diff --git a/lib/gssapi/display_status.c b/lib/gssapi/display_status.c index 0cd811f6f..cdccdced4 100644 --- a/lib/gssapi/display_status.c +++ b/lib/gssapi/display_status.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -114,12 +114,16 @@ OM_uint32 gss_display_status asprintf (&buf, "%s %s", calling_error(GSS_CALLING_ERROR(status_value)), routine_error(GSS_ROUTINE_ERROR(status_value))); - if (buf == NULL) + if (buf == NULL) { + *minor_status = ENOMEM; return GSS_S_FAILURE; + } } else if (status_type == GSS_C_MECH_CODE) { buf = strdup(krb5_get_err_text (gssapi_krb5_context, status_value)); - if (buf == NULL) + if (buf == NULL) { + *minor_status = ENOMEM; return GSS_S_FAILURE; + } } else return GSS_S_BAD_STATUS; diff --git a/lib/gssapi/init_sec_context.c b/lib/gssapi/init_sec_context.c index f14a791fe..b5f76f368 100644 --- a/lib/gssapi/init_sec_context.c +++ b/lib/gssapi/init_sec_context.c @@ -57,197 +57,208 @@ init_auth OM_uint32 * time_rec ) { - OM_uint32 ret; - krb5_error_code kret; - krb5_flags ap_options; - krb5_creds this_cred, *cred; - krb5_data outbuf; - krb5_ccache ccache; - u_int32_t flags; - Authenticator *auth; - krb5_data authenticator; - Checksum cksum; - krb5_enctype enctype; + OM_uint32 ret; + krb5_error_code kret; + krb5_flags ap_options; + krb5_creds this_cred, *cred; + krb5_data outbuf; + krb5_ccache ccache; + u_int32_t flags; + Authenticator *auth; + krb5_data authenticator; + Checksum cksum; + krb5_enctype enctype; - outbuf.length = 0; - outbuf.data = NULL; + outbuf.length = 0; + outbuf.data = NULL; + *minor_status = 0; + *context_handle = malloc(sizeof(**context_handle)); + if (*context_handle == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + (*context_handle)->auth_context = NULL; + (*context_handle)->source = NULL; + (*context_handle)->target = NULL; + (*context_handle)->flags = 0; + (*context_handle)->more_flags = 0; - *context_handle = malloc(sizeof(**context_handle)); - if (*context_handle == NULL) - return GSS_S_FAILURE; + kret = krb5_auth_con_init (gssapi_krb5_context, + &(*context_handle)->auth_context); + if (kret) { + *minor_status = kret; + ret = GSS_S_FAILURE; + goto failure; + } - (*context_handle)->auth_context = NULL; - (*context_handle)->source = NULL; - (*context_handle)->target = NULL; - (*context_handle)->flags = 0; - (*context_handle)->more_flags = 0; + { + int32_t tmp; - kret = krb5_auth_con_init (gssapi_krb5_context, - &(*context_handle)->auth_context); - if (kret) { - ret = GSS_S_FAILURE; - goto failure; - } + krb5_auth_con_getflags(gssapi_krb5_context, + (*context_handle)->auth_context, + &tmp); + tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE; + krb5_auth_con_setflags(gssapi_krb5_context, + (*context_handle)->auth_context, + tmp); + } - { - int32_t tmp; + if (actual_mech_type) + *actual_mech_type = GSS_KRB5_MECHANISM; - krb5_auth_con_getflags(gssapi_krb5_context, - (*context_handle)->auth_context, - &tmp); - tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE; - krb5_auth_con_setflags(gssapi_krb5_context, - (*context_handle)->auth_context, - tmp); - } + flags = 0; + ap_options = 