diff --git a/lib/gssapi/accept_sec_context.c b/lib/gssapi/accept_sec_context.c index b3432bb0a..9cbdfde74 100644 --- a/lib/gssapi/accept_sec_context.c +++ b/lib/gssapi/accept_sec_context.c @@ -198,11 +198,12 @@ gss_accept_sec_context tmp); } - ret = gssapi_krb5_decapsulate (input_token_buffer, + ret = gssapi_krb5_decapsulate (minor_status, + input_token_buffer, &indata, "\x01\x00"); if (ret) { - kret = 0; + kret = *minor_status; goto failure; } @@ -355,13 +356,14 @@ end_fwd: gssapi_krb5_set_error_string (); goto failure; } - ret = gssapi_krb5_encapsulate (&outbuf, + ret = gssapi_krb5_encapsulate (minor_status, + &outbuf, output_token, "\x02\x00"); krb5_data_free (&outbuf); if (ret) { - kret = 0; - goto failure; + kret = *minor_status; + goto failure; } } else { output_token->length = 0; diff --git a/lib/gssapi/decapsulate.c b/lib/gssapi/decapsulate.c index be67e1efd..949280cbc 100644 --- a/lib/gssapi/decapsulate.c +++ b/lib/gssapi/decapsulate.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -80,6 +80,7 @@ gssapi_krb5_verify_header(u_char **str, OM_uint32 gssapi_krb5_decapsulate( + OM_uint32 *minor_status, gss_buffer_t input_token_buffer, krb5_data *out_data, char *type @@ -92,8 +93,10 @@ gssapi_krb5_decapsulate( ret = gssapi_krb5_verify_header(&p, input_token_buffer->length, type); - if (ret) + if (ret) { + *minor_status = 0; return ret; + } out_data->length = input_token_buffer->length - (p - (u_char *)input_token_buffer->value); diff --git a/lib/gssapi/encapsulate.c b/lib/gssapi/encapsulate.c index 7ec7cb52c..8f64fdd25 100644 --- a/lib/gssapi/encapsulate.c +++ b/lib/gssapi/encapsulate.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -78,6 +78,7 @@ gssapi_krb5_make_header (u_char *p, OM_uint32 gssapi_krb5_encapsulate( + OM_uint32 *minor_status, const krb5_data *in_data, gss_buffer_t output_token, u_char *type @@ -90,8 +91,10 @@ gssapi_krb5_encapsulate( output_token->length = outer_len; output_token->value = malloc (outer_len); - if (output_token->value == NULL) + if (output_token->value == NULL) { + *minor_status = ENOMEM; return GSS_S_FAILURE; + } p = gssapi_krb5_make_header (output_token->value, len, type); memcpy (p, in_data->data, in_data->length); diff --git a/lib/gssapi/init_sec_context.c b/lib/gssapi/init_sec_context.c index cf07a7e25..136a63416 100644 --- a/lib/gssapi/init_sec_context.c +++ b/lib/gssapi/init_sec_context.c @@ -400,11 +400,10 @@ init_auth goto failure; } - ret = gssapi_krb5_encapsulate (&outbuf, output_token, "\x01\x00"); - if (ret) { - *minor_status = kret; + ret = gssapi_krb5_encapsulate (minor_status, &outbuf, output_token, + "\x01\x00"); + if (ret) goto failure; - } krb5_data_free (&outbuf); @@ -452,12 +451,11 @@ repl_mutual krb5_data indata; krb5_ap_rep_enc_part *repl; - ret = gssapi_krb5_decapsulate (input_token, &indata, "\x02\x00"); - if (ret) { + ret = gssapi_krb5_decapsulate (minor_status, input_token, &indata, + "\x02\x00"); + if (ret) /* XXX - Handle AP_ERROR */ - *minor_status = 0; - return GSS_S_FAILURE; - } + return ret; kret = krb5_rd_rep (gssapi_krb5_context, (*context_handle)->auth_context, diff --git a/lib/gssapi/krb5/accept_sec_context.c b/lib/gssapi/krb5/accept_sec_context.c index b3432bb0a..9cbdfde74 100644 --- a/lib/gssapi/krb5/accept_sec_context.c +++ b/lib/gssapi/krb5/accept_sec_context.c @@ -198,11 +198,12 @@ gss_accept_sec_context tmp); } - ret = gssapi_krb5_decapsulate (input_token_buffer, + ret = gssapi_krb5_decapsulate (minor_status, + input_token_buffer, &indata, "\x01\x00"); if (ret) { - kret = 0; + kret = *minor_status; goto failure; } @@ -355,13 +356,14 @@ end_fwd: gssapi_krb5_set_error_string (); goto failure; } - ret = gssapi_krb5_encapsulate (&outbuf, + ret = gssapi_krb5_encapsulate (minor_status, + &outbuf, output_token, "\x02\x00"); krb5_data_free (&outbuf); if (ret) { - kret = 0; - goto failure; + kret = *minor_status; + goto failure; } } else { output_token->length = 0; diff --git a/lib/gssapi/krb5/decapsulate.c b/lib/gssapi/krb5/decapsulate.c index be67e1efd..949280cbc 100644 --- a/lib/gssapi/krb5/decapsulate.c +++ b/lib/gssapi/krb5/decapsulate.