oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

(gss_accept_sec_context): take care to set export value to something

Browse Source 
sane before we start so caller will have harmless values in them if we
failed, set lifetime from ticket expiration date


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11739 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2003-03-16 17:41:12 +00:00
parent 8da3ed3cae
commit ad83859f1a
2 changed files with 22 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
lib/gssapi/accept_sec_context.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2002 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2003 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -92,6 +92,11 @@ gss_accept_sec_context
output_token->length = 0; output_token->length = 0;
output_token->value = NULL; output_token->value = NULL;
if (src_name != NULL)
*src_name = NULL;
if (mech_type)
*mech_type = GSS_KRB5_MECHANISM;
if (*context_handle == GSS_C_NO_CONTEXT) { if (*context_handle == GSS_C_NO_CONTEXT) {
*context_handle = malloc(sizeof(**context_handle)); *context_handle = malloc(sizeof(**context_handle));
if (*context_handle == GSS_C_NO_CONTEXT) { if (*context_handle == GSS_C_NO_CONTEXT) {
@@ -106,9 +111,7 @@ gss_accept_sec_context
(*context_handle)->flags = 0; (*context_handle)->flags = 0;
(*context_handle)->more_flags = 0; (*context_handle)->more_flags = 0;
(*context_handle)->ticket = NULL; (*context_handle)->ticket = NULL;
(*context_handle)->lifetime = GSS_C_INDEFINITE;
if (src_name != NULL)
*src_name = NULL;
kret = krb5_auth_con_init (gssapi_krb5_context, kret = krb5_auth_con_init (gssapi_krb5_context,
&(*context_handle)->auth_context); &(*context_handle)->auth_context);
@@ -361,6 +364,7 @@ gss_accept_sec_context
if (ret_flags) if (ret_flags)
*ret_flags = flags; *ret_flags = flags;
(*context_handle)->lifetime = ticket->ticket.endtime;
(*context_handle)->flags = flags; (*context_handle)->flags = flags;
(*context_handle)->more_flags |= OPEN; (*context_handle)->more_flags |= OPEN;
@@ -368,7 +372,7 @@ gss_accept_sec_context
*mech_type = GSS_KRB5_MECHANISM; *mech_type = GSS_KRB5_MECHANISM;
if (time_rec) if (time_rec)
*time_rec = GSS_C_INDEFINITE; *time_rec = (*context_handle)->lifetime;
if(flags & GSS_C_MUTUAL_FLAG) { if(flags & GSS_C_MUTUAL_FLAG) {
krb5_data outbuf; krb5_data outbuf;
@@ -391,6 +395,7 @@ gss_accept_sec_context
goto failure; goto failure;
} else { } else {
output_token->length = 0; output_token->length = 0;
output_token->value = NULL;
} }
(*context_handle)->ticket = ticket; (*context_handle)->ticket = ticket;
@@ -400,6 +405,7 @@ gss_accept_sec_context
krb5_free_ticket (context, ticket); krb5_free_ticket (context, ticket);
#endif #endif
*minor_status = 0;
return GSS_S_COMPLETE; return GSS_S_COMPLETE;
failure: failure:

16
lib/gssapi/krb5/accept_sec_context.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2002 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2003 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -92,6 +92,11 @@ gss_accept_sec_context
output_token->length = 0; output_token->length = 0;
output_token->value = NULL; output_token->value = NULL;
if (src_name != NULL)
*src_name = NULL;
if (mech_type)
*mech_type = GSS_KRB5_MECHANISM;
if (*context_handle == GSS_C_NO_CONTEXT) { if (*context_handle == GSS_C_NO_CONTEXT) {
*context_handle = malloc(sizeof(**context_handle)); *context_handle = malloc(sizeof(**context_handle));
if (*context_handle == GSS_C_NO_CONTEXT) { if (*context_handle == GSS_C_NO_CONTEXT) {
@@ -106,9 +111,7 @@ gss_accept_sec_context
(*context_handle)->flags = 0; (*context_handle)->flags = 0;
(*context_handle)->more_flags = 0; (*context_handle)->more_flags = 0;
(*context_handle)->ticket = NULL; (*context_handle)->ticket = NULL;
(*context_handle)->lifetime = GSS_C_INDEFINITE;
if (src_name != NULL)
*src_name = NULL;
kret = krb5_auth_con_init (gssapi_krb5_context, kret = krb5_auth_con_init (gssapi_krb5_context,
&(*context_handle)->auth_context); &(*context_handle)->auth_context);
@@ -361,6 +364,7 @@ gss_accept_sec_context
if (ret_flags) if (ret_flags)
*ret_flags = flags; *ret_flags = flags;
(*context_handle)->lifetime = ticket->ticket.endtime;
(*context_handle)->flags = flags; (*context_handle)->flags = flags;
(*context_handle)->more_flags |= OPEN; (*context_handle)->more_flags |= OPEN;
@@ -368,7 +372,7 @@ gss_accept_sec_context
*mech_type = GSS_KRB5_MECHANISM; *mech_type = GSS_KRB5_MECHANISM;
if (time_rec) if (time_rec)
*time_rec = GSS_C_INDEFINITE; *time_rec = (*context_handle)->lifetime;
if(flags & GSS_C_MUTUAL_FLAG) { if(flags & GSS_C_MUTUAL_FLAG) {
krb5_data outbuf; krb5_data outbuf;
@@ -391,6 +395,7 @@ gss_accept_sec_context
goto failure; goto failure;
} else { } else {
output_token->length = 0; output_token->length = 0;
output_token->value = NULL;
} }
(*context_handle)->ticket = ticket; (*context_handle)->ticket = ticket;
@@ -400,6 +405,7 @@ gss_accept_sec_context
krb5_free_ticket (context, ticket); krb5_free_ticket (context, ticket);
#endif #endif
*minor_status = 0;
return GSS_S_COMPLETE; return GSS_S_COMPLETE;
failure: failure: