From 67c9487313c16388c9efc62714d3b0f3cec281f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Sun, 16 Mar 2003 18:00:00 +0000 Subject: [PATCH] take care to set export value to something sane before we start so caller will have harmless values in them if then function fails git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11766 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/gssapi/init_sec_context.c | 40 +++++++++++++++++++++++++----- lib/gssapi/krb5/init_sec_context.c | 40 +++++++++++++++++++++++++----- 2 files changed, 68 insertions(+), 12 deletions(-) diff --git a/lib/gssapi/init_sec_context.c b/lib/gssapi/init_sec_context.c index b7c2aed1a..efd5ae9c4 100644 --- a/lib/gssapi/init_sec_context.c +++ b/lib/gssapi/init_sec_context.c @@ -194,9 +194,6 @@ init_auth krb5_enctype enctype; krb5_data fwd_data; - output_token->length = 0; - output_token->value = NULL; - krb5_data_zero(&outbuf); krb5_data_zero(&fwd_data); @@ -214,6 +211,7 @@ init_auth (*context_handle)->flags = 0; (*context_handle)->more_flags = 0; (*context_handle)->ticket = NULL; + (*context_handle)->lifetime = GSS_C_INDEFINITE; kret = krb5_auth_con_init (gssapi_krb5_context, &(*context_handle)->auth_context); @@ -286,7 +284,7 @@ init_auth memset(&this_cred, 0, sizeof(this_cred)); this_cred.client = (*context_handle)->source; this_cred.server = (*context_handle)->target; - if (time_req) { + if (time_req && time_req != GSS_C_INDEFINITE) { krb5_timestamp ts; krb5_timeofday (gssapi_krb5_context, &ts); @@ -308,6 +306,8 @@ init_auth goto failure; } + (*context_handle)->lifetime = cred->times.endtime; + krb5_auth_con_setkey(gssapi_krb5_context, (*context_handle)->auth_context, &cred->session); @@ -412,6 +412,9 @@ init_auth if (flags & GSS_C_MUTUAL_FLAG) { return GSS_S_CONTINUE_NEEDED; } else { + if (time_rec) + *time_rec = (*context_handle)->lifetime; + (*context_handle)->more_flags |= OPEN; return GSS_S_COMPLETE; } @@ -453,6 +456,12 @@ repl_mutual krb5_data indata; krb5_ap_rep_enc_part *repl; + output_token->length = 0; + output_token->value = NULL; + + if (actual_mech_type) + *actual_mech_type = GSS_KRB5_MECHANISM; + ret = gssapi_krb5_decapsulate (minor_status, input_token, &indata, "\x02\x00"); if (ret) @@ -471,10 +480,14 @@ repl_mutual krb5_free_ap_rep_enc_part (gssapi_krb5_context, repl); - output_token->length = 0; - (*context_handle)->more_flags |= OPEN; + + if (time_rec) + *time_rec = (*context_handle)->lifetime; + if (ret_flags) + *ret_flags = (*context_handle)->flags; + *minor_status = 0; return GSS_S_COMPLETE; } @@ -500,6 +513,21 @@ OM_uint32 gss_init_sec_context { GSSAPI_KRB5_INIT (); + output_token->length = 0; + output_token->value = NULL; + + if (ret_flags) + *ret_flags = 0; + if (time_rec) + *time_rec = 0; + + if (target_name == GSS_C_NO_NAME) { + if (actual_mech_type) + *actual_mech_type = GSS_C_NO_OID; + *minor_status = 0; + return GSS_S_BAD_NAME; + } + if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) return init_auth (minor_status, initiator_cred_handle, diff --git a/lib/gssapi/krb5/init_sec_context.c b/lib/gssapi/krb5/init_sec_context.c index b7c2aed1a..efd5ae9c4 100644 --- a/lib/gssapi/krb5/init_sec_context.c +++ b/lib/gssapi/krb5/init_sec_context.c @@ -194,9 +194,6 @@ init_auth krb5_enctype enctype; krb5_data fwd_data; - output_token->length = 0; - output_token->value = NULL; - krb5_data_zero(&outbuf); krb5_data_zero(&fwd_data); @@ -214,6 +211,7 @@ init_auth (*context_handle)->flags = 0; (*context_handle)->more_flags = 0; (*context_handle)->ticket = NULL; + (*context_handle)->lifetime = GSS_C_INDEFINITE; kret = krb5_auth_con_init (gssapi_krb5_context, &(*context_handle)->auth_context); @@ -286,7 +284,7 @@ init_auth memset(&this_cred, 0, sizeof(this_cred)); this_cred.client = (*context_handle)->source; this_cred.server = (*context_handle)->target; - if (time_req) { + if (time_req && time_req != GSS_C_INDEFINITE) { krb5_timestamp ts; krb5_timeofday (gssapi_krb5_context, &ts); @@ -308,6 +306,8 @@ init_auth goto failure; } + (*context_handle)->lifetime = cred->times.endtime; + krb5_auth_con_setkey(gssapi_krb5_context, (*context_handle)->auth_context, &cred->session); @@ -412,6 +412,9 @@ init_auth if (flags & GSS_C_MUTUAL_FLAG) { return GSS_S_CONTINUE_NEEDED; } else { + if (time_rec) + *time_rec = (*context_handle)->lifetime; + (*context_handle)->more_flags |= OPEN; return GSS_S_COMPLETE; } @@ -453,6 +456,12 @@ repl_mutual krb5_data indata; krb5_ap_rep_enc_part *repl; + output_token->length = 0; + output_token->value = NULL; + + if (actual_mech_type) + *actual_mech_type = GSS_KRB5_MECHANISM; + ret = gssapi_krb5_decapsulate (minor_status, input_token, &indata, "\x02\x00"); if (ret) @@ -471,10 +480,14 @@ repl_mutual krb5_free_ap_rep_enc_part (gssapi_krb5_context, repl); - output_token->length = 0; - (*context_handle)->more_flags |= OPEN; + + if (time_rec) + *time_rec = (*context_handle)->lifetime; + if (ret_flags) + *ret_flags = (*context_handle)->flags; + *minor_status = 0; return GSS_S_COMPLETE; } @@ -500,6 +513,21 @@ OM_uint32 gss_init_sec_context { GSSAPI_KRB5_INIT (); + output_token->length = 0; + output_token->value = NULL; + + if (ret_flags) + *ret_flags = 0; + if (time_rec) + *time_rec = 0; + + if (target_name == GSS_C_NO_NAME) { + if (actual_mech_type) + *actual_mech_type = GSS_C_NO_OID; + *minor_status = 0; + return GSS_S_BAD_NAME; + } + if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) return init_auth (minor_status, initiator_cred_handle,