diff --git a/lib/gssapi/Makefile.am b/lib/gssapi/Makefile.am index 58470397f..ee59266f6 100644 --- a/lib/gssapi/Makefile.am +++ b/lib/gssapi/Makefile.am @@ -275,7 +275,7 @@ spnego_files = \ asn1_NegTokenInit.x \ asn1_NegTokenInit2.x \ asn1_NegTokenResp.x \ - asn1_NegResultEnum.x + asn1_NegStateEnum.x BUILTHEADERS = \ $(srcdir)/krb5/gsskrb5-private.h \ diff --git a/lib/gssapi/spnego/accept_sec_context.c b/lib/gssapi/spnego/accept_sec_context.c index 53e1e2972..4bad7d905 100644 --- a/lib/gssapi/spnego/accept_sec_context.c +++ b/lib/gssapi/spnego/accept_sec_context.c @@ -42,12 +42,12 @@ send_reject (OM_uint32 *minor_status, nt.element = choice_NegotiationToken_negTokenResp; - ALLOC(nt.u.negTokenResp.negResult, 1); - if (nt.u.negTokenResp.negResult == NULL) { + ALLOC(nt.u.negTokenResp.negState, 1); + if (nt.u.negTokenResp.negState == NULL) { *minor_status = ENOMEM; return GSS_S_FAILURE; } - *(nt.u.negTokenResp.negResult) = reject; + *(nt.u.negTokenResp.negState) = reject; nt.u.negTokenResp.supportedMech = NULL; nt.u.negTokenResp.responseToken = NULL; nt.u.negTokenResp.mechListMIC = NULL; @@ -199,8 +199,8 @@ send_accept (OM_uint32 *minor_status, nt.element = choice_NegotiationToken_negTokenResp; - ALLOC(nt.u.negTokenResp.negResult, 1); - if (nt.u.negTokenResp.negResult == NULL) { + ALLOC(nt.u.negTokenResp.negState, 1); + if (nt.u.negTokenResp.negState == NULL) { *minor_status = ENOMEM; return GSS_S_FAILURE; } @@ -209,14 +209,14 @@ send_accept (OM_uint32 *minor_status, if (mech_token != GSS_C_NO_BUFFER && mech_token->length != 0 && mech_buf != GSS_C_NO_BUFFER) - *(nt.u.negTokenResp.negResult) = accept_incomplete; + *(nt.u.negTokenResp.negState) = accept_incomplete; else - *(nt.u.negTokenResp.negResult) = accept_completed; + *(nt.u.negTokenResp.negState) = accept_completed; } else { if (initial_response && !optimistic_mech_ok) - *(nt.u.negTokenResp.negResult) = request_mic; + *(nt.u.negTokenResp.negState) = request_mic; else - *(nt.u.negTokenResp.negResult) = accept_incomplete; + *(nt.u.negTokenResp.negState) = accept_incomplete; } if (initial_response) { @@ -299,7 +299,7 @@ send_accept (OM_uint32 *minor_status, * specifies encapsulation for all _Kerberos_ tokens). */ - if (*(nt.u.negTokenResp.negResult) == accept_completed) + if (*(nt.u.negTokenResp.negState) == accept_completed) ret = GSS_S_COMPLETE; else ret = GSS_S_CONTINUE_NEEDED; @@ -834,7 +834,7 @@ acceptor_continue NegotiationToken nt; size_t nt_len; NegTokenResp *na; - unsigned int negResult = accept_incomplete; + unsigned int negState = accept_incomplete; gss_buffer_t mech_input_token = GSS_C_NO_BUFFER; gss_buffer_t mech_output_token = GSS_C_NO_BUFFER; gssspnego_ctx ctx; @@ -859,8 +859,8 @@ acceptor_continue } na = &nt.u.negTokenResp; - if (na->negResult != NULL) { - negResult = *(na->negResult); + if (na->negState != NULL) { + negState = *(na->negState); } HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); @@ -912,7 +912,7 @@ acceptor_continue output_token); if (ctx->mech_flags & GSS_C_DCE_STYLE) - require_response = (negResult != accept_completed); + require_response = (negState != accept_completed); else require_response = 0; @@ -922,7 +922,7 @@ acceptor_continue */ if ((mech_output_token != GSS_C_NO_BUFFER && mech_output_token->length != 0) - || (ctx->flags.open && negResult == accept_incomplete) + || (ctx->flags.open && negState == accept_incomplete) || require_response || get_mic) { ret2 = send_accept (minor_status, diff --git a/lib/gssapi/spnego/init_sec_context.c b/lib/gssapi/spnego/init_sec_context.c index 6cef4c87f..07a08caa0 100644 --- a/lib/gssapi/spnego/init_sec_context.c +++ b/lib/gssapi/spnego/init_sec_context.c @@ -133,13 +133,13 @@ make_reply(OM_uint32 *minor_status, gss_buffer_desc mic_buf; OM_uint32 ret, minor; size_t size; - NegResultEnum result; + NegStateEnum state; memset(&nt, 0, sizeof(nt)); nt.element = choice_NegotiationToken_negTokenResp; - nt.u.negTokenResp.negResult = NULL; + nt.u.negTokenResp.negState = NULL; nt.u.negTokenResp.supportedMech = NULL; output_token->length = 0; @@ -149,11 +149,11 @@ make_reply(OM_uint32 *minor_status, if (ctx->flags.open) { if (ctx->flags.verified_mic == 1 || ctx->flags.require_mic == 0) - result = accept_completed; + state = accept_completed; else - result = accept_incomplete; + state = accept_incomplete; } else { - result = accept_incomplete; + state = accept_incomplete; } if (mech_token->length == 0) { @@ -212,13 +212,13 @@ make_reply(OM_uint32 *minor_status, nt.u.negTokenResp.mechListMIC = NULL; } - ALLOC(nt.u.negTokenResp.negResult, 1); - if (nt.u.negTokenResp.negResult == NULL) { + ALLOC(nt.u.negTokenResp.negState, 1); + if (nt.u.negTokenResp.negState == NULL) { free_NegotiationToken(&nt); *minor_status = ENOMEM; return GSS_S_FAILURE; } - *nt.u.negTokenResp.negResult = result; + *nt.u.negTokenResp.negState = state; ASN1_MALLOC_ENCODE(NegotiationToken, output_token->value, output_token->length, @@ -229,7 +229,7 @@ make_reply(OM_uint32 *minor_status, return GSS_S_FAILURE; } - if (result != accept_completed) + if (state != accept_completed) return GSS_S_CONTINUE_NEEDED; return GSS_S_COMPLETE; @@ -446,8 +446,8 @@ spnego_reply(OM_uint32 * minor_status, return GSS_S_BAD_MECH; } - if (resp.u.negTokenResp.negResult == NULL - || *(resp.u.negTokenResp.negResult) == reject) + if (resp.u.negTokenResp.negState == NULL + || *(resp.u.negTokenResp.negState) == reject) { free_NegotiationToken(&resp); return GSS_S_BAD_MECH; @@ -577,7 +577,7 @@ spnego_reply(OM_uint32 * minor_status, if (ret == GSS_S_COMPLETE) { ctx->flags.open = 1; } - } else if (*resp.u.negTokenResp.negResult == accept_completed) { + } else if (*resp.u.negTokenResp.negState == accept_completed) { if (ctx->flags.maybe_open) ctx->flags.open = 1; @@ -589,7 +589,7 @@ spnego_reply(OM_uint32 * minor_status, } } - if (*resp.u.negTokenResp.negResult == request_mic) { + if (*resp.u.negTokenResp.negState == request_mic) { ctx->flags.peer_require_mic = 1; } @@ -642,7 +642,7 @@ spnego_reply(OM_uint32 * minor_status, if (ctx->flags.open) { - if (*resp.u.negTokenResp.negResult == accept_completed && ctx->flags.safe_omit) { + if (*resp.u.negTokenResp.negState == accept_completed && ctx->flags.safe_omit) { ctx->initiator_state = step_completed; ret = GSS_S_COMPLETE; } else if (ctx->flags.require_mic != 0 && ctx->flags.verified_mic == 0) { @@ -654,7 +654,7 @@ spnego_reply(OM_uint32 * minor_status, } } - if (*resp.u.negTokenResp.negResult != accept_completed || + if (*resp.u.negTokenResp.negState != accept_completed || ctx->initiator_state != step_completed || mech_output_token.length) { @@ -703,8 +703,8 @@ wait_server_mic(OM_uint32 * minor_status, "Failed to decode NegotiationToken"); if (resp.element != choice_NegotiationToken_negTokenResp - || resp.u.negTokenResp.negResult == NULL - || *resp.u.negTokenResp.negResult != accept_completed) + || resp.u.negTokenResp.negState == NULL + || *resp.u.negTokenResp.negState != accept_completed) { free_NegotiationToken(&resp); return gss_mg_set_error_string(GSS_SPNEGO_MECHANISM, diff --git a/lib/gssapi/spnego/spnego.asn1 b/lib/gssapi/spnego/spnego.asn1 index fc6cd0c1e..bd69a0512 100644 --- a/lib/gssapi/spnego/spnego.asn1 +++ b/lib/gssapi/spnego/spnego.asn1 @@ -37,17 +37,17 @@ NegTokenInit ::= SEQUENCE { ... } -NegResultEnum ::= ENUMERATED { - accept_completed(0), - accept_incomplete(1), +NegStateEnum ::= ENUMERATED { + accept-completed(0), + accept-incomplete(1), reject(2), request-mic(3) } --- NB: negResult is not OPTIONAL in the new SPNEGO spec but +-- NB: negState is not OPTIONAL in the new SPNEGO spec but -- Windows clients do not always send it NegTokenResp ::= SEQUENCE { - negResult [0] NegResultEnum OPTIONAL, + negState [0] NegStateEnum OPTIONAL, supportedMech [1] MechType OPTIONAL, responseToken [2] OCTET STRING OPTIONAL, mechListMIC [3] OCTET STRING OPTIONAL,