From dbe8ec17b63373547d13058ee16ede8260527888 Mon Sep 17 00:00:00 2001
From: Johan Danielsson <joda@pdc.kth.se>
Date: Thu, 14 Mar 2002 23:06:58 +0000
Subject: [PATCH] (gss_adat): if accept_sec_context fails, syslog a reason and
 give a temporary error message

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10885 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 appl/ftp/ftp/gssapi.c | 29 +++++++++++++++++++++--------
 1 file changed, 21 insertions(+), 8 deletions(-)

diff --git a/appl/ftp/ftp/gssapi.c b/appl/ftp/ftp/gssapi.c
index 5f8c5df9f..f0248683a 100644
--- a/appl/ftp/ftp/gssapi.c
+++ b/appl/ftp/ftp/gssapi.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan
+ * Copyright (c) 1998 - 2002 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -183,12 +183,12 @@ gss_adat(void *app_data, void *buf, size_t len)
 
     d->delegated_cred_handle = malloc(sizeof(*d->delegated_cred_handle));
     if (d->delegated_cred_handle == NULL) {
-       reply(500, "Out of memory");
-       goto out;
+	reply(500, "Out of memory");
+	goto out;
     }
 
     memset ((char*)d->delegated_cred_handle, 0,
-            sizeof(*d->delegated_cred_handle));
+	    sizeof(*d->delegated_cred_handle));
     
     maj_stat = gss_accept_sec_context (&min_stat,
 				       &d->context_hdl,
@@ -200,7 +200,7 @@ gss_adat(void *app_data, void *buf, size_t len)
 				       &output_token,
 				       NULL,
 				       NULL,
-                                       &d->delegated_cred_handle);
+				       &d->delegated_cred_handle);
 
     if(output_token.length) {
 	if(base64_encode(output_token.value, output_token.length, &p) < 0) {
@@ -235,9 +235,22 @@ gss_adat(void *app_data, void *buf, size_t len)
 	    reply(335, "ADAT=%s", p);
 	else
 	    reply(335, "OK, need more data");
-    } else
-	reply(535, "foo?");
-out:
+    } else {
+	OM_uint32 new_stat;
+	OM_uint32 msg_ctx = 0;
+	gss_buffer_desc status_string;
+	gss_display_status(&new_stat,
+			   min_stat,
+			   GSS_C_MECH_CODE,
+			   GSS_C_NO_OID,
+			   &msg_ctx,
+			   &status_string);
+	syslog(LOG_ERR, "gss_accept_sec_context: %s", 
+	       (char*)status_string.value);
+	gss_release_buffer(&new_stat, &status_string);
+	reply(431, "Security resource unavailable");
+    }
+  out:
     free(p);
     return 0;
 }