k5unseal.c (kg_unseal): Clean up lint warnings

accept_sec_context.c (krb5_gss_accept_sec_context): Don't return an
	error token if we can't provide the server name to the KRB5 error
	structure (because cred isn't initialized).

gssapi_krb5.c, gssapi_krb5.h: Export the oid of static arrays as
	krb5_gss_oid_array since it's needed by gss_import_sec_context.

import_sec_context.c: Fix up the OID of the mechanism in the imported
	security context so that we use the static OID if at all possible.
	This is needed since gss_inquire_context() must return a static OID.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10618 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog
index e920542054701308424b375af8dcab4053a7fdaf..bc5c578755ad23dce185b9e93403b8473bc13d15 100644 (file)
--- a/src/lib/gssapi/krb5/ChangeLog
+++ b/src/lib/gssapi/krb5/ChangeLog
@@ -1,3 +1,20 @@
+1998-06-08  Theodore Ts'o  <tytso@rsts-11.mit.edu>
+
+       * k5unseal.c (kg_unseal):  Clean up lint warnings.
+
+       * accept_sec_context.c (krb5_gss_accept_sec_context): Don't return
+               an error token if we can't provide the server name to the
+               KRB5 error structure (because cred isn't initialized).
+
+       * gssapi_krb5.c, gssapi_krb5.h: Export the oid of static
+               arrays as krb5_gss_oid_array since it's needed by
+               gss_import_sec_context.
+
+       * import_sec_context.c: Fix up the OID of the mechanism in the
+               imported security context so that we use the static
+               OID if at all possible.  This is needed since
+               gss_inquire_context() must return a static OID.
+
 Sun May 24 21:57:03 1998  Theodore Y. Ts'o  <tytso@mit.edu>
 
        * import_name.c (krb5_gss_import_name): Fix typo which caused

diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c
index 181e67565e7d218d71c1c33b9d7471432874e525..ee204d3e0ae6dfd186d7dd2b28db6c37788c3027 100644 (file)
--- a/src/lib/gssapi/krb5/accept_sec_context.c
+++ b/src/lib/gssapi/krb5/accept_sec_context.c
@@ -159,7 +159,7 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
    char *sptr;
    long tmp;
    int bigend;
-   krb5_gss_cred_id_t cred;
+   krb5_gss_cred_id_t cred = 0;
    krb5_data ap_req;
    int i;
    krb5_error_code code;
@@ -679,7 +679,7 @@ fail:
           krb5_free_ap_req(context, request);
    }
 
-   if (gss_flags & GSS_C_MUTUAL_FLAG) {
+   if (cred && (gss_flags & GSS_C_MUTUAL_FLAG)) {
           /*
            * The client is expecting a response, so we can send an
            * error token back

diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c
index 9b631a1cd3f42427580576d702be786d03c45596..c0942c39a63b2173771441d3301d1a296041434e 100644 (file)
--- a/src/lib/gssapi/krb5/gssapi_krb5.c
+++ b/src/lib/gssapi/krb5/gssapi_krb5.c
@@ -53,24 +53,25 @@
  * except the last in each value's encoding.
  */
 
-static const gss_OID_desc oids[] = {
+const gss_OID_desc krb5_gss_oid_array[] = {
    /* this is the unofficial, wrong OID */
    {5, "\053\005\001\005\002"},
    /* this is the official, rfc-specified OID */
    {9, "\052\206\110\206\367\022\001\002\002"},
    {10, "\052\206\110\206\367\022\001\002\002\001"},
    {10, "\052\206\110\206\367\022\001\002\002\002"},
+   { 0, 0 }
 };
 