0; + if (req_flags & GSS_C_DELEG_FLAG) + ; /* XXX */ + if (req_flags & GSS_C_MUTUAL_FLAG) { + flags |= GSS_C_MUTUAL_FLAG; + ap_options |= AP_OPTS_MUTUAL_REQUIRED; + } + if (req_flags & GSS_C_REPLAY_FLAG) + ; /* XXX */ + if (req_flags & GSS_C_SEQUENCE_FLAG) + ; /* XXX */ + if (req_flags & GSS_C_ANON_FLAG) + ; /* XXX */ + flags |= GSS_C_CONF_FLAG; + flags |= GSS_C_INTEG_FLAG; + flags |= GSS_C_SEQUENCE_FLAG; - if (actual_mech_type) - *actual_mech_type = GSS_KRB5_MECHANISM; + if (ret_flags) + *ret_flags = flags; + (*context_handle)->flags = flags; + (*context_handle)->more_flags = LOCAL; - flags = 0; - ap_options = 0; - if (req_flags & GSS_C_DELEG_FLAG) - ; /* XXX */ - if (req_flags & GSS_C_MUTUAL_FLAG) { - flags |= GSS_C_MUTUAL_FLAG; - ap_options |= AP_OPTS_MUTUAL_REQUIRED; - } - if (req_flags & GSS_C_REPLAY_FLAG) - ; /* XXX */ - if (req_flags & GSS_C_SEQUENCE_FLAG) - ; /* XXX */ - if (req_flags & GSS_C_ANON_FLAG) - ; /* XXX */ - flags |= GSS_C_CONF_FLAG; - flags |= GSS_C_INTEG_FLAG; - flags |= GSS_C_SEQUENCE_FLAG; + kret = krb5_cc_default (gssapi_krb5_context, &ccache); + if (kret) { + *minor_status = kret; + ret = GSS_S_FAILURE; + goto failure; + } - if (ret_flags) - *ret_flags = flags; - (*context_handle)->flags = flags; - (*context_handle)->more_flags = LOCAL; + kret = krb5_cc_get_principal (gssapi_krb5_context, + ccache, + &(*context_handle)->source); + if (kret) { + *minor_status = kret; + ret = GSS_S_FAILURE; + goto failure; + } - kret = krb5_cc_default (gssapi_krb5_context, &ccache); - if (kret) { - ret = GSS_S_FAILURE; - goto failure; - } + kret = krb5_copy_principal (gssapi_krb5_context, + target_name, + &(*context_handle)->target); + if (kret) { + *minor_status = kret; + ret = GSS_S_FAILURE; + goto failure; + } - kret = krb5_cc_get_principal (gssapi_krb5_context, - ccache, - &(*context_handle)->source); - if (kret) { - ret = GSS_S_FAILURE; - goto failure; - } - - kret = krb5_copy_principal (gssapi_krb5_context, - target_name, - &(*context_handle)->target); - if (kret) { - ret = GSS_S_FAILURE; - goto failure; - } - - memset(&this_cred, 0, sizeof(this_cred)); - this_cred.client = (*context_handle)->source; - this_cred.server = (*context_handle)->target; - this_cred.times.endtime = 0; - this_cred.session.keytype = KEYTYPE_DES; + memset(&this_cred, 0, sizeof(this_cred)); + this_cred.client = (*context_handle)->source; + this_cred.server = (*context_handle)->target; + this_cred.times.endtime = 0; + this_cred.session.keytype = ETYPE_DES_CBC_CRC; - kret = krb5_get_credentials (gssapi_krb5_context, - KRB5_TC_MATCH_KEYTYPE, - ccache, - &this_cred, - &cred); + kret = krb5_get_credentials (gssapi_krb5_context, + KRB5_TC_MATCH_KEYTYPE, + ccache, + &this_cred, + &cred); - if (kret) { - ret = GSS_S_FAILURE; - goto failure; - } + if (kret) { + *minor_status = kret; + ret = GSS_S_FAILURE; + goto failure; + } - krb5_auth_con_setkey(gssapi_krb5_context, - (*context_handle)->auth_context, - &cred->session); + krb5_auth_con_setkey(gssapi_krb5_context, + (*context_handle)->auth_context, + &cred->session); - kret = gssapi_krb5_create_8003_checksum (input_chan_bindings, - flags, - &cksum); - if (kret) { - ret = GSS_S_FAILURE; - goto failure; - } + kret = gssapi_krb5_create_8003_checksum (input_chan_bindings, + flags, + &cksum); + if (kret) { + *minor_status = kret; + ret = GSS_S_FAILURE; + goto failure; + } #if 1 - enctype = (*context_handle)->auth_context->keyblock->keytype; + enctype = (*context_handle)->auth_context->keyblock->keytype; #else - if ((*context_handle)->auth_context->enctype) - enctype = (*context_handle)->auth_context->enctype; - else { - kret = krb5_keytype_to_enctype(gssapi_krb5_context, - (*context_handle)->auth_context->keyblock->keytype, - &enctype); - if (kret) - return kret; - } + if ((*context_handle)->auth_context->enctype) + enctype = (*context_handle)->auth_context->enctype; + else { + kret = krb5_keytype_to_enctype(gssapi_krb5_context, + (*context_handle)->auth_context->keyblock->keytype, + &enctype); + if (kret) + return kret; + } #endif - kret = krb5_build_authenticator (gssapi_krb5_context, - (*context_handle)->auth_context, - enctype, - cred, - &cksum, - &auth, - &authenticator); + kret = krb5_build_authenticator (gssapi_krb5_context, + (*context_handle)->auth_context, + enctype, + cred, + &cksum, + &auth, + &authenticator); - if (kret) { - ret = GSS_S_FAILURE; - goto failure; - } + if (kret) { + *minor_status = kret; + ret = GSS_S_FAILURE; + goto failure; + } - kret = krb5_build_ap_req (gssapi_krb5_context, - enctype, - cred, - ap_options, - authenticator, - &outbuf); + kret = krb5_build_ap_req (gssapi_krb5_context, + enctype, + cred, + ap_options, + authenticator, + &outbuf); - if (kret) { - ret = GSS_S_FAILURE; - goto failure; - } + if (kret) { + *minor_status = kret; + ret = GSS_S_FAILURE; + goto failure; + } - ret = gssapi_krb5_encapsulate (&outbuf, - output_token, - "\x01\x00"); - if (ret) - goto failure; + ret = gssapi_krb5_encapsulate (&outbuf, + output_token, + "\x01\x00"); + if (ret) { + *minor_status = kret; + goto failure; + } - if (flags & GSS_C_MUTUAL_FLAG) { - return GSS_S_CONTINUE_NEEDED; - } else { - (*context_handle)->more_flags |= OPEN; - return GSS_S_COMPLETE; - } + if (flags & GSS_C_MUTUAL_FLAG) { + return GSS_S_CONTINUE_NEEDED; + } else { + (*context_handle)->more_flags |= OPEN; + return GSS_S_COMPLETE; + } failure: - krb5_auth_con_free (gssapi_krb5_context, - (*context_handle)->auth_context); - if((*context_handle)->source) - krb5_free_principal (gssapi_krb5_context, - (*context_handle)->source); - if((*context_handle)->target) - krb5_free_principal (gssapi_krb5_context, - (*context_handle)->target); - free (*context_handle); - krb5_data_free (&outbuf); - *context_handle = GSS_C_NO_CONTEXT; - return GSS_S_FAILURE; + krb5_auth_con_free (gssapi_krb5_context, + (*context_handle)->auth_context); + if((*context_handle)->source) + krb5_free_principal (gssapi_krb5_context, + (*context_handle)->source); + if((*context_handle)->target) + krb5_free_principal (gssapi_krb5_context, + (*context_handle)->target); + free (*context_handle); + krb5_data_free (&outbuf); + *context_handle = GSS_C_NO_CONTEXT; + return GSS_S_FAILURE; } static OM_uint32 diff --git a/lib/gssapi/krb5/display_status.c b/lib/gssapi/krb5/display_status.c index 0cd811f6f..cdccdced4 100644 --- a/lib/gssapi/krb5/display_status.c +++ b/lib/gssapi/krb5/display_status.