+2004-03-19 Ken Raeburn <raeburn@mit.edu>
+
+ * acquire_cred.c (krb5_gss_acquire_cred): Create and destroy a
+ local krb5 context.
+ * add_cred.c (krb5_gss_add_cred): Likewise.
+ * compare_name.c (krb5_gss_compare_name): Likewise.
+ * copy_ccache.c (gss_krb5_copy_ccache): Likewise.
+ * disp_name.c (krb5_gss_display_name): Likewise.
+ * duplicate_name.c (krb5_gss_duplicate_name): Likewise.
+ * inq_cred.c (krb5_gss_inquire_cred): Likewise.
+
+ * context_time.c (krb5_gss_context_time): Use the krb5 context in
+ the GSS security context.
+
2004-03-15 Ken Raeburn <raeburn@mit.edu>
* k5seal.c (kg_seal): Extract the krb5 context from the security
OM_uint32 ret;
krb5_error_code code;
- if (GSS_ERROR(kg_get_context(minor_status, &context)))
- return(GSS_S_FAILURE);
-
/* make sure all outputs are valid */
*output_cred_handle = NULL;
/* if requested, acquire credentials for accepting */
/* this will fill in cred->princ if the desired_name is not specified */
+ code = krb5_init_context(&context);
+ if (code) {
+ xfree(cred);
+ *minor_status = (OM_uint32) code;
+ return GSS_S_FAILURE;
+ }
+
if ((cred_usage == GSS_C_ACCEPT) ||
(cred_usage == GSS_C_BOTH))
if ((ret = acquire_accept_cred(context, minor_status, desired_name,
if (cred->princ)
krb5_free_principal(context, cred->princ);
xfree(cred);
+ krb5_free_context(context);
/* minor_status set by acquire_accept_cred() */
return(ret);
}
if (cred->princ)
krb5_free_principal(context, cred->princ);
xfree(cred);
+ krb5_free_context(context);
/* minor_status set by acquire_init_cred() */
return(ret);
}
if (cred->keytab)
(void)krb5_kt_close(context, cred->keytab);
xfree(cred);
+ krb5_free_context(context);
*minor_status = code;
return(GSS_S_FAILURE);
}
if (cred->princ)
krb5_free_principal(context, cred->princ);
xfree(cred);
+ krb5_free_context(context);
*minor_status = code;
return(GSS_S_FAILURE);
}
if (cred->princ)
krb5_free_principal(context, cred->princ);
xfree(cred);
+ krb5_free_context(context);
/* *minor_status set above */
return(ret);
}
if (cred->princ)
krb5_free_principal(context, cred->princ);
xfree(cred);
+ krb5_free_context(context);
*minor_status = (OM_uint32) G_VALIDATE_FAILED;
return(GSS_S_FAILURE);
}
if (actual_mechs)
*actual_mechs = ret_mechs;
+ krb5_free_context(context);
return(GSS_S_COMPLETE);
}
return(GSS_S_DUPLICATE_ELEMENT);
}
- if (GSS_ERROR(kg_get_context(minor_status, &context)))
- return(GSS_S_FAILURE);
+ code = krb5_init_context(&context);
+ if (code) {
+ *minor_status = code;
+ return GSS_S_FAILURE;
+ }
/* verify the desired_name */
if ((desired_name != (gss_name_t) NULL) &&
(! kg_validate_name(desired_name))) {
*minor_status = (OM_uint32) G_VALIDATE_FAILED;
+ krb5_free_context(context);
return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
}
!krb5_principal_compare(context, (krb5_principal) desired_name,
cred->princ)) {
*minor_status = 0;
+ krb5_free_context(context);
return(GSS_S_BAD_NAME);
}
(krb5_gss_cred_id_t) xmalloc(sizeof(krb5_gss_cred_id_rec)))
== NULL) {
*minor_status = ENOMEM;
+ krb5_free_context(context);
return(GSS_S_FAILURE);
