+2004-03-15 Ken Raeburn <raeburn@mit.edu>
+
+ * k5seal.c (kg_seal): Extract the krb5 context from the security
+ context instead of requiring it be passed in as an argument.
+ * k5unseal.c (kg_unseal): Likewise.
+ * gssapiP_krb5.h (kg_seal, kg_unseal): Declarations updated.
+ * delete_sec_context.c, process_context_token.c, seal.c, sign.c,
+ unseal.c, verify.c: Callers changed.
+ * inq_context.c (krb5_gss_inquire_context): Use krb5 context
+ contained in security context instead of calling kg_get_context.
+ * wrap_size_limit.c (krb5_gss_wrap_size_limit): Likewise.
+
+ * import_sec_context.c (krb5_gss_ser_init): New function.
+ (krb5_gss_import_sec_context): Create a krb5 context locally to
+ use for the import.
+ * export_sec_context.c (krb5_gss_export_sec_context): Use the
+ krb5 context in the security context.
+ * gssapiP_krb5.h (krb5_gss_ser_init): Declare.
+ * gssapi_krb5.c (kg_get_context): Don't call krb5 serialization
+ initialization code here.
+
+ * accept_sec_context.c (krb5_gss_accept_sec_context): Free the
+ new krb5 context in an error case not caught before.
+
2004-03-14 Ken Raeburn <raeburn@mit.edu>
* gssapiP_krb5.h (struct _krb5_gss_ctx_id_rec): Add a krb5
/*SUPPRESS 29*/
if (*context_handle != GSS_C_NO_CONTEXT) {
*minor_status = 0;
+ krb5_free_context(context);
return(GSS_S_FAILURE);
}
gss_buffer_desc empty;
empty.length = 0; empty.value = NULL;
- if ((major = kg_seal(context, minor_status, *context_handle, 0,
+ if ((major = kg_seal(minor_status, *context_handle, 0,
GSS_C_QOP_DEFAULT,
&empty, NULL, output_token, KG_TOK_DEL_CTX)))
return(major);
krb5_gss_ctx_id_t ctx;
krb5_octet *obuffer, *obp;
- if (GSS_ERROR(kg_get_context(minor_status, &context)))
- return(GSS_S_FAILURE);
-
/* Assume a tragic failure */
obuffer = (krb5_octet *) NULL;
retval = GSS_S_FAILURE;
}
ctx = (krb5_gss_ctx_id_t) *context_handle;
+ context = ctx->k5_context;
+ kret = krb5_gss_ser_init(context);
+ if (kret)
+ goto error_out;
/* Determine size needed for externalization of context */
bufsize = 0;
krb5_pointer out,
unsigned int length);
-OM_uint32 kg_seal (krb5_context context,
- OM_uint32 *minor_status,
+OM_uint32 kg_seal (OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
int conf_req_flag,
int qop_req,
gss_buffer_t output_message_buffer,
int toktype);
-OM_uint32 kg_unseal (krb5_context context,
- OM_uint32 *minor_status,
+OM_uint32 kg_unseal (OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
gss_buffer_t input_token_buffer,
gss_buffer_t message_buffer,
int *qop_state,
int toktype);
-OM_uint32 kg_seal_size (krb5_context context,
- OM_uint32 *minor_status,
+OM_uint32 kg_seal_size (OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
int conf_req_flag,
gss_qop_t qop_req,
gss_ctx_id_t * /* context_handle */
);
+krb5_error_code krb5_gss_ser_init(krb5_context);
+
OM_uint32 krb5_gss_release_oid
(OM_uint32 *, /* minor_status */
gss_OID * /* oid */
if (!kg_context) {
if ((code = krb5_init_context(&kg_context)))
goto fail;
- if ((code = krb5_ser_context_init(kg_context)))
- goto fail;
- if ((code = krb5_ser_auth_context_init(kg_context)))
- goto fail;
- if ((code = krb5_ser_ccache_init(kg_context)))
- goto fail;
- if ((code = krb5_ser_rcache_init(kg_context)))
- goto fail;
- if ((code = krb5_ser_keytab_init(kg_context)))
- goto fail;
- if ((code = krb5_ser_auth_context_init(kg_context)))
- goto fail;
}
*context = kg_context;
*minor_status = 0;
/*
* lib/gssapi/krb5/import_sec_context.c
*
- * Copyright 1995 by the Massachusetts Institute of Technology.
