oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Make delegated credentials delegated directly, Oleg Sharoiko pointed out that it always didnt work with the old code. Also add som missing cred and context pass-thou functions in the SPNEGO layer

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22688 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2008-03-16 11:33:58 +00:00
parent 7dd314d77a
commit 784ffbfa6a
6 changed files with 76 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
lib/gssapi/spnego/accept_sec_context.c
View File

@@ -635,9 +635,6 @@ acceptor_start
if (ctx->mech_src_name != GSS_C_NO_NAME)
gss_release_name(&junk, &ctx->mech_src_name);
if (ctx->delegated_cred_id != GSS_C_NO_CREDENTIAL)
_gss_spnego_release_cred(&junk, &ctx->delegated_cred_id);
ret = gss_accept_sec_context(minor_status,
&ctx->negotiated_ctx_id,
mech_cred,
@@ -649,19 +646,20 @@ acceptor_start
&ctx->mech_flags,
&ctx->mech_time_rec,
&mech_delegated_cred);
if (mech_delegated_cred && delegated_cred_handle) {
_gss_spnego_alloc_cred(&junk,
mech_delegated_cred,
delegated_cred_handle);
} else if (mech_delegated_cred != GSS_C_NO_CREDENTIAL)
gss_release_cred(&junk, &mech_delegated_cred);
if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) {
ctx->preferred_mech_type = preferred_mech_type;
ctx->negotiated_mech_type = preferred_mech_type;
if (ret == GSS_S_COMPLETE)
ctx->open = 1;
if (mech_delegated_cred && delegated_cred_handle)
ret = _gss_spnego_alloc_cred(&junk,
mech_delegated_cred,
delegated_cred_handle);
else
gss_release_cred(&junk, &mech_delegated_cred);
ret = acceptor_complete(minor_status,
ctx,
&get_mic,
@@ -740,10 +738,6 @@ out:
*src_name = (gss_name_t)name;
}
}
if (delegated_cred_handle != NULL) {
*delegated_cred_handle = ctx->delegated_cred_id;
ctx->delegated_cred_id = GSS_C_NO_CREDENTIAL;
}
}
if (mech_type != NULL)
@@ -780,7 +774,7 @@ acceptor_continue
gss_cred_id_t *delegated_cred_handle
)
{
OM_uint32 ret, ret2, minor;
OM_uint32 ret, ret2, minor, junk;
NegotiationToken nt;
size_t nt_len;
NegTokenResp *na;
@@ -836,27 +830,16 @@ acceptor_continue
if (mech_input_token != GSS_C_NO_BUFFER) {
gss_cred_id_t mech_cred;
gss_cred_id_t mech_delegated_cred;
gss_cred_id_t *mech_delegated_cred_p;
gss_cred_id_t mech_delegated_cred = GSS_C_NO_CREDENTIAL;
if (acceptor_cred != NULL)
mech_cred = acceptor_cred->negotiated_cred_id;
else
mech_cred = GSS_C_NO_CREDENTIAL;
if (delegated_cred_handle != NULL) {
mech_delegated_cred = GSS_C_NO_CREDENTIAL;
mech_delegated_cred_p = &mech_delegated_cred;
} else {
mech_delegated_cred_p = NULL;
}
if (ctx->mech_src_name != GSS_C_NO_NAME)
gss_release_name(&minor, &ctx->mech_src_name);
if (ctx->delegated_cred_id != GSS_C_NO_CREDENTIAL)
_gss_spnego_release_cred(&minor, &ctx->delegated_cred_id);
ret = gss_accept_sec_context(&minor,
&ctx->negotiated_ctx_id,
mech_cred,
@@ -867,16 +850,16 @@ acceptor_continue
&obuf,
&ctx->mech_flags,
&ctx->mech_time_rec,
mech_delegated_cred_p);
&mech_delegated_cred);
if (mech_delegated_cred && delegated_cred_handle) {
_gss_spnego_alloc_cred(&junk,
mech_delegated_cred,
delegated_cred_handle);
} else if (mech_delegated_cred != GSS_C_NO_CREDENTIAL)
gss_release_cred(&junk, &mech_delegated_cred);
if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) {
if (mech_delegated_cred_p != NULL &&
mech_delegated_cred != GSS_C_NO_CREDENTIAL) {
ret2 = _gss_spnego_alloc_cred(minor_status,
mech_delegated_cred,
&ctx->delegated_cred_id);
if (ret2 != GSS_S_COMPLETE)
ret = ret2;
}
mech_output_token = &obuf;
}
if (ret != GSS_S_COMPLETE && ret != GSS_S_CONTINUE_NEEDED) {
@@ -958,10 +941,6 @@ acceptor_continue
*src_name = (gss_name_t)name;
}
}
if (delegated_cred_handle != NULL) {
*delegated_cred_handle = ctx->delegated_cred_id;
ctx->delegated_cred_id = GSS_C_NO_CREDENTIAL;
}
}
if (mech_type != NULL)