oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

check return value from gssapi_krb5_init

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11534 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
2002-10-31 16:06:35 +00:00
parent 2f7a5f8aae
commit 14d8cdb894
32 changed files with 764 additions and 748 deletions
Download Patch File Download Diff File Expand all files Collapse all files

575
lib/gssapi/accept_sec_context.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2002 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -38,7 +38,7 @@ RCSID("$Id$");
krb5_keytab gssapi_krb5_keytab;
OM_uint32
gsskrb5_register_acceptor_identity (char *identity)
gsskrb5_register_acceptor_identity (const char *identity)
{
krb5_error_code ret;
char *p;
@@ -76,347 +76,346 @@ gss_accept_sec_context
gss_cred_id_t * delegated_cred_handle
)
{
krb5_error_code kret;
OM_uint32 ret;
krb5_data indata;
krb5_flags ap_options;
OM_uint32 flags;
krb5_ticket *ticket = NULL;
krb5_keytab keytab = NULL;
krb5_data fwd_data;
OM_uint32 minor;
krb5_error_code kret;
OM_uint32 ret = GSS_S_COMPLETE;
krb5_data indata;
krb5_flags ap_options;
OM_uint32 flags;
krb5_ticket *ticket = NULL;
krb5_keytab keytab = NULL;
krb5_data fwd_data;
OM_uint32 minor;
ret = 0;
gssapi_krb5_init ();
GSSAPI_KRB5_INIT();
krb5_data_zero (&fwd_data);
output_token->length = 0;
output_token->value = NULL;
krb5_data_zero (&fwd_data);
output_token->length = 0;
output_token->value = NULL;
if (*context_handle == GSS_C_NO_CONTEXT) {
*context_handle = malloc(sizeof(**context_handle));
if (*context_handle == GSS_C_NO_CONTEXT) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
*context_handle = malloc(sizeof(**context_handle));
if (*context_handle == GSS_C_NO_CONTEXT) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
}
}
(*context_handle)->auth_context = NULL;
(*context_handle)->source = NULL;
(*context_handle)->target = NULL;
(*context_handle)->flags = 0;
(*context_handle)->more_flags = 0;
(*context_handle)->ticket = NULL;
(*context_handle)->auth_context = NULL;
(*context_handle)->source = NULL;
(*context_handle)->target = NULL;
(*context_handle)->flags = 0;
(*context_handle)->more_flags = 0;
(*context_handle)->ticket = NULL;
if (src_name != NULL)
*src_name = NULL;
if (src_name != NULL)
*src_name = NULL;
kret = krb5_auth_con_init (gssapi_krb5_context,
&(*context_handle)->auth_context);
if (kret) {
ret = GSS_S_FAILURE;
*minor_status = kret;
gssapi_krb5_set_error_string ();
goto failure;
}
if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS
&& input_chan_bindings->application_data.length ==
2 * sizeof((*context_handle)->auth_context->local_port)
) {
/* Port numbers are expected to be in application_data.value,
* initator's port first */
krb5_address initiator_addr, acceptor_addr;
memset(&initiator_addr, 0, sizeof(initiator_addr));
memset(&acceptor_addr, 0, sizeof(acceptor_addr));
(*context_handle)->auth_context->remote_port =
*(int16_t *) input_chan_bindings->application_data.value;
(*context_handle)->auth_context->local_port =
*((int16_t *) input_chan_bindings->application_data.value + 1);
kret = gss_address_to_krb5addr(input_chan_bindings->acceptor_addrtype,
&input_chan_bindings->acceptor_address,
(*context_handle)->auth_context->local_port,
&acceptor_addr);
if (kret) {
gssapi_krb5_set_error_string ();
ret = GSS_S_BAD_BINDINGS;
kret = krb5_auth_con_init (gssapi_krb5_context,
&(*context_handle)->auth_context);
if (kret) {
ret = GSS_S_FAILURE;
*minor_status = kret;
goto failure;
}
gssapi_krb5_set_error_string ();
goto failure;
}
if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS
&& input_chan_bindings->application_data.length ==
2 * sizeof((*context_handle)->auth_context->local_port)
) {
/* Port numbers are expected to be in application_data.value,
* initator's port first */
krb5_address initiator_addr, acceptor_addr;
memset(&initiator_addr, 0, sizeof(initiator_addr));
memset(&acceptor_addr, 0, sizeof(acceptor_addr));
(*context_handle)->auth_context->remote_port =
*(int16_t *) input_chan_bindings->application_data.value;
(*context_handle)->auth_context->local_port =
*((int16_t *) input_chan_bindings->application_data.value + 1);
kret = gss_address_to_krb5addr(input_chan_bindings->acceptor_addrtype,
&input_chan_bindings->acceptor_address,
(*context_handle)->auth_context->local_port,
&acceptor_addr);
if (kret) {
gssapi_krb5_set_error_string ();
ret = GSS_S_BAD_BINDINGS;
*minor_status = kret;
goto failure;
}
kret = gss_address_to_krb5addr(input_chan_bindings->initiator_addrtype,
&input_chan_bindings->initiator_address,
(*context_handle)->auth_context->remote_port,
&initiator_addr);
if (kret) {
krb5_free_address (gssapi_krb5_context, &acceptor_addr);
gssapi_krb5_set_error_string ();
ret = GSS_S_BAD_BINDINGS;
*minor_status = kret;
goto failure;
}
kret = gss_address_to_krb5addr(input_chan_bindings->initiator_addrtype,
&input_chan_bindings->initiator_address,
(*context_handle)->auth_context->remote_port,
&initiator_addr);
if (kret) {
krb5_free_address (gssapi_krb5_context, &acceptor_addr);
gssapi_krb5_set_error_string ();
ret = GSS_S_BAD_BINDINGS;
*minor_status = kret;
goto failure;
}
kret = krb5_auth_con_setaddrs(gssapi_krb5_context,