+ * Copyright 1995,2004 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
* import_sec_context.c - Internalize the security context.
*/
#include "gssapiP_krb5.h"
+/* for serialization initialization functions */
+#include "k5-int.h"
/*
* Fix up the OID of the mechanism so that uses the static version of
return oid;
}
+krb5_error_code
+krb5_gss_ser_init (krb5_context context)
+{
+ krb5_error_code code;
+ static krb5_error_code (*const fns[])(krb5_context) = {
+ krb5_ser_context_init, krb5_ser_auth_context_init,
+ krb5_ser_ccache_init, krb5_ser_rcache_init, krb5_ser_keytab_init,
+ };
+ int i;
+
+ for (i = 0; i < sizeof(fns)/sizeof(fns[0]); i++)
+ if ((code = (fns[i])(context)) != 0)
+ return code;
+ return 0;
+}
+
OM_uint32
krb5_gss_import_sec_context(minor_status, interprocess_token, context_handle)
OM_uint32 *minor_status;
krb5_gss_ctx_id_t ctx;
krb5_octet *ibp;
- if (GSS_ERROR(kg_get_context(minor_status, &context)))
- return(GSS_S_FAILURE);
+ /* This is a bit screwy. We create a krb5 context because we need
+ one when calling the serialization code. However, one of the
+ objects we're unpacking is a krb5 context, so when we finish,
+ we can throw this one away. */
+ kret = krb5_init_context(&context);
+ if (kret) {
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
+ kret = krb5_gss_ser_init(context);
+ if (kret) {
+ krb5_free_context(context);
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
/* Assume a tragic failure */
ctx = (krb5_gss_ctx_id_t) NULL;
/* Internalize the context */
ibp = (krb5_octet *) interprocess_token->value;
blen = (size_t) interprocess_token->length;
- if ((kret = kg_ctx_internalize(context,
- (krb5_pointer *) &ctx,
- &ibp, &blen))) {
+ kret = kg_ctx_internalize(context, (krb5_pointer *) &ctx, &ibp, &blen);
+ krb5_free_context(context);
+ if (kret) {
*minor_status = (OM_uint32) kret;
return(GSS_S_FAILURE);
}
krb5_timestamp now;
krb5_deltat lifetime;
- if (GSS_ERROR(kg_get_context(minor_status, &context)))
- return(GSS_S_FAILURE);
-
if (initiator_name)
*initiator_name = (gss_name_t) NULL;
if (acceptor_name)
init = NULL;
accept = NULL;
+ context = ctx->k5_context;
if ((code = krb5_timeofday(context, &now))) {
*minor_status = code;
and do not encode the ENC_TYPE, MSG_LENGTH, or MSG_TEXT fields */
OM_uint32
-kg_seal(context, minor_status, context_handle, conf_req_flag, qop_req,
+kg_seal(minor_status, context_handle, conf_req_flag, qop_req,
input_message_buffer, conf_state, output_message_buffer, toktype)
- krb5_context context;
OM_uint32 *minor_status;
gss_ctx_id_t context_handle;
int conf_req_flag;
krb5_gss_ctx_id_rec *ctx;
krb5_error_code code;
krb5_timestamp now;
+ krb5_context context;
output_message_buffer->length = 0;
output_message_buffer->value = NULL;
return(GSS_S_NO_CONTEXT);
}
+ context = ctx->k5_context;
if ((code = krb5_timeofday(context, &now))) {
*minor_status = code;
return(GSS_S_FAILURE);
conf_state is only valid if SEAL. */
OM_uint32
-kg_unseal(context, minor_status, context_handle, input_token_buffer,
