oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Merge branch 'master' into lukeh/acquire-cred-ex

Browse Source
This commit is contained in:
Luke Howard
2011-05-14 14:56:16 +02:00
parent d8ff5844f7 d1b553aae2
commit 3069d80734
224 changed files with 2134 additions and 2129 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/gssapi/krb5/accept_sec_context.c
View File

@@ -55,11 +55,13 @@ validate_keytab(krb5_context context, const char *name, krb5_keytab *id)
}
OM_uint32
_gsskrb5_register_acceptor_identity (const char *identity)
_gsskrb5_register_acceptor_identity(OM_uint32 *min_stat, const char *identity)
{
krb5_context context;
krb5_error_code ret;
*min_stat = 0;
ret = _gsskrb5_init(&context);
if(ret)
return GSS_S_FAILURE;
@@ -92,8 +94,10 @@ _gsskrb5_register_acceptor_identity (const char *identity)
}
}
HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex);
if(ret)
if(ret) {
*min_stat = ret;
return GSS_S_FAILURE;
}
return GSS_S_COMPLETE;
}

4
lib/gssapi/krb5/arcfour.c
View File

@@ -255,7 +255,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
const gss_buffer_t token_buffer,
gss_qop_t * qop_state,
krb5_keyblock *key,
char *type)
const char *type)
{
krb5_error_code ret;
uint32_t seq_number;
@@ -270,7 +270,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
p = token_buffer->value;
omret = _gsskrb5_verify_header (&p,
token_buffer->length,
(u_char *)type,
type,
GSS_KRB5_MECHANISM);
if (omret)
return omret;

8
lib/gssapi/krb5/cfx.c
View File

@@ -285,7 +285,8 @@ _gssapi_wrap_cfx_iov(OM_uint32 *minor_status,
gss_iov_buffer_desc *header, *trailer, *padding;
size_t gsshsize, k5hsize;
size_t gsstsize, k5tsize;
size_t i, rrc = 0, ec = 0;
size_t rrc = 0, ec = 0;
int i;
gss_cfx_wrap_token token;
krb5_error_code ret;
int32_t seq_number;
@@ -424,6 +425,9 @@ _gssapi_wrap_cfx_iov(OM_uint32 *minor_status,
token->Flags = 0;
token->Filler = 0xFF;
if ((ctx->more_flags & LOCAL) == 0)
token->Flags |= CFXSentByAcceptor;
if (ctx->more_flags & ACCEPTOR_SUBKEY)
token->Flags |= CFXAcceptorSubkey;
@@ -666,7 +670,7 @@ unrotate_iov(OM_uint32 *minor_status, size_t rrc, gss_iov_buffer_desc *iov, int
q += iov[i].buffer.length;
}
}
assert((q - p) == len);
assert((size_t)(q - p) == len);
/* unrotate first part */
q = p + rrc;

24
lib/gssapi/krb5/external.c
View File

@@ -180,7 +180,7 @@ static gss_mo_desc krb5_mo[] = {
GSS_C_MA_SASL_MECH_NAME,
GSS_MO_MA,
"SASL mech name",
"GS2-KRB5",
rk_UNCONST("GS2-KRB5"),
_gss_mo_get_ctx_as_string,
NULL
},
@@ -188,7 +188,7 @@ static gss_mo_desc krb5_mo[] = {
GSS_C_MA_MECH_NAME,
GSS_MO_MA,
"Mechanism name",
"KRB5",
rk_UNCONST("KRB5"),
_gss_mo_get_ctx_as_string,
NULL
},
@@ -196,7 +196,7 @@ static gss_mo_desc krb5_mo[] = {
GSS_C_MA_MECH_DESCRIPTION,
GSS_MO_MA,
"Mechanism description",
"Heimdal Kerberos 5 mech",
rk_UNCONST("Heimdal Kerberos 5 mech"),
_gss_mo_get_ctx_as_string,
NULL
},
@@ -214,19 +214,19 @@ static gss_mo_desc krb5_mo[] = {
},
{
GSS_C_MA_AUTH_TARG,
GSS_MO_MA
.flags = GSS_MO_MA
},
{
GSS_C_MA_AUTH_INIT_ANON,
GSS_MO_MA
.flags = GSS_MO_MA
},
{
GSS_C_MA_DELEG_CRED,
GSS_MO_MA
.flags = GSS_MO_MA
},
{
GSS_C_MA_INTEG_PROT,
GSS_MO_MA
.flags = GSS_MO_MA
},
{
GSS_C_MA_CONF_PROT,
@@ -273,7 +273,7 @@ static gss_mo_desc krb5_mo[] = {
static gssapi_mech_interface_desc krb5_mech = {
GMI_VERSION,
"kerberos 5",
{9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" },
{9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") },
0,
_gsskrb5_acquire_cred,
_gsskrb5_release_cred,
@@ -323,7 +323,13 @@ static gssapi_mech_interface_desc krb5_mech = {
NULL,
NULL,
krb5_mo,
sizeof(krb5_mo) / sizeof(krb5_mo[0])
sizeof(krb5_mo) / sizeof(krb5_mo[0]),
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
};
gssapi_mech_interface