(*context_handle)->auth_context,
&acceptor_addr, /* local address */
&initiator_addr); /* remote address */
kret = krb5_auth_con_setaddrs(gssapi_krb5_context,
(*context_handle)->auth_context,
&acceptor_addr, /* local address */
&initiator_addr); /* remote address */
krb5_free_address (gssapi_krb5_context, &initiator_addr);
krb5_free_address (gssapi_krb5_context, &acceptor_addr);
krb5_free_address (gssapi_krb5_context, &initiator_addr);
krb5_free_address (gssapi_krb5_context, &acceptor_addr);
#if 0
free(input_chan_bindings->application_data.value);
input_chan_bindings->application_data.value = NULL;
input_chan_bindings->application_data.length = 0;
free(input_chan_bindings->application_data.value);
input_chan_bindings->application_data.value = NULL;
input_chan_bindings->application_data.length = 0;
#endif
if (kret) {
gssapi_krb5_set_error_string ();
ret = GSS_S_BAD_BINDINGS;
*minor_status = kret;
goto failure;
}
}
if (kret) {
gssapi_krb5_set_error_string ();
ret = GSS_S_BAD_BINDINGS;
*minor_status = kret;
goto failure;
}
}
{
int32_t tmp;
{
int32_t tmp;
krb5_auth_con_getflags(gssapi_krb5_context,
(*context_handle)->auth_context,
&tmp);
tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE;
krb5_auth_con_setflags(gssapi_krb5_context,
(*context_handle)->auth_context,
tmp);
}
krb5_auth_con_getflags(gssapi_krb5_context,
(*context_handle)->auth_context,
&tmp);
tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE;
krb5_auth_con_setflags(gssapi_krb5_context,
(*context_handle)->auth_context,
tmp);
}
ret = gssapi_krb5_decapsulate (minor_status,
input_token_buffer,
&indata,
"\x01\x00");
if (ret)
goto failure;
ret = gssapi_krb5_decapsulate (minor_status,
input_token_buffer,
&indata,
"\x01\x00");
if (ret)
goto failure;
if (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) {
if (gssapi_krb5_keytab != NULL) {
keytab = gssapi_krb5_keytab;
}
} else if (acceptor_cred_handle->keytab != NULL) {
keytab = acceptor_cred_handle->keytab;
}
if (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) {
if (gssapi_krb5_keytab != NULL) {
keytab = gssapi_krb5_keytab;
}
} else if (acceptor_cred_handle->keytab != NULL) {
keytab = acceptor_cred_handle->keytab;
}
kret = krb5_rd_req (gssapi_krb5_context,
&(*context_handle)->auth_context,
&indata,
(acceptor_cred_handle == GSS_C_NO_CREDENTIAL) ? NULL
kret = krb5_rd_req (gssapi_krb5_context,
&(*context_handle)->auth_context,
&indata,
(acceptor_cred_handle == GSS_C_NO_CREDENTIAL) ? NULL
: acceptor_cred_handle->principal,
keytab,
&ap_options,
&ticket);
if (kret) {
ret = GSS_S_FAILURE;
*minor_status = kret;
gssapi_krb5_set_error_string ();
goto failure;
}
keytab,
&ap_options,
&ticket);
if (kret) {
ret = GSS_S_FAILURE;
*minor_status = kret;
gssapi_krb5_set_error_string ();
goto failure;
}
kret = krb5_copy_principal (gssapi_krb5_context,
ticket->client,
&(*context_handle)->source);
if (kret) {
ret = GSS_S_FAILURE;
*minor_status = kret;
gssapi_krb5_set_error_string ();
goto failure;
}
kret = krb5_copy_principal (gssapi_krb5_context,
ticket->server,
&(*context_handle)->target);
if (kret) {
ret = GSS_S_FAILURE;
*minor_status = kret;
gssapi_krb5_set_error_string ();
goto failure;
}
if (src_name != NULL) {
kret = krb5_copy_principal (gssapi_krb5_context,
ticket->client,
src_name);
&(*context_handle)->source);
if (kret) {
ret = GSS_S_FAILURE;
*minor_status = kret;
gssapi_krb5_set_error_string ();
goto failure;
}
}
{
krb5_authenticator authenticator;
kret = krb5_auth_con_getauthenticator(gssapi_krb5_context,
(*context_handle)->auth_context,
&authenticator);
if(kret) {
ret = GSS_S_FAILURE;
*minor_status = kret;
gssapi_krb5_set_error_string ();
goto failure;
}
ret = gssapi_krb5_verify_8003_checksum(minor_status,
input_chan_bindings,
authenticator->cksum,
&flags,
&fwd_data);
krb5_free_authenticator(gssapi_krb5_context, &authenticator);
if (ret)
ret = GSS_S_FAILURE;
*minor_status = kret;
gssapi_krb5_set_error_string ();
goto failure;
}
}
if (fwd_data.length > 0 && (flags & GSS_C_DELEG_FLAG)) {
krb5_ccache ccache;
if (delegated_cred_handle == NULL)
/* XXX Create a new delegated_cred_handle? */
kret = krb5_cc_default (gssapi_krb5_context, &ccache);
else if (*delegated_cred_handle == NULL) {
if ((*delegated_cred_handle =
calloc(1, sizeof(**delegated_cred_handle))) == NULL) {
kret = krb5_copy_principal (gssapi_krb5_context,
ticket->server,
&(*context_handle)->target);
if (kret) {
ret = GSS_S_FAILURE;
*minor_status = kret;
gssapi_krb5_set_error_string ();
goto failure;
}
if (src_name != NULL) {
kret = krb5_copy_principal (gssapi_krb5_context,
ticket->client,
src_name);
if (kret) {
ret = GSS_S_FAILURE;
*minor_status = ENOMEM;
krb5_set_error_string(gssapi_krb5_context, "out of memory");
gssapi_krb5_set_error_string();
*minor_status = kret;
gssapi_krb5_set_error_string ();
goto failure;
}
if ((ret = gss_duplicate_name(minor_status, ticket->client,
&(*delegated_cred_handle)->principal)) != 0) {
flags &= ~GSS_C_DELEG_FLAG;
free(*delegated_cred_handle);
*delegated_cred_handle = NULL;
goto end_fwd;
}
}
if (delegated_cred_handle != NULL &&
(*delegated_cred_handle)->ccache == NULL) {
}
}
{
krb5_authenticator authenticator;
kret = krb5_auth_con_getauthenticator(gssapi_krb5_context,
