handle minor_status more consistently
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10533 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
@@ -198,11 +198,12 @@ gss_accept_sec_context
|
|||||||
tmp);
|
tmp);
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = gssapi_krb5_decapsulate (input_token_buffer,
|
ret = gssapi_krb5_decapsulate (minor_status,
|
||||||
|
input_token_buffer,
|
||||||
&indata,
|
&indata,
|
||||||
"\x01\x00");
|
"\x01\x00");
|
||||||
if (ret) {
|
if (ret) {
|
||||||
kret = 0;
|
kret = *minor_status;
|
||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -355,13 +356,14 @@ end_fwd:
|
|||||||
gssapi_krb5_set_error_string ();
|
gssapi_krb5_set_error_string ();
|
||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
ret = gssapi_krb5_encapsulate (&outbuf,
|
ret = gssapi_krb5_encapsulate (minor_status,
|
||||||
|
&outbuf,
|
||||||
output_token,
|
output_token,
|
||||||
"\x02\x00");
|
"\x02\x00");
|
||||||
krb5_data_free (&outbuf);
|
krb5_data_free (&outbuf);
|
||||||
if (ret) {
|
if (ret) {
|
||||||
kret = 0;
|
kret = *minor_status;
|
||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
output_token->length = 0;
|
output_token->length = 0;
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan
|
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
|
||||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||||
* All rights reserved.
|
* All rights reserved.
|
||||||
*
|
*
|
||||||
@@ -80,6 +80,7 @@ gssapi_krb5_verify_header(u_char **str,
|
|||||||
|
|
||||||
OM_uint32
|
OM_uint32
|
||||||
gssapi_krb5_decapsulate(
|
gssapi_krb5_decapsulate(
|
||||||
|
OM_uint32 *minor_status,
|
||||||
gss_buffer_t input_token_buffer,
|
gss_buffer_t input_token_buffer,
|
||||||
krb5_data *out_data,
|
krb5_data *out_data,
|
||||||
char *type
|
char *type
|
||||||
@@ -92,8 +93,10 @@ gssapi_krb5_decapsulate(
|
|||||||
ret = gssapi_krb5_verify_header(&p,
|
ret = gssapi_krb5_verify_header(&p,
|
||||||
input_token_buffer->length,
|
input_token_buffer->length,
|
||||||
type);
|
type);
|
||||||
if (ret)
|
if (ret) {
|
||||||
|
*minor_status = 0;
|
||||||
return ret;
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
out_data->length = input_token_buffer->length -
|
out_data->length = input_token_buffer->length -
|
||||||
(p - (u_char *)input_token_buffer->value);
|
(p - (u_char *)input_token_buffer->value);
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan
|
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
|
||||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||||
* All rights reserved.
|
* All rights reserved.
|
||||||
*
|
*
|
||||||
@@ -78,6 +78,7 @@ gssapi_krb5_make_header (u_char *p,
|
|||||||
|
|
||||||
OM_uint32
|
OM_uint32
|
||||||
gssapi_krb5_encapsulate(
|
gssapi_krb5_encapsulate(
|
||||||
|
OM_uint32 *minor_status,
|
||||||
const krb5_data *in_data,
|
const krb5_data *in_data,
|
||||||
gss_buffer_t output_token,
|
gss_buffer_t output_token,
|
||||||
u_char *type
|
u_char *type
|
||||||
@@ -90,8 +91,10 @@ gssapi_krb5_encapsulate(
|
|||||||
|
|
||||||
output_token->length = outer_len;
|
output_token->length = outer_len;
|
||||||
output_token->value = malloc (outer_len);
|
output_token->value = malloc (outer_len);
|
||||||
if (output_token->value == NULL)
|
if (output_token->value == NULL) {
|
||||||
|
*minor_status = ENOMEM;
|
||||||
return GSS_S_FAILURE;
|
return GSS_S_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
p = gssapi_krb5_make_header (output_token->value, len, type);
|
p = gssapi_krb5_make_header (output_token->value, len, type);
|
||||||
memcpy (p, in_data->data, in_data->length);
|
