= Create a cache for delegated credentials when needed.
= Return GSS_S_BAD_BINDINGS when appropriate, and otherwise tweak the return value handling in gss_accept_sec_context to be sure they are set to something reasonable. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10582 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Jacques A. Vidrine
@@ -166,15 +166,15 @@ gssapi_krb5_verify_8003_checksum(
|
|||||||
p = cksum->checksum.data;
|
p = cksum->checksum.data;
|
||||||
decode_om_uint32(p, &length);
|
decode_om_uint32(p, &length);
|
||||||
if(length != sizeof(hash))
|
if(length != sizeof(hash))
|
||||||
return GSS_S_FAILURE;
|
return GSS_S_BAD_BINDINGS;;
|
||||||
|
|
||||||
p += 4;
|
p += 4;
|
||||||
|
|
||||||
if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS) {
|
if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS) {
|
||||||
if(hash_input_chan_bindings(input_chan_bindings, hash) != 0)
|
if(hash_input_chan_bindings(input_chan_bindings, hash) != 0)
|
||||||
return GSS_S_FAILURE;
|
return GSS_S_BAD_BINDINGS;
|
||||||
if(memcmp(hash, p, sizeof(hash)) != 0)
|
if(memcmp(hash, p, sizeof(hash)) != 0)
|
||||||
return GSS_S_FAILURE;
|
return GSS_S_BAD_BINDINGS;
|
||||||
}
|
}
|
||||||
|
|
||||||
p += sizeof(hash);
|
p += sizeof(hash);
|
||||||
|
|||||||
@@ -86,6 +86,7 @@ gss_accept_sec_context
|
|||||||
krb5_data fwd_data;
|
krb5_data fwd_data;
|
||||||
OM_uint32 minor;
|
OM_uint32 minor;
|
||||||
|
|
||||||
|
ret = 0;
|
||||||
gssapi_krb5_init ();
|
gssapi_krb5_init ();
|
||||||
|
|
||||||
krb5_data_zero (&fwd_data);
|
krb5_data_zero (&fwd_data);
|
||||||
@@ -114,7 +115,6 @@ gss_accept_sec_context
|
|||||||
&(*context_handle)->auth_context);
|
&(*context_handle)->auth_context);
|
||||||
if (kret) {
|
if (kret) {
|
||||||
ret = GSS_S_FAILURE;
|
ret = GSS_S_FAILURE;
|
||||||
*minor_status = kret;
|
|
||||||
gssapi_krb5_set_error_string ();
|
gssapi_krb5_set_error_string ();
|
||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
@@ -144,7 +144,6 @@ gss_accept_sec_context
|
|||||||
(*context_handle)->auth_context->local_port,
|
(*context_handle)->auth_context->local_port,
|
||||||
&acceptor_addr);
|
&acceptor_addr);
|
||||||
if (kret) {
|
if (kret) {
|
||||||
*minor_status = kret;
|
|
||||||
gssapi_krb5_set_error_string ();
|
gssapi_krb5_set_error_string ();
|
||||||
ret = GSS_S_BAD_BINDINGS;
|
ret = GSS_S_BAD_BINDINGS;
|
||||||
goto failure;
|
goto failure;
|
||||||
@@ -156,7 +155,6 @@ gss_accept_sec_context
|
|||||||
&initiator_addr);
|
&initiator_addr);
|
||||||
if (kret) {
|
if (kret) {
|
||||||
krb5_free_address (gssapi_krb5_context, &acceptor_addr);
|
krb5_free_address (gssapi_krb5_context, &acceptor_addr);
|
||||||
*minor_status = kret;
|
|
||||||
gssapi_krb5_set_error_string ();
|
gssapi_krb5_set_error_string ();
|
||||||
ret = GSS_S_BAD_BINDINGS;
|
ret = GSS_S_BAD_BINDINGS;
|
||||||
goto failure;
|
goto failure;
|
||||||
@@ -177,7 +175,6 @@ gss_accept_sec_context
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (kret) {
|