(*context_handle)->auth_context,
&authenticator);
if(kret) {
ret = GSS_S_FAILURE;
*minor_status = kret;
gssapi_krb5_set_error_string ();
goto failure;
}
ret = gssapi_krb5_verify_8003_checksum(minor_status,
input_chan_bindings,
authenticator->cksum,
&flags,
&fwd_data);
krb5_free_authenticator(gssapi_krb5_context, &authenticator);
if (ret)
goto failure;
}
if (fwd_data.length > 0 && (flags & GSS_C_DELEG_FLAG)) {
krb5_ccache ccache;
if (delegated_cred_handle == NULL)
/* XXX Create a new delegated_cred_handle? */
kret = krb5_cc_default (gssapi_krb5_context, &ccache);
else if (*delegated_cred_handle == NULL) {
if ((*delegated_cred_handle =
calloc(1, sizeof(**delegated_cred_handle))) == NULL) {
ret = GSS_S_FAILURE;
*minor_status = ENOMEM;
krb5_set_error_string(gssapi_krb5_context, "out of memory");
gssapi_krb5_set_error_string();
goto failure;
}
if ((ret = gss_duplicate_name(minor_status, ticket->client,
&(*delegated_cred_handle)->principal)) != 0) {
flags &= ~GSS_C_DELEG_FLAG;
free(*delegated_cred_handle);
*delegated_cred_handle = NULL;
goto end_fwd;
}
}
if (delegated_cred_handle != NULL &&
(*delegated_cred_handle)->ccache == NULL) {
kret = krb5_cc_gen_new (gssapi_krb5_context,
&krb5_mcc_ops,
&(*delegated_cred_handle)->ccache);
ccache = (*delegated_cred_handle)->ccache;
}
if (delegated_cred_handle != NULL &&
(*delegated_cred_handle)->mechanisms == NULL) {
ccache = (*delegated_cred_handle)->ccache;
}
if (delegated_cred_handle != NULL &&
(*delegated_cred_handle)->mechanisms == NULL) {
ret = gss_create_empty_oid_set(minor_status,
&(*delegated_cred_handle)->mechanisms);
&(*delegated_cred_handle)->mechanisms);
if (ret)
goto failure;
goto failure;
ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
&(*delegated_cred_handle)->mechanisms);
&(*delegated_cred_handle)->mechanisms);
if (ret)
goto failure;
}
goto failure;
}
if (kret) {
flags &= ~GSS_C_DELEG_FLAG;
goto end_fwd;
}
if (kret) {
flags &= ~GSS_C_DELEG_FLAG;
goto end_fwd;
}
kret = krb5_cc_initialize(gssapi_krb5_context,
ccache,
*src_name);
if (kret) {
flags &= ~GSS_C_DELEG_FLAG;
goto end_fwd;
}
kret = krb5_cc_initialize(gssapi_krb5_context,
ccache,
*src_name);
if (kret) {
flags &= ~GSS_C_DELEG_FLAG;
goto end_fwd;
}
kret = krb5_rd_cred2(gssapi_krb5_context,
(*context_handle)->auth_context,
ccache,
&fwd_data);
if (kret) {
flags &= ~GSS_C_DELEG_FLAG;
goto end_fwd;
}
kret = krb5_rd_cred2(gssapi_krb5_context,
(*context_handle)->auth_context,
ccache,
&fwd_data);
if (kret) {
flags &= ~GSS_C_DELEG_FLAG;
goto end_fwd;
}
end_fwd:
free(fwd_data.data);
}
end_fwd:
free(fwd_data.data);
}
flags |= GSS_C_TRANS_FLAG;
flags |= GSS_C_TRANS_FLAG;
if (ret_flags)
*ret_flags = flags;
(*context_handle)->flags = flags;
(*context_handle)->more_flags |= OPEN;
if (ret_flags)
*ret_flags = flags;
(*context_handle)->flags = flags;
(*context_handle)->more_flags |= OPEN;
if (mech_type)
*mech_type = GSS_KRB5_MECHANISM;
if (mech_type)
*mech_type = GSS_KRB5_MECHANISM;
if (time_rec)
*time_rec = GSS_C_INDEFINITE;
if (time_rec)
*time_rec = GSS_C_INDEFINITE;
if(flags & GSS_C_MUTUAL_FLAG) {
krb5_data outbuf;
if(flags & GSS_C_MUTUAL_FLAG) {
krb5_data outbuf;
kret = krb5_mk_rep (gssapi_krb5_context,
(*context_handle)->auth_context,
&outbuf);
if (kret) {
ret = GSS_S_FAILURE;
*minor_status = kret;
gssapi_krb5_set_error_string ();
goto failure;
kret = krb5_mk_rep (gssapi_krb5_context,
(*context_handle)->auth_context,
&outbuf);
if (kret) {
ret = GSS_S_FAILURE;
*minor_status = kret;
gssapi_krb5_set_error_string ();
goto failure;
}
ret = gssapi_krb5_encapsulate (minor_status,
&outbuf,
output_token,
"\x02\x00");
krb5_data_free (&outbuf);
if (ret)
goto failure;
} else {
output_token->length = 0;
}
ret = gssapi_krb5_encapsulate (minor_status,
&outbuf,
output_token,
"\x02\x00");
krb5_data_free (&outbuf);
if (ret)
goto failure;
} else {
output_token->length = 0;
}
(*context_handle)->ticket = ticket;
ticket = NULL;
(*context_handle)->ticket = ticket;
ticket = NULL;
#if 0
krb5_free_ticket (context, ticket);
krb5_free_ticket (context, ticket);
#endif
return GSS_S_COMPLETE;
return GSS_S_COMPLETE;
failure:
if (fwd_data.length > 0)
free(fwd_data.data);
if (ticket != NULL)
krb5_free_ticket (gssapi_krb5_context, ticket);
krb5_auth_con_free (gssapi_krb5_context,
(*context_handle)->auth_context);
if((*context_handle)->source)
krb5_free_principal (gssapi_krb5_context,
(*context_handle)->source);
if((*context_handle)->target)
krb5_free_principal (gssapi_krb5_context,
(*context_handle)->target);
free (*context_handle);
if (src_name != NULL) {
gss_release_name (&minor, src_name);
*src_name = NULL;
}
*context_handle = GSS_C_NO_CONTEXT;
return ret;
failure:
if (fwd_data.length > 0)
free(fwd_data.data);
if (ticket != NULL)
krb5_free_ticket (gssapi_krb5_context, ticket);
krb5_auth_con_free (gssapi_krb5_context,
(*context_handle)->auth_context);
if((*context_handle)->source)
krb5_free_principal (gssapi_krb5_context,
(*context_handle)->source);
if((*context_handle)->target)
krb5_free_principal (gssapi_krb5_context,
(*context_handle)->target);
free (*context_handle);
if (src_name != NULL) {
gss_release_name (&minor, src_name);
*src_name = NULL;
}
*context_handle = GSS_C_NO_CONTEXT;
return ret;
}