memcpy (p, in_data->data, in_data->length);
|
||||||
|
|||||||
@@ -400,11 +400,10 @@ init_auth
|
|||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = gssapi_krb5_encapsulate (&outbuf, output_token, "\x01\x00");
|
ret = gssapi_krb5_encapsulate (minor_status, &outbuf, output_token,
|
||||||
if (ret) {
|
"\x01\x00");
|
||||||
*minor_status = kret;
|
if (ret)
|
||||||
goto failure;
|
goto failure;
|
||||||
}
|
|
||||||
|
|
||||||
krb5_data_free (&outbuf);
|
krb5_data_free (&outbuf);
|
||||||
|
|
||||||
@@ -452,12 +451,11 @@ repl_mutual
|
|||||||
krb5_data indata;
|
krb5_data indata;
|
||||||
krb5_ap_rep_enc_part *repl;
|
krb5_ap_rep_enc_part *repl;
|
||||||
|
|
||||||
ret = gssapi_krb5_decapsulate (input_token, &indata, "\x02\x00");
|
ret = gssapi_krb5_decapsulate (minor_status, input_token, &indata,
|
||||||
if (ret) {
|
"\x02\x00");
|
||||||
|
if (ret)
|
||||||
/* XXX - Handle AP_ERROR */
|
/* XXX - Handle AP_ERROR */
|
||||||
*minor_status = 0;
|
return ret;
|
||||||
return GSS_S_FAILURE;
|
|
||||||
}
|
|
||||||
|
|
||||||
kret = krb5_rd_rep (gssapi_krb5_context,
|
kret = krb5_rd_rep (gssapi_krb5_context,
|
||||||
(*context_handle)->auth_context,
|
(*context_handle)->auth_context,
|
||||||
|
|||||||
@@ -198,11 +198,12 @@ gss_accept_sec_context
|
|||||||
tmp);
|
tmp);
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = gssapi_krb5_decapsulate (input_token_buffer,
|
ret = gssapi_krb5_decapsulate (minor_status,
|
||||||
|
input_token_buffer,
|
||||||
&indata,
|
&indata,
|
||||||
"\x01\x00");
|
"\x01\x00");
|
||||||
if (ret) {
|
if (ret) {
|
||||||
kret = 0;
|
kret = *minor_status;
|
||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -355,13 +356,14 @@ end_fwd:
|
|||||||
gssapi_krb5_set_error_string ();
|
gssapi_krb5_set_error_string ();
|
||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
ret = gssapi_krb5_encapsulate (&outbuf,
|
ret = gssapi_krb5_encapsulate (minor_status,
|
||||||
|
&outbuf,
|
||||||
output_token,
|
output_token,
|
||||||
"\x02\x00");
|
"\x02\x00");
|
||||||
krb5_data_free (&outbuf);
|
krb5_data_free (&outbuf);
|
||||||
if (ret) {
|
if (ret) {
|
||||||
kret = 0;
|
kret = *minor_status;
|
||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
output_token->length = 0;
|
output_token->length = 0;
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan
|
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
|
||||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||||
* All rights reserved.
|
* All rights reserved.
|
||||||
*
|
*
|
||||||
@@ -80,6 +80,7 @@ gssapi_krb5_verify_header(u_char **str,
|
|||||||
|
|
||||||
OM_uint32
|
OM_uint32
|
||||||
gssapi_krb5_decapsulate(
|
gssapi_krb5_decapsulate(
|
||||||
|
OM_uint32 *minor_status,
|
||||||
gss_buffer_t input_token_buffer,
|
gss_buffer_t input_token_buffer,
|
||||||
krb5_data *out_data,
|
krb5_data *out_data,
|
||||||
char *type
|
char *type
|
||||||
@@ -92,8 +93,10 @@ gssapi_krb5_decapsulate(
|
|||||||
ret = gssapi_krb5_verify_header(&p,
|
ret = gssapi_krb5_verify_header(&p,
|
||||||
input_token_buffer->length,
|
input_token_buffer->length,
|
||||||
type);
|
type);
|
||||||
if (ret)
|
if (ret) {
|
||||||
|
*minor_status = 0;
|
||||||
return ret;
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
out_data->length = input_token_buffer->length -
|
out_data->length = input_token_buffer->length -
|
||||||
(p - (u_char *)input_token_buffer->value);
|
(p - (u_char *)input_token_buffer->value);
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan
|
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
|
||||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||||
* All rights reserved.
