oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

make the SPNEGO mech store the error itself instead, works for everything except other stackable mechs

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22600 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2008-02-21 12:46:24 +00:00
parent a7b1b3b1aa
commit 3673482a9b
7 changed files with 33 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/gssapi/ChangeLog
View File

@@ -1,3 +1,8 @@
2008-02-21 Love H<>rnquist <20>strand <lha@it.su.se>
* make the SPNEGO mech store the error itself instead, works for
everything except other stackable mechs
2008-02-18 Love H<>rnquist <20>strand <lha@it.su.se>
* spnego/init_sec_context.c (spnego_reply): if the reply token was

2
lib/gssapi/gssapi_mech.h
View File

@@ -356,4 +356,6 @@ gssapi_mech_interface __gss_spnego_initialize(void);
gssapi_mech_interface __gss_krb5_initialize(void);
gssapi_mech_interface __gss_ntlm_initialize(void);
void gss_mg_collect_error(gss_OID, OM_uint32, OM_uint32);
#endif /* GSSAPI_MECH_H */

16
lib/gssapi/mech/context.c
View File

@@ -107,6 +107,13 @@ _gss_mg_error(gssapi_mech_interface m, OM_uint32 maj, OM_uint32 min)
OM_uint32 message_content;
struct mg_thread_ctx *mg;
/*
* Mechs without gss_display_status() does
* gss_mg_collect_error() by themself.
*/
if (m->gm_display_status == NULL)
return ;
mg = _gss_mechglue_thread();
if (mg == NULL)
return;
@@ -139,3 +146,12 @@ _gss_mg_error(gssapi_mech_interface m, OM_uint32 maj, OM_uint32 min)
mg->min_error.length = 0;
}
}
void
gss_mg_collect_error(gss_OID mech, OM_uint32 maj, OM_uint32 min)
{
gssapi_mech_interface m = __gss_get_mechanism(mech);
if (m == NULL)
return;
_gss_mg_error(m, maj, min);
}

5
lib/gssapi/spnego/accept_sec_context.c
View File

@@ -609,7 +609,7 @@ acceptor_start
/*
* First we try the opportunistic token if we have support for it,
* don't try to verify we have credential for the token,
* gss_accept_sec_context will (hopefully) tell us that.
* gss_accept_sec_context() will (hopefully) tell us that.
* If that failes,
*/
@@ -674,6 +674,8 @@ acceptor_start
goto out;
first_ok = 1;
} else {
gss_mg_collect_error(preferred_mech_type, ret, *minor_status);
}
}
@@ -879,6 +881,7 @@ acceptor_continue
}
if (ret != GSS_S_COMPLETE && ret != GSS_S_CONTINUE_NEEDED) {
free_NegotiationToken(&nt);
gss_mg_collect_error(ctx->negotiated_mech_type, ret, minor);
send_reject (minor_status, output_token);
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
return ret;

12
lib/gssapi/spnego/context_stubs.c
View File

@@ -263,18 +263,6 @@ OM_uint32 _gss_spnego_unwrap
qop_state);
}
OM_uint32 _gss_spnego_display_status
(OM_uint32 * minor_status,
OM_uint32 status_value,
int status_type,
const gss_OID mech_type,
OM_uint32 * message_context,
gss_buffer_t status_string
)
{
return GSS_S_FAILURE;
}
OM_uint32 _gss_spnego_compare_name
(OM_uint32 *minor_status,
const gss_name_t name1,

2
lib/gssapi/spnego/external.c
View File

@@ -57,7 +57,7 @@ static gssapi_mech_interface_desc spnego_mech = {
_gss_spnego_verify_mic,
_gss_spnego_wrap,
_gss_spnego_unwrap,
_gss_spnego_display_status,
NULL,
NULL,
_gss_spnego_compare_name,
_gss_spnego_display_name,

6
lib/gssapi/spnego/init_sec_context.c
View File

@@ -59,8 +59,10 @@ initiator_approved(gss_name_t target_name, gss_OID mech)
&out,
NULL,
NULL);
if (GSS_ERROR(maj_stat))
if (GSS_ERROR(maj_stat)) {
gss_mg_collect_error(mech, maj_stat, min_stat);
return GSS_S_BAD_MECH;
}
gss_release_buffer(&min_stat, &out);
gss_delete_sec_context(&min_stat, &ctx, NULL);
@@ -268,6 +270,7 @@ spnego_initial
if (GSS_ERROR(sub)) {
free_NegTokenInit(&ni);
*minor_status = minor;
gss_mg_collect_error(ctx->preferred_mech_type, sub, minor);
_gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
return sub;
}
@@ -516,6 +519,7 @@ spnego_reply
if (GSS_ERROR(ret)) {
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
free_NegTokenResp(&resp);
gss_mg_collect_error(&mech, ret, minor);
*minor_status = minor;
return ret;
}