2
lib/gssapi/acquire_cred.c
View File

@@ -195,7 +195,7 @@ OM_uint32 gss_acquire_cred
gss_cred_id_t handle;
OM_uint32 ret;
gssapi_krb5_init ();
GSSAPI_KRB5_INIT ();
*minor_status = 0;
handle = (gss_cred_id_t)malloc(sizeof(*handle));

5
lib/gssapi/compare_name.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997-2002 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -42,7 +42,8 @@ OM_uint32 gss_compare_name
int * name_equal
)
{
gssapi_krb5_init ();
GSSAPI_KRB5_INIT();
*name_equal = krb5_principal_compare (gssapi_krb5_context,
name1, name2);
return GSS_S_COMPLETE;

4
lib/gssapi/context_time.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2002 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -46,7 +46,7 @@ OM_uint32 gss_context_time
krb5_error_code kret;
krb5_timestamp timeret;
gssapi_krb5_init();
GSSAPI_KRB5_INIT ();
ret = gss_inquire_context(minor_status, context_handle,
NULL, NULL, &lifetime, NULL, NULL, NULL, NULL);

44
lib/gssapi/delete_sec_context.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2002 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -41,28 +41,28 @@ OM_uint32 gss_delete_sec_context
gss_buffer_t output_token
)
{
gssapi_krb5_init ();
GSSAPI_KRB5_INIT ();
if (output_token) {
output_token->length = 0;
output_token->value = NULL;
}
if (output_token) {
output_token->length = 0;
output_token->value = NULL;
}
krb5_auth_con_free (gssapi_krb5_context,
(*context_handle)->auth_context);
if((*context_handle)->source)
krb5_free_principal (gssapi_krb5_context,
(*context_handle)->source);
if((*context_handle)->target)
krb5_free_principal (gssapi_krb5_context,
(*context_handle)->target);
if ((*context_handle)->ticket) {
krb5_free_ticket (gssapi_krb5_context,
(*context_handle)->ticket);
free((*context_handle)->ticket);
}
krb5_auth_con_free (gssapi_krb5_context,
(*context_handle)->auth_context);
if((*context_handle)->source)
krb5_free_principal (gssapi_krb5_context,
(*context_handle)->source);
if((*context_handle)->target)
krb5_free_principal (gssapi_krb5_context,
(*context_handle)->target);
if ((*context_handle)->ticket) {
krb5_free_ticket (gssapi_krb5_context,
(*context_handle)->ticket);
free((*context_handle)->ticket);
}
free (*context_handle);
*context_handle = GSS_C_NO_CONTEXT;
return GSS_S_COMPLETE;
free (*context_handle);
*context_handle = GSS_C_NO_CONTEXT;
return GSS_S_COMPLETE;
}

52
lib/gssapi/display_name.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2002 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -42,31 +42,31 @@ OM_uint32 gss_display_name
gss_OID * output_name_type
)
{
krb5_error_code kret;
char *buf;
size_t len;
krb5_error_code kret;
char *buf;
size_t len;
gssapi_krb5_init ();
kret = krb5_unparse_name (gssapi_krb5_context,
input_name,
&buf);
if (kret) {
*minor_status = kret;
gssapi_krb5_set_error_string ();
return GSS_S_FAILURE;
}
len = strlen (buf);
output_name_buffer->length = len;
output_name_buffer->value = malloc(len + 1);
if (output_name_buffer->value == NULL) {
GSSAPI_KRB5_INIT ();
kret = krb5_unparse_name (gssapi_krb5_context,
input_name,
&buf);
if (kret) {
*minor_status = kret;
gssapi_krb5_set_error_string ();
return GSS_S_FAILURE;
}
len = strlen (buf);
output_name_buffer->length = len;
output_name_buffer->value = malloc(len + 1);
if (output_name_buffer->value == NULL) {
free (buf);
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
memcpy (output_name_buffer->value, buf, len);
((char *)output_name_buffer->value)[len] = '\0';
free (buf);
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
memcpy (output_name_buffer->value, buf, len);
((char *)output_name_buffer->value)[len] = '\0';
free (buf);
if (output_name_type)
*output_name_type = GSS_KRB5_NT_PRINCIPAL_NAME;
return GSS_S_COMPLETE;
if (output_name_type)
*output_name_type = GSS_KRB5_NT_PRINCIPAL_NAME;
return GSS_S_COMPLETE;
}

4
lib/gssapi/display_status.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1998 - 2001 Kungliga Tekniska H<>gskolan
* Copyright (c) 1998 - 2002 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -117,7 +117,7 @@ OM_uint32 gss_display_status
{
char *buf;
gssapi_krb5_init ();
GSSAPI_KRB5_INIT ();
*minor_status = 0;

26
lib/gssapi/duplicate_name.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2002 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -41,18 +41,18 @@ OM_uint32 gss_duplicate_name (
gss_name_t * dest_name
)
{
krb5_error_code kret;
krb5_error_code kret;
gssapi_krb5_init ();
GSSAPI_KRB5_INIT ();
kret = krb5_copy_principal (gssapi_krb5_context,
src_name,
dest_name);
if (kret) {
*minor_status = kret;
gssapi_krb5_set_error_string ();
return GSS_S_FAILURE;
} else {
return GSS_S_COMPLETE;
}
kret = krb5_copy_principal (gssapi_krb5_context,
src_name,
dest_name);
if (kret) {
*minor_status = kret;
gssapi_krb5_set_error_string ();
return GSS_S_FAILURE;
} else {
return GSS_S_COMPLETE;
}
}

4
lib/gssapi/export_sec_context.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1999 - 2001 Kungliga Tekniska H<>gskolan
* Copyright (c) 1999 - 2002 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -51,7 +51,7 @@ gss_export_sec_context (
OM_uint32 minor;
krb5_error_code kret;
gssapi_krb5_init ();
GSSAPI_KRB5_INIT ();
if (!((*context_handle)->flags & GSS_C_TRANS_FLAG))
return GSS_S_UNAVAILABLE;

4
lib/gssapi/gssapi.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2002 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -763,7 +763,7 @@ OM_uint32 gss_unseal
*/
OM_uint32 gsskrb5_register_acceptor_identity
(char *identity);
(const char *identity);
OM_uint32 gss_krb5_copy_ccache
(OM_uint32 *minor,

10
lib/gssapi/gssapi_locl.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2002 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -50,6 +50,14 @@ extern krb5_keytab gssapi_krb5_keytab;
krb5_error_code gssapi_krb5_init (void);
#define GSSAPI_KRB5_INIT() do { \
krb5_error_code kret; \
if((kret = gssapi_krb5_init ()) != 0) { \
*minor_status = kret; \
return GSS_S_FAILURE; \
} \
} while (0)
OM_uint32
gssapi_krb5_create_8003_checksum (
OM_uint32 *minor_status,

4
lib/gssapi/import_name.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2002 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -142,7 +142,7 @@ OM_uint32 gss_import_name
gss_name_t * output_name
)
{
gssapi_krb5_init ();
GSSAPI_KRB5_INIT ();
if (oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE))
return import_hostbased_name (minor_status,

4
lib/gssapi/import_sec_context.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1999 - 2001 Kungliga Tekniska H<>gskolan
* Copyright (c) 1999 - 2002 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -55,7 +55,7 @@ gss_import_sec_context (
int32_t flags;
OM_uint32 minor;
gssapi_krb5_init ();
GSSAPI_KRB5_INIT ();
sp = krb5_storage_from_mem (interprocess_token->value,
interprocess_token->length);

2
lib/gssapi/init_sec_context.c
View File

@@ -503,7 +503,7 @@ OM_uint32 gss_init_sec_context
OM_uint32 * time_rec
)
{
gssapi_krb5_init ();
GSSAPI_KRB5_INIT ();
if (input_token == GSS_C_NO_BUFFER || input_token->length == 0)
return init_auth (minor_status,

