oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

(init_auth): if the cred is expired before we tries to create a token,

Browse Source 
fail so the peer doesn't need reject us
(*): make sure time is returned in seconds from now, not in kerberos time
(repl_mutual): remember to unlock the context mutex


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12345 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2003-06-03 15:22:58 +00:00
parent a2408d7675
commit f6870509a7
2 changed files with 66 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
lib/gssapi/init_sec_context.c
View File

@@ -193,6 +193,7 @@ init_auth
Checksum cksum; Checksum cksum;
krb5_enctype enctype; krb5_enctype enctype;
krb5_data fwd_data; krb5_data fwd_data;
OM_uint32 lifetime_rec;
krb5_data_zero(&outbuf); krb5_data_zero(&outbuf);
krb5_data_zero(&fwd_data); krb5_data_zero(&fwd_data);
@@ -309,6 +310,19 @@ init_auth
(*context_handle)->lifetime = cred->times.endtime; (*context_handle)->lifetime = cred->times.endtime;
ret = gssapi_lifetime_left(minor_status,
(*context_handle)->lifetime,
&lifetime_rec);
if (ret) {
goto failure;
}
if (lifetime_rec == 0) {
*minor_status = 0;
ret = GSS_S_CONTEXT_EXPIRED;
goto failure;
}
krb5_auth_con_setkey(gssapi_krb5_context, krb5_auth_con_setkey(gssapi_krb5_context,
(*context_handle)->auth_context, (*context_handle)->auth_context,
&cred->session); &cred->session);
@@ -414,7 +428,7 @@ init_auth
return GSS_S_CONTINUE_NEEDED; return GSS_S_CONTINUE_NEEDED;
} else { } else {
if (time_rec) if (time_rec)
*time_rec = (*context_handle)->lifetime; *time_rec = lifetime_rec;
(*context_handle)->more_flags |= OPEN; (*context_handle)->more_flags |= OPEN;
return GSS_S_COMPLETE; return GSS_S_COMPLETE;
@@ -489,13 +503,19 @@ repl_mutual
(*context_handle)->more_flags |= OPEN; (*context_handle)->more_flags |= OPEN;
if (time_rec) *minor_status = 0;
*time_rec = (*context_handle)->lifetime; if (time_rec) {
ret = gssapi_lifetime_left(minor_status,
(*context_handle)->lifetime,
time_rec);
} else {
ret = GSS_S_COMPLETE;
}
if (ret_flags) if (ret_flags)
*ret_flags = (*context_handle)->flags; *ret_flags = (*context_handle)->flags;
HEIMDAL_MUTEX_unlock(&(*context_handle)->ctx_id_mutex);
*minor_status = 0; return ret;
return GSS_S_COMPLETE;
} }
/* /*

30
lib/gssapi/krb5/init_sec_context.c
View File

@@ -193,6 +193,7 @@ init_auth
Checksum cksum; Checksum cksum;
krb5_enctype enctype; krb5_enctype enctype;
krb5_data fwd_data; krb5_data fwd_data;
OM_uint32 lifetime_rec;
krb5_data_zero(&outbuf); krb5_data_zero(&outbuf);
krb5_data_zero(&fwd_data); krb5_data_zero(&fwd_data);
@@ -309,6 +310,19 @@ init_auth
(*context_handle)->lifetime = cred->times.endtime; (*context_handle)->lifetime = cred->times.endtime;
ret = gssapi_lifetime_left(minor_status,
(*context_handle)->lifetime,
&lifetime_rec);
if (ret) {
goto failure;
}
if (lifetime_rec == 0) {
*minor_status = 0;
ret = GSS_S_CONTEXT_EXPIRED;
goto failure;
}
krb5_auth_con_setkey(gssapi_krb5_context, krb5_auth_con_setkey(gssapi_krb5_context,
(*context_handle)->auth_context, (*context_handle)->auth_context,
&cred->session); &cred->session);
@@ -414,7 +428,7 @@ init_auth
return GSS_S_CONTINUE_NEEDED; return GSS_S_CONTINUE_NEEDED;
} else { } else {
if (time_rec) if (time_rec)
*time_rec = (*context_handle)->lifetime; *time_rec = lifetime_rec;
(*context_handle)->more_flags |= OPEN; (*context_handle)->more_flags |= OPEN;
return GSS_S_COMPLETE; return GSS_S_COMPLETE;
@@ -489,13 +503,19 @@ repl_mutual
(*context_handle)->more_flags |= OPEN; (*context_handle)->more_flags |= OPEN;
if (time_rec) *minor_status = 0;
*time_rec = (*context_handle)->lifetime; if (time_rec) {
ret = gssapi_lifetime_left(minor_status,
(*context_handle)->lifetime,
time_rec);
} else {
ret = GSS_S_COMPLETE;
}
if (ret_flags) if (ret_flags)
*ret_flags = (*context_handle)->flags; *ret_flags = (*context_handle)->flags;
HEIMDAL_MUTEX_unlock(&(*context_handle)->ctx_id_mutex);
*minor_status = 0; return ret;
return GSS_S_COMPLETE;
} }
/* /*