20
lib/gssapi/krb5/init_sec_context.c
View File

@@ -422,11 +422,6 @@ init_auth
goto failure;
}
ret = _gss_DES3_get_mic_compat(minor_status, ctx, context);
if (ret)
goto failure;
/*
* This is hideous glue for (NFS) clients that wants to limit the
* available enctypes to what it can support (encryption in
@@ -469,6 +464,10 @@ init_auth
ctx->lifetime = ctx->kcred->times.endtime;
ret = _gss_DES3_get_mic_compat(minor_status, ctx, context);
if (ret)
goto failure;
ret = _gsskrb5_lifetime_left(minor_status,
context,
ctx->lifetime,
@@ -676,7 +675,8 @@ init_auth_restart
output_token->length = outbuf.length;
} else {
ret = _gsskrb5_encapsulate (minor_status, &outbuf, output_token,
(u_char *)"\x01\x00", GSS_KRB5_MECHANISM);
(u_char *)(intptr_t)"\x01\x00",
GSS_KRB5_MECHANISM);
krb5_data_free (&outbuf);
if (ret)
goto failure;
@@ -911,20 +911,20 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_init_sec_context
return GSS_S_BAD_MECH;
if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) {
OM_uint32 ret;
OM_uint32 ret1;
if (*context_handle != GSS_C_NO_CONTEXT) {
*minor_status = 0;
return GSS_S_FAILURE | GSS_S_CALL_BAD_STRUCTURE;
}
ret = _gsskrb5_create_ctx(minor_status,
ret1 = _gsskrb5_create_ctx(minor_status,
context_handle,
context,
input_chan_bindings,
INITIATOR_START);
if (ret)
return ret;
if (ret1)
return ret1;
}
if (*context_handle == GSS_C_NO_CONTEXT) {

24
lib/gssapi/krb5/prf.c
View File

@@ -47,18 +47,21 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status,
krb5_crypto crypto;
krb5_data input, output;
uint32_t num;
OM_uint32 junk;
unsigned char *p;
krb5_keyblock *key = NULL;
size_t dol;
if (ctx == NULL) {
*minor_status = 0;
return GSS_S_NO_CONTEXT;
}
if (desired_output_len <= 0) {
if (desired_output_len <= 0 || prf_in->length + 4 < prf_in->length) {
*minor_status = 0;
return GSS_S_FAILURE;
}
dol = desired_output_len;
GSSAPI_KRB5_INIT (&context);
@@ -88,21 +91,20 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status,
return GSS_S_FAILURE;
}
prf_out->value = malloc(desired_output_len);
prf_out->value = malloc(dol);
if (prf_out->value == NULL) {
_gsskrb5_set_status(GSS_KRB5_S_KG_INPUT_TOO_LONG, "Out of memory");
*minor_status = GSS_KRB5_S_KG_INPUT_TOO_LONG;
krb5_crypto_destroy(context, crypto);
return GSS_S_FAILURE;
}
prf_out->length = desired_output_len;
prf_out->length = dol;
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
input.length = prf_in->length + 4;
input.data = malloc(prf_in->length + 4);
if (input.data == NULL) {
OM_uint32 junk;
_gsskrb5_set_status(GSS_KRB5_S_KG_INPUT_TOO_LONG, "Out of memory");
*minor_status = GSS_KRB5_S_KG_INPUT_TOO_LONG;
gss_release_buffer(&junk, prf_out);
@@ -110,15 +112,17 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status,
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
return GSS_S_FAILURE;
}
memcpy(((unsigned char *)input.data) + 4, prf_in->value, prf_in->length);
memcpy(((uint8_t *)input.data) + 4, prf_in->value, prf_in->length);
num = 0;
p = prf_out->value;
while(desired_output_len > 0) {
while(dol > 0) {
size_t tsize;
_gsskrb5_encode_om_uint32(num, input.data);
ret = krb5_crypto_prf(context, crypto, &input, &output);
if (ret) {
OM_uint32 junk;
*minor_status = ret;
free(input.data);
gss_release_buffer(&junk, prf_out);
@@ -126,9 +130,11 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status,
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
return GSS_S_FAILURE;
}
memcpy(p, output.data, min(desired_output_len, output.length));
tsize = min(dol, output.length);
memcpy(p, output.data, tsize);
p += output.length;
desired_output_len -= output.length;
dol -= tsize;
krb5_data_free(&output);
num++;
}