575
lib/gssapi/krb5/accept_sec_context.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2002 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -38,7 +38,7 @@ RCSID("$Id$");
krb5_keytab gssapi_krb5_keytab;
OM_uint32
gsskrb5_register_acceptor_identity (char *identity)
gsskrb5_register_acceptor_identity (const char *identity)
{
krb5_error_code ret;
char *p;
@@ -76,347 +76,346 @@ gss_accept_sec_context
gss_cred_id_t * delegated_cred_handle
)
{
krb5_error_code kret;
OM_uint32 ret;
krb5_data indata;
krb5_flags ap_options;
OM_uint32 flags;
krb5_ticket *ticket = NULL;
krb5_keytab keytab = NULL;
krb5_data fwd_data;
OM_uint32 minor;
krb5_error_code kret;
OM_uint32 ret = GSS_S_COMPLETE;
krb5_data indata;
krb5_flags ap_options;
OM_uint32 flags;
krb5_ticket *ticket = NULL;
krb5_keytab keytab = NULL;
krb5_data fwd_data;
OM_uint32 minor;
ret = 0;
gssapi_krb5_init ();
GSSAPI_KRB5_INIT();
krb5_data_zero (&fwd_data);
output_token->length = 0;
output_token->value = NULL;
krb5_data_zero (&fwd_data);
output_token->length = 0;
output_token->value = NULL;
if (*context_handle == GSS_C_NO_CONTEXT) {
*context_handle = malloc(sizeof(**context_handle));
if (*context_handle == GSS_C_NO_CONTEXT) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
*context_handle = malloc(sizeof(**context_handle));
if (*context_handle == GSS_C_NO_CONTEXT) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
}
}
(*context_handle)->auth_context = NULL;
(*context_handle)->source = NULL;
(*context_handle)->target = NULL;
(*context_handle)->flags = 0;
(*context_handle)->more_flags = 0;
(*context_handle)->ticket = NULL;
(*context_handle)->auth_context = NULL;
(*context_handle)->source = NULL;
(*context_handle)->target = NULL;
(*context_handle)->flags = 0;
(*context_handle)->more_flags = 0;
(*context_handle)->ticket = NULL;
if (src_name != NULL)
*src_name = NULL;
if (src_name != NULL)
*src_name = NULL;
kret = krb5_auth_con_init (gssapi_krb5_context,
&(*context_handle)->auth_context);
if (kret) {
ret = GSS_S_FAILURE;
*minor_status = kret;
gssapi_krb5_set_error_string ();
goto failure;
}
if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS
&& input_chan_bindings->application_data.length ==
2 * sizeof((*context_handle)->auth_context->local_port)
) {
/* Port numbers are expected to be in application_data.value,
* initator's port first */
krb5_address initiator_addr, acceptor_addr;
memset(&initiator_addr, 0, sizeof(initiator_addr));
memset(&acceptor_addr, 0, sizeof(acceptor_addr));
(*context_handle)->auth_context->remote_port =
*(int16_t *) input_chan_bindings->application_data.value;
(*context_handle)->auth_context->local_port =
*((int16_t *) input_chan_bindings->application_data.value + 1);
kret = gss_address_to_krb5addr(input_chan_bindings->acceptor_addrtype,
&input_chan_bindings->acceptor_address,
(*context_handle)->auth_context->local_port,
&acceptor_addr);
if (kret) {
gssapi_krb5_set_error_string ();
ret = GSS_S_BAD_BINDINGS;
kret = krb5_auth_con_init (gssapi_krb5_context,
&(*context_handle)->auth_context);
if (kret) {
ret = GSS_S_FAILURE;
*minor_status = kret;
goto failure;
}
gssapi_krb5_set_error_string ();
goto failure;
}
if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS
&& input_chan_bindings->application_data.length ==
2 * sizeof((*context_handle)->auth_context->local_port)
) {
/* Port numbers are expected to be in application_data.value,
* initator's port first */
krb5_address initiator_addr, acceptor_addr;
memset(&initiator_addr, 0, sizeof(initiator_addr));
memset(&acceptor_addr, 0, sizeof(acceptor_addr));
(*context_handle)->auth_context->remote_port =
*(int16_t *) input_chan_bindings->application_data.value;
(*context_handle)->auth_context->local_port =
*((int16_t *) input_chan_bindings->application_data.value + 1);
kret = gss_address_to_krb5addr(input_chan_bindings->acceptor_addrtype,
&input_chan_bindings->acceptor_address,
(*context_handle)->auth_context->local_port,
&acceptor_addr);
if (kret) {
gssapi_krb5_set_error_string ();
ret = GSS_S_BAD_BINDINGS;
*minor_status = kret;
goto failure;
}
kret = gss_address_to_krb5addr(input_chan_bindings->initiator_addrtype,
&input_chan_bindings->initiator_address,
(*context_handle)->auth_context->remote_port,
&initiator_addr);
if (kret) {
krb5_free_address (gssapi_krb5_context, &acceptor_addr);
gssapi_krb5_set_error_string ();
ret = GSS_S_BAD_BINDINGS;
*minor_status = kret;
goto failure;
}
kret = gss_address_to_krb5addr(input_chan_bindings->initiator_addrtype,
&input_chan_bindings->initiator_address,
(*context_handle)->auth_context->remote_port,
&initiator_addr);
if (kret) {
krb5_free_address (gssapi_krb5_context, &acceptor_addr);
gssapi_krb5_set_error_string ();
ret = GSS_S_BAD_BINDINGS;
*minor_status = kret;
goto failure;
}
kret = krb5_auth_con_setaddrs(gssapi_krb5_context,
(*context_handle)->auth_context,
&acceptor_addr, /* local address */
&initiator_addr); /* remote address */
kret = krb5_auth_con_setaddrs(gssapi_krb5_context,
(*context_handle)->auth_context,
&acceptor_addr, /* local address */
&initiator_addr); /* remote address */
krb5_free_address (gssapi_krb5_context, &initiator_addr);
krb5_free_address (gssapi_krb5_context, &acceptor_addr);
krb5_free_address (gssapi_krb5_context, &initiator_addr);
krb5_free_address (gssapi_krb5_context, &acceptor_addr);
#if 0
free(input_chan_bindings->application_data.value);
input_chan_bindings->application_data.value = NULL;
input_chan_bindings->application_data.length = 0;
free(input_chan_bindings->application_data.value);
input_chan_bindings->application_data.value = NULL;
input_chan_bindings->application_data.length = 0;
#endif
if (kret) {
gssapi_krb5_set_error_string ();
ret = GSS_S_BAD_BINDINGS;
*minor_status = kret;
goto failure;
}
}
if (kret) {
gssapi_krb5_set_error_string ();
ret = GSS_S_BAD_BINDINGS;
*minor_status = kret;
goto failure;
}
}
{
int32_t tmp;
{
int32_t tmp;
krb5_auth_con_getflags(gssapi_krb5_context,
(*context_handle)->auth_context,
&tmp);
tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE;
krb5_auth_con_setflags(gssapi_krb5_context,
(*context_handle)->auth_context,
tmp);
}
krb5_auth_con_getflags(gssapi_krb5_context,
(*context_handle)->auth_context,
&tmp);
tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE;
krb5_auth_con_setflags(gssapi_krb5_context,
(*context_handle)->auth_context,
tmp);
}
ret = gssapi_krb5_decapsulate (minor_status,
input_token_buffer,
&indata,
"\x01\x00");
if (ret)
goto failure;
ret = gssapi_krb5_decapsulate (minor_status,
input_token_buffer,
&indata,
"\x01\x00");
if (ret)
goto failure;
if (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) {
if (gssapi_krb5_keytab != NULL) {
keytab = gssapi_krb5_keytab;
}
} else if (acceptor_cred_handle->keytab != NULL) {
keytab = acceptor_cred_handle->keytab;
}
if (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) {
if (gssapi_krb5_keytab != NULL) {
keytab = gssapi_krb5_keytab;
}
} else if (acceptor_cred_handle->keytab != NULL) {
keytab = acceptor_cred_handle->keytab;
}
kret = krb5_rd_req (gssapi_krb5_context,
&(*context_handle)->auth_context,
&indata,
(acceptor_cred_handle == GSS_C_NO_CREDENTIAL) ? NULL
kret = krb5_rd_req (gssapi_krb5_context,
&(*context_handle)->auth_context,
&indata,
(acceptor_cred_handle == GSS_C_NO_CREDENTIAL) ? NULL
: acceptor_cred_handle->principal,
keytab,
&ap_options,
&ticket);
if (kret) {
ret = GSS_S_FAILURE;
*minor_status = kret;
gssapi_krb5_set_error_string ();
goto failure;
}
keytab,
&ap_options,
&ticket);
if (kret) {
ret = GSS_S_FAILURE;
*minor_status = kret;
gssapi_krb5_set_error_string ();
goto failure;
}