-const gss_OID_desc * const gss_mech_krb5_old = oids+0;
-const gss_OID_desc * const gss_mech_krb5 = oids+1;
-const gss_OID_desc * const gss_nt_krb5_name = oids+2;
-const gss_OID_desc * const gss_nt_krb5_principal = oids+3;
+const gss_OID_desc * const gss_mech_krb5_old = krb5_gss_oid_array+0;
+const gss_OID_desc * const gss_mech_krb5 = krb5_gss_oid_array+1;
+const gss_OID_desc * const gss_nt_krb5_name = krb5_gss_oid_array+2;
+const gss_OID_desc * const gss_nt_krb5_principal = krb5_gss_oid_array+3;
 
 static const gss_OID_set_desc oidsets[] = {
-   {1, (gss_OID) oids+0},
-   {1, (gss_OID) oids+1},
-   {2, (gss_OID) oids+0},
+   {1, (gss_OID) krb5_gss_oid_array+0},
+   {1, (gss_OID) krb5_gss_oid_array+1},
+   {2, (gss_OID) krb5_gss_oid_array+0},
 };
 
 const gss_OID_set_desc * const gss_mech_set_krb5_old = oidsets+0;

diff --git a/src/lib/gssapi/krb5/gssapi_krb5.h b/src/lib/gssapi/krb5/gssapi_krb5.h
index b2ef5806b1cae6d451ce14380a5d18f1be39c57f..a1f51919d6e75e3c75610ee8f513460890ba7aaf 100644 (file)
--- a/src/lib/gssapi/krb5/gssapi_krb5.h
+++ b/src/lib/gssapi/krb5/gssapi_krb5.h
@@ -39,6 +39,8 @@ extern const gss_OID_set_desc * const gss_mech_set_krb5_both;
 extern const gss_OID_desc * const gss_nt_krb5_name;
 extern const gss_OID_desc * const gss_nt_krb5_principal;
 
+extern const gss_OID_desc krb5_gss_oid_array[];
+
 #define gss_krb5_nt_general_name       gss_nt_krb5_name
 #define gss_krb5_nt_principal          gss_nt_krb5_principal
 #define gss_krb5_nt_service_name       gss_nt_service_name

diff --git a/src/lib/gssapi/krb5/import_sec_context.c b/src/lib/gssapi/krb5/import_sec_context.c
index c1d1bfa72a9528e273405312ee2a394ede02aa3f..baf901ca597da5ca527d17821d7aa9e8affaa04d 100644 (file)
--- a/src/lib/gssapi/krb5/import_sec_context.c
+++ b/src/lib/gssapi/krb5/import_sec_context.c
@@ -27,6 +27,26 @@
  */
 #include "gssapiP_krb5.h"
 
+/*
+ * Fix up the OID of the mechanism so that uses the static version of
+ * the OID if possible.
+ */
+static gss_OID convert_static_oid(oid)
+     gss_OID   FAR oid;
+{
+       const gss_OID_desc      *p;
+       OM_uint32               minor_status;
+       
+       for (p = krb5_gss_oid_array; p->length; p++) {
+               if ((oid->length == p->length) &&
+                   (memcmp(oid->elements, p->elements, p->length) == 0)) {
+                       gss_release_oid(&minor_status, &oid);
+                       return p;
+               }
+       }
+       return oid;
+}
+
 OM_uint32
 krb5_gss_import_sec_context(minor_status, interprocess_token, context_handle)
     OM_uint32          *minor_status;
@@ -65,6 +85,7 @@ krb5_gss_import_sec_context(minor_status, interprocess_token, context_handle)
        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
        return(GSS_S_FAILURE);
     }
+    ctx->mech_used = convert_static_oid(ctx->mech_used);
     