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -114,12 +114,16 @@ OM_uint32 gss_display_status asprintf (&buf, "%s %s", calling_error(GSS_CALLING_ERROR(status_value)), routine_error(GSS_ROUTINE_ERROR(status_value))); - if (buf == NULL) + if (buf == NULL) { + *minor_status = ENOMEM; return GSS_S_FAILURE; + } } else if (status_type == GSS_C_MECH_CODE) { buf = strdup(krb5_get_err_text (gssapi_krb5_context, status_value)); - if (buf == NULL) + if (buf == NULL) { + *minor_status = ENOMEM; return GSS_S_FAILURE; + } } else return GSS_S_BAD_STATUS; diff --git a/lib/gssapi/krb5/init_sec_context.c b/lib/gssapi/krb5/init_sec_context.c index f14a791fe..b5f76f368 100644 --- a/lib/gssapi/krb5/init_sec_context.c +++ b/lib/gssapi/krb5/init_sec_context.c @@ -57,197 +57,208 @@ init_auth OM_uint32 * time_rec ) { - OM_uint32 ret; - krb5_error_code kret; - krb5_flags ap_options; - krb5_creds this_cred, *cred; - krb5_data outbuf; - krb5_ccache ccache; - u_int32_t flags; - Authenticator *auth; - krb5_data authenticator; - Checksum cksum; - krb5_enctype enctype; + OM_uint32 ret; + krb5_error_code kret; + krb5_flags ap_options; + krb5_creds this_cred, *cred; + krb5_data outbuf; + krb5_ccache ccache; + u_int32_t flags; + Authenticator *auth; + krb5_data authenticator; + Checksum cksum; + krb5_enctype enctype; - outbuf.length = 0; - outbuf.data = NULL; + outbuf.length = 0; + outbuf.data = NULL; + *minor_status = 0; + *context_handle = malloc(sizeof(**context_handle)); + if (*context_handle == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + (*context_handle)->auth_context = NULL; + (*context_handle)->source = NULL; + (*context_handle)->target = NULL; + (*context_handle)->flags = 0; + (*context_handle)->more_flags = 0; - *context_handle = malloc(sizeof(**context_handle)); - if (*context_handle == NULL) - return GSS_S_FAILURE; + kret = krb5_auth_con_init (gssapi_krb5_context, + &(*context_handle)->auth_context); + if (kret) { + *minor_status = kret; + ret = GSS_S_FAILURE; + goto failure; + } - (*context_handle)->auth_context = NULL; - (*context_handle)->source = NULL; - (*context_handle)->target = NULL; - (*context_handle)->flags = 0; - (*context_handle)->more_flags = 0; + { + int32_t tmp; - kret = krb5_auth_con_init (gssapi_krb5_context, - &(*context_handle)->auth_context); - if (kret) { - ret = GSS_S_FAILURE; - goto failure; - } + krb5_auth_con_getflags(gssapi_krb5_context, + (*context_handle)->auth_context, + &tmp); + tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE; + krb5_auth_con_setflags(gssapi_krb5_context, + (*context_handle)->auth_context, + tmp); + } - { - int32_t tmp; + if (actual_mech_type) + *actual_mech_type = GSS_KRB5_MECHANISM; - krb5_auth_con_getflags(gssapi_krb5_context, - (*context_handle)->auth_context, - &tmp); - tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE; - krb5_auth_con_setflags(gssapi_krb5_context, - (*context_handle)->auth_context, - tmp); - } + flags = 0; + ap_options = 0; + if (req_flags & GSS_C_DELEG_FLAG) + ; /* XXX */ + if (req_flags & GSS_C_MUTUAL_FLAG) { + flags |= GSS_C_MUTUAL_FLAG; + ap_options |= AP_OPTS_MUTUAL_REQUIRED; + } + if (req_flags & GSS_C_REPLAY_FLAG) + ; /* XXX */ + if (req_flags & GSS_C_SEQUENCE_FLAG) + ; /* XXX */ + if (req_flags & GSS_C_ANON_FLAG) + ; /* XXX */ + flags |= GSS_C_CONF_FLAG; + flags |= GSS_C_INTEG_FLAG; + flags |= GSS_C_SEQUENCE_FLAG; - if (actual_mech_type) - *actual_mech_type = GSS_KRB5_MECHANISM; + if (ret_flags) + *ret_flags = flags; + (*context_handle)->flags = flags; + (*context_handle)->more_flags = LOCAL; - flags = 0; - ap_options = 0; - if (req_flags & GSS_C_DELEG_FLAG) - ; /* XXX */ - if (req_flags & GSS_C_MUTUAL_FLAG) { - flags |= GSS_C_MUTUAL_FLAG; - ap_options |= AP_OPTS_MUTUAL_REQUIRED; - } - if (req_flags & GSS_C_REPLAY_FLAG) - ; /* XXX */ - if (req_flags & GSS_C_SEQUENCE_FLAG) - ; /* XXX */ - if (req_flags & GSS_C_ANON_FLAG) - ; /* XXX */ - flags |= GSS_C_CONF_FLAG; - flags |= GSS_C_INTEG_FLAG; - flags |= GSS_C_SEQUENCE_FLAG; + kret = krb5_cc_default (gssapi_krb5_context, &ccache); + if (kret) { + *minor_status = kret; + ret = GSS_S_FAILURE; + goto failure; + } - if (ret_flags) - *ret_flags = flags; - (*context_handle)->flags = flags; - (*context_handle)->more_flags = LOCAL; + kret = krb5_cc_get_principal (gssapi_krb5_context, + ccache, + &(*context_handle)->source); + if (kret) { + *minor_status = kret; + ret = GSS_S_FAILURE; + goto failure; + } - kret = krb5_cc_default (gssapi_krb5_context, &ccache); - if (kret) { - ret = GSS_S_FAILURE; - goto failure; - } + kret = krb5_copy_principal (gssapi_krb5_context, + target_name, + &(*context_handle)->target); + if (kret) { + *minor_status = kret; + ret = GSS_S_FAILURE; + goto failure; + } - kret = krb5_cc_get_principal (gssapi_krb5_context, - ccache, - &(*context_handle)->source); - if (kret) { - ret = GSS_S_FAILURE; - goto failure; - } - - kret = krb5_copy_principal (gssapi_krb5_context, - target_name, - &(*context_handle)->target); - if (kret) { - ret = GSS_S_FAILURE; - goto failure; - } - - memset(&this_cred, 0, sizeof(this_cred)); - this_cred.client = (*context_handle)->source; - this_cred.server = (*context_handle)->target; - this_cred.times.endtime = 0; - this_cred.session.keytype = KEYTYPE_DES; + memset(&this_cred, 0, sizeof(this_cred)); + this_cred.client = (*context_handle)->source; + this_cred.server = (*context_handle)->target; + this_cred.times.endtime = 0; + this_cred.session.keytype = ETYPE_DES_CBC_CRC; - kret = krb5_get_credentials (gssapi_krb5_context, - KRB5_TC_MATCH_KEYTYPE, - ccache, - &this_cred, - &cred); + kret = krb5_get_credentials (gssapi_krb5_context, + KRB5_TC_MATCH_KEYTYPE, + ccache, + &this_cred, + &cred); - if (kret) { - ret = GSS_S_FAILURE; - goto failure; - } + if (kret) { + *minor_status = kret; + ret = GSS_S_FAILURE; + goto failure; + } - krb5_auth_con_setkey(gssapi_krb5_context, - (*context_handle)->auth_context, - &cred->session); + krb5_auth_con_setkey(gssapi_krb5_context, + (*context_handle)->auth_context, + &cred->session); - kret = gssapi_krb5_create_8003_checksum (input_chan_bindings, - flags, - &cksum); - if (kret) { - ret = GSS_S_FAILURE; - goto failure; - } + kret = gssapi_krb5_create_8003_checksum (input_chan_bindings, + flags, + &cksum); + if (kret) { + *minor_status = kret; + ret = GSS_S_FAILURE; + goto failure; + } #if 1 - enctype = (*context_handle)->auth_context->keyblock->keytype; + enctype = (*context_handle)->auth_context->keyblock->keytype; #else - if ((*context_handle)->auth_context->enctype) - enctype = (*context_handle)->auth_context->enctype; - else { - kret = krb5_keytype_to_enctype(gssapi_krb5_context, - (*context_handle)->auth_context->keyblock->keytype, - &enctype); - if (kret) - return kret; - } + if ((*context_handle)->auth_context->enctype) + enctype = (*context_handle)->auth_context->enctype; + else { + kret = krb5_keytype_to_enctype(gssapi_krb5_context, + (*context_handle)->auth_context->keyblock->keytype, + &enctype); + if (kret) + return kret; + } #endif - kret = krb5_build_authenticator (gssapi_krb5_context, - (*context_handle)->auth_context, - enctype, - cred, - &cksum, - &auth, - &authenticator); + kret = krb5_build_authenticator (gssapi_krb5_context, + (*context_handle)->auth_context, + enctype, + cred, + &cksum, + &auth, + &authenticator); - if (kret) { - ret = GSS_S_FAILURE; - goto failure; - } + if (kret) { + *minor_status = kret; + ret = GSS_S_FAILURE; + goto failure; + } - kret = krb5_build_ap_req (gssapi_krb5_context, - enctype, - cred, - ap_options, - authenticator, - &outbuf); + kret = krb5_build_ap_req (gssapi_krb5_context, + enctype, + cred, + ap_options, + authenticator, + &outbuf); - if (kret) { - ret = GSS_S_FAILURE; - goto failure; - } + if (kret) { + *minor_status = kret; + ret = GSS_S_FAILURE; + goto failure; + } - ret = gssapi_krb5_encapsulate (&outbuf, - output_token, - "\x01\x00"); - if (ret) - goto failure; + ret = gssapi_krb5_encapsulate (&outbuf, + output_token, + "\x01\x00"); + if (ret) { + *minor_status = kret; + goto failure; + } - if (flags & GSS_C_MUTUAL_FLAG) { - return GSS_S_CONTINUE_NEEDED; - } else { - (*context_handle)->more_flags |= OPEN; - return GSS_S_COMPLETE; - } + if (flags & GSS_C_MUTUAL_FLAG) { + return GSS_S_CONTINUE_NEEDED; + } else { + (*context_handle)->more_flags |= OPEN; + return GSS_S_COMPLETE; + } failure: - krb5_auth_con_free (gssapi_krb5_context, - (*context_handle)->auth_context); - if((*context_handle)->source) - krb5_free_principal (gssapi_krb5_context, - (*context_handle)->source); - if((*context_handle)->target) - krb5_free_principal (gssapi_krb5_context, - (*context_handle)->target); - free (*context_handle); - krb5_data_free (&outbuf); - *context_handle = GSS_C_NO_CONTEXT; - return GSS_S_FAILURE; + krb5_auth_con_free (gssapi_krb5_context, + (*context_handle)->auth_context); + if((*context_handle)->source) + krb5_free_principal (gssapi_krb5_context, + (*context_handle)->source); + if((*context_handle)->target) + krb5_free_principal (gssapi_krb5_context, + (*context_handle)->target); + free (*context_handle); + krb5_data_free (&outbuf); + *context_handle = GSS_C_NO_CONTEXT; + return GSS_S_FAILURE; } static OM_uint32