kret = krb5_copy_principal (gssapi_krb5_context,
ticket->client,
&(*context_handle)->source);
if (kret) {
ret = GSS_S_FAILURE;
*minor_status = kret;
gssapi_krb5_set_error_string ();
goto failure;
}
kret = krb5_copy_principal (gssapi_krb5_context,
ticket->server,
&(*context_handle)->target);
if (kret) {
ret = GSS_S_FAILURE;
*minor_status = kret;
gssapi_krb5_set_error_string ();
goto failure;
}
if (src_name != NULL) {
kret = krb5_copy_principal (gssapi_krb5_context,
ticket->client,
src_name);
&(*context_handle)->source);
if (kret) {
ret = GSS_S_FAILURE;
*minor_status = kret;
gssapi_krb5_set_error_string ();
goto failure;
}
}
{
krb5_authenticator authenticator;
kret = krb5_auth_con_getauthenticator(gssapi_krb5_context,
(*context_handle)->auth_context,
&authenticator);
if(kret) {
ret = GSS_S_FAILURE;
*minor_status = kret;
gssapi_krb5_set_error_string ();
goto failure;
}
ret = gssapi_krb5_verify_8003_checksum(minor_status,
input_chan_bindings,
authenticator->cksum,
&flags,
&fwd_data);
krb5_free_authenticator(gssapi_krb5_context, &authenticator);
if (ret)
ret = GSS_S_FAILURE;
*minor_status = kret;
gssapi_krb5_set_error_string ();
goto failure;
}
}
if (fwd_data.length > 0 && (flags & GSS_C_DELEG_FLAG)) {
krb5_ccache ccache;
if (delegated_cred_handle == NULL)
/* XXX Create a new delegated_cred_handle? */
kret = krb5_cc_default (gssapi_krb5_context, &ccache);
else if (*delegated_cred_handle == NULL) {
if ((*delegated_cred_handle =
calloc(1, sizeof(**delegated_cred_handle))) == NULL) {
kret = krb5_copy_principal (gssapi_krb5_context,
ticket->server,
&(*context_handle)->target);
if (kret) {
ret = GSS_S_FAILURE;
*minor_status = kret;
gssapi_krb5_set_error_string ();
goto failure;
}
if (src_name != NULL) {
kret = krb5_copy_principal (gssapi_krb5_context,
ticket->client,
src_name);
if (kret) {
ret = GSS_S_FAILURE;
*minor_status = ENOMEM;
krb5_set_error_string(gssapi_krb5_context, "out of memory");
gssapi_krb5_set_error_string();
*minor_status = kret;
gssapi_krb5_set_error_string ();
goto failure;
}
if ((ret = gss_duplicate_name(minor_status, ticket->client,
&(*delegated_cred_handle)->principal)) != 0) {
flags &= ~GSS_C_DELEG_FLAG;
free(*delegated_cred_handle);
*delegated_cred_handle = NULL;
goto end_fwd;
}
}
if (delegated_cred_handle != NULL &&
(*delegated_cred_handle)->ccache == NULL) {
}
}
{
krb5_authenticator authenticator;
kret = krb5_auth_con_getauthenticator(gssapi_krb5_context,
(*context_handle)->auth_context,
&authenticator);
if(kret) {
ret = GSS_S_FAILURE;
*minor_status = kret;
gssapi_krb5_set_error_string ();
goto failure;
}
ret = gssapi_krb5_verify_8003_checksum(minor_status,
input_chan_bindings,
authenticator->cksum,
&flags,
&fwd_data);
krb5_free_authenticator(gssapi_krb5_context, &authenticator);
if (ret)
goto failure;
}
if (fwd_data.length > 0 && (flags & GSS_C_DELEG_FLAG)) {
krb5_ccache ccache;
if (delegated_cred_handle == NULL)
/* XXX Create a new delegated_cred_handle? */
kret = krb5_cc_default (gssapi_krb5_context, &ccache);
else if (*delegated_cred_handle == NULL) {
if ((*delegated_cred_handle =
calloc(1, sizeof(**delegated_cred_handle))) == NULL) {
ret = GSS_S_FAILURE;
*minor_status = ENOMEM;
krb5_set_error_string(gssapi_krb5_context, "out of memory");
gssapi_krb5_set_error_string();
goto failure;
}
if ((ret = gss_duplicate_name(minor_status, ticket->client,
&(*delegated_cred_handle)->principal)) != 0) {
flags &= ~GSS_C_DELEG_FLAG;
free(*delegated_cred_handle);
*delegated_cred_handle = NULL;
goto end_fwd;
}
}
if (delegated_cred_handle != NULL &&
(*delegated_cred_handle)->ccache == NULL) {
kret = krb5_cc_gen_new (gssapi_krb5_context,
&krb5_mcc_ops,
&(*delegated_cred_handle)->ccache);
ccache = (*delegated_cred_handle)->ccache;
}
if (delegated_cred_handle != NULL &&
(*delegated_cred_handle)->mechanisms == NULL) {
ccache = (*delegated_cred_handle)->ccache;
}
if (delegated_cred_handle != NULL &&
(*delegated_cred_handle)->mechanisms == NULL) {
ret = gss_create_empty_oid_set(minor_status,
&(*delegated_cred_handle)->mechanisms);
&(*delegated_cred_handle)->mechanisms);
if (ret)
goto failure;
goto failure;
ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
&(*delegated_cred_handle)->mechanisms);
&(*delegated_cred_handle)->mechanisms);
if (ret)
goto failure;
}
goto failure;
}
if (kret) {
flags &= ~GSS_C_DELEG_FLAG;
goto end_fwd;
}
if (kret) {
flags &= ~GSS_C_DELEG_FLAG;
goto end_fwd;
}
kret = krb5_cc_initialize(gssapi_krb5_context,
ccache,
*src_name);
if (kret) {
flags &= ~GSS_C_DELEG_FLAG;
goto end_fwd;
}
kret = krb5_cc_initialize(gssapi_krb5_context,
ccache,
*src_name);
if (kret) {
flags &= ~GSS_C_DELEG_FLAG;
goto end_fwd;
}
kret = krb5_rd_cred2(gssapi_krb5_context,
(*context_handle)->auth_context,
ccache,
&fwd_data);
if (kret) {
flags &= ~GSS_C_DELEG_FLAG;
goto end_fwd;
}
kret = krb5_rd_cred2(gssapi_krb5_context,
(*context_handle)->auth_context,
ccache,
&fwd_data);
if (kret) {
flags &= ~GSS_C_DELEG_FLAG;
goto end_fwd;
}
end_fwd:
free(fwd_data.data);
}
end_fwd:
free(fwd_data.data);
}
flags |= GSS_C_TRANS_FLAG;
flags |= GSS_C_TRANS_FLAG;
if (ret_flags)
*ret_flags = flags;
(*context_handle)->flags = flags;
(*context_handle)->more_flags |= OPEN;
if (ret_flags)
*ret_flags = flags;
(*context_handle)->flags = flags;
(*context_handle)->more_flags |= OPEN;
if (mech_type)
*mech_type = GSS_KRB5_MECHANISM;
if (mech_type)
*mech_type = GSS_KRB5_MECHANISM;
if (time_rec)
*time_rec = GSS_C_INDEFINITE;
if (time_rec)
*time_rec = GSS_C_INDEFINITE;
if(flags & GSS_C_MUTUAL_FLAG) {
krb5_data outbuf;
if(flags & GSS_C_MUTUAL_FLAG) {
krb5_data outbuf;
kret = krb5_mk_rep (gssapi_krb5_context,
(*context_handle)->auth_context,
&outbuf);
if (kret) {
ret = GSS_S_FAILURE;
*minor_status = kret;
gssapi_krb5_set_error_string ();
goto failure;
kret = krb5_mk_rep (gssapi_krb5_context,
(*context_handle)->auth_context,
&outbuf);
if (kret) {
ret = GSS_S_FAILURE;
*minor_status = kret;
gssapi_krb5_set_error_string ();
goto failure;
}
ret = gssapi_krb5_encapsulate (minor_status,
&outbuf,
output_token,
"\x02\x00");
krb5_data_free (&outbuf);
if (ret)
goto failure;
} else {
output_token->length = 0;
}
ret = gssapi_krb5_encapsulate (minor_status,
&outbuf,
output_token,
"\x02\x00");
krb5_data_free (&outbuf);
if (ret)
goto failure;
} else {
output_token->length = 0;
}
(*context_handle)->ticket = ticket;
ticket = NULL;
(*context_handle)->ticket = ticket;
ticket = NULL;
#if 0
krb5_free_ticket (context, ticket);
krb5_free_ticket (context, ticket);
#endif
return GSS_S_COMPLETE;
return GSS_S_COMPLETE;
failure:
if (fwd_data.length > 0)
free(fwd_data.data);
if (ticket != NULL)
krb5_free_ticket (gssapi_krb5_context, ticket);
krb5_auth_con_free (gssapi_krb5_context,
(*context_handle)->auth_context);
if((*context_handle)->source)
krb5_free_principal (gssapi_krb5_context,
(*context_handle)->source);
if((*context_handle)->target)
krb5_free_principal (gssapi_krb5_context,
(*context_handle)->target);
free (*context_handle);
if (src_name != NULL) {
gss_release_name (&minor, src_name);
*src_name = NULL;
}
*context_handle = GSS_C_NO_CONTEXT;
return ret;
failure:
if (fwd_data.length > 0)
free(fwd_data.data);
if (ticket != NULL)
krb5_free_ticket (gssapi_krb5_context, ticket);
krb5_auth_con_free (gssapi_krb5_context,
(*context_handle)->auth_context);
if((*context_handle)->source)
krb5_free_principal (gssapi_krb5_context,
(*context_handle)->source);
if((*context_handle)->target)
krb5_free_principal (gssapi_krb5_context,
(*context_handle)->target);
free (*context_handle);
if (src_name != NULL) {
gss_release_name (&minor, src_name);
*src_name = NULL;
}
*context_handle = GSS_C_NO_CONTEXT;
return ret;
}