|
* All rights reserved.
|
||||||
*
|
*
|
||||||
@@ -78,6 +78,7 @@ gssapi_krb5_make_header (u_char *p,
|
|||||||
|
|
||||||
OM_uint32
|
OM_uint32
|
||||||
gssapi_krb5_encapsulate(
|
gssapi_krb5_encapsulate(
|
||||||
|
OM_uint32 *minor_status,
|
||||||
const krb5_data *in_data,
|
const krb5_data *in_data,
|
||||||
gss_buffer_t output_token,
|
gss_buffer_t output_token,
|
||||||
u_char *type
|
u_char *type
|
||||||
@@ -90,8 +91,10 @@ gssapi_krb5_encapsulate(
|
|||||||
|
|
||||||
output_token->length = outer_len;
|
output_token->length = outer_len;
|
||||||
output_token->value = malloc (outer_len);
|
output_token->value = malloc (outer_len);
|
||||||
if (output_token->value == NULL)
|
if (output_token->value == NULL) {
|
||||||
|
*minor_status = ENOMEM;
|
||||||
return GSS_S_FAILURE;
|
return GSS_S_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
p = gssapi_krb5_make_header (output_token->value, len, type);
|
p = gssapi_krb5_make_header (output_token->value, len, type);
|
||||||
memcpy (p, in_data->data, in_data->length);
|
memcpy (p, in_data->data, in_data->length);
|
||||||
|
|||||||
@@ -400,11 +400,10 @@ init_auth
|
|||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = gssapi_krb5_encapsulate (&outbuf, output_token, "\x01\x00");
|
ret = gssapi_krb5_encapsulate (minor_status, &outbuf, output_token,
|
||||||
if (ret) {
|
"\x01\x00");
|
||||||
*minor_status = kret;
|
if (ret)
|
||||||
goto failure;
|
goto failure;
|
||||||
}
|
|
||||||
|
|
||||||
krb5_data_free (&outbuf);
|
krb5_data_free (&outbuf);
|
||||||
|
|
||||||
@@ -452,12 +451,11 @@ repl_mutual
|
|||||||
krb5_data indata;
|
krb5_data indata;
|
||||||
krb5_ap_rep_enc_part *repl;
|
krb5_ap_rep_enc_part *repl;
|
||||||
|
|
||||||
ret = gssapi_krb5_decapsulate (input_token, &indata, "\x02\x00");
|
ret = gssapi_krb5_decapsulate (minor_status, input_token, &indata,
|
||||||
if (ret) {
|
"\x02\x00");
|
||||||
|
if (ret)
|
||||||
/* XXX - Handle AP_ERROR */
|
/* XXX - Handle AP_ERROR */
|
||||||
*minor_status = 0;
|
return ret;
|
||||||
return GSS_S_FAILURE;
|
|
||||||
}
|
|
||||||
|
|
||||||
kret = krb5_rd_rep (gssapi_krb5_context,
|
kret = krb5_rd_rep (gssapi_krb5_context,
|
||||||
(*context_handle)->auth_context,
|
(*context_handle)->auth_context,
|
||||||
|
|||||||
@@ -222,8 +222,10 @@ unwrap_des3
|
|||||||
ret = gssapi_krb5_verify_header (&p,
|
ret = gssapi_krb5_verify_header (&p,
|
||||||
input_message_buffer->length,
|
input_message_buffer->length,
|
||||||
"\x02\x01");
|
"\x02\x01");
|
||||||
if (ret)
|
if (ret) {
|
||||||
|
*minor_status = 0;
|
||||||
return ret;
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
if (memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */
|
if (memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */
|
||||||