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -80,6 +80,7 @@ gssapi_krb5_verify_header(u_char **str, OM_uint32 gssapi_krb5_decapsulate( + OM_uint32 *minor_status, gss_buffer_t input_token_buffer, krb5_data *out_data, char *type @@ -92,8 +93,10 @@ gssapi_krb5_decapsulate( ret = gssapi_krb5_verify_header(&p, input_token_buffer->length, type); - if (ret) + if (ret) { + *minor_status = 0; return ret; + } out_data->length = input_token_buffer->length - (p - (u_char *)input_token_buffer->value); diff --git a/lib/gssapi/krb5/encapsulate.c b/lib/gssapi/krb5/encapsulate.c index 7ec7cb52c..8f64fdd25 100644 --- a/lib/gssapi/krb5/encapsulate.c +++ b/lib/gssapi/krb5/encapsulate.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -78,6 +78,7 @@ gssapi_krb5_make_header (u_char *p, OM_uint32 gssapi_krb5_encapsulate( + OM_uint32 *minor_status, const krb5_data *in_data, gss_buffer_t output_token, u_char *type @@ -90,8 +91,10 @@ gssapi_krb5_encapsulate( output_token->length = outer_len; output_token->value = malloc (outer_len); - if (output_token->value == NULL) + if (output_token->value == NULL) { + *minor_status = ENOMEM; return GSS_S_FAILURE; + } p = gssapi_krb5_make_header (output_token->value, len, type); memcpy (p, in_data->data, in_data->length); diff --git a/lib/gssapi/krb5/init_sec_context.c b/lib/gssapi/krb5/init_sec_context.c index cf07a7e25..136a63416 100644 --- a/lib/gssapi/krb5/init_sec_context.c +++ b/lib/gssapi/krb5/init_sec_context.c @@ -400,11 +400,10 @@ init_auth goto failure; } - ret = gssapi_krb5_encapsulate (&outbuf, output_token, "\x01\x00"); - if (ret) { - *minor_status = kret; + ret = gssapi_krb5_encapsulate (minor_status, &outbuf, output_token, + "\x01\x00"); + if (ret) goto failure; - } krb5_data_free (&outbuf); @@ -452,12 +451,11 @@ repl_mutual krb5_data indata; krb5_ap_rep_enc_part *repl; - ret = gssapi_krb5_decapsulate (input_token, &indata, "\x02\x00"); - if (ret) { + ret = gssapi_krb5_decapsulate (minor_status, input_token, &indata, + "\x02\x00"); + if (ret) /* XXX - Handle AP_ERROR */ - *minor_status = 0; - return GSS_S_FAILURE; - } + return ret; kret = krb5_rd_rep (gssapi_krb5_context, (*context_handle)->auth_context, diff --git a/lib/gssapi/krb5/unwrap.c b/lib/gssapi/krb5/unwrap.c index 1b282acd6..ccd3841e6 100644 --- a/lib/gssapi/krb5/unwrap.c +++ b/lib/gssapi/krb5/unwrap.c @@ -222,8 +222,10 @@ unwrap_des3 ret = gssapi_krb5_verify_header (&p, input_message_buffer->length, "\x02\x01"); - if (ret) + if (ret) { + *minor_status = 0; return ret; + } if (memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */ return GSS_S_BAD_SIG; diff --git a/lib/gssapi/krb5/verify_mic.c b/lib/gssapi/krb5/verify_mic.c index 06c1f1130..977652b25 100644 --- a/lib/gssapi/krb5/verify_mic.c +++ b/lib/gssapi/krb5/verify_mic.c @@ -58,8 +58,10 @@ verify_mic_des ret = gssapi_krb5_verify_header (&p, token_buffer->length, "\x01\x01"); - if (ret) + if (ret) { + *minor_status = 0; return ret; + } if (memcmp(p, "\x00\x00", 2) != 0) return GSS_S_BAD_SIG; @@ -144,8 +146,10 @@ verify_mic_des3 ret = gssapi_krb5_verify_header (&p, token_buffer->length, "\x01\x01"); - if (ret) + if (ret) { + *minor_status = 0; return ret; + } if (memcmp(p, "\x04\x00", 2) != 0) /* SGN_ALG = HMAC SHA1 DES3-KD */ return GSS_S_BAD_SIG; diff --git a/lib/gssapi/unwrap.c b/lib/gssapi/unwrap.c index 1b282acd6..ccd3841e6 100644 --- a/lib/gssapi/unwrap.c +++ b/lib/gssapi/unwrap.c @@ -222,8 +222,10 @@ unwrap_des3 ret = gssapi_krb5_verify_header (&p, input_message_buffer->length, "\x02\x01"); - if (ret) + if (ret) { + *minor_status = 0; return ret; + } if (memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */ return GSS_S_BAD_SIG; diff --git a/lib/gssapi/verify_mic.c b/lib/gssapi/verify_mic.c index 06c1f1130..977652b25 100644 --- a/lib/gssapi/verify_mic.c +++ b/lib/gssapi/verify_mic.c @@ -58,8 +58,10 @@ verify_mic_des ret = gssapi_krb5_verify_header (&p, token_buffer->length, "\x01\x01"); - if (ret) + if (ret) { + *minor_status = 0; return ret; + } if (memcmp(p, "\x00\x00", 2) != 0) return GSS_S_BAD_SIG; @@ -144,8 +146,10 @@ verify_mic_des3 ret = gssapi_krb5_verify_header (&p, token_buffer->length, "\x01\x01"); - if (ret) + if (ret) { + *minor_status = 0; return ret; + } if (memcmp(p, "\x04\x00", 2) != 0) /* SGN_ALG = HMAC SHA1 DES3-KD */ return GSS_S_BAD_SIG;