if (kret) {
|
||||||
*minor_status = kret;
|
|
||||||
gssapi_krb5_set_error_string ();
|
gssapi_krb5_set_error_string ();
|
||||||
ret = GSS_S_BAD_BINDINGS;
|
ret = GSS_S_BAD_BINDINGS;
|
||||||
goto failure;
|
goto failure;
|
||||||
@@ -203,8 +200,8 @@ gss_accept_sec_context
|
|||||||
&indata,
|
&indata,
|
||||||
"\x01\x00");
|
"\x01\x00");
|
||||||
if (ret) {
|
if (ret) {
|
||||||
kret = *minor_status;
|
kret = *minor_status;
|
||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) {
|
if (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) {
|
||||||
@@ -225,7 +222,6 @@ gss_accept_sec_context
|
|||||||
&ticket);
|
&ticket);
|
||||||
if (kret) {
|
if (kret) {
|
||||||
ret = GSS_S_FAILURE;
|
ret = GSS_S_FAILURE;
|
||||||
*minor_status = kret;
|
|
||||||
gssapi_krb5_set_error_string ();
|
gssapi_krb5_set_error_string ();
|
||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
@@ -235,7 +231,6 @@ gss_accept_sec_context
|
|||||||
&(*context_handle)->source);
|
&(*context_handle)->source);
|
||||||
if (kret) {
|
if (kret) {
|
||||||
ret = GSS_S_FAILURE;
|
ret = GSS_S_FAILURE;
|
||||||
*minor_status = kret;
|
|
||||||
gssapi_krb5_set_error_string ();
|
gssapi_krb5_set_error_string ();
|
||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
@@ -245,7 +240,6 @@ gss_accept_sec_context
|
|||||||
&(*context_handle)->target);
|
&(*context_handle)->target);
|
||||||
if (kret) {
|
if (kret) {
|
||||||
ret = GSS_S_FAILURE;
|
ret = GSS_S_FAILURE;
|
||||||
*minor_status = kret;
|
|
||||||
gssapi_krb5_set_error_string ();
|
gssapi_krb5_set_error_string ();
|
||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
@@ -256,7 +250,6 @@ gss_accept_sec_context
|
|||||||
src_name);
|
src_name);
|
||||||
if (kret) {
|
if (kret) {
|
||||||
ret = GSS_S_FAILURE;
|
ret = GSS_S_FAILURE;
|
||||||
*minor_status = kret;
|
|
||||||
gssapi_krb5_set_error_string ();
|
gssapi_krb5_set_error_string ();
|
||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
@@ -270,21 +263,18 @@ gss_accept_sec_context
|
|||||||
&authenticator);
|
&authenticator);
|
||||||
if(kret) {
|
if(kret) {
|
||||||
ret = GSS_S_FAILURE;
|
ret = GSS_S_FAILURE;
|
||||||
*minor_status = kret;
|
|
||||||
gssapi_krb5_set_error_string ();
|
gssapi_krb5_set_error_string ();
|
||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
|
|
||||||
kret = gssapi_krb5_verify_8003_checksum(input_chan_bindings,
|
ret = gssapi_krb5_verify_8003_checksum(input_chan_bindings,
|
||||||
authenticator->cksum,
|
authenticator->cksum,
|
||||||
&flags,
|
&flags,
|
||||||
&fwd_data);
|
&fwd_data);
|
||||||
krb5_free_authenticator(gssapi_krb5_context, &authenticator);
|
krb5_free_authenticator(gssapi_krb5_context, &authenticator);
|
||||||
if (kret) {
|
if (ret) {
|
||||||
ret = GSS_S_FAILURE;
|
kret = 0;
|
||||||
*minor_status = kret;
|
goto failure;
|
||||||
gssapi_krb5_set_error_string ();
|
|
||||||
goto failure;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -292,18 +282,49 @@ gss_accept_sec_context
|
|||||||
|
|
||||||