     *context_handle = (gss_ctx_id_t) ctx;
 

diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c
index 70d2d4d7bd16fafc8c0d19de7b8678eb6c471539..041cae06a3e6cd146a74719e5c0ff247320a1b64 100644 (file)
--- a/src/lib/gssapi/krb5/k5unseal.c
+++ b/src/lib/gssapi/krb5/k5unseal.c
@@ -47,7 +47,7 @@ kg_unseal(context, minor_status, context_handle, input_token_buffer,
    krb5_error_code code;
    int bodysize;
    int tmsglen;
-   int conflen;
+   int conflen = 0;
    int signalg;
    int sealalg;
    gss_buffer_desc token;
@@ -58,7 +58,7 @@ kg_unseal(context, minor_status, context_handle, input_token_buffer,
    char *data_ptr;
    krb5_timestamp now;
    unsigned char *plain;
-   int cksum_len;
+   int cksum_len = 0;
    int plainlen;
    int err;
    int direction;
@@ -89,9 +89,9 @@ kg_unseal(context, minor_status, context_handle, input_token_buffer,
 
    ptr = (unsigned char *) input_token_buffer->value;
 
-   if (err = g_verify_token_header((gss_OID) ctx->mech_used, &bodysize,
-                                  &ptr, toktype,
-                                  input_token_buffer->length)) {
+   if ((err = g_verify_token_header((gss_OID) ctx->mech_used, &bodysize,
+                                   &ptr, toktype,
+                                   input_token_buffer->length))) {
       *minor_status = err;
       return(GSS_S_DEFECTIVE_TOKEN);
    }
@@ -159,8 +159,8 @@ kg_unseal(context, minor_status, context_handle, input_token_buffer,
            return(GSS_S_FAILURE);
         }
 
-        if (code = kg_decrypt(context, &ctx->enc, NULL,
-                              ptr+14+cksum_len, plain, tmsglen)) {
+        if ((code = kg_decrypt(context, &ctx->enc, NULL,
+                               ptr+14+cksum_len, plain, tmsglen))) {
            xfree(plain);
            *minor_status = code;
            return(GSS_S_FAILURE);
@@ -185,11 +185,7 @@ kg_unseal(context, minor_status, context_handle, input_token_buffer,
            *minor_status = ENOMEM;
            return(GSS_S_FAILURE);
         }
-
-        if ((sealalg == 0xffff) && ctx->big_endian)
-           memcpy(token.value, plain, token.length);
-        else
-           memcpy(token.value, plain+conflen, token.length);
+        memcpy(token.value, plain+conflen, token.length);
       }
    } else if (toktype == KG_TOK_SIGN_MSG) {
       token = *message_buffer;
@@ -285,10 +281,10 @@ kg_unseal(context, minor_status, context_handle, input_token_buffer,
 
       xfree(cksum.contents);
 #else
-      if (code = kg_encrypt(context, &ctx->seq,
-                           (g_OID_equal(ctx->mech_used, gss_mech_krb5_old) ?
-                            ctx->seq.key->contents : NULL),
-                           md5cksum.contents, md5cksum.contents, 16)) {
+      if ((code = kg_encrypt(context, &ctx->seq,
+                            (g_OID_equal(ctx->mech_used, gss_mech_krb5_old) ?
+                             ctx->seq.key->contents : NULL),
+                            md5cksum.contents, md5cksum.contents, 16))) {
         xfree(md5cksum.contents);
         if (toktype == KG_TOK_SEAL_MSG)
            xfree(token.value);
@@ -386,7 +382,7 @@ kg_unseal(context, minor_status, context_handle, input_token_buffer,
    if (qop_state)
       *qop_state = GSS_C_QOP_DEFAULT;
 
-   if (code = krb5_timeofday(context, &now)) {
+   if ((code = krb5_timeofday(context, &now))) {
       *minor_status = code;
       return(GSS_S_FAILURE);
    }
@@ -398,8 +394,8 @@ kg_unseal(context, minor_status, context_handle, input_token_buffer,
 
    /* do sequencing checks */
 
-   if (code = kg_get_seq_num(context, &(ctx->seq), ptr+14, ptr+6, &direction,
-                            &seqnum)) {
+   if ((code = kg_get_seq_num(context, &(ctx->seq), ptr+14, ptr+6, &direction,
+                             &seqnum))) {
       if (toktype == KG_TOK_SEAL_MSG)
         xfree(token.value);
       *minor_status = code;