2
lib/gssapi/krb5/acquire_cred.c
View File

@@ -195,7 +195,7 @@ OM_uint32 gss_acquire_cred
gss_cred_id_t handle;
OM_uint32 ret;
gssapi_krb5_init ();
GSSAPI_KRB5_INIT ();
*minor_status = 0;
handle = (gss_cred_id_t)malloc(sizeof(*handle));

5
lib/gssapi/krb5/compare_name.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997-2002 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -42,7 +42,8 @@ OM_uint32 gss_compare_name
int * name_equal
)
{
gssapi_krb5_init ();
GSSAPI_KRB5_INIT();
*name_equal = krb5_principal_compare (gssapi_krb5_context,
name1, name2);
return GSS_S_COMPLETE;

4
lib/gssapi/krb5/context_time.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2002 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -46,7 +46,7 @@ OM_uint32 gss_context_time
krb5_error_code kret;
krb5_timestamp timeret;
gssapi_krb5_init();
GSSAPI_KRB5_INIT ();
ret = gss_inquire_context(minor_status, context_handle,
NULL, NULL, &lifetime, NULL, NULL, NULL, NULL);

44
lib/gssapi/krb5/delete_sec_context.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2002 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -41,28 +41,28 @@ OM_uint32 gss_delete_sec_context
gss_buffer_t output_token
)
{
gssapi_krb5_init ();
GSSAPI_KRB5_INIT ();
if (output_token) {
output_token->length = 0;
output_token->value = NULL;
}
if (output_token) {
output_token->length = 0;
output_token->value = NULL;
}
krb5_auth_con_free (gssapi_krb5_context,
(*context_handle)->auth_context);
if((*context_handle)->source)
krb5_free_principal (gssapi_krb5_context,
(*context_handle)->source);
if((*context_handle)->target)
krb5_free_principal (gssapi_krb5_context,
(*context_handle)->target);
if ((*context_handle)->ticket) {
krb5_free_ticket (gssapi_krb5_context,
(*context_handle)->ticket);
free((*context_handle)->ticket);
}
krb5_auth_con_free (gssapi_krb5_context,
(*context_handle)->auth_context);
if((*context_handle)->source)
krb5_free_principal (gssapi_krb5_context,
(*context_handle)->source);
if((*context_handle)->target)
krb5_free_principal (gssapi_krb5_context,
(*context_handle)->target);
if ((*context_handle)->ticket) {
krb5_free_ticket (gssapi_krb5_context,
(*context_handle)->ticket);
free((*context_handle)->ticket);
}
free (*context_handle);
*context_handle = GSS_C_NO_CONTEXT;
return GSS_S_COMPLETE;
free (*context_handle);
*context_handle = GSS_C_NO_CONTEXT;
return GSS_S_COMPLETE;
}

