From 14d8cdb8945c7fa21ae2e786be97189efc6a2d9b Mon Sep 17 00:00:00 2001 From: Johan Danielsson Date: Thu, 31 Oct 2002 16:06:35 +0000 Subject: [PATCH] check return value from gssapi_krb5_init git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11534 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/gssapi/accept_sec_context.c | 575 +++++++++++++-------------- lib/gssapi/acquire_cred.c | 2 +- lib/gssapi/compare_name.c | 5 +- lib/gssapi/context_time.c | 4 +- lib/gssapi/delete_sec_context.c | 44 +- lib/gssapi/display_name.c | 52 +-- lib/gssapi/display_status.c | 4 +- lib/gssapi/duplicate_name.c | 26 +- lib/gssapi/export_sec_context.c | 4 +- lib/gssapi/gssapi.h | 4 +- lib/gssapi/gssapi_locl.h | 10 +- lib/gssapi/import_name.c | 4 +- lib/gssapi/import_sec_context.c | 4 +- lib/gssapi/init_sec_context.c | 2 +- lib/gssapi/krb5/accept_sec_context.c | 575 +++++++++++++-------------- lib/gssapi/krb5/acquire_cred.c | 2 +- lib/gssapi/krb5/compare_name.c | 5 +- lib/gssapi/krb5/context_time.c | 4 +- lib/gssapi/krb5/delete_sec_context.c | 44 +- lib/gssapi/krb5/display_name.c | 52 +-- lib/gssapi/krb5/display_status.c | 4 +- lib/gssapi/krb5/duplicate_name.c | 26 +- lib/gssapi/krb5/export_sec_context.c | 4 +- lib/gssapi/krb5/gssapi.h | 4 +- lib/gssapi/krb5/gssapi_locl.h | 10 +- lib/gssapi/krb5/import_name.c | 4 +- lib/gssapi/krb5/import_sec_context.c | 4 +- lib/gssapi/krb5/init_sec_context.c | 2 +- lib/gssapi/krb5/release_cred.c | 4 +- lib/gssapi/krb5/release_name.c | 12 +- lib/gssapi/release_cred.c | 4 +- lib/gssapi/release_name.c | 12 +- 32 files changed, 764 insertions(+), 748 deletions(-) diff --git a/lib/gssapi/accept_sec_context.c b/lib/gssapi/accept_sec_context.c index 8f1f6fdbc..a0fc7bb0e 100644 --- a/lib/gssapi/accept_sec_context.c +++ b/lib/gssapi/accept_sec_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -38,7 +38,7 @@ RCSID("$Id$"); krb5_keytab gssapi_krb5_keytab; OM_uint32 -gsskrb5_register_acceptor_identity (char *identity) +gsskrb5_register_acceptor_identity (const char *identity) { krb5_error_code ret; char *p; @@ -76,347 +76,346 @@ gss_accept_sec_context gss_cred_id_t * delegated_cred_handle ) { - krb5_error_code kret; - OM_uint32 ret; - krb5_data indata; - krb5_flags ap_options; - OM_uint32 flags; - krb5_ticket *ticket = NULL; - krb5_keytab keytab = NULL; - krb5_data fwd_data; - OM_uint32 minor; + krb5_error_code kret; + OM_uint32 ret = GSS_S_COMPLETE; + krb5_data indata; + krb5_flags ap_options; + OM_uint32 flags; + krb5_ticket *ticket = NULL; + krb5_keytab keytab = NULL; + krb5_data fwd_data; + OM_uint32 minor; - ret = 0; - gssapi_krb5_init (); + GSSAPI_KRB5_INIT(); - krb5_data_zero (&fwd_data); - output_token->length = 0; - output_token->value = NULL; + krb5_data_zero (&fwd_data); + output_token->length = 0; + output_token->value = NULL; - if (*context_handle == GSS_C_NO_CONTEXT) { - *context_handle = malloc(sizeof(**context_handle)); if (*context_handle == GSS_C_NO_CONTEXT) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; + *context_handle = malloc(sizeof(**context_handle)); + if (*context_handle == GSS_C_NO_CONTEXT) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } } - } - (*context_handle)->auth_context = NULL; - (*context_handle)->source = NULL; - (*context_handle)->target = NULL; - (*context_handle)->flags = 0; - (*context_handle)->more_flags = 0; - (*context_handle)->ticket = NULL; + (*context_handle)->auth_context = NULL; + (*context_handle)->source = NULL; + (*context_handle)->target = NULL; + (*context_handle)->flags = 0; + (*context_handle)->more_flags = 0; + (*context_handle)->ticket = NULL; - if (src_name != NULL) - *src_name = NULL; + if (src_name != NULL) + *src_name = NULL; - kret = krb5_auth_con_init (gssapi_krb5_context, - &(*context_handle)->auth_context); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } - - if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS - && input_chan_bindings->application_data.length == - 2 * sizeof((*context_handle)->auth_context->local_port) - ) { - - /* Port numbers are expected to be in application_data.value, - * initator's port first */ - - krb5_address initiator_addr, acceptor_addr; - - memset(&initiator_addr, 0, sizeof(initiator_addr)); - memset(&acceptor_addr, 0, sizeof(acceptor_addr)); - - (*context_handle)->auth_context->remote_port = - *(int16_t *) input_chan_bindings->application_data.value; - - (*context_handle)->auth_context->local_port = - *((int16_t *) input_chan_bindings->application_data.value + 1); - - - kret = gss_address_to_krb5addr(input_chan_bindings->acceptor_addrtype, - &input_chan_bindings->acceptor_address, - (*context_handle)->auth_context->local_port, - &acceptor_addr); - if (kret) { - gssapi_krb5_set_error_string (); - ret = GSS_S_BAD_BINDINGS; + kret = krb5_auth_con_init (gssapi_krb5_context, + &(*context_handle)->auth_context); + if (kret) { + ret = GSS_S_FAILURE; *minor_status = kret; - goto failure; - } + gssapi_krb5_set_error_string (); + goto failure; + } + + if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS + && input_chan_bindings->application_data.length == + 2 * sizeof((*context_handle)->auth_context->local_port) + ) { + + /* Port numbers are expected to be in application_data.value, + * initator's port first */ + + krb5_address initiator_addr, acceptor_addr; + + memset(&initiator_addr, 0, sizeof(initiator_addr)); + memset(&acceptor_addr, 0, sizeof(acceptor_addr)); + + (*context_handle)->auth_context->remote_port = + *(int16_t *) input_chan_bindings->application_data.value; + + (*context_handle)->auth_context->local_port = + *((int16_t *) input_chan_bindings->application_data.value + 1); + + + kret = gss_address_to_krb5addr(input_chan_bindings->acceptor_addrtype, + &input_chan_bindings->acceptor_address, + (*context_handle)->auth_context->local_port, + &acceptor_addr); + if (kret) { + gssapi_krb5_set_error_string (); + ret = GSS_S_BAD_BINDINGS; + *minor_status = kret; + goto failure; + } - kret = gss_address_to_krb5addr(input_chan_bindings->initiator_addrtype, - &input_chan_bindings->initiator_address, - (*context_handle)->auth_context->remote_port, - &initiator_addr); - if (kret) { - krb5_free_address (gssapi_krb5_context, &acceptor_addr); - gssapi_krb5_set_error_string (); - ret = GSS_S_BAD_BINDINGS; - *minor_status = kret; - goto failure; - } + kret = gss_address_to_krb5addr(input_chan_bindings->initiator_addrtype, + &input_chan_bindings->initiator_address, + (*context_handle)->auth_context->remote_port, + &initiator_addr); + if (kret) { + krb5_free_address (gssapi_krb5_context, &acceptor_addr); + gssapi_krb5_set_error_string (); + ret = GSS_S_BAD_BINDINGS; + *minor_status = kret; + goto failure; + } - kret = krb5_auth_con_setaddrs(gssapi_krb5_context, - (*context_handle)->auth_context, - &acceptor_addr, /* local address */ - &initiator_addr); /* remote address */ + kret = krb5_auth_con_setaddrs(gssapi_krb5_context, + (*context_handle)->auth_context, + &acceptor_addr, /* local address */ + &initiator_addr); /* remote address */ - krb5_free_address (gssapi_krb5_context, &initiator_addr); - krb5_free_address (gssapi_krb5_context, &acceptor_addr); + krb5_free_address (gssapi_krb5_context, &initiator_addr); + krb5_free_address (gssapi_krb5_context, &acceptor_addr); #if 0 - free(input_chan_bindings->application_data.value); - input_chan_bindings->application_data.value = NULL; - input_chan_bindings->application_data.length = 0; + free(input_chan_bindings->application_data.value); + input_chan_bindings->application_data.value = NULL; + input_chan_bindings->application_data.length = 0; #endif - if (kret) { - gssapi_krb5_set_error_string (); - ret = GSS_S_BAD_BINDINGS; - *minor_status = kret; - goto failure; - } - } + if (kret) { + gssapi_krb5_set_error_string (); + ret = GSS_S_BAD_BINDINGS; + *minor_status = kret; + goto failure; + } + } - { - int32_t tmp; + { + int32_t tmp; - krb5_auth_con_getflags(gssapi_krb5_context, - (*context_handle)->auth_context, - &tmp); - tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE; - krb5_auth_con_setflags(gssapi_krb5_context, - (*context_handle)->auth_context, - tmp); - } + krb5_auth_con_getflags(gssapi_krb5_context, + (*context_handle)->auth_context, + &tmp); + tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE; + krb5_auth_con_setflags(gssapi_krb5_context, + (*context_handle)->auth_context, + tmp); + } - ret = gssapi_krb5_decapsulate (minor_status, - input_token_buffer, - &indata, - "\x01\x00"); - if (ret) - goto failure; + ret = gssapi_krb5_decapsulate (minor_status, + input_token_buffer, + &indata, + "\x01\x00"); + if (ret) + goto failure; - if (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) { - if (gssapi_krb5_keytab != NULL) { - keytab = gssapi_krb5_keytab; - } - } else if (acceptor_cred_handle->keytab != NULL) { - keytab = acceptor_cred_handle->keytab; - } + if (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) { + if (gssapi_krb5_keytab != NULL) { + keytab = gssapi_krb5_keytab; + } + } else if (acceptor_cred_handle->keytab != NULL) { + keytab = acceptor_cred_handle->keytab; + } - kret = krb5_rd_req (gssapi_krb5_context, - &(*context_handle)->auth_context, - &indata, - (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) ? NULL + kret = krb5_rd_req (gssapi_krb5_context, + &(*context_handle)->auth_context, + &indata, + (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) ? NULL : acceptor_cred_handle->principal, - keytab, - &ap_options, - &ticket); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } + keytab, + &ap_options, + &ticket); + if (kret) { + ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); + goto failure; + } - kret = krb5_copy_principal (gssapi_krb5_context, - ticket->client, - &(*context_handle)->source); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } - - kret = krb5_copy_principal (gssapi_krb5_context, - ticket->server, - &(*context_handle)->target); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } - - if (src_name != NULL) { kret = krb5_copy_principal (gssapi_krb5_context, ticket->client, - src_name); + &(*context_handle)->source); if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } - } - - { - krb5_authenticator authenticator; - - kret = krb5_auth_con_getauthenticator(gssapi_krb5_context, - (*context_handle)->auth_context, - &authenticator); - if(kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } - - ret = gssapi_krb5_verify_8003_checksum(minor_status, - input_chan_bindings, - authenticator->cksum, - &flags, - &fwd_data); - krb5_free_authenticator(gssapi_krb5_context, &authenticator); - if (ret) + ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); goto failure; - } + } - if (fwd_data.length > 0 && (flags & GSS_C_DELEG_FLAG)) { - - krb5_ccache ccache; - - if (delegated_cred_handle == NULL) - /* XXX Create a new delegated_cred_handle? */ - kret = krb5_cc_default (gssapi_krb5_context, &ccache); - else if (*delegated_cred_handle == NULL) { - if ((*delegated_cred_handle = - calloc(1, sizeof(**delegated_cred_handle))) == NULL) { + kret = krb5_copy_principal (gssapi_krb5_context, + ticket->server, + &(*context_handle)->target); + if (kret) { + ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); + goto failure; + } + + if (src_name != NULL) { + kret = krb5_copy_principal (gssapi_krb5_context, + ticket->client, + src_name); + if (kret) { ret = GSS_S_FAILURE; - *minor_status = ENOMEM; - krb5_set_error_string(gssapi_krb5_context, "out of memory"); - gssapi_krb5_set_error_string(); + *minor_status = kret; + gssapi_krb5_set_error_string (); goto failure; - } - if ((ret = gss_duplicate_name(minor_status, ticket->client, - &(*delegated_cred_handle)->principal)) != 0) { - flags &= ~GSS_C_DELEG_FLAG; - free(*delegated_cred_handle); - *delegated_cred_handle = NULL; - goto end_fwd; - } - } - if (delegated_cred_handle != NULL && - (*delegated_cred_handle)->ccache == NULL) { + } + } + + { + krb5_authenticator authenticator; + + kret = krb5_auth_con_getauthenticator(gssapi_krb5_context, + (*context_handle)->auth_context, + &authenticator); + if(kret) { + ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); + goto failure; + } + + ret = gssapi_krb5_verify_8003_checksum(minor_status, + input_chan_bindings, + authenticator->cksum, + &flags, + &fwd_data); + krb5_free_authenticator(gssapi_krb5_context, &authenticator); + if (ret) + goto failure; + } + + if (fwd_data.length > 0 && (flags & GSS_C_DELEG_FLAG)) { + + krb5_ccache ccache; + + if (delegated_cred_handle == NULL) + /* XXX Create a new delegated_cred_handle? */ + kret = krb5_cc_default (gssapi_krb5_context, &ccache); + else if (*delegated_cred_handle == NULL) { + if ((*delegated_cred_handle = + calloc(1, sizeof(**delegated_cred_handle))) == NULL) { + ret = GSS_S_FAILURE; + *minor_status = ENOMEM; + krb5_set_error_string(gssapi_krb5_context, "out of memory"); + gssapi_krb5_set_error_string(); + goto failure; + } + if ((ret = gss_duplicate_name(minor_status, ticket->client, + &(*delegated_cred_handle)->principal)) != 0) { + flags &= ~GSS_C_DELEG_FLAG; + free(*delegated_cred_handle); + *delegated_cred_handle = NULL; + goto end_fwd; + } + } + if (delegated_cred_handle != NULL && + (*delegated_cred_handle)->ccache == NULL) { kret = krb5_cc_gen_new (gssapi_krb5_context, &krb5_mcc_ops, &(*delegated_cred_handle)->ccache); - ccache = (*delegated_cred_handle)->ccache; - } - if (delegated_cred_handle != NULL && - (*delegated_cred_handle)->mechanisms == NULL) { + ccache = (*delegated_cred_handle)->ccache; + } + if (delegated_cred_handle != NULL && + (*delegated_cred_handle)->mechanisms == NULL) { ret = gss_create_empty_oid_set(minor_status, - &(*delegated_cred_handle)->mechanisms); + &(*delegated_cred_handle)->mechanisms); if (ret) - goto failure; + goto failure; ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, - &(*delegated_cred_handle)->mechanisms); + &(*delegated_cred_handle)->mechanisms); if (ret) - goto failure; - } + goto failure; + } - if (kret) { - flags &= ~GSS_C_DELEG_FLAG; - goto end_fwd; - } + if (kret) { + flags &= ~GSS_C_DELEG_FLAG; + goto end_fwd; + } - kret = krb5_cc_initialize(gssapi_krb5_context, - ccache, - *src_name); - if (kret) { - flags &= ~GSS_C_DELEG_FLAG; - goto end_fwd; - } + kret = krb5_cc_initialize(gssapi_krb5_context, + ccache, + *src_name); + if (kret) { + flags &= ~GSS_C_DELEG_FLAG; + goto end_fwd; + } - kret = krb5_rd_cred2(gssapi_krb5_context, - (*context_handle)->auth_context, - ccache, - &fwd_data); - if (kret) { - flags &= ~GSS_C_DELEG_FLAG; - goto end_fwd; - } + kret = krb5_rd_cred2(gssapi_krb5_context, + (*context_handle)->auth_context, + ccache, + &fwd_data); + if (kret) { + flags &= ~GSS_C_DELEG_FLAG; + goto end_fwd; + } -end_fwd: - free(fwd_data.data); - } + end_fwd: + free(fwd_data.data); + } - flags |= GSS_C_TRANS_FLAG; + flags |= GSS_C_TRANS_FLAG; - if (ret_flags) - *ret_flags = flags; - (*context_handle)->flags = flags; - (*context_handle)->more_flags |= OPEN; + if (ret_flags) + *ret_flags = flags; + (*context_handle)->flags = flags; + (*context_handle)->more_flags |= OPEN; - if (mech_type) - *mech_type = GSS_KRB5_MECHANISM; + if (mech_type) + *mech_type = GSS_KRB5_MECHANISM; - if (time_rec) - *time_rec = GSS_C_INDEFINITE; + if (time_rec) + *time_rec = GSS_C_INDEFINITE; - if(flags & GSS_C_MUTUAL_FLAG) { - krb5_data outbuf; + if(flags & GSS_C_MUTUAL_FLAG) { + krb5_data outbuf; - kret = krb5_mk_rep (gssapi_krb5_context, - (*context_handle)->auth_context, - &outbuf); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; + kret = krb5_mk_rep (gssapi_krb5_context, + (*context_handle)->auth_context, + &outbuf); + if (kret) { + ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); + goto failure; + } + ret = gssapi_krb5_encapsulate (minor_status, + &outbuf, + output_token, + "\x02\x00"); + krb5_data_free (&outbuf); + if (ret) + goto failure; + } else { + output_token->length = 0; } - ret = gssapi_krb5_encapsulate (minor_status, - &outbuf, - output_token, - "\x02\x00"); - krb5_data_free (&outbuf); - if (ret) - goto failure; - } else { - output_token->length = 0; - } - (*context_handle)->ticket = ticket; - ticket = NULL; + (*context_handle)->ticket = ticket; + ticket = NULL; #if 0 - krb5_free_ticket (context, ticket); + krb5_free_ticket (context, ticket); #endif - return GSS_S_COMPLETE; + return GSS_S_COMPLETE; -failure: - if (fwd_data.length > 0) - free(fwd_data.data); - if (ticket != NULL) - krb5_free_ticket (gssapi_krb5_context, ticket); - krb5_auth_con_free (gssapi_krb5_context, - (*context_handle)->auth_context); - if((*context_handle)->source) - krb5_free_principal (gssapi_krb5_context, - (*context_handle)->source); - if((*context_handle)->target) - krb5_free_principal (gssapi_krb5_context, - (*context_handle)->target); - free (*context_handle); - if (src_name != NULL) { - gss_release_name (&minor, src_name); - *src_name = NULL; - } - *context_handle = GSS_C_NO_CONTEXT; - return ret; + failure: + if (fwd_data.length > 0) + free(fwd_data.data); + if (ticket != NULL) + krb5_free_ticket (gssapi_krb5_context, ticket); + krb5_auth_con_free (gssapi_krb5_context, + (*context_handle)->auth_context); + if((*context_handle)->source) + krb5_free_principal (gssapi_krb5_context, + (*context_handle)->source); + if((*context_handle)->target) + krb5_free_principal (gssapi_krb5_context, + (*context_handle)->target); + free (*context_handle); + if (src_name != NULL) { + gss_release_name (&minor, src_name); + *src_name = NULL; + } + *context_handle = GSS_C_NO_CONTEXT; + return ret; } diff --git a/lib/gssapi/acquire_cred.c b/lib/gssapi/acquire_cred.c index 84814f5a7..8b4c4874b 100644 --- a/lib/gssapi/acquire_cred.c +++ b/lib/gssapi/acquire_cred.c @@ -195,7 +195,7 @@ OM_uint32 gss_acquire_cred gss_cred_id_t handle; OM_uint32 ret; - gssapi_krb5_init (); + GSSAPI_KRB5_INIT (); *minor_status = 0; handle = (gss_cred_id_t)malloc(sizeof(*handle)); diff --git a/lib/gssapi/compare_name.c b/lib/gssapi/compare_name.c index f4f3de47d..790f454a1 100644 --- a/lib/gssapi/compare_name.c +++ b/lib/gssapi/compare_name.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -42,7 +42,8 @@ OM_uint32 gss_compare_name int * name_equal ) { - gssapi_krb5_init (); + GSSAPI_KRB5_INIT(); + *name_equal = krb5_principal_compare (gssapi_krb5_context, name1, name2); return GSS_S_COMPLETE; diff --git a/lib/gssapi/context_time.c b/lib/gssapi/context_time.c index 627a00d75..05925bb20 100644 --- a/lib/gssapi/context_time.c +++ b/lib/gssapi/context_time.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -46,7 +46,7 @@ OM_uint32 gss_context_time krb5_error_code kret; krb5_timestamp timeret; - gssapi_krb5_init(); + GSSAPI_KRB5_INIT (); ret = gss_inquire_context(minor_status, context_handle, NULL, NULL, &lifetime, NULL, NULL, NULL, NULL); diff --git a/lib/gssapi/delete_sec_context.c b/lib/gssapi/delete_sec_context.c index 872ab4e8d..5936467ab 100644 --- a/lib/gssapi/delete_sec_context.c +++ b/lib/gssapi/delete_sec_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -41,28 +41,28 @@ OM_uint32 gss_delete_sec_context gss_buffer_t output_token ) { - gssapi_krb5_init (); + GSSAPI_KRB5_INIT (); - if (output_token) { - output_token->length = 0; - output_token->value = NULL; - } + if (output_token) { + output_token->length = 0; + output_token->value = NULL; + } - krb5_auth_con_free (gssapi_krb5_context, - (*context_handle)->auth_context); - if((*context_handle)->source) - krb5_free_principal (gssapi_krb5_context, - (*context_handle)->source); - if((*context_handle)->target) - krb5_free_principal (gssapi_krb5_context, - (*context_handle)->target); - if ((*context_handle)->ticket) { - krb5_free_ticket (gssapi_krb5_context, - (*context_handle)->ticket); - free((*context_handle)->ticket); - } + krb5_auth_con_free (gssapi_krb5_context, + (*context_handle)->auth_context); + if((*context_handle)->source) + krb5_free_principal (gssapi_krb5_context, + (*context_handle)->source); + if((*context_handle)->target) + krb5_free_principal (gssapi_krb5_context, + (*context_handle)->target); + if ((*context_handle)->ticket) { + krb5_free_ticket (gssapi_krb5_context, + (*context_handle)->ticket); + free((*context_handle)->ticket); + } - free (*context_handle); - *context_handle = GSS_C_NO_CONTEXT; - return GSS_S_COMPLETE; + free (*context_handle); + *context_handle = GSS_C_NO_CONTEXT; + return GSS_S_COMPLETE; } diff --git a/lib/gssapi/display_name.c b/lib/gssapi/display_name.c index 453fc7f4b..483739431 100644 --- a/lib/gssapi/display_name.c +++ b/lib/gssapi/display_name.