From 090bb1f54b34e321022d774b9c1ea30ee2b77d7d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Tue, 17 Jun 2003 03:57:49 +0000 Subject: [PATCH] don't clear output_token twice remember to free data use sequence number verifier git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12364 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/gssapi/accept_sec_context.c | 34 +++++++++++++++++++++------- lib/gssapi/krb5/accept_sec_context.c | 34 +++++++++++++++++++++------- 2 files changed, 52 insertions(+), 16 deletions(-) diff --git a/lib/gssapi/accept_sec_context.c b/lib/gssapi/accept_sec_context.c index f085c1fa9..33743f706 100644 --- a/lib/gssapi/accept_sec_context.c +++ b/lib/gssapi/accept_sec_context.c @@ -96,7 +96,7 @@ gss_accept_sec_context krb5_data_zero (&fwd_data); output_token->length = 0; - output_token->value = NULL; + output_token->value = NULL; if (src_name != NULL) *src_name = NULL; @@ -119,6 +119,7 @@ gss_accept_sec_context (*context_handle)->more_flags = 0; (*context_handle)->ticket = NULL; (*context_handle)->lifetime = GSS_C_INDEFINITE; + (*context_handle)->order = NULL; kret = krb5_auth_con_init (gssapi_krb5_context, &(*context_handle)->auth_context); @@ -309,7 +310,7 @@ gss_accept_sec_context if (delegated_cred_handle == NULL) /* XXX Create a new delegated_cred_handle? */ kret = krb5_cc_default (gssapi_krb5_context, &ccache); - else if (*delegated_cred_handle == NULL) { + else { if ((*delegated_cred_handle = calloc(1, sizeof(**delegated_cred_handle))) == NULL) { ret = GSS_S_FAILURE; @@ -325,12 +326,16 @@ gss_accept_sec_context *delegated_cred_handle = NULL; goto end_fwd; } - } - if (delegated_cred_handle != NULL && - (*delegated_cred_handle)->ccache == NULL) { kret = krb5_cc_gen_new (gssapi_krb5_context, &krb5_mcc_ops, &(*delegated_cred_handle)->ccache); + if (kret) { + gss_release_name(minor_status, + &(*delegated_cred_handle)->principal); + free(*delegated_cred_handle); + *delegated_cred_handle = NULL; + goto end_fwd; + } ccache = (*delegated_cred_handle)->ccache; } if (delegated_cred_handle != NULL && @@ -410,9 +415,6 @@ gss_accept_sec_context krb5_data_free (&outbuf); if (ret) goto failure; - } else { - output_token->length = 0; - output_token->value = NULL; } (*context_handle)->ticket = ticket; @@ -422,6 +424,20 @@ gss_accept_sec_context krb5_free_ticket (context, ticket); #endif + { + OM_uint32 seq_number; + + krb5_auth_getremoteseqnumber (gssapi_krb5_context, + (*context_handle)->auth_context, + &seq_number); + ret = gssapi_msg_order_create(minor_status, + &(*context_handle)->order, + gssapi_msg_order_f(flags), + seq_number, 0); + if (ret) + goto failure; + } + *minor_status = 0; return GSS_S_COMPLETE; @@ -438,6 +454,8 @@ gss_accept_sec_context if((*context_handle)->target) krb5_free_principal (gssapi_krb5_context, (*context_handle)->target); + if((*context_handle)->order) + gssapi_msg_order_destroy(&(*context_handle)->order); HEIMDAL_MUTEX_destroy(&(*context_handle)->ctx_id_mutex); free (*context_handle); if (src_name != NULL) { diff --git a/lib/gssapi/krb5/accept_sec_context.c b/lib/gssapi/krb5/accept_sec_context.c index f085c1fa9..33743f706 100644 --- a/lib/gssapi/krb5/accept_sec_context.c +++ b/lib/gssapi/krb5/accept_sec_context.c @@ -96,7 +96,7 @@ gss_accept_sec_context krb5_data_zero (&fwd_data); output_token->length = 0; - output_token->value = NULL; + output_token->value = NULL; if (src_name != NULL) *src_name = NULL; @@ -119,6 +119,7 @@ gss_accept_sec_context (*context_handle)->more_flags = 0; (*context_handle)->ticket = NULL; (*context_handle)->lifetime = GSS_C_INDEFINITE; + (*context_handle)->order = NULL; kret = krb5_auth_con_init (gssapi_krb5_context, &(*context_handle)->auth_context); @@ -309,7 +310,7 @@ gss_accept_sec_context if (delegated_cred_handle == NULL) /* XXX Create a new delegated_cred_handle? */ kret = krb5_cc_default (gssapi_krb5_context, &ccache); - else if (*delegated_cred_handle == NULL) { + else { if ((*delegated_cred_handle = calloc(1, sizeof(**delegated_cred_handle))) == NULL) { ret = GSS_S_FAILURE; @@ -325,12 +326,16 @@ gss_accept_sec_context *delegated_cred_handle = NULL; goto end_fwd; } - } - if (delegated_cred_handle != NULL && - (*delegated_cred_handle)->ccache == NULL) { kret = krb5_cc_gen_new (gssapi_krb5_context, &krb5_mcc_ops, &(*delegated_cred_handle)->ccache); + if (kret) { + gss_release_name(minor_status, + &(*delegated_cred_handle)->principal); + free(*delegated_cred_handle); + *delegated_cred_handle = NULL; + goto end_fwd; + } ccache = (*delegated_cred_handle)->ccache; } if (delegated_cred_handle != NULL && @@ -410,9 +415,6 @@ gss_accept_sec_context krb5_data_free (&outbuf); if (ret) goto failure; - } else { - output_token->length = 0; - output_token->value = NULL; } (*context_handle)->ticket = ticket; @@ -422,6 +424,20 @@ gss_accept_sec_context krb5_free_ticket (context, ticket); #endif + { + OM_uint32 seq_number; + + krb5_auth_getremoteseqnumber (gssapi_krb5_context, + (*context_handle)->auth_context, + &seq_number); + ret = gssapi_msg_order_create(minor_status, + &(*context_handle)->order, + gssapi_msg_order_f(flags), + seq_number, 0); + if (ret) + goto failure; + } + *minor_status = 0; return GSS_S_COMPLETE; @@ -438,6 +454,8 @@ gss_accept_sec_context if((*context_handle)->target) krb5_free_principal (gssapi_krb5_context, (*context_handle)->target); + if((*context_handle)->order) + gssapi_msg_order_destroy(&(*context_handle)->order); HEIMDAL_MUTEX_destroy(&(*context_handle)->ctx_id_mutex); free (*context_handle); if (src_name != NULL) {