krb5_ccache ccache;
|
krb5_ccache ccache;
|
||||||
|
|
||||||
if (delegated_cred_handle == NULL || *delegated_cred_handle == NULL)
|
if (delegated_cred_handle == NULL)
|
||||||
/* XXX Create a new delegated_cred_handle? */
|
/* XXX Create a new delegated_cred_handle? */
|
||||||
kret = krb5_cc_default (gssapi_krb5_context, &ccache);
|
kret = krb5_cc_default (gssapi_krb5_context, &ccache);
|
||||||
|
else if (*delegated_cred_handle == NULL) {
|
||||||
else {
|
if ((*delegated_cred_handle =
|
||||||
if ((*delegated_cred_handle)->ccache == NULL)
|
calloc(1, sizeof(**delegated_cred_handle))) == NULL) {
|
||||||
|
ret = GSS_S_FAILURE;
|
||||||
|
kret = ENOMEM;
|
||||||
|
krb5_set_error_string(gssapi_krb5_context, "out of memory");
|
||||||
|
gssapi_krb5_set_error_string();
|
||||||
|
goto failure;
|
||||||
|
}
|
||||||
|
if ((kret = gss_duplicate_name(minor_status, ticket->client,
|
||||||
|
&(*delegated_cred_handle)->principal)) != 0) {
|
||||||
|
flags &= ~GSS_C_DELEG_FLAG;
|
||||||
|
free(*delegated_cred_handle);
|
||||||
|
*delegated_cred_handle = NULL;
|
||||||
|
goto end_fwd;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (delegated_cred_handle != NULL &&
|
||||||
|
(*delegated_cred_handle)->ccache == NULL) {
|
||||||
kret = krb5_cc_gen_new (gssapi_krb5_context,
|
kret = krb5_cc_gen_new (gssapi_krb5_context,
|
||||||
&krb5_mcc_ops,
|
&krb5_mcc_ops,
|
||||||
&(*delegated_cred_handle)->ccache);
|
&(*delegated_cred_handle)->ccache);
|
||||||
ccache = (*delegated_cred_handle)->ccache;
|
ccache = (*delegated_cred_handle)->ccache;
|
||||||
}
|
}
|
||||||
|
if (delegated_cred_handle != NULL &&
|
||||||
|
(*delegated_cred_handle)->mechanisms == NULL) {
|
||||||
|
ret = gss_create_empty_oid_set(minor_status,
|
||||||
|
&(*delegated_cred_handle)->mechanisms);
|
||||||
|
if (ret) {
|
||||||
|
kret = *minor_status;
|
||||||
|
goto failure;
|
||||||
|
}
|
||||||
|
ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
|
||||||
|
&(*delegated_cred_handle)->mechanisms);
|
||||||
|
if (ret) {
|
||||||
|
kret = *minor_status;
|
||||||
|
goto failure;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (kret) {
|
if (kret) {
|
||||||
flags &= ~GSS_C_DELEG_FLAG;
|
flags &= ~GSS_C_DELEG_FLAG;
|
||||||
goto end_fwd;
|
goto end_fwd;
|
||||||
@@ -352,7 +373,6 @@ end_fwd:
|
|||||||
&outbuf);
|
&outbuf);
|
||||||
if (kret) {
|
if (kret) {
|
||||||
ret = GSS_S_FAILURE;
|
ret = GSS_S_FAILURE;
|
||||||
*minor_status = kret;
|
|
||||||
gssapi_krb5_set_error_string ();
|
gssapi_krb5_set_error_string ();
|
||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
@@ -362,8 +382,8 @@ end_fwd:
|
|||||||
"\x02\x00");
|
"\x02\x00");
|
||||||
krb5_data_free (&outbuf);
|
krb5_data_free (&outbuf);
|
||||||
if (ret) {
|
if (ret) {
|
||||||
kret = *minor_status;
|
kret = *minor_status;
|
||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
output_token->length = 0;
|
output_token->length = 0;
|
||||||
@@ -398,5 +418,5 @@ failure:
|
|||||||
}
|
}
|
||||||
*context_handle = GSS_C_NO_CONTEXT;
