svn commit: lorikeet r650 - in trunk/heimdal/lib: gssapi/krb5 krb5
abartlet at samba.org
abartlet at samba.org
Mon Nov 6 00:41:48 GMT 2006
Author: abartlet
Date: 2006-11-06 00:41:47 +0000 (Mon, 06 Nov 2006)
New Revision: 650
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=650
Log:
Add another error message, if there is no ticket to get the authz data from.
Fix extraction of authz data from the AuthorizationData sequence:
Where we had
IF-RELEVENT::
WIN2K-PAC
IF-RELEVENT::
SIGNED-PATH
The recursion into find_type_in_ad() for the second element would set
ret = ENOENT, and therefore the tail would set *found = FALSE, despite
the data already being found.
Andrew Bartlett
Modified:
trunk/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c
trunk/heimdal/lib/krb5/ticket.c
Changeset:
Modified: trunk/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c
===================================================================
--- trunk/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c 2006-11-05 23:39:19 UTC (rev 649)
+++ trunk/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c 2006-11-06 00:41:47 UTC (rev 650)
@@ -188,6 +188,7 @@
if (context_handle->ticket == NULL) {
HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
*minor_status = EINVAL;
+ _gsskrb5_set_status("No ticket to obtain authz data from");
return GSS_S_FAILURE;
}
Modified: trunk/heimdal/lib/krb5/ticket.c
===================================================================
--- trunk/heimdal/lib/krb5/ticket.c 2006-11-05 23:39:19 UTC (rev 649)
+++ trunk/heimdal/lib/krb5/ticket.c 2006-11-06 00:41:47 UTC (rev 650)
@@ -107,7 +107,11 @@
const AuthorizationData *ad,
int level)
{
- krb5_error_code ret = ENOENT;
+ /* It is not an error if nothing in here, that is reported by *found */
+ /* Setting a default error causes found to be set to FALSE, on
+ * recursion to an second embedded authz data even if the first
+ * element contains the required type */
+ krb5_error_code ret = 0;
int i;
if (level > 9) {
@@ -117,10 +121,6 @@
goto out;
}
- /* Default case to match ret = ENOENT above */
- krb5_set_error_string(context, "Authorization data does not contain element of type %d",
- type);
-
/*
* Only copy out the element the first time we get to it, we need
* to run over the whole authorization data fields to check if
@@ -228,9 +228,6 @@
krb5_data_free(data);
*found = 0;
}
- } else {
- /* clear default error string from above */
- krb5_clear_error_string(context);
}
return ret;
}
More information about the samba-cvs
mailing list