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -42,31 +42,31 @@ OM_uint32 gss_display_name gss_OID * output_name_type ) { - krb5_error_code kret; - char *buf; - size_t len; + krb5_error_code kret; + char *buf; + size_t len; - gssapi_krb5_init (); - kret = krb5_unparse_name (gssapi_krb5_context, - input_name, - &buf); - if (kret) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - return GSS_S_FAILURE; - } - len = strlen (buf); - output_name_buffer->length = len; - output_name_buffer->value = malloc(len + 1); - if (output_name_buffer->value == NULL) { + GSSAPI_KRB5_INIT (); + kret = krb5_unparse_name (gssapi_krb5_context, + input_name, + &buf); + if (kret) { + *minor_status = kret; + gssapi_krb5_set_error_string (); + return GSS_S_FAILURE; + } + len = strlen (buf); + output_name_buffer->length = len; + output_name_buffer->value = malloc(len + 1); + if (output_name_buffer->value == NULL) { + free (buf); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + memcpy (output_name_buffer->value, buf, len); + ((char *)output_name_buffer->value)[len] = '\0'; free (buf); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - memcpy (output_name_buffer->value, buf, len); - ((char *)output_name_buffer->value)[len] = '\0'; - free (buf); - if (output_name_type) - *output_name_type = GSS_KRB5_NT_PRINCIPAL_NAME; - return GSS_S_COMPLETE; + if (output_name_type) + *output_name_type = GSS_KRB5_NT_PRINCIPAL_NAME; + return GSS_S_COMPLETE; } diff --git a/lib/gssapi/display_status.c b/lib/gssapi/display_status.c index 7764f7a4c..c043ab8a5 100644 --- a/lib/gssapi/display_status.c +++ b/lib/gssapi/display_status.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1998 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -117,7 +117,7 @@ OM_uint32 gss_display_status { char *buf; - gssapi_krb5_init (); + GSSAPI_KRB5_INIT (); *minor_status = 0; diff --git a/lib/gssapi/duplicate_name.c b/lib/gssapi/duplicate_name.c index d243cb406..ca9931263 100644 --- a/lib/gssapi/duplicate_name.c +++ b/lib/gssapi/duplicate_name.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -41,18 +41,18 @@ OM_uint32 gss_duplicate_name ( gss_name_t * dest_name ) { - krb5_error_code kret; + krb5_error_code kret; - gssapi_krb5_init (); + GSSAPI_KRB5_INIT (); - kret = krb5_copy_principal (gssapi_krb5_context, - src_name, - dest_name); - if (kret) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - return GSS_S_FAILURE; - } else { - return GSS_S_COMPLETE; - } + kret = krb5_copy_principal (gssapi_krb5_context, + src_name, + dest_name); + if (kret) { + *minor_status = kret; + gssapi_krb5_set_error_string (); + return GSS_S_FAILURE; + } else { + return GSS_S_COMPLETE; + } } diff --git a/lib/gssapi/export_sec_context.c b/lib/gssapi/export_sec_context.c index d513aa2ee..fa22681a1 100644 --- a/lib/gssapi/export_sec_context.c +++ b/lib/gssapi/export_sec_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -51,7 +51,7 @@ gss_export_sec_context ( OM_uint32 minor; krb5_error_code kret; - gssapi_krb5_init (); + GSSAPI_KRB5_INIT (); if (!((*context_handle)->flags & GSS_C_TRANS_FLAG)) return GSS_S_UNAVAILABLE; diff --git a/lib/gssapi/gssapi.h b/lib/gssapi/gssapi.h index d56ec8237..2375af7ef 100644 --- a/lib/gssapi/gssapi.h +++ b/lib/gssapi/gssapi.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -763,7 +763,7 @@ OM_uint32 gss_unseal */ OM_uint32 gsskrb5_register_acceptor_identity - (char *identity); + (const char *identity); OM_uint32 gss_krb5_copy_ccache (OM_uint32 *minor, diff --git a/lib/gssapi/gssapi_locl.h b/lib/gssapi/gssapi_locl.h index 9035b8be9..93adc4b82 100644 --- a/lib/gssapi/gssapi_locl.h +++ b/lib/gssapi/gssapi_locl.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -50,6 +50,14 @@ extern krb5_keytab gssapi_krb5_keytab; krb5_error_code gssapi_krb5_init (void); +#define GSSAPI_KRB5_INIT() do { \ + krb5_error_code kret; \ + if((kret = gssapi_krb5_init ()) != 0) { \ + *minor_status = kret; \ + return GSS_S_FAILURE; \ + } \ +} while (0) + OM_uint32 gssapi_krb5_create_8003_checksum ( OM_uint32 *minor_status, diff --git a/lib/gssapi/import_name.c b/lib/gssapi/import_name.c index 1d1a0481a..d3d05dd09 100644 --- a/lib/gssapi/import_name.c +++ b/lib/gssapi/import_name.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -142,7 +142,7 @@ OM_uint32 gss_import_name gss_name_t * output_name ) { - gssapi_krb5_init (); + GSSAPI_KRB5_INIT (); if (oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE)) return import_hostbased_name (minor_status, diff --git a/lib/gssapi/import_sec_context.c b/lib/gssapi/import_sec_context.c index d2d314342..a124887b9 100644 --- a/lib/gssapi/import_sec_context.c +++ b/lib/gssapi/import_sec_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -55,7 +55,7 @@ gss_import_sec_context ( int32_t flags; OM_uint32 minor; - gssapi_krb5_init (); + GSSAPI_KRB5_INIT (); sp = krb5_storage_from_mem (interprocess_token->value, interprocess_token->length); diff --git a/lib/gssapi/init_sec_context.c b/lib/gssapi/init_sec_context.c index f3b7cc595..1f5f98fa9 100644 --- a/lib/gssapi/init_sec_context.c +++ b/lib/gssapi/init_sec_context.c @@ -503,7 +503,7 @@ OM_uint32 gss_init_sec_context OM_uint32 * time_rec ) { - gssapi_krb5_init (); + GSSAPI_KRB5_INIT (); if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) return init_auth (minor_status, diff --git a/lib/gssapi/krb5/accept_sec_context.c b/lib/gssapi/krb5/accept_sec_context.c index 8f1f6fdbc..a0fc7bb0e 100644 --- a/lib/gssapi/krb5/accept_sec_context.c +++ b/lib/gssapi/krb5/accept_sec_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -38,7 +38,7 @@ RCSID("$Id$"); krb5_keytab gssapi_krb5_keytab; OM_uint32 -gsskrb5_register_acceptor_identity (char *identity) +gsskrb5_register_acceptor_identity (const char *identity) { krb5_error_code ret; char *p; @@ -76,347 +76,346 @@ gss_accept_sec_context gss_cred_id_t * delegated_cred_handle ) { - krb5_error_code kret; - OM_uint32 ret; - krb5_data indata; - krb5_flags ap_options; - OM_uint32 flags; - krb5_ticket *ticket = NULL; - krb5_keytab keytab = NULL; - krb5_data fwd_data; - OM_uint32 minor; + krb5_error_code kret; + OM_uint32 ret = GSS_S_COMPLETE; + krb5_data indata; + krb5_flags ap_options; + OM_uint32 flags; + krb5_ticket *ticket = NULL; + krb5_keytab keytab = NULL; + krb5_data fwd_data; + OM_uint32 minor; - ret = 0; - gssapi_krb5_init (); + GSSAPI_KRB5_INIT(); - krb5_data_zero (&fwd_data); - output_token->length = 0; - output_token->value = NULL; + krb5_data_zero (&fwd_data); + output_token->length = 0; + output_token->value = NULL; - if (*context_handle == GSS_C_NO_CONTEXT) { - *context_handle = malloc(sizeof(**context_handle)); if (*context_handle == GSS_C_NO_CONTEXT) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; + *context_handle = malloc(sizeof(**context_handle)); + if (*context_handle == GSS_C_NO_CONTEXT) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } } - } - (*context_handle)->auth_context = NULL; - (*context_handle)->source = NULL; - (*context_handle)->target = NULL; - (*context_handle)->flags = 0; - (*context_handle)->more_flags = 0; - (*context_handle)->ticket = NULL; + (*context_handle)->auth_context = NULL; + (*context_handle)->source = NULL; + (*context_handle)->target = NULL; + (*context_handle)->flags = 0; + (*context_handle)->more_flags = 0; + (*context_handle)->ticket = NULL; - if (src_name != NULL) - *src_name = NULL; + if (src_name != NULL) + *src_name = NULL; - kret = krb5_auth_con_init (gssapi_krb5_context, - &(*context_handle)->auth_context); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } - - if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS - && input_chan_bindings->application_data.length == - 2 * sizeof((*context_handle)->auth_context->local_port) - ) { - - /* Port numbers are expected to be in application_data.value, - * initator's port first */ - - krb5_address initiator_addr, acceptor_addr; - - memset(&initiator_addr, 0, sizeof(initiator_addr)); - memset(&acceptor_addr, 0, sizeof(acceptor_addr)); - - (*context_handle)->auth_context->remote_port = - *(int16_t *) input_chan_bindings->application_data.value; - - (*context_handle)->auth_context->local_port = - *((int16_t *) input_chan_bindings->application_data.value + 1); - - - kret = gss_address_to_krb5addr(input_chan_bindings->acceptor_addrtype, - &input_chan_bindings->acceptor_address, - (*context_handle)->auth_context->local_port, - &acceptor_addr); - if (kret) { - gssapi_krb5_set_error_string (); - ret = GSS_S_BAD_BINDINGS; + kret = krb5_auth_con_init (gssapi_krb5_context, + &(*context_handle)->auth_context); + if (kret) { + ret = GSS_S_FAILURE; *minor_status = kret; - goto failure; - } + gssapi_krb5_set_error_string (); + goto failure; + } + + if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS + && input_chan_bindings->application_data.length == + 2 * sizeof((*context_handle)->auth_context->local_port) + ) { + + /* Port numbers are expected to be in application_data.value, + * initator's port first */ + + krb5_address initiator_addr, acceptor_addr; + + memset(&initiator_addr, 0, sizeof(initiator_addr)); + memset(&acceptor_addr, 0, sizeof(acceptor_addr)); + + (*context_handle)->auth_context->remote_port = + *(int16_t *) input_chan_bindings->application_data.value; + + (*context_handle)->auth_context->local_port = + *((int16_t *) input_chan_bindings->application_data.value + 1); + + + kret = gss_address_to_krb5addr(input_chan_bindings->acceptor_addrtype, + &input_chan_bindings->acceptor_address, + (*context_handle)->auth_context->local_port, + &acceptor_addr); + if (kret) { + gssapi_krb5_set_error_string (); + ret = GSS_S_BAD_BINDINGS; + *minor_status = kret; + goto failure; + } - kret = gss_address_to_krb5addr(input_chan_bindings->initiator_addrtype, - &input_chan_bindings->initiator_address, - (*context_handle)->auth_context->remote_port, - &initiator_addr); - if (kret) { - krb5_free_address (gssapi_krb5_context, &acceptor_addr); - gssapi_krb5_set_error_string (); - ret = GSS_S_BAD_BINDINGS; - *minor_status = kret; - goto failure; - } + kret = gss_address_to_krb5addr(input_chan_bindings->initiator_addrtype, + &input_chan_bindings->initiator_address, + (*context_handle)->auth_context->remote_port, + &initiator_addr); + if (kret) { + krb5_free_address (gssapi_krb5_context, &acceptor_addr); + gssapi_krb5_set_error_string (); + ret = GSS_S_BAD_BINDINGS; + *minor_status = kret; + goto failure; + } - kret = krb5_auth_con_setaddrs(gssapi_krb5_context, - (*context_handle)->auth_context, - &acceptor_addr, /* local address */ - &initiator_addr); /* remote address */ + kret = krb5_auth_con_setaddrs(gssapi_krb5_context, + (*context_handle)->auth_context, + &acceptor_addr, /* local address */ + &initiator_addr); /* remote address */ - krb5_free_address (gssapi_krb5_context, &initiator_addr); - krb5_free_address (gssapi_krb5_context, &acceptor_addr); + krb5_free_address (gssapi_krb5_context, &initiator_addr); + krb5_free_address (gssapi_krb5_context, &acceptor_addr); #if 0 - free(input_chan_bindings->application_data.value); - input_chan_bindings->application_data.value = NULL; - input_chan_bindings->application_data.length = 0; + free(input_chan_bindings->application_data.value); + input_chan_bindings->application_data.value = NULL; + input_chan_bindings->application_data.length = 0; #endif - if (kret) { - gssapi_krb5_set_error_string (); - ret = GSS_S_BAD_BINDINGS; - *minor_status = kret; - goto failure; - } - } + if (kret) { + gssapi_krb5_set_error_string (); + ret = GSS_S_BAD_BINDINGS; + *minor_status = kret; + goto failure; + } + } - { - int32_t tmp; + { + int32_t tmp; - krb5_auth_con_getflags(gssapi_krb5_context, - (*context_handle)->auth_context, - &tmp); - tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE; - krb5_auth_con_setflags(gssapi_krb5_context, - (*context_handle)->auth_context, - tmp); - } + krb5_auth_con_getflags(gssapi_krb5_context, + (*context_handle)->auth_context, + &tmp); + tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE; + krb5_auth_con_setflags(gssapi_krb5_context, + (*context_handle)->auth_context, + tmp); + } - ret = gssapi_krb5_decapsulate (minor_status, - input_token_buffer, - &indata, - "\x01\x00"); - if (ret) - goto failure; + ret = gssapi_krb5_decapsulate (minor_status, + input_token_buffer, + &indata, + "\x01\x00"); + if (ret) + goto failure; - if (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) { - if (gssapi_krb5_keytab != NULL) { - keytab = gssapi_krb5_keytab; - } - } else if (acceptor_cred_handle->keytab != NULL) { - keytab = acceptor_cred_handle->keytab; - } + if (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) { + if (gssapi_krb5_keytab != NULL) { + keytab = gssapi_krb5_keytab; + } + } else if (acceptor_cred_handle->keytab != NULL) { + keytab = acceptor_cred_handle->keytab; + } - kret = krb5_rd_req (gssapi_krb5_context, - &(*context_handle)->auth_context, - &indata, - (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) ? NULL + kret = krb5_rd_req (gssapi_krb5_context, + &(*context_handle)->auth_context, + &indata, + (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) ? NULL : acceptor_cred_handle->principal, - keytab, - &ap_options, - &ticket); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } + keytab, + &ap_options, + &ticket); + if (kret) { + ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); + goto failure; + } - kret = krb5_copy_principal (gssapi_krb5_context, - ticket->client, - &(*context_handle)->source); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } - - kret = krb5_copy_principal (gssapi_krb5_context, - ticket->server, - &(*context_handle)->target); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } - - if (src_name != NULL) { kret = krb5_copy_principal (gssapi_krb5_context, ticket->client, - src_name); + &(*context_handle)->source); if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } - } - - { - krb5_authenticator authenticator; - - kret = krb5_auth_con_getauthenticator(gssapi_krb5_context, - (*context_handle)->auth_context, - &authenticator); - if(kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } - - ret = gssapi_krb5_verify_8003_checksum(minor_status, - input_chan_bindings, - authenticator->cksum, - &flags, - &fwd_data); - krb5_free_authenticator(gssapi_krb5_context, &authenticator); - if (ret) + ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); goto failure; - } + } - if (fwd_data.length > 0 && (flags & GSS_C_DELEG_FLAG)) { - - krb5_ccache ccache; - - if (delegated_cred_handle == NULL) - /* XXX Create a new delegated_cred_handle? */ - kret = krb5_cc_default (gssapi_krb5_context, &ccache); - else if (*delegated_cred_handle == NULL) { - if ((*delegated_cred_handle = - calloc(1, sizeof(**delegated_cred_handle))) == NULL) { + kret = krb5_copy_principal (gssapi_krb5_context, + ticket->server, + &(*context_handle)->target); + if (kret) { + ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); + goto failure; + } + + if (src_name != NULL) { + kret = krb5_copy_principal (gssapi_krb5_context, + ticket->client, + src_name); + if (kret) { ret = GSS_S_FAILURE; - *minor_status = ENOMEM; - krb5_set_error_string(gssapi_krb5_context, "out of memory"); - gssapi_krb5_set_error_string(); + *minor_status = kret; + gssapi_krb5_set_error_string (); goto failure; - } - if ((ret = gss_duplicate_name(minor_status, ticket->client, - &(*delegated_cred_handle)->principal)) != 0) { - flags &= ~GSS_C_DELEG_FLAG; - free(*delegated_cred_handle); - *delegated_cred_handle = NULL; - goto end_fwd; - } - } - if (delegated_cred_handle != NULL && - (*delegated_cred_handle)->ccache == NULL) { + } + } + + { + krb5_authenticator authenticator; + + kret = krb5_auth_con_getauthenticator(gssapi_krb5_context, + (*context_handle)->auth_context, + &authenticator); + if(kret) { + ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); + goto failure; + } + + ret = gssapi_krb5_verify_8003_checksum(minor_status, + input_chan_bindings, + authenticator->cksum, + &flags, + &fwd_data); + krb5_free_authenticator(gssapi_krb5_context, &authenticator); + if (ret) + goto failure; + } + + if (fwd_data.length > 0 && (flags & GSS_C_DELEG_FLAG)) { + + krb5_ccache ccache; + + if (delegated_cred_handle == NULL) + /* XXX Create a new delegated_cred_handle? */ + kret = krb5_cc_default (gssapi_krb5_context, &ccache); + else if (*delegated_cred_handle == NULL) { + if ((*delegated_cred_handle = + calloc(1, sizeof(**delegated_cred_handle))) == NULL) { + ret = GSS_S_FAILURE; + *minor_status = ENOMEM; + krb5_set_error_string(gssapi_krb5_context, "out of memory"); + gssapi_krb5_set_error_string(); + goto failure; + } + if ((ret = gss_duplicate_name(minor_status, ticket->client, + &(*delegated_cred_handle)->principal)) != 0) { + flags &= ~GSS_C_DELEG_FLAG; + free(*delegated_cred_handle); + *delegated_cred_handle = NULL; + goto end_fwd; + } + } + if (delegated_cred_handle != NULL && + (*delegated_cred_handle)->ccache == NULL) { kret = krb5_cc_gen_new (gssapi_krb5_context, &krb5_mcc_ops, &(*delegated_cred_handle)->ccache); - ccache = (*delegated_cred_handle)->ccache; - } - if (delegated_cred_handle != NULL && - (*delegated_cred_handle)->mechanisms == NULL) { + ccache = (*delegated_cred_handle)->ccache; + } + if (delegated_cred_handle != NULL && + (*delegated_cred_handle)->mechanisms == NULL) { ret = gss_create_empty_oid_set(minor_status, - &(*delegated_cred_handle)->mechanisms); + &(*delegated_cred_handle)->mechanisms); if (ret) - goto failure; + goto failure; ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, - &(*delegated_cred_handle)->mechanisms); + &(*delegated_cred_handle)->mechanisms); if (ret) - goto failure; - } + goto failure; + } - if (kret) { - flags &= ~GSS_C_DELEG_FLAG; - goto end_fwd; - } + if (kret) { + flags &= ~GSS_C_DELEG_FLAG; + goto end_fwd; + } - kret = krb5_cc_initialize(gssapi_krb5_context, - ccache, - *src_name); - if (kret) { - flags &= ~GSS_C_DELEG_FLAG; - goto end_fwd; - } + kret = krb5_cc_initialize(gssapi_krb5_context, + ccache, + *src_name); + if (kret) { + flags &= ~GSS_C_DELEG_FLAG; + goto end_fwd; + } - kret = krb5_rd_cred2(gssapi_krb5_context, - (*context_handle)->auth_context, - ccache, - &fwd_data); - if (kret) { - flags &= ~GSS_C_DELEG_FLAG; - goto end_fwd; - } + kret = krb5_rd_cred2(gssapi_krb5_context, + (*context_handle)->auth_context, + ccache, + &fwd_data); + if (kret) { + flags &= ~GSS_C_DELEG_FLAG; + goto end_fwd; + } -end_fwd: - free(fwd_data.data); - } + end_fwd: + free(fwd_data.data); + } - flags |= GSS_C_TRANS_FLAG; + flags |= GSS_C_TRANS_FLAG; - if (ret_flags) - *ret_flags = flags; - (*context_handle)->flags = flags; - (*context_handle)->more_flags |= OPEN; + if (ret_flags) + *ret_flags = flags; + (*context_handle)->flags = flags; + (*context_handle)->more_flags |= OPEN; - if (mech_type) - *mech_type = GSS_KRB5_MECHANISM; + if (mech_type) + *mech_type = GSS_KRB5_MECHANISM; - if (time_rec) - *time_rec = GSS_C_INDEFINITE; + if (time_rec) + *time_rec = GSS_C_INDEFINITE; - if(flags & GSS_C_MUTUAL_FLAG) { - krb5_data outbuf; + if(flags & GSS_C_MUTUAL_FLAG) { + krb5_data outbuf; - kret = krb5_mk_rep (gssapi_krb5_context, - (*context_handle)->auth_context, - &outbuf); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; + kret = krb5_mk_rep (gssapi_krb5_context, + (*context_handle)->auth_context, + &outbuf); + if (kret) { + ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); + goto failure; + } + ret = gssapi_krb5_encapsulate (minor_status, + &outbuf, + output_token, + "\x02\x00"); + krb5_data_free (&outbuf); + if (ret) + goto failure; + } else { + output_token->length = 0; } - ret = gssapi_krb5_encapsulate (minor_status, - &outbuf, - output_token, - "\x02\x00"); - krb5_data_free (&outbuf); - if (ret) - goto failure; - } else { - output_token->length = 0; - } - (*context_handle)->ticket = ticket; - ticket = NULL; + (*context_handle)->ticket = ticket; + ticket = NULL; #if 0 - krb5_free_ticket (context, ticket); + krb5_free_ticket (context, ticket); #endif - return GSS_S_COMPLETE; + return GSS_S_COMPLETE; -failure: - if (fwd_data.length > 0) - free(fwd_data.data); - if (ticket != NULL) - krb5_free_ticket (gssapi_krb5_context, ticket); - krb5_auth_con_free (gssapi_krb5_context, - (*context_handle)->auth_context); - if((*context_handle)->source) - krb5_free_principal (gssapi_krb5_context, - (*context_handle)->source); - if((*context_handle)->target) - krb5_free_principal (gssapi_krb5_context, - (*context_handle)->target); - free (*context_handle); - if (src_name != NULL) { - gss_release_name (&minor, src_name); - *src_name = NULL; - } - *context_handle = GSS_C_NO_CONTEXT; - return ret; + failure: + if (fwd_data.length > 0) + free(fwd_data.data); + if (ticket != NULL) + krb5_free_ticket (gssapi_krb5_context, ticket); + krb5_auth_con_free (gssapi_krb5_context, + (*context_handle)->auth_context); + if((*context_handle)->source) + krb5_free_principal (gssapi_krb5_context, + (*context_handle)->source); + if((*context_handle)->target) + krb5_free_principal (gssapi_krb5_context, + (*context_handle)->target); + free (*context_handle); + if (src_name != NULL) { + gss_release_name (&minor, src_name); + *src_name = NULL; + } + *context_handle = GSS_C_NO_CONTEXT; + return ret; } diff --git a/lib/gssapi/krb5/acquire_cred.c b/lib/gssapi/krb5/acquire_cred.c index 84814f5a7..8b4c4874b 100644 --- a/lib/gssapi/krb5/acquire_cred.c +++ b/lib/gssapi/krb5/acquire_cred.c @@ -195,7 +195,7 @@ OM_uint32 gss_acquire_cred gss_cred_id_t handle; OM_uint32 ret; - gssapi_krb5_init (); + GSSAPI_KRB5_INIT (); *minor_status = 0; handle = (gss_cred_id_t)malloc(sizeof(*handle)); diff --git a/lib/gssapi/krb5/compare_name.c b/lib/gssapi/krb5/compare_name.c index f4f3de47d..790f454a1 100644 --- a/lib/gssapi/krb5/compare_name.c +++ b/lib/gssapi/krb5/compare_name.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -42,7 +42,8 @@ OM_uint32 gss_compare_name int * name_equal ) { - gssapi_krb5_init (); + GSSAPI_KRB5_INIT(); + *name_equal = krb5_principal_compare (gssapi_krb5_context, name1, name2); return GSS_S_COMPLETE; diff --git a/lib/gssapi/krb5/context_time.c b/lib/gssapi/krb5/context_time.c index 627a00d75..05925bb20 100644 --- a/lib/gssapi/krb5/context_time.c +++ b/lib/gssapi/krb5/context_time.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -46,7 +46,7 @@ OM_uint32 gss_context_time krb5_error_code kret; krb5_timestamp timeret; - gssapi_krb5_init(); + GSSAPI_KRB5_INIT (); ret = gss_inquire_context(minor_status, context_handle, NULL, NULL, &lifetime, NULL, NULL, NULL, NULL); diff --git a/lib/gssapi/krb5/delete_sec_context.c b/lib/gssapi/krb5/delete_sec_context.c index 872ab4e8d..5936467ab 100644 --- a/lib/gssapi/krb5/delete_sec_context.c +++ b/lib/gssapi/krb5/delete_sec_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -41,28 +41,28 @@ OM_uint32 gss_delete_sec_context gss_buffer_t output_token ) { - gssapi_krb5_init (); + GSSAPI_KRB5_INIT (); - if (output_token) { - output_token->length = 0; - output_token->value = NULL; - } + if (output_token) { + output_token->length = 0; + output_token->value = NULL; + } - krb5_auth_con_free (gssapi_krb5_context, - (*context_handle)->auth_context); - if((*context_handle)->source) - krb5_free_principal (gssapi_krb5_context, - (*context_handle)->source); - if((*context_handle)->target) - krb5_free_principal (gssapi_krb5_context, - (*context_handle)->target); - if ((*context_handle)->ticket) { - krb5_free_ticket (gssapi_krb5_context, - (*context_handle)->ticket); - free((*context_handle)->ticket); - } + krb5_auth_con_free (gssapi_krb5_context, + (*context_handle)->auth_context); + if((*context_handle)->source) + krb5_free_principal (gssapi_krb5_context, + (*context_handle)->source); + if((*context_handle)->target) + krb5_free_principal (gssapi_krb5_context, + (*context_handle)->target); + if ((*context_handle)->ticket) { + krb5_free_ticket (gssapi_krb5_context, + (*context_handle)->ticket); + free((*context_handle)->ticket); + } - free (*context_handle); - *context_handle = GSS_C_NO_CONTEXT; - return GSS_S_COMPLETE; + free (*context_handle); + *context_handle = GSS_C_NO_CONTEXT; + return GSS_S_COMPLETE; } diff --git a/lib/gssapi/krb5/display_name.c b/lib/gssapi/krb5/display_name.c index 453fc7f4b..483739431 100644 --- a/lib/gssapi/krb5/display_name.c +++ b/lib/gssapi/krb5/display_name.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -42,31 +42,31 @@ OM_uint32 gss_display_name gss_OID * output_name_type ) { - krb5_error_code kret; - char *buf; - size_t len; + krb5_error_code kret; + char *buf; + size_t len; - gssapi_krb5_init (); - kret = krb5_unparse_name (gssapi_krb5_context, - input_name, - &buf); - if (kret) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - return GSS_S_FAILURE; - } - len = strlen (buf); - output_name_buffer->length = len; - output_name_buffer->value = malloc(len + 1); - if (output_name_buffer->value == NULL) { + GSSAPI_KRB5_INIT (); + kret = krb5_unparse_name (gssapi_krb5_context, + input_name, + &buf); + if (kret) { + *minor_status = kret; + gssapi_krb5_set_error_string (); + return GSS_S_FAILURE; + } + len = strlen (buf); + output_name_buffer->length = len; + output_name_buffer->value = malloc(len + 1); + if (output_name_buffer->value == NULL) { + free (buf); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + memcpy (output_name_buffer->value, buf, len); + ((char *)output_name_buffer->value)[len] = '\0'; free (buf); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - memcpy (output_name_buffer->value, buf, len); - ((char *)output_name_buffer->value)[len] = '\0'; - free (buf); - if (output_name_type) - *output_name_type = GSS_KRB5_NT_PRINCIPAL_NAME; - return GSS_S_COMPLETE; + if (output_name_type) + *output_name_type = GSS_KRB5_NT_PRINCIPAL_NAME; + return GSS_S_COMPLETE; } diff --git a/lib/gssapi/krb5/display_status.c b/lib/gssapi/krb5/display_status.c index 7764f7a4c..c043ab8a5 100644 --- a/lib/gssapi/krb5/display_status.c +++ b/lib/gssapi/krb5/display_status.