svn commit: lorikeet r280 - in branches/tmp/heimdal-gssapi/lib/gssapi: .

Wed May 11 12:47:35 GMT 2005

Author: metze
Date: 2005-05-11 12:47:34 +0000 (Wed, 11 May 2005)
New Revision: 280

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=280

Log:
some minor updates, and preparing for the accept_sec_context update

metze

Modified:
   branches/tmp/heimdal-gssapi/lib/gssapi/gssapi_locl.h
   branches/tmp/heimdal-gssapi/lib/gssapi/init_sec_context.c


Changeset:
Modified: branches/tmp/heimdal-gssapi/lib/gssapi/gssapi_locl.h
===================================================================

--- branches/tmp/heimdal-gssapi/lib/gssapi/gssapi_locl.h	2005-05-11 12:27:39 UTC (rev 279)
+++ branches/tmp/heimdal-gssapi/lib/gssapi/gssapi_locl.h	2005-05-11 12:47:34 UTC (rev 280)
@@ -70,6 +70,7 @@
 	ACCEPTOR_SUBKEY = 16
   } more_flags;
   struct krb5_ticket *ticket;
+  krb5_data fwd_data;
   OM_uint32 lifetime;
   HEIMDAL_MUTEX ctx_id_mutex;
   struct gss_msg_order *order;

Modified: branches/tmp/heimdal-gssapi/lib/gssapi/init_sec_context.c
===================================================================
--- branches/tmp/heimdal-gssapi/lib/gssapi/init_sec_context.c	2005-05-11 12:27:39 UTC (rev 279)
+++ branches/tmp/heimdal-gssapi/lib/gssapi/init_sec_context.c	2005-05-11 12:47:34 UTC (rev 280)
@@ -119,6 +119,7 @@
 	(*context_handle)->flags	= 0;
 	(*context_handle)->more_flags	= 0;
 	(*context_handle)->ticket	= NULL;
+	krb5_data_zero(&(*context_handle)->fwd_data);
 	(*context_handle)->lifetime	= GSS_C_INDEFINITE;
 	(*context_handle)->order	= NULL;
 	HEIMDAL_MUTEX_init(&(*context_handle)->ctx_id_mutex);
@@ -244,7 +245,7 @@
 }
 
 static OM_uint32
-gsskrb5_local_ready(
+gsskrb5_initiator_ready(
 	OM_uint32 * minor_status,
 	gss_ctx_id_t * context_handle)
 {
@@ -371,9 +372,6 @@
 
 	(*context_handle)->more_flags |= LOCAL;
 
-	ret = _gss_DES3_get_mic_compat(minor_status, *context_handle);
-	if (ret) return ret;
-
 	/* We need to get the credentials for the requested target */
 	ret = gsskrb5_get_creds(minor_status,
 				initiator_cred_handle,
@@ -385,31 +383,20 @@
 	if (ret) return ret;
 
 	/*
+	 * We need to setup some compat stuff, this assumes that context_handle->target is already set
+	 */
+	ret = _gss_DES3_get_mic_compat(minor_status, *context_handle);
+	if (ret) return ret;
+
+	/*
 	 * We need a sequence number
 	 */
-	{
-		int32_t tmp;
 
-		kret = krb5_auth_con_getflags(gssapi_krb5_context,
-					      (*context_handle)->auth_context,
-					      &tmp);
-		if (kret) {
-			gssapi_krb5_set_error_string ();
-			*minor_status = kret;
-			return GSS_S_FAILURE;
-		}
+	krb5_auth_con_addflags(gssapi_krb5_context,
+			       (*context_handle)->auth_context,
+			       KRB5_AUTH_CONTEXT_DO_SEQUENCE,
+			       NULL);
 
-		tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE;
-		kret = krb5_auth_con_setflags(gssapi_krb5_context,
-					      (*context_handle)->auth_context,
-					      tmp);
-		if (kret) {
-			gssapi_krb5_set_error_string ();
-			*minor_status = kret;
-			return GSS_S_FAILURE;
-		}
-	}
-
 	/* We need the key and a random local subkey */
 	{
 		kret = krb5_auth_con_setkey(gssapi_krb5_context, 
@@ -550,7 +537,7 @@
 		return GSS_S_CONTINUE_NEEDED;
 	}
 
-	return gsskrb5_local_ready(minor_status, context_handle);
+	return gsskrb5_initiator_ready(minor_status, context_handle);
 }
 
 static OM_uint32
@@ -613,7 +600,6 @@
 		if (ret) return ret;
 
 		if (lifetime_rec == 0) {
-			*minor_status = 0;
 			return GSS_S_CONTEXT_EXPIRED;
 		}
 	
@@ -625,10 +611,11 @@
 
 	/* We are done here if GSS_C_DCE_STYLE isn't in use */
 	if (!(flags & GSS_C_DCE_STYLE)) {
-		return gsskrb5_local_ready(minor_status, context_handle);
+		return gsskrb5_initiator_ready(minor_status, context_handle);
 	}
 
-	/* We need to set the local seq_number to the remote one just for the krb5_mk_rep(),
+	/* 
+	 * We need to set the local seq_number to the remote one just for the krb5_mk_rep(),
 	 * and then we need to use the old local seq_number again for the GSS_Wrap() messages
 	 */
 	{
@@ -689,7 +676,7 @@
 		}	
 	}
 
-	return gsskrb5_local_ready(minor_status, context_handle);
+	return gsskrb5_initiator_ready(minor_status, context_handle);
 }
 
 static OM_uint32
@@ -710,7 +697,7 @@
 {
 	OM_uint32 ret;
 
-	if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) {
+	if (*context_handle == GSS_C_NO_CONTEXT) {
 		ret = _gsskrb5_create_ctx(minor_status,
 					  context_handle,
 					  input_chan_bindings,
@@ -752,6 +739,8 @@
 							time_rec);
 		break;
 	case INITIATOR_READY:
+		/* should this be GSS_S_BAD_STATUS ? --metze */
+
 		/* We need to check the liftime */
 		{
 			OM_uint32 lifetime_rec;
@@ -1226,12 +1215,13 @@
 
 	*minor_status = 0;
 
+	if (actual_mech_type)	*actual_mech_type	= GSS_C_NO_OID;
+
 	output_token->length = 0;
 	output_token->value  = NULL;
 
 	if (ret_flags)		*ret_flags		= 0;
 	if (time_rec)		*time_rec		= 0;
-	if (actual_mech_type)	*actual_mech_type	= GSS_C_NO_OID;
 
 	if (target_name == GSS_C_NO_NAME) return GSS_S_BAD_NAME;
 

