static void ftpd_gss_convert_creds(char *name, gss_cred_id_t);
static int ftpd_gss_userok(gss_buffer_t, char *name);
+static void log_gss_error(int, OM_uint32, OM_uint32, const char *);
+
#endif /* GSSAPI */
char *auth_type; /* Authentication succeeded? If so, what type? */
&deleg_creds);
return(0);
}
- if (stat_maj == GSS_S_COMPLETE) {
+ if (accept_maj == GSS_S_COMPLETE) {
reply(235, "ADAT=%s", gbuf);
- replied = 1;
} else {
/* If the server accepts the security data, and
requires additional data, it should respond
with reply code 335. */
reply(335, "ADAT=%s", gbuf);
}
+ replied = 1;
(void) gss_release_buffer(&stat_min, &out_tok);
}
- if (stat_maj == GSS_S_COMPLETE) {
+ if (accept_maj == GSS_S_COMPLETE) {
/* GSSAPI authentication succeeded */
stat_maj = gss_display_name(&stat_min, client,
&client_name, &mechid);
respond with reply code 535." */
reply_gss_error(535, stat_maj, stat_min,
"extracting GSSAPI identity name");
- syslog(LOG_ERR, "gssapi error extracting identity");
+ log_gss_error(LOG_ERR, stat_maj, stat_min,
+ "gssapi error extracting identity");
(void) gss_release_cred(&stat_min, &server_creds);
if (ret_flags & GSS_C_DELEG_FLAG)
(void) gss_release_cred(&stat_min,
}
return(1);
- } else if (stat_maj == GSS_S_CONTINUE_NEEDED) {
+ } else if (accept_maj == GSS_S_CONTINUE_NEEDED) {
/* If the server accepts the security data, and
requires additional data, it should respond with
reply code 335. */
- reply(335, "more data needed");
+ if (!replied)
+ reply(335, "more data needed");
(void) gss_release_cred(&stat_min, &server_creds);
if (ret_flags & GSS_C_DELEG_FLAG)
(void) gss_release_cred(&stat_min, &deleg_creds);
#endif /* SETPROCTITLE */
#ifdef GSSAPI
+/* A more general callback would probably use a void*, but currently I
+ only need an int in both cases. */
+static void with_gss_error_text(void (*cb)(const char *, int, int),
+ OM_uint32 maj_stat, OM_uint32 min_stat,
+ int misc);
+
+static void
+log_gss_error_1(const char *msg, int severity, int is_major)
+{
+ syslog(severity, "... GSSAPI error %s: %s",
+ is_major ? "major" : "minor", msg);
+}
+
+static void
+log_gss_error(int severity, OM_uint32 maj_stat, OM_uint32 min_stat,
+ const char *s)
+{
+ syslog(severity, s);
+ with_gss_error_text(log_gss_error_1, maj_stat, min_stat, severity);
+}
+
+static void
+reply_gss_error_1(const char *msg, int code, int is_major)
+{
+ lreply(code, "GSSAPI error %s: %s",
+ is_major ? "major" : "minor", msg);
+}
+
void
-reply_gss_error(code, maj_stat, min_stat, s)
-int code;
-OM_uint32 maj_stat, min_stat;
-char *s;
+reply_gss_error(int code, OM_uint32 maj_stat, OM_uint32 min_stat, char *s)
+{
+ with_gss_error_text(reply_gss_error_1, maj_stat, min_stat, code);
+ reply(code, "GSSAPI error: %s", s);
+}
+
+static void with_gss_error_text(void (*cb)(const char *, int, int),
+ OM_uint32 maj_stat, OM_uint32 min_stat,
+ int misc)
{
/* a lot of work just to report the error */
OM_uint32 gmaj_stat, gmin_stat;
&msg_ctx, &msg);
if ((gmaj_stat == GSS_S_COMPLETE)||
(gmaj_stat == GSS_S_CONTINUE_NEEDED)) {
- lreply(code, "GSSAPI error major: %s",
- (char*)msg.value);
+ (*cb)((char*)msg.value, misc, 1);
(void) gss_release_buffer(&gmin_stat, &msg);
}
if (gmaj_stat != GSS_S_CONTINUE_NEEDED)
&msg_ctx, &msg);
if ((gmaj_stat == GSS_S_COMPLETE)||
(gmaj_stat == GSS_S_CONTINUE_NEEDED)) {
- lreply(code, "GSSAPI error minor: %s",
- (char*)msg.value);
+ (*cb)((char*)msg.value, misc, 0);
(void) gss_release_buffer(&gmin_stat, &msg);
}
if (gmaj_stat != GSS_S_CONTINUE_NEEDED)
break;
}
- reply(code, "GSSAPI error: %s", s);
}
void
projects / krb5.git / commitdiff