|
*context_handle = GSS_C_NO_CONTEXT;
|
||||||
*minor_status = kret;
|
*minor_status = kret;
|
||||||
return GSS_S_FAILURE;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -166,15 +166,15 @@ gssapi_krb5_verify_8003_checksum(
|
|||||||
p = cksum->checksum.data;
|
p = cksum->checksum.data;
|
||||||
decode_om_uint32(p, &length);
|
decode_om_uint32(p, &length);
|
||||||
if(length != sizeof(hash))
|
if(length != sizeof(hash))
|
||||||
return GSS_S_FAILURE;
|
return GSS_S_BAD_BINDINGS;;
|
||||||
|
|
||||||
p += 4;
|
p += 4;
|
||||||
|
|
||||||
if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS) {
|
if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS) {
|
||||||
if(hash_input_chan_bindings(input_chan_bindings, hash) != 0)
|
if(hash_input_chan_bindings(input_chan_bindings, hash) != 0)
|
||||||
return GSS_S_FAILURE;
|
return GSS_S_BAD_BINDINGS;
|
||||||
if(memcmp(hash, p, sizeof(hash)) != 0)
|
if(memcmp(hash, p, sizeof(hash)) != 0)
|
||||||
return GSS_S_FAILURE;
|
return GSS_S_BAD_BINDINGS;
|
||||||
}
|
}
|
||||||
|
|
||||||
p += sizeof(hash);
|
p += sizeof(hash);
|
||||||
|
|||||||
@@ -86,6 +86,7 @@ gss_accept_sec_context
|
|||||||
krb5_data fwd_data;
|
krb5_data fwd_data;
|
||||||
OM_uint32 minor;
|
OM_uint32 minor;
|
||||||
|
|
||||||
|
ret = 0;
|
||||||
gssapi_krb5_init ();
|
gssapi_krb5_init ();
|
||||||
|
|
||||||
krb5_data_zero (&fwd_data);
|
krb5_data_zero (&fwd_data);
|
||||||
@@ -114,7 +115,6 @@ gss_accept_sec_context
|
|||||||
&(*context_handle)->auth_context);
|
&(*context_handle)->auth_context);
|
||||||
if (kret) {
|
if (kret) {
|
||||||
ret = GSS_S_FAILURE;
|
ret = GSS_S_FAILURE;
|
||||||
*minor_status = kret;
|
|
||||||
gssapi_krb5_set_error_string ();
|
gssapi_krb5_set_error_string ();
|
||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
@@ -144,7 +144,6 @@ gss_accept_sec_context
|
|||||||
(*context_handle)->auth_context->local_port,
|
(*context_handle)->auth_context->local_port,
|
||||||
&acceptor_addr);
|
&acceptor_addr);
|
||||||
if (kret) {
|
if (kret) {
|
||||||
*minor_status = kret;
|
|
||||||
gssapi_krb5_set_error_string ();
|
gssapi_krb5_set_error_string ();
|
||||||
ret = GSS_S_BAD_BINDINGS;
|
ret = GSS_S_BAD_BINDINGS;
|
||||||
goto failure;
|
goto failure;
|
||||||
@@ -156,7 +155,6 @@ gss_accept_sec_context
|
|||||||
&initiator_addr);
|
&initiator_addr);
|
||||||
if (kret) {
|
if (kret) {
|
||||||
krb5_free_address (gssapi_krb5_context, &acceptor_addr);
|
krb5_free_address (gssapi_krb5_context, &acceptor_addr);
|
||||||
*minor_status = kret;
|
|
||||||
gssapi_krb5_set_error_string ();
|
gssapi_krb5_set_error_string ();
|
||||||
ret = GSS_S_BAD_BINDINGS;
|
ret = GSS_S_BAD_BINDINGS;
|
||||||
goto failure;
|
goto failure;
|
||||||
@@ -177,7 +175,6 @@ gss_accept_sec_context
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (kret) {
|
if (kret) {
|
||||||
*minor_status = kret;
|
|
||||||
gssapi_krb5_set_error_string ();
|
gssapi_krb5_set_error_string ();
|
||||||
ret = GSS_S_BAD_BINDINGS;
|
ret = GSS_S_BAD_BINDINGS;
