		goto out;
-	}
-	close(tmpfd);
-
-	problem = krb5_cc_resolve(authctxt->krb5_ctx, ccname, &authctxt->krb5_fwd_ccache);
-	if (problem)
-		goto out;
+	problem = ssh_krb5_cc_gen(authctxt->krb5_ctx, &authctxt->krb5_fwd_ccache);
 
 	problem = krb5_cc_initialize(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache,
 				     authctxt->krb5_user);
@@ -234,4 +210,31 @@
 	}
 }
 
+#ifndef HEIMDAL
+krb5_error_code 
+ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) {
+	int tmpfd;
+	char ccname[40];
+	mode_t old_umask;
+
+	snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid());
+
+	old_umask = umask(0177);
+	tmpfd = mkstemp(ccname + strlen("FILE:"));
+	umask(old_umask);
+	if (tmpfd == -1) {
+		logit("mkstemp(): %.100s", strerror(errno));
+		return errno;
+	}
+
+	if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) {
+		logit("fchmod(): %.100s", strerror(errno));
+		close(tmpfd);
+		return errno;
+	}
+	close(tmpfd);
+
+	return (krb5_cc_resolve(ctx, ccname, ccache));
+}
+#endif /* !HEIMDAL */
 #endif /* KRB5 */
Index: auth.h
===================================================================
RCS file: /cvs/openssh/auth.h,v
retrieving revision 1.67
diff -u -r1.67 auth.h
--- auth.h	16 Jun 2005 03:18:35 -0000	1.67
+++ auth.h	6 Jul 2005 10:31:51 -0000
@@ -191,4 +191,9 @@
 #define AUTH_FAIL_MSG "Too many authentication failures for %.100s"
 
 #define SKEY_PROMPT "\nS/Key Password: "
+
+#if defined(KRB5) && !defined(HEIMDAL)
+#include <krb5.h>
+krb5_error_code ssh_krb5_cc_gen(krb5_context, krb5_ccache *);
+#endif
 #endif
Index: gss-serv-krb5.c
===================================================================
RCS file: /cvs/openssh/gss-serv-krb5.c,v
retrieving revision 1.8
diff -u -r1.8 gss-serv-krb5.c
--- gss-serv-krb5.c	14 Aug 2004 13:55:38 -0000	1.8
+++ gss-serv-krb5.c	6 Jul 2005 10:31:51 -0000
@@ -131,34 +131,10 @@
 		return;
 	}
 #else
-	{
-		int tmpfd;
-		char ccname[40];
-		mode_t old_umask;
-
-		snprintf(ccname, sizeof(ccname),
-		    "FILE:/tmp/krb5cc_%d_XXXXXX", geteuid());
-
-		old_umask = umask(0177);
-		tmpfd = mkstemp(ccname + strlen("FILE:"));
-		umask(old_umask);
-		if (tmpfd == -1) {
-			logit("mkstemp(): %.100s", strerror(errno));
-			problem = errno;
-			return;
-		}
-		if (fchmod(tmpfd, S_IRUSR | S_IWUSR) == -1) {
-			logit("fchmod(): %.100s", strerror(errno));
-			close(tmpfd);
-			problem = errno;
-			return;
-		}
-		close(tmpfd);
-		if ((problem = krb5_cc_resolve(krb_context, ccname, &ccache))) {
-			logit("krb5_cc_resolve(): %.100s",
-			    krb5_get_err_text(krb_context, problem));
-			return;
-		}
+	if ((problem = ssh_krb5_cc_gen(krb_context, &ccache))) {
+		logit("ssh_krb5_cc_gen(): %.100s",
+		    krb5_get_err_text(krb_context, problem));
+		return;
 	}
 #endif	/* #ifdef HEIMDAL */