##DOS##gssapi.h: gssapi.hin
##DOS## $(CP) $** $@
-#if HasHashLibrary
-# UTIL_VALIDATE_SRC= $(srcdir)/util_validate.c
-# UTIL_VALIDATE_OBJ= util_validate.$(OBJEXT)
-#else
-#UTIL_VALIDATE_SRC= $(srcdir)/utl_nohash_validate.c
-#UTIL_VALIDATE_OBJ= utl_nohash_validate.$(OBJEXT)
-#endif
-
SRCS = \
$(srcdir)/disp_com_err_status.c \
$(srcdir)/disp_major_status.c \
$(srcdir)/util_ordering.c \
$(srcdir)/util_set.c \
$(srcdir)/util_token.c \
- $(srcdir)/util_validate.c \
gssapi_err_generic.c
OBJS = \
$(OUTPRE)util_ordering.$(OBJEXT) \
$(OUTPRE)util_set.$(OBJEXT) \
$(OUTPRE)util_token.$(OBJEXT) \
- $(OUTPRE)util_validate.$(OBJEXT) \
$(OUTPRE)gssapi_err_generic.$(OBJEXT)
STLIBOBJS = \
util_ordering.o \
util_set.o \
util_token.o \
- util_validate.o \
gssapi_err_generic.o
EXPORTED_HEADERS= gssapi_generic.h gssapi_ext.h
#define g_set_entry_add gssint_g_set_entry_add
#define g_set_entry_delete gssint_g_set_entry_delete
#define g_set_entry_get gssint_g_set_entry_get
-#define g_save_name gssint_g_save_name
-#define g_save_cred_id gssint_g_save_cred_id
-#define g_save_ctx_id gssint_g_save_ctx_id
-#define g_save_lucidctx_id gssint_g_save_lucidctx_id
-#define g_validate_name gssint_g_validate_name
-#define g_validate_cred_id gssint_g_validate_cred_id
-#define g_validate_ctx_id gssint_g_validate_ctx_id
-#define g_validate_lucidctx_id gssint_g_validate_lucidctx_id
-#define g_delete_name gssint_g_delete_name
-#define g_delete_cred_id gssint_g_delete_cred_id
-#define g_delete_ctx_id gssint_g_delete_ctx_id
-#define g_delete_lucidctx_id gssint_g_delete_lucidctx_id
#define g_make_string_buffer gssint_g_make_string_buffer
#define g_token_size gssint_g_token_size
#define g_make_token_header gssint_g_make_token_header
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/*
- * Copyright 1993 by OpenVision Technologies, Inc.
- *
- * Permission to use, copy, modify, distribute, and sell this software
- * and its documentation for any purpose is hereby granted without fee,
- * provided that the above copyright notice appears in all copies and
- * that both that copyright notice and this permission notice appear in
- * supporting documentation, and that the name of OpenVision not be used
- * in advertising or publicity pertaining to distribution of the software
- * without specific, written prior permission. OpenVision makes no
- * representations about the suitability of this software for any
- * purpose. It is provided "as is" without express or implied warranty.
- *
- * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
- * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
- * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
- * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
- * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * $Id$
- */
-
-/*
- * functions to validate name, credential, and context handles
- */
-
-#include "gssapiP_generic.h"
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#include <fcntl.h>
-#include <limits.h>
-
-#ifdef HAVE_BSD_DB
-#include <sys/file.h>
-#include <db.h>
-
-static const int one = 1;
-static const DBT dbtone = { (void *) &one, sizeof(one) };
-
-typedef struct _vkey {
- int type;
- void *ptr;
-} vkey;
-#endif
-
-#define V_NAME 1
-#define V_CRED_ID 2
-#define V_CTX_ID 3
-#define V_LCTX_ID 4
-
-/* All these functions return 0 on failure, and non-zero on success */
-