|
||||||
goto failure;
|
goto failure;
|
||||||
@@ -203,8 +200,8 @@ gss_accept_sec_context
|
|||||||
&indata,
|
&indata,
|
||||||
"\x01\x00");
|
"\x01\x00");
|
||||||
if (ret) {
|
if (ret) {
|
||||||
kret = *minor_status;
|
kret = *minor_status;
|
||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) {
|
if (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) {
|
||||||
@@ -225,7 +222,6 @@ gss_accept_sec_context
|
|||||||
&ticket);
|
&ticket);
|
||||||
if (kret) {
|
if (kret) {
|
||||||
ret = GSS_S_FAILURE;
|
ret = GSS_S_FAILURE;
|
||||||
*minor_status = kret;
|
|
||||||
gssapi_krb5_set_error_string ();
|
gssapi_krb5_set_error_string ();
|
||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
@@ -235,7 +231,6 @@ gss_accept_sec_context
|
|||||||
&(*context_handle)->source);
|
&(*context_handle)->source);
|
||||||
if (kret) {
|
if (kret) {
|
||||||
ret = GSS_S_FAILURE;
|
ret = GSS_S_FAILURE;
|
||||||
*minor_status = kret;
|
|
||||||
gssapi_krb5_set_error_string ();
|
gssapi_krb5_set_error_string ();
|
||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
@@ -245,7 +240,6 @@ gss_accept_sec_context
|
|||||||
&(*context_handle)->target);
|
&(*context_handle)->target);
|
||||||
if (kret) {
|
if (kret) {
|
||||||
ret = GSS_S_FAILURE;
|
ret = GSS_S_FAILURE;
|
||||||
*minor_status = kret;
|
|
||||||
gssapi_krb5_set_error_string ();
|
gssapi_krb5_set_error_string ();
|
||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
@@ -256,7 +250,6 @@ gss_accept_sec_context
|
|||||||
src_name);
|
src_name);
|
||||||
if (kret) {
|
if (kret) {
|
||||||
ret = GSS_S_FAILURE;
|
ret = GSS_S_FAILURE;
|
||||||
*minor_status = kret;
|
|
||||||
gssapi_krb5_set_error_string ();
|
gssapi_krb5_set_error_string ();
|
||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
@@ -270,21 +263,18 @@ gss_accept_sec_context
|
|||||||
&authenticator);
|
&authenticator);
|
||||||
if(kret) {
|
if(kret) {
|
||||||
ret = GSS_S_FAILURE;
|
ret = GSS_S_FAILURE;
|
||||||
*minor_status = kret;
|
|
||||||
gssapi_krb5_set_error_string ();
|
gssapi_krb5_set_error_string ();
|
||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
|
|
||||||
kret = gssapi_krb5_verify_8003_checksum(input_chan_bindings,
|
ret = gssapi_krb5_verify_8003_checksum(input_chan_bindings,
|
||||||
authenticator->cksum,
|
authenticator->cksum,
|
||||||
&flags,
|
&flags,
|
||||||
&fwd_data);
|
&fwd_data);
|
||||||
krb5_free_authenticator(gssapi_krb5_context, &authenticator);
|
krb5_free_authenticator(gssapi_krb5_context, &authenticator);
|
||||||
if (kret) {
|
if (ret) {
|
||||||
ret = GSS_S_FAILURE;
|
kret = 0;
|
||||||
*minor_status = kret;
|
goto failure;
|
||||||
gssapi_krb5_set_error_string ();
|
|
||||||
goto failure;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -292,18 +282,49 @@ gss_accept_sec_context
|
|||||||
|
|
||||||
krb5_ccache ccache;
|
krb5_ccache ccache;
|
||||||
|
|
||||||
if (delegated_cred_handle == NULL || *delegated_cred_handle == NULL)
|
if (delegated_cred_handle == NULL)
|
||||||