+kg_unseal(minor_status, context_handle, input_token_buffer,
message_buffer, conf_state, qop_state, toktype)
- krb5_context context;
OM_uint32 *minor_status;
gss_ctx_id_t context_handle;
gss_buffer_t input_token_buffer;
}
if (ctx->proto == 0)
- return kg_unseal_v1(context, minor_status, ctx, ptr, bodysize,
+ return kg_unseal_v1(ctx->k5_context, minor_status, ctx, ptr, bodysize,
message_buffer, conf_state, qop_state,
toktype);
else
- return gss_krb5int_unseal_token_v3(context, minor_status, ctx,
+ return gss_krb5int_unseal_token_v3(ctx->k5_context, minor_status, ctx,
ptr, bodysize, message_buffer,
conf_state, qop_state, toktype);
}
gss_ctx_id_t context_handle;
gss_buffer_t token_buffer;
{
- krb5_context context;
krb5_gss_ctx_id_rec *ctx;
OM_uint32 majerr;
- if (GSS_ERROR(kg_get_context(minor_status, &context)))
- return(GSS_S_FAILURE);
-
/* validate the context handle */
if (! kg_validate_ctx_id(context_handle)) {
*minor_status = (OM_uint32) G_VALIDATE_FAILED;
/* "unseal" the token */
- if (GSS_ERROR(majerr = kg_unseal(context, minor_status, ctx, token_buffer,
+ if (GSS_ERROR(majerr = kg_unseal(minor_status, ctx, token_buffer,
GSS_C_NO_BUFFER, NULL, NULL,
KG_TOK_DEL_CTX)))
return(majerr);
int *conf_state;
gss_buffer_t output_message_buffer;
{
- krb5_context context;
-
- if (GSS_ERROR(kg_get_context(minor_status, &context)))
- return(GSS_S_FAILURE);
-
- return(kg_seal(context, minor_status, context_handle, conf_req_flag,
+ return(kg_seal(minor_status, context_handle, conf_req_flag,
qop_req, input_message_buffer, conf_state,
output_message_buffer, KG_TOK_SEAL_MSG));
}
int *conf_state;
gss_buffer_t output_message_buffer;
{
- krb5_context context;
-
- if (GSS_ERROR(kg_get_context(minor_status, &context)))
- return(GSS_S_FAILURE);
-
- return(kg_seal(context, minor_status, context_handle, conf_req_flag,
+ return(kg_seal(minor_status, context_handle, conf_req_flag,
(int) qop_req, input_message_buffer, conf_state,
output_message_buffer, KG_TOK_WRAP_MSG));
}
/*
* lib/gssapi/krb5/ser_sctx.c
*
- * Copyright 1995 by the Massachusetts Institute of Technology.
+ * Copyright 1995, 2004 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
if (!kret && ctx->seqstate)
kret = kg_queue_size(kcontext, ctx->seqstate, &required);
+ if (!kret)
+ kret = krb5_size_opaque(kcontext,
+ KV5M_CONTEXT,
+ (krb5_pointer) ctx->k5_context,
+ &required);
if (!kret)
kret = krb5_size_opaque(kcontext,
KV5M_AUTH_CONTEXT,
kret = kg_queue_externalize(kcontext,
ctx->seqstate, &bp, &remain);
+ if (!kret)
+ kret = krb5_externalize_opaque(kcontext,
+ KV5M_CONTEXT,
+ (krb5_pointer) ctx->k5_context,
+ &bp, &remain);
+
if (!kret)
kret = krb5_externalize_opaque(kcontext,
KV5M_AUTH_CONTEXT,
xmalloc(sizeof(krb5_gss_ctx_id_rec)))) {
memset(ctx, 0, sizeof(krb5_gss_ctx_id_rec));
+ ctx->k5_context = kcontext;
+
/* Get static data */
(void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
ctx->initiate = (int) ibuf;
kret = 0;
}
+ if (!kret)
+ kret = krb5_internalize_opaque(kcontext,
+ KV5M_CONTEXT,
+ (krb5_pointer *) &ctx->k5_context,
+ &bp, &remain);