-static int g_save(db, type, ptr)
- g_set *db;
-#ifdef HAVE_BSD_DB
- int type;
-#else
- void *type;
-#endif
- void *ptr;
-{
- int ret;
-#ifdef HAVE_BSD_DB
- DB **vdb;
- vkey vk;
- DBT key;
-
- ret = k5_mutex_lock(&db->mutex);
- if (ret)
- return 0;
-
- vdb = (DB **) &db->data;
-
- if (!*vdb)
- *vdb = dbopen(NULL, O_CREAT|O_RDWR, O_CREAT|O_RDWR, DB_HASH, NULL);
-
- vk.type = type;
- vk.ptr = ptr;
-
- key.data = &vk;
- key.size = sizeof(vk);
-
- ret = ((*((*vdb)->put))(*vdb, &key, &dbtone, 0) == 0);
- k5_mutex_unlock(&db->mutex);
- return ret;
-#else
- g_set_elt *gs;
-
- ret = k5_mutex_lock(&db->mutex);
- if (ret)
- return 0;
-
- gs = (g_set_elt *) &db->data;
-
- if (!*gs)
- if (g_set_init(gs)) {
- k5_mutex_unlock(&db->mutex);
- return(0);
- }
-
- ret = (g_set_entry_add(gs, ptr, type) == 0);
- k5_mutex_unlock(&db->mutex);
- return ret;
-#endif
-}
-
-static int g_validate(db, type, ptr)
- g_set *db;
-#ifdef HAVE_BSD_DB
- int type;
-#else
- void *type;
-#endif
- void *ptr;
-{
- int ret;
-#ifdef HAVE_BSD_DB
- DB **vdb;
- vkey vk;
- DBT key, value;
-
- ret = k5_mutex_lock(&db->mutex);
- if (ret)
- return 0;
-
- vdb = (DB **) &db->data;
- if (!*vdb) {
- k5_mutex_unlock(&db->mutex);
- return(0);
- }
-
- vk.type = type;
- vk.ptr = ptr;
-
- key.data = &vk;
- key.size = sizeof(vk);
-
- if ((*((*vdb)->get))(*vdb, &key, &value, 0)) {
- k5_mutex_unlock(&db->mutex);
- return(0);
- }
-
- k5_mutex_unlock(&db->mutex);
- return((value.size == sizeof(one)) &&
- (*((int *) value.data) == one));
-#else
- g_set_elt *gs;
- void *value;
-
- ret = k5_mutex_lock(&db->mutex);
- if (ret)
- return 0;
-
- gs = (g_set_elt *) &db->data;
- if (!*gs) {
- k5_mutex_unlock(&db->mutex);
- return(0);
- }
-
- if (g_set_entry_get(gs, ptr, (void **) &value)) {
- k5_mutex_unlock(&db->mutex);
- return(0);
- }
- k5_mutex_unlock(&db->mutex);
- return(value == type);
-#endif
-}
-
-static int g_delete(db, type, ptr)
- g_set *db;
-#ifdef HAVE_BSD_DB
- int type;
-#else
- void *type;
-#endif
- void *ptr;
-{
- int ret;
-#ifdef HAVE_BSD_DB
- DB **vdb;
- vkey vk;
- DBT key;
-
- ret = k5_mutex_lock(&db->mutex);
- if (ret)
- return 0;
-
- vdb = (DB **) &db->data;
- if (!*vdb) {
- k5_mutex_unlock(&db->mutex);
- return(0);
- }
-
- vk.type = type;
- vk.ptr = ptr;
-
- key.data = &vk;
- key.size = sizeof(vk);
-
- ret = ((*((*vdb)->del))(*vdb, &key, 0) == 0);
- k5_mutex_unlock(&db->mutex);
- return ret;
-#else
- g_set_elt *gs;
-
- ret = k5_mutex_lock(&db->mutex);
- if (ret)
- return 0;
-
- gs = (g_set_elt *) &db->data;
- if (!*gs) {
- k5_mutex_unlock(&db->mutex);
- return(0);
- }
-
- if (g_set_entry_delete(gs, ptr)) {
- k5_mutex_unlock(&db->mutex);
- return(0);
- }
- k5_mutex_unlock(&db->mutex);
- return(1);
-#endif
-}
-
-/* functions for each type */
-
-/* save */
-
-int g_save_name(vdb, name)
- g_set *vdb;
- gss_name_t name;
-{
- return(g_save(vdb, V_NAME, (void *) name));
-}
-int g_save_cred_id(vdb, cred)
- g_set *vdb;
- gss_cred_id_t cred;
-{
- return(g_save(vdb, V_CRED_ID, (void *) cred));
-}
-int g_save_ctx_id(vdb, ctx)
- g_set *vdb;
- gss_ctx_id_t ctx;
-{
- return(g_save(vdb, V_CTX_ID, (void *) ctx));
-}
-int g_save_lucidctx_id(vdb, lctx)
- g_set *vdb;
- void *lctx;
-{
- return(g_save(vdb, V_LCTX_ID, (void *) lctx));
-}
-
-
-/* validate */
-
-int g_validate_name(vdb, name)
- g_set *vdb;
- gss_name_t name;
-{
- return(g_validate(vdb, V_NAME, (void *) name));
