svn commit: lorikeet r280 - in
branches/tmp/heimdal-gssapi/lib/gssapi: .
metze at samba.org
metze at samba.org
Wed May 11 12:47:35 GMT 2005
Author: metze
Date: 2005-05-11 12:47:34 +0000 (Wed, 11 May 2005)
New Revision: 280
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=280
Log:
some minor updates, and preparing for the accept_sec_context update
metze
Modified:
branches/tmp/heimdal-gssapi/lib/gssapi/gssapi_locl.h
branches/tmp/heimdal-gssapi/lib/gssapi/init_sec_context.c
Changeset:
Modified: branches/tmp/heimdal-gssapi/lib/gssapi/gssapi_locl.h
===================================================================
--- branches/tmp/heimdal-gssapi/lib/gssapi/gssapi_locl.h 2005-05-11 12:27:39 UTC (rev 279)
+++ branches/tmp/heimdal-gssapi/lib/gssapi/gssapi_locl.h 2005-05-11 12:47:34 UTC (rev 280)
@@ -70,6 +70,7 @@
ACCEPTOR_SUBKEY = 16
} more_flags;
struct krb5_ticket *ticket;
+ krb5_data fwd_data;
OM_uint32 lifetime;
HEIMDAL_MUTEX ctx_id_mutex;
struct gss_msg_order *order;
Modified: branches/tmp/heimdal-gssapi/lib/gssapi/init_sec_context.c
===================================================================
--- branches/tmp/heimdal-gssapi/lib/gssapi/init_sec_context.c 2005-05-11 12:27:39 UTC (rev 279)
+++ branches/tmp/heimdal-gssapi/lib/gssapi/init_sec_context.c 2005-05-11 12:47:34 UTC (rev 280)
@@ -119,6 +119,7 @@
(*context_handle)->flags = 0;
(*context_handle)->more_flags = 0;
(*context_handle)->ticket = NULL;
+ krb5_data_zero(&(*context_handle)->fwd_data);
(*context_handle)->lifetime = GSS_C_INDEFINITE;
(*context_handle)->order = NULL;
HEIMDAL_MUTEX_init(&(*context_handle)->ctx_id_mutex);
@@ -244,7 +245,7 @@
}
static OM_uint32
-gsskrb5_local_ready(
+gsskrb5_initiator_ready(
OM_uint32 * minor_status,
gss_ctx_id_t * context_handle)
{
@@ -371,9 +372,6 @@
(*context_handle)->more_flags |= LOCAL;
- ret = _gss_DES3_get_mic_compat(minor_status, *context_handle);
- if (ret) return ret;
-
/* We need to get the credentials for the requested target */
ret = gsskrb5_get_creds(minor_status,
initiator_cred_handle,
@@ -385,31 +383,20 @@
if (ret) return ret;
/*
+ * We need to setup some compat stuff, this assumes that context_handle->target is already set
+ */
+ ret = _gss_DES3_get_mic_compat(minor_status, *context_handle);
+ if (ret) return ret;
+
+ /*
* We need a sequence number
*/
- {
- int32_t tmp;
- kret = krb5_auth_con_getflags(gssapi_krb5_context,
- (*context_handle)->auth_context,
- &tmp);
- if (kret) {
- gssapi_krb5_set_error_string ();
- *minor_status = kret;
- return GSS_S_FAILURE;
- }
+ krb5_auth_con_addflags(gssapi_krb5_context,
+ (*context_handle)->auth_context,
+ KRB5_AUTH_CONTEXT_DO_SEQUENCE,
+ NULL);
- tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE;
- kret = krb5_auth_con_setflags(gssapi_krb5_context,
- (*context_handle)->auth_context,
- tmp);
- if (kret) {
- gssapi_krb5_set_error_string ();
- *minor_status = kret;
- return GSS_S_FAILURE;
- }
- }
-
/* We need the key and a random local subkey */
{
kret = krb5_auth_con_setkey(gssapi_krb5_context,
@@ -550,7 +537,7 @@
return GSS_S_CONTINUE_NEEDED;
}
- return gsskrb5_local_ready(minor_status, context_handle);
+ return gsskrb5_initiator_ready(minor_status, context_handle);
}
static OM_uint32
@@ -613,7 +600,6 @@
if (ret) return ret;
if (lifetime_rec == 0) {
- *minor_status = 0;
return GSS_S_CONTEXT_EXPIRED;
}
@@ -625,10 +611,11 @@
/* We are done here if GSS_C_DCE_STYLE isn't in use */
if (!(flags & GSS_C_DCE_STYLE)) {
- return gsskrb5_local_ready(minor_status, context_handle);
+ return gsskrb5_initiator_ready(minor_status, context_handle);
}
- /* We need to set the local seq_number to the remote one just for the krb5_mk_rep(),
+ /*
+ * We need to set the local seq_number to the remote one just for the krb5_mk_rep(),
* and then we need to use the old local seq_number again for the GSS_Wrap() messages
*/
{
@@ -689,7 +676,7 @@
}
}
- return gsskrb5_local_ready(minor_status, context_handle);
+ return gsskrb5_initiator_ready(minor_status, context_handle);
}
static OM_uint32
@@ -710,7 +697,7 @@
{
OM_uint32 ret;
- if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) {
+ if (*context_handle == GSS_C_NO_CONTEXT) {
ret = _gsskrb5_create_ctx(minor_status,
context_handle,
input_chan_bindings,
@@ -752,6 +739,8 @@
time_rec);
break;
case INITIATOR_READY:
+ /* should this be GSS_S_BAD_STATUS ? --metze */
+
/* We need to check the liftime */
{
OM_uint32 lifetime_rec;
@@ -1226,12 +1215,13 @@
*minor_status = 0;
+ if (actual_mech_type) *actual_mech_type = GSS_C_NO_OID;
+
output_token->length = 0;
output_token->value = NULL;
if (ret_flags) *ret_flags = 0;
if (time_rec) *time_rec = 0;
- if (actual_mech_type) *actual_mech_type = GSS_C_NO_OID;
if (target_name == GSS_C_NO_NAME) return GSS_S_BAD_NAME;
More information about the samba-cvs
mailing list