diff --git a/lib/gssapi/ntlm/accept_sec_context.c b/lib/gssapi/ntlm/accept_sec_context.c index 606b2a0b0..6e66b760b 100644 --- a/lib/gssapi/ntlm/accept_sec_context.c +++ b/lib/gssapi/ntlm/accept_sec_context.c @@ -189,12 +189,29 @@ _gss_ntlm_accept_sec_context ctx->ictx, &type3, &session); - heim_ntlm_free_type3(&type3); if (maj_stat) { + heim_ntlm_free_type3(&type3); _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL); return maj_stat; } + if (src_name) { + ntlm_name n = calloc(1, sizeof(*n)); + if (n) { + n->user = strdup(type3.username); + n->domain = strdup(type3.targetname); + } + if (n == NULL || n->user == NULL || n->domain == NULL) { + heim_ntlm_free_type3(&type3); + _gss_ntlm_delete_sec_context(minor_status, + context_handle, NULL); + return maj_stat; + } + *src_name = (gss_name_t)n; + } + + heim_ntlm_free_type3(&type3); + ret = krb5_data_copy(&ctx->sessionkey, session.data, session.length); if (ret) { diff --git a/lib/gssapi/ntlm/acquire_cred.c b/lib/gssapi/ntlm/acquire_cred.c index ab6c7f0e9..0019a46a4 100644 --- a/lib/gssapi/ntlm/acquire_cred.c +++ b/lib/gssapi/ntlm/acquire_cred.c @@ -80,15 +80,14 @@ OM_uint32 _gss_ntlm_acquire_cred } } if (cred_usage == GSS_C_BOTH || cred_usage == GSS_C_INITIATE) { - gss_cred_id_t gcred; ntlm_cred cred; *min_stat = _gss_ntlm_get_user_cred(name->domain, &cred); if (*min_stat) return GSS_S_FAILURE; + cred->usage = cred_usage; - gcred = (gss_cred_id_t)cred; - _gss_ntlm_release_cred(NULL, &gcred); + *output_cred_handle = (gss_cred_id_t)cred; } return (GSS_S_COMPLETE); diff --git a/lib/gssapi/ntlm/display_name.c b/lib/gssapi/ntlm/display_name.c index b1671f26a..4fca47b26 100644 --- a/lib/gssapi/ntlm/display_name.c +++ b/lib/gssapi/ntlm/display_name.c @@ -43,11 +43,30 @@ OM_uint32 _gss_ntlm_display_name ) { *minor_status = 0; + if (output_name_type) *output_name_type = GSS_NTLM_MECHANISM; + if (output_name_buffer) { + ntlm_name n = (ntlm_name)input_name; + char *str; + int len; + output_name_buffer->length = 0; output_name_buffer->value = NULL; + + if (n == NULL) { + *minor_status = 0; + return GSS_S_BAD_NAME; + } + + len = asprintf(&str, "%s@%s", n->user, n->domain); + if (str == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + output_name_buffer->length = len; + output_name_buffer->value = str; } return GSS_S_COMPLETE; } diff --git a/lib/gssapi/ntlm/import_name.c b/lib/gssapi/ntlm/import_name.c index b460a84ec..536170e4b 100644 --- a/lib/gssapi/ntlm/import_name.c +++ b/lib/gssapi/ntlm/import_name.c @@ -65,6 +65,7 @@ OM_uint32 _gss_ntlm_import_name p = strchr(name, '@'); if (p == NULL) return GSS_S_BAD_NAME; + p[0] = '\0'; p++; p2 = strchr(p, '.'); if (p2 && p2[1] != '\0') { @@ -75,15 +76,26 @@ OM_uint32 _gss_ntlm_import_name } strupr(p); - n = malloc(sizeof(n) + strlen(p)); - if (n == NULL) { + n = calloc(1, sizeof(*n)); + if (name == NULL) { free(name); *minor_status = ENOMEM; return GSS_S_FAILURE; } - strcpy(n->domain, p); + + n->user = strdup(name); + n->domain = strdup(p); + free(name); + if (n->user == NULL || n->domain == NULL) { + free(n->user); + free(n->domain); + free(n); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + *output_name = (gss_name_t)n; return GSS_S_COMPLETE; diff --git a/lib/gssapi/ntlm/ntlm.h b/lib/gssapi/ntlm/ntlm.h index 7f6ba838b..3c90060d6 100644 --- a/lib/gssapi/ntlm/ntlm.h +++ b/lib/gssapi/ntlm/ntlm.h @@ -97,6 +97,7 @@ struct ntlmv2_key { extern struct ntlm_server_interface ntlmsspi_kdc_digest; typedef struct ntlm_cred { + gss_cred_usage_t usage; char *username; char *domain; struct ntlm_buf key; @@ -128,7 +129,8 @@ typedef struct { } *ntlm_ctx; typedef struct { - char domain[1]; + char *user; + char *domain; } *ntlm_name; #include diff --git a/lib/gssapi/ntlm/release_name.c b/lib/gssapi/ntlm/release_name.c index bfea24e68..ca12ae394 100644 --- a/lib/gssapi/ntlm/release_name.c +++ b/lib/gssapi/ntlm/release_name.c @@ -43,8 +43,11 @@ OM_uint32 _gss_ntlm_release_name if (minor_status) *minor_status = 0; if (input_name) { - free(*input_name); + ntlm_name n = (ntlm_name)*input_name; *input_name = GSS_C_NO_NAME; + free(n->user); + free(n->domain); + free(n); } return GSS_S_COMPLETE; }