/* XXX Create a new delegated_cred_handle? */
|
/* XXX Create a new delegated_cred_handle? */
|
||||||
kret = krb5_cc_default (gssapi_krb5_context, &ccache);
|
kret = krb5_cc_default (gssapi_krb5_context, &ccache);
|
||||||
|
else if (*delegated_cred_handle == NULL) {
|
||||||
else {
|
if ((*delegated_cred_handle =
|
||||||
if ((*delegated_cred_handle)->ccache == NULL)
|
calloc(1, sizeof(**delegated_cred_handle))) == NULL) {
|
||||||
|
ret = GSS_S_FAILURE;
|
||||||
|
kret = ENOMEM;
|
||||||
|
krb5_set_error_string(gssapi_krb5_context, "out of memory");
|
||||||
|
gssapi_krb5_set_error_string();
|
||||||
|
goto failure;
|
||||||
|
}
|
||||||
|
if ((kret = gss_duplicate_name(minor_status, ticket->client,
|
||||||
|
&(*delegated_cred_handle)->principal)) != 0) {
|
||||||
|
flags &= ~GSS_C_DELEG_FLAG;
|
||||||
|
free(*delegated_cred_handle);
|
||||||
|
*delegated_cred_handle = NULL;
|
||||||
|
goto end_fwd;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (delegated_cred_handle != NULL &&
|
||||||
|
(*delegated_cred_handle)->ccache == NULL) {
|
||||||
kret = krb5_cc_gen_new (gssapi_krb5_context,
|
kret = krb5_cc_gen_new (gssapi_krb5_context,
|
||||||
&krb5_mcc_ops,
|
&krb5_mcc_ops,
|
||||||
&(*delegated_cred_handle)->ccache);
|
&(*delegated_cred_handle)->ccache);
|
||||||
ccache = (*delegated_cred_handle)->ccache;
|
ccache = (*delegated_cred_handle)->ccache;
|
||||||
}
|
}
|
||||||
|
if (delegated_cred_handle != NULL &&
|
||||||
|
(*delegated_cred_handle)->mechanisms == NULL) {
|
||||||
|
ret = gss_create_empty_oid_set(minor_status,
|
||||||
|
&(*delegated_cred_handle)->mechanisms);
|
||||||
|
if (ret) {
|
||||||
|
kret = *minor_status;
|
||||||
|
goto failure;
|
||||||
|
}
|
||||||
|
ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
|
||||||
|
&(*delegated_cred_handle)->mechanisms);
|
||||||
|
if (ret) {
|
||||||
|
kret = *minor_status;
|
||||||
|
goto failure;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (kret) {
|
if (kret) {
|
||||||
flags &= ~GSS_C_DELEG_FLAG;
|
flags &= ~GSS_C_DELEG_FLAG;
|
||||||
goto end_fwd;
|
goto end_fwd;
|
||||||
@@ -352,7 +373,6 @@ end_fwd:
|
|||||||
&outbuf);
|
&outbuf);
|
||||||
if (kret) {
|
if (kret) {
|
||||||
ret = GSS_S_FAILURE;
|
ret = GSS_S_FAILURE;
|
||||||
*minor_status = kret;
|
|
||||||
gssapi_krb5_set_error_string ();
|
gssapi_krb5_set_error_string ();
|
||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
@@ -362,8 +382,8 @@ end_fwd:
|
|||||||
"\x02\x00");
|
"\x02\x00");
|
||||||
krb5_data_free (&outbuf);
|
krb5_data_free (&outbuf);
|
||||||
if (ret) {
|
if (ret) {
|
||||||
kret = *minor_status;
|
kret = *minor_status;
|
||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
output_token->length = 0;
|
output_token->length = 0;
|
||||||
@@ -398,5 +418,5 @@ failure:
|
|||||||
}
|
}
|
||||||
*context_handle = GSS_C_NO_CONTEXT;
|
*context_handle = GSS_C_NO_CONTEXT;
|
||||||
*minor_status = kret;
|
*minor_status = kret;
|
||||||
return GSS_S_FAILURE;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user