}
memset(new_cred, 0, sizeof(krb5_gss_cred_id_rec));
xfree(new_cred);
*minor_status = code;
+ krb5_free_context(context);
return(GSS_S_FAILURE);
}
xfree(new_cred);
*minor_status = ENOMEM;
+ krb5_free_context(context);
return(GSS_S_FAILURE);
}
xfree(new_cred);
*minor_status = code;
+ krb5_free_context(context);
return(GSS_S_FAILURE);
}
xfree(new_cred);
*minor_status = code;
+ krb5_free_context(context);
return(GSS_S_FAILURE);
}
} else {
krb5_free_principal(context, new_cred->princ);
xfree(new_cred);
+ krb5_free_context(context);
*minor_status = code;
return(GSS_S_FAILURE);
}
krb5_free_principal(context, new_cred->princ);
xfree(new_cred);
+ krb5_free_context(context);
*minor_status = ENOMEM;
return(GSS_S_FAILURE);
}
if (new_cred->princ)
krb5_free_principal(context, new_cred->princ);
xfree(new_cred);
+ krb5_free_context(context);
*minor_status = code;
return(GSS_S_FAILURE);
if (new_cred->princ)
krb5_free_principal(context, new_cred->princ);
xfree(new_cred);
+ krb5_free_context(context);
*minor_status = (OM_uint32) G_VALIDATE_FAILED;
return(GSS_S_FAILURE);
if (output_cred_handle)
(void) krb5_gss_release_cred(&dummy, (gss_cred_id_t *) &cred);
+ krb5_free_context(context);
return(major_status);
}
if (output_cred_handle)
*output_cred_handle = cred;
+ krb5_free_context(context);
*minor_status = 0;
return(GSS_S_COMPLETE);
}
int *name_equal;
{
krb5_context context;
-
- if (GSS_ERROR(kg_get_context(minor_status, &context)))
- return(GSS_S_FAILURE);
+ krb5_error_code code;
if (! kg_validate_name(name1)) {
*minor_status = (OM_uint32) G_VALIDATE_FAILED;
return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
}
+ code = krb5_init_context(&context);
+ if (code) {
+ *minor_status = code;
+ return GSS_S_FAILURE;
+ }
+
*minor_status = 0;
*name_equal = krb5_principal_compare(context, (krb5_principal) name1,
(krb5_principal) name2);
+ krb5_free_context(context);
return(GSS_S_COMPLETE);
}
gss_ctx_id_t context_handle;
OM_uint32 *time_rec;
{
- krb5_context context;
krb5_error_code code;
krb5_gss_ctx_id_rec *ctx;
krb5_timestamp now;
krb5_deltat lifetime;
- if (GSS_ERROR(kg_get_context(minor_status, &context)))
- return(GSS_S_FAILURE);
-
/* validate the context handle */
if (! kg_validate_ctx_id(context_handle)) {
*minor_status = (OM_uint32) G_VALIDATE_FAILED;
return(GSS_S_NO_CONTEXT);
}
- if ((code = krb5_timeofday(context, &now))) {
+ if ((code = krb5_timeofday(ctx->k5_context, &now))) {
*minor_status = code;
return(GSS_S_FAILURE);
}
return(GSS_S_FAILURE);
}
- if (GSS_ERROR(kg_get_context(minor_status, &context)))
- return (GSS_S_FAILURE);
+ code = krb5_init_context(&context);
+ if (code) {
+ *minor_status = code;
+ return GSS_S_FAILURE;
+ }
code = krb5_cc_start_seq_get(context, k5creds->ccache, &cursor);
if (code) {
*minor_status = code;
+ krb5_free_context(context);
return(GSS_S_FAILURE);
}
while (!code && !krb5_cc_next_cred(context, k5creds->ccache, &cursor, &creds))
code = krb5_cc_store_cred(context, out_ccache, &creds);
krb5_cc_end_seq_get(context, k5creds->ccache, &cursor);
+ krb5_free_context(context);