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1998 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -117,7 +117,7 @@ OM_uint32 gss_display_status { char *buf; - gssapi_krb5_init (); + GSSAPI_KRB5_INIT (); *minor_status = 0; diff --git a/lib/gssapi/krb5/duplicate_name.c b/lib/gssapi/krb5/duplicate_name.c index d243cb406..ca9931263 100644 --- a/lib/gssapi/krb5/duplicate_name.c +++ b/lib/gssapi/krb5/duplicate_name.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -41,18 +41,18 @@ OM_uint32 gss_duplicate_name ( gss_name_t * dest_name ) { - krb5_error_code kret; + krb5_error_code kret; - gssapi_krb5_init (); + GSSAPI_KRB5_INIT (); - kret = krb5_copy_principal (gssapi_krb5_context, - src_name, - dest_name); - if (kret) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - return GSS_S_FAILURE; - } else { - return GSS_S_COMPLETE; - } + kret = krb5_copy_principal (gssapi_krb5_context, + src_name, + dest_name); + if (kret) { + *minor_status = kret; + gssapi_krb5_set_error_string (); + return GSS_S_FAILURE; + } else { + return GSS_S_COMPLETE; + } } diff --git a/lib/gssapi/krb5/export_sec_context.c b/lib/gssapi/krb5/export_sec_context.c index d513aa2ee..fa22681a1 100644 --- a/lib/gssapi/krb5/export_sec_context.c +++ b/lib/gssapi/krb5/export_sec_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -51,7 +51,7 @@ gss_export_sec_context ( OM_uint32 minor; krb5_error_code kret; - gssapi_krb5_init (); + GSSAPI_KRB5_INIT (); if (!((*context_handle)->flags & GSS_C_TRANS_FLAG)) return GSS_S_UNAVAILABLE; diff --git a/lib/gssapi/krb5/gssapi.h b/lib/gssapi/krb5/gssapi.h index d56ec8237..2375af7ef 100644 --- a/lib/gssapi/krb5/gssapi.h +++ b/lib/gssapi/krb5/gssapi.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -763,7 +763,7 @@ OM_uint32 gss_unseal */ OM_uint32 gsskrb5_register_acceptor_identity - (char *identity); + (const char *identity); OM_uint32 gss_krb5_copy_ccache (OM_uint32 *minor, diff --git a/lib/gssapi/krb5/gssapi_locl.h b/lib/gssapi/krb5/gssapi_locl.h index 9035b8be9..93adc4b82 100644 --- a/lib/gssapi/krb5/gssapi_locl.h +++ b/lib/gssapi/krb5/gssapi_locl.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -50,6 +50,14 @@ extern krb5_keytab gssapi_krb5_keytab; krb5_error_code gssapi_krb5_init (void); +#define GSSAPI_KRB5_INIT() do { \ + krb5_error_code kret; \ + if((kret = gssapi_krb5_init ()) != 0) { \ + *minor_status = kret; \ + return GSS_S_FAILURE; \ + } \ +} while (0) + OM_uint32 gssapi_krb5_create_8003_checksum ( OM_uint32 *minor_status, diff --git a/lib/gssapi/krb5/import_name.c b/lib/gssapi/krb5/import_name.c index 1d1a0481a..d3d05dd09 100644 --- a/lib/gssapi/krb5/import_name.c +++ b/lib/gssapi/krb5/import_name.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -142,7 +142,7 @@ OM_uint32 gss_import_name gss_name_t * output_name ) { - gssapi_krb5_init (); + GSSAPI_KRB5_INIT (); if (oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE)) return import_hostbased_name (minor_status, diff --git a/lib/gssapi/krb5/import_sec_context.c b/lib/gssapi/krb5/import_sec_context.c index d2d314342..a124887b9 100644 --- a/lib/gssapi/krb5/import_sec_context.c +++ b/lib/gssapi/krb5/import_sec_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -55,7 +55,7 @@ gss_import_sec_context ( int32_t flags; OM_uint32 minor; - gssapi_krb5_init (); + GSSAPI_KRB5_INIT (); sp = krb5_storage_from_mem (interprocess_token->value, interprocess_token->length); diff --git a/lib/gssapi/krb5/init_sec_context.c b/lib/gssapi/krb5/init_sec_context.c index f3b7cc595..1f5f98fa9 100644 --- a/lib/gssapi/krb5/init_sec_context.c +++ b/lib/gssapi/krb5/init_sec_context.c @@ -503,7 +503,7 @@ OM_uint32 gss_init_sec_context OM_uint32 * time_rec ) { - gssapi_krb5_init (); + GSSAPI_KRB5_INIT (); if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) return init_auth (minor_status, diff --git a/lib/gssapi/krb5/release_cred.c b/lib/gssapi/krb5/release_cred.c index f6226c17e..704ff1413 100644 --- a/lib/gssapi/krb5/release_cred.c +++ b/lib/gssapi/krb5/release_cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -44,7 +44,7 @@ OM_uint32 gss_release_cred return GSS_S_COMPLETE; } - gssapi_krb5_init (); + GSSAPI_KRB5_INIT (); if ((*cred_handle)->principal != NULL) krb5_free_principal(gssapi_krb5_context, (*cred_handle)->principal); diff --git a/lib/gssapi/krb5/release_name.c b/lib/gssapi/krb5/release_name.c index dff398b55..9597cb31c 100644 --- a/lib/gssapi/krb5/release_name.c +++ b/lib/gssapi/krb5/release_name.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -40,9 +40,9 @@ OM_uint32 gss_release_name gss_name_t * input_name ) { - gssapi_krb5_init (); - krb5_free_principal(gssapi_krb5_context, - *input_name); - *input_name = GSS_C_NO_NAME; - return GSS_S_COMPLETE; + GSSAPI_KRB5_INIT (); + krb5_free_principal(gssapi_krb5_context, + *input_name); + *input_name = GSS_C_NO_NAME; + return GSS_S_COMPLETE; } diff --git a/lib/gssapi/release_cred.c b/lib/gssapi/release_cred.c index f6226c17e..704ff1413 100644 --- a/lib/gssapi/release_cred.c +++ b/lib/gssapi/release_cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -44,7 +44,7 @@ OM_uint32 gss_release_cred return GSS_S_COMPLETE; } - gssapi_krb5_init (); + GSSAPI_KRB5_INIT (); if ((*cred_handle)->principal != NULL) krb5_free_principal(gssapi_krb5_context, (*cred_handle)->principal); diff --git a/lib/gssapi/release_name.c b/lib/gssapi/release_name.c index dff398b55..9597cb31c 100644 --- a/lib/gssapi/release_name.c +++ b/lib/gssapi/release_name.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -40,9 +40,9 @@ OM_uint32 gss_release_name gss_name_t * input_name ) { - gssapi_krb5_init (); - krb5_free_principal(gssapi_krb5_context, - *input_name); - *input_name = GSS_C_NO_NAME; - return GSS_S_COMPLETE; + GSSAPI_KRB5_INIT (); + krb5_free_principal(gssapi_krb5_context, + *input_name); + *input_name = GSS_C_NO_NAME; + return GSS_S_COMPLETE; }