return GSS_S_BAD_SIG;
|
return GSS_S_BAD_SIG;
|
||||||
|
|||||||
@@ -58,8 +58,10 @@ verify_mic_des
|
|||||||
ret = gssapi_krb5_verify_header (&p,
|
ret = gssapi_krb5_verify_header (&p,
|
||||||
token_buffer->length,
|
token_buffer->length,
|
||||||
"\x01\x01");
|
"\x01\x01");
|
||||||
if (ret)
|
if (ret) {
|
||||||
|
*minor_status = 0;
|
||||||
return ret;
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
if (memcmp(p, "\x00\x00", 2) != 0)
|
if (memcmp(p, "\x00\x00", 2) != 0)
|
||||||
return GSS_S_BAD_SIG;
|
return GSS_S_BAD_SIG;
|
||||||
@@ -144,8 +146,10 @@ verify_mic_des3
|
|||||||
ret = gssapi_krb5_verify_header (&p,
|
ret = gssapi_krb5_verify_header (&p,
|
||||||
token_buffer->length,
|
token_buffer->length,
|
||||||
"\x01\x01");
|
"\x01\x01");
|
||||||
if (ret)
|
if (ret) {
|
||||||
|
*minor_status = 0;
|
||||||
return ret;
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
if (memcmp(p, "\x04\x00", 2) != 0) /* SGN_ALG = HMAC SHA1 DES3-KD */
|
if (memcmp(p, "\x04\x00", 2) != 0) /* SGN_ALG = HMAC SHA1 DES3-KD */
|
||||||
return GSS_S_BAD_SIG;
|
return GSS_S_BAD_SIG;
|
||||||
|
|||||||
@@ -222,8 +222,10 @@ unwrap_des3
|
|||||||
ret = gssapi_krb5_verify_header (&p,
|
ret = gssapi_krb5_verify_header (&p,
|
||||||
input_message_buffer->length,
|
input_message_buffer->length,
|
||||||
"\x02\x01");
|
"\x02\x01");
|
||||||
if (ret)
|
if (ret) {
|
||||||
|
*minor_status = 0;
|
||||||
return ret;
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
if (memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */
|
if (memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */
|
||||||
return GSS_S_BAD_SIG;
|
return GSS_S_BAD_SIG;
|
||||||
|
|||||||
@@ -58,8 +58,10 @@ verify_mic_des
|
|||||||
ret = gssapi_krb5_verify_header (&p,
|
ret = gssapi_krb5_verify_header (&p,
|
||||||
token_buffer->length,
|
token_buffer->length,
|
||||||
"\x01\x01");
|
"\x01\x01");
|
||||||
if (ret)
|
if (ret) {
|
||||||
|
*minor_status = 0;
|
||||||
return ret;
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
if (memcmp(p, "\x00\x00", 2) != 0)
|
if (memcmp(p, "\x00\x00", 2) != 0)
|
||||||
return GSS_S_BAD_SIG;
|
return GSS_S_BAD_SIG;
|
||||||
@@ -144,8 +146,10 @@ verify_mic_des3
|
|||||||
ret = gssapi_krb5_verify_header (&p,
|
ret = gssapi_krb5_verify_header (&p,
|
||||||
token_buffer->length,
|
token_buffer->length,
|
||||||
"\x01\x01");
|
"\x01\x01");
|
||||||
if (ret)
|
if (ret) {
|
||||||
|
*minor_status = 0;
|
||||||
return ret;
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
if (memcmp(p, "\x04\x00", 2) != 0) /* SGN_ALG = HMAC SHA1 DES3-KD */
|
if (memcmp(p, "\x04\x00", 2) != 0) /* SGN_ALG = HMAC SHA1 DES3-KD */
|
||||||
return GSS_S_BAD_SIG;
|
return GSS_S_BAD_SIG;
|
||||||
|
|||||||
Reference in New Issue
Block a user