if (code) {
*minor_status = code;
return(GSS_S_FAILURE);
krb5_error_code code;
char *str;
- if (GSS_ERROR(kg_get_context(minor_status, &context)))
- return(GSS_S_FAILURE);
+ code = krb5_init_context(&context);
+ if (code) {
+ *minor_status = code;
+ return GSS_S_FAILURE;
+ }
output_name_buffer->length = 0;
output_name_buffer->value = NULL;
if (! kg_validate_name(input_name)) {
*minor_status = (OM_uint32) G_VALIDATE_FAILED;
+ krb5_free_context(context);
return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
}
if ((code = krb5_unparse_name(context,
(krb5_principal) input_name, &str))) {
*minor_status = code;
+ krb5_free_context(context);
return(GSS_S_FAILURE);
}
if (! g_make_string_buffer(str, output_name_buffer)) {
krb5_free_unparsed_name(context, str);
+ krb5_free_context(context);
*minor_status = (OM_uint32) G_BUFFER_ALLOC;
return(GSS_S_FAILURE);
}
krb5_free_unparsed_name(context, str);
+ krb5_free_context(context);
*minor_status = 0;
if (output_name_type)
krb5_error_code code;
krb5_principal princ, outprinc;
- if (GSS_ERROR(kg_get_context(minor_status, &context)))
- return(GSS_S_FAILURE);
+ code = krb5_init_context(&context);
+ if (code) {
+ *minor_status = code;
+ return GSS_S_FAILURE;
+ }
if (! kg_validate_name(input_name)) {
if (minor_status)
*minor_status = (OM_uint32) G_VALIDATE_FAILED;
+ krb5_free_context(context);
return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
}
princ = input_name;
if ((code = krb5_copy_principal(context, princ, &outprinc))) {
*minor_status = code;
+ krb5_free_context(context);
return(GSS_S_FAILURE);
}
if (! kg_save_name((gss_name_t) outprinc)) {
krb5_free_principal(context, outprinc);
+ krb5_free_context(context);
*minor_status = (OM_uint32) G_VALIDATE_FAILED;
return(GSS_S_FAILURE);
}
+ krb5_free_context(context);
*dest_name = (gss_name_t) outprinc;
return(GSS_S_COMPLETE);
ret = GSS_S_FAILURE;
- if (GSS_ERROR(kg_get_context(minor_status, &context)))
- return(GSS_S_FAILURE);
+ code = krb5_init_context(&context);
+ if (code) {
+ *minor_status = code;
+ return GSS_S_FAILURE;
+ }
if (name) *name = NULL;
if (mechanisms) *mechanisms = NULL;
if ((major = kg_get_defcred(minor_status, (gss_cred_id_t)&cred)) &&
GSS_ERROR(major)) {
+ krb5_free_context(context);
return(major);
}
} else {
OM_uint32 major;
major = krb5_gss_validate_cred(minor_status, cred_handle);
- if (GSS_ERROR(major))
+ if (GSS_ERROR(major)) {
+ krb5_free_context(context);
return(major);
+ }
cred = (krb5_gss_cred_id_t) cred_handle;
}
(void) gss_release_oid_set(minor_status, &mechs);
krb5_free_principal(context, ret_name);
*minor_status = (OM_uint32) G_VALIDATE_FAILED;
+ krb5_free_context(context);
return(GSS_S_FAILURE);
}
*name = (gss_name_t) ret_name;
if (cred_handle == GSS_C_NO_CREDENTIAL)
krb5_gss_release_cred(minor_status, (gss_cred_id_t)cred);
+ krb5_free_context(context);
*minor_status = 0;
return((lifetime == 0)?GSS_S_CREDENTIALS_EXPIRED:GSS_S_COMPLETE);
fail:
krb5_gss_release_cred(&tmp_min_stat, (gss_cred_id_t)cred);
}
+ krb5_free_context(context);
return ret;
}
projects / krb5.git / commitdiff