3
lib/gssapi/krb5/process_context_token.c
View File

@@ -52,7 +52,8 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_process_context_token (
(gsskrb5_ctx)context_handle,
context,
token_buffer, &empty_buffer,
GSS_C_QOP_DEFAULT, "\x01\x02");
GSS_C_QOP_DEFAULT,
"\x01\x02");
if (ret == GSS_S_COMPLETE)
ret = _gsskrb5_delete_sec_context(minor_status,

2
lib/gssapi/krb5/sequence.c
View File

@@ -141,7 +141,7 @@ OM_uint32
_gssapi_msg_order_check(struct gss_msg_order *o, OM_uint32 seq_num)
{
OM_uint32 r;
int i;
size_t i;
if (o == NULL)
return GSS_S_COMPLETE;

5
lib/gssapi/krb5/set_sec_context_option.c
View File

@@ -154,11 +154,10 @@ _gsskrb5_set_sec_context_option
if (maj_stat != GSS_S_COMPLETE)
return maj_stat;
_gsskrb5_register_acceptor_identity(str);
maj_stat = _gsskrb5_register_acceptor_identity(minor_status, str);
free(str);
*minor_status = 0;
return GSS_S_COMPLETE;
return maj_stat;
} else if (gss_oid_equal(desired_object, GSS_KRB5_SET_DEFAULT_REALM_X)) {
char *str;

2
lib/gssapi/krb5/unwrap.c
View File

@@ -54,7 +54,7 @@ unwrap_des
DES_key_schedule schedule;
DES_cblock deskey;
DES_cblock zero;
int i;
size_t i;
uint32_t seq_number;
size_t padlength;
OM_uint32 ret;

8
lib/gssapi/krb5/verify_mic.c
View File

@@ -44,7 +44,7 @@ verify_mic_des
const gss_buffer_t token_buffer,
gss_qop_t * qop_state,
krb5_keyblock *key,
char *type
const char *type
)
{
u_char *p;
@@ -142,7 +142,7 @@ verify_mic_des3
const gss_buffer_t token_buffer,
gss_qop_t * qop_state,
krb5_keyblock *key,
char *type
const char *type
)
{
u_char *p;
@@ -276,7 +276,7 @@ _gsskrb5_verify_mic_internal
const gss_buffer_t message_buffer,
const gss_buffer_t token_buffer,
gss_qop_t * qop_state,
char * type
const char * type
)
{
krb5_keyblock *key;
@@ -348,7 +348,7 @@ _gsskrb5_verify_mic
(gsskrb5_ctx)context_handle,
context,
message_buffer, token_buffer,
qop_state, "\x01\x01");
qop_state, (void *)(intptr_t)"\x01\x01");
return ret;
}

2
lib/gssapi/krb5/wrap.c
View File

@@ -214,7 +214,7 @@ wrap_des
EVP_CIPHER_CTX des_ctx;
DES_cblock deskey;
DES_cblock zero;
int i;
size_t i;
int32_t seq_number;
size_t len, total_len, padlength, datalen;