52
lib/gssapi/krb5/display_name.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2002 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -42,31 +42,31 @@ OM_uint32 gss_display_name
gss_OID * output_name_type
)
{
krb5_error_code kret;
char *buf;
size_t len;
krb5_error_code kret;
char *buf;
size_t len;
gssapi_krb5_init ();
kret = krb5_unparse_name (gssapi_krb5_context,
input_name,
&buf);
if (kret) {
*minor_status = kret;
gssapi_krb5_set_error_string ();
return GSS_S_FAILURE;
}
len = strlen (buf);
output_name_buffer->length = len;
output_name_buffer->value = malloc(len + 1);
if (output_name_buffer->value == NULL) {
GSSAPI_KRB5_INIT ();
kret = krb5_unparse_name (gssapi_krb5_context,
input_name,
&buf);
if (kret) {
*minor_status = kret;
gssapi_krb5_set_error_string ();
return GSS_S_FAILURE;
}
len = strlen (buf);
output_name_buffer->length = len;
output_name_buffer->value = malloc(len + 1);
if (output_name_buffer->value == NULL) {
free (buf);
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
memcpy (output_name_buffer->value, buf, len);
((char *)output_name_buffer->value)[len] = '\0';
free (buf);
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
memcpy (output_name_buffer->value, buf, len);
((char *)output_name_buffer->value)[len] = '\0';
free (buf);
if (output_name_type)
*output_name_type = GSS_KRB5_NT_PRINCIPAL_NAME;
return GSS_S_COMPLETE;
if (output_name_type)
*output_name_type = GSS_KRB5_NT_PRINCIPAL_NAME;
return GSS_S_COMPLETE;
}

4
lib/gssapi/krb5/display_status.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1998 - 2001 Kungliga Tekniska H<>gskolan
* Copyright (c) 1998 - 2002 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -117,7 +117,7 @@ OM_uint32 gss_display_status
{
char *buf;
gssapi_krb5_init ();
GSSAPI_KRB5_INIT ();
*minor_status = 0;

26
lib/gssapi/krb5/duplicate_name.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2002 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -41,18 +41,18 @@ OM_uint32 gss_duplicate_name (
gss_name_t * dest_name
)
{
krb5_error_code kret;
krb5_error_code kret;
gssapi_krb5_init ();
GSSAPI_KRB5_INIT ();
kret = krb5_copy_principal (gssapi_krb5_context,
src_name,
dest_name);
if (kret) {
*minor_status = kret;
gssapi_krb5_set_error_string ();
return GSS_S_FAILURE;
} else {
return GSS_S_COMPLETE;
}
kret = krb5_copy_principal (gssapi_krb5_context,
src_name,
dest_name);
if (kret) {
*minor_status = kret;
gssapi_krb5_set_error_string ();
return GSS_S_FAILURE;
} else {
return GSS_S_COMPLETE;
}
}

4
lib/gssapi/krb5/export_sec_context.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1999 - 2001 Kungliga Tekniska H<>gskolan
* Copyright (c) 1999 - 2002 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -51,7 +51,7 @@ gss_export_sec_context (
OM_uint32 minor;
krb5_error_code kret;
gssapi_krb5_init ();
GSSAPI_KRB5_INIT ();
if (!((*context_handle)->flags & GSS_C_TRANS_FLAG))
return GSS_S_UNAVAILABLE;

4
lib/gssapi/krb5/gssapi.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2002 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -763,7 +763,7 @@ OM_uint32 gss_unseal
*/
OM_uint32 gsskrb5_register_acceptor_identity
(char *identity);
(const char *identity);
OM_uint32 gss_krb5_copy_ccache
(OM_uint32 *minor,

10
lib/gssapi/krb5/gssapi_locl.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2002 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -50,6 +50,14 @@ extern krb5_keytab gssapi_krb5_keytab;
krb5_error_code gssapi_krb5_init (void);
#define GSSAPI_KRB5_INIT() do { \
krb5_error_code kret; \
if((kret = gssapi_krb5_init ()) != 0) { \
*minor_status = kret; \
return GSS_S_FAILURE; \
} \
} while (0)
OM_uint32
gssapi_krb5_create_8003_checksum (
OM_uint32 *minor_status,

4
lib/gssapi/krb5/import_name.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2002 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -142,7 +142,7 @@ OM_uint32 gss_import_name
gss_name_t * output_name
)
{
gssapi_krb5_init ();
GSSAPI_KRB5_INIT ();
if (oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE))
return import_hostbased_name (minor_status,

4
lib/gssapi/krb5/import_sec_context.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1999 - 2001 Kungliga Tekniska H<>gskolan
* Copyright (c) 1999 - 2002 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -55,7 +55,7 @@ gss_import_sec_context (
int32_t flags;
OM_uint32 minor;
gssapi_krb5_init ();
GSSAPI_KRB5_INIT ();
sp = krb5_storage_from_mem (interprocess_token->value,
interprocess_token->length);

2
lib/gssapi/krb5/init_sec_context.c
View File

@@ -503,7 +503,7 @@ OM_uint32 gss_init_sec_context
OM_uint32 * time_rec
)
{
gssapi_krb5_init ();
GSSAPI_KRB5_INIT ();
if (input_token == GSS_C_NO_BUFFER || input_token->length == 0)
return init_auth (minor_status,

4
lib/gssapi/krb5/release_cred.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 1998 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997-2002 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -44,7 +44,7 @@ OM_uint32 gss_release_cred
return GSS_S_COMPLETE;
}
gssapi_krb5_init ();
GSSAPI_KRB5_INIT ();
if ((*cred_handle)->principal != NULL)
krb5_free_principal(gssapi_krb5_context, (*cred_handle)->principal);

12
lib/gssapi/krb5/release_name.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2002 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -40,9 +40,9 @@ OM_uint32 gss_release_name
gss_name_t * input_name
)
{
gssapi_krb5_init ();
krb5_free_principal(gssapi_krb5_context,
*input_name);
*input_name = GSS_C_NO_NAME;
return GSS_S_COMPLETE;
GSSAPI_KRB5_INIT ();
krb5_free_principal(gssapi_krb5_context,
*input_name);
*input_name = GSS_C_NO_NAME;
return GSS_S_COMPLETE;
}

4
lib/gssapi/release_cred.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 1998 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997-2002 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -44,7 +44,7 @@ OM_uint32 gss_release_cred
return GSS_S_COMPLETE;
}
gssapi_krb5_init ();
GSSAPI_KRB5_INIT ();
if ((*cred_handle)->principal != NULL)
krb5_free_principal(gssapi_krb5_context, (*cred_handle)->principal);

12
lib/gssapi/release_name.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2002 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -40,9 +40,9 @@ OM_uint32 gss_release_name
gss_name_t * input_name
)
{
gssapi_krb5_init ();
krb5_free_principal(gssapi_krb5_context,
*input_name);
*input_name = GSS_C_NO_NAME;
return GSS_S_COMPLETE;
GSSAPI_KRB5_INIT ();
krb5_free_principal(gssapi_krb5_context,
*input_name);
*input_name = GSS_C_NO_NAME;
return GSS_S_COMPLETE;
}