+
if (!kret)
kret = krb5_internalize_opaque(kcontext,
KV5M_AUTH_CONTEXT,
gss_buffer_t message_buffer;
gss_buffer_t message_token;
{
- krb5_context context;
-
- if (GSS_ERROR(kg_get_context(minor_status, &context)))
- return(GSS_S_FAILURE);
-
- return(kg_seal(context, minor_status, context_handle, 0,
+ return(kg_seal(minor_status, context_handle, 0,
qop_req, message_buffer, NULL,
message_token, KG_TOK_SIGN_MSG));
}
gss_buffer_t message_buffer;
gss_buffer_t message_token;
{
- krb5_context context;
-
- if (GSS_ERROR(kg_get_context(minor_status, &context)))
- return(GSS_S_FAILURE);
-
- return(kg_seal(context, minor_status, context_handle, 0,
+ return(kg_seal(minor_status, context_handle, 0,
(int) qop_req, message_buffer, NULL,
message_token, KG_TOK_MIC_MSG));
}
int *conf_state;
int *qop_state;
{
- krb5_context context;
-
- if (GSS_ERROR(kg_get_context(minor_status, &context)))
- return(GSS_S_FAILURE);
-
- return(kg_unseal(context, minor_status, context_handle,
+ return(kg_unseal(minor_status, context_handle,
input_message_buffer, output_message_buffer,
conf_state, qop_state, KG_TOK_SEAL_MSG));
}
int *conf_state;
gss_qop_t *qop_state;
{
- krb5_context context;
OM_uint32 rstat;
int qstate;
- if (GSS_ERROR(kg_get_context(minor_status, &context)))
- return(GSS_S_FAILURE);
-
- rstat = kg_unseal(context, minor_status, context_handle,
+ rstat = kg_unseal(minor_status, context_handle,
input_message_buffer, output_message_buffer,
conf_state, &qstate, KG_TOK_WRAP_MSG);
if (!rstat && qop_state)
gss_buffer_t token_buffer;
int *qop_state;
{
- krb5_context context;
-
- if (GSS_ERROR(kg_get_context(minor_status, &context)))
- return(GSS_S_FAILURE);
-
-
- return(kg_unseal(context, minor_status, context_handle,
+ return(kg_unseal(minor_status, context_handle,
token_buffer, message_buffer,
NULL, qop_state, KG_TOK_SIGN_MSG));
}
gss_buffer_t token_buffer;
gss_qop_t *qop_state;
{
- krb5_context context;
OM_uint32 rstat;
int qstate;
- if (GSS_ERROR(kg_get_context(minor_status, &context)))
- return(GSS_S_FAILURE);
-
-
- rstat = kg_unseal(context, minor_status, context_handle,
+ rstat = kg_unseal(minor_status, context_handle,
token_buffer, message_buffer,
NULL, &qstate, KG_TOK_MIC_MSG);
if (!rstat && qop_state)
OM_uint32 req_output_size;
OM_uint32 *max_input_size;
{
- krb5_context context;
krb5_gss_ctx_id_rec *ctx;
OM_uint32 data_size, conflen;
OM_uint32 ohlen;
int overhead;
- if (GSS_ERROR(kg_get_context(minor_status, &context)))
- return(GSS_S_FAILURE);
-
/* only default qop is allowed */
if (qop_req != GSS_C_QOP_DEFAULT) {
*minor_status = (OM_uint32) G_UNKNOWN_QOP;
/* Calculate the token size and subtract that from the output size */
overhead = 7 + ctx->mech_used->length;
data_size = req_output_size;
- conflen = kg_confounder_size(context, ctx->enc);
+ conflen = kg_confounder_size(ctx->k5_context, ctx->enc);
data_size = (conflen + data_size + 8) & (~(OM_uint32)7);
ohlen = g_token_size((gss_OID) ctx->mech_used,
(unsigned int) (data_size + ctx->cksum_size + 14))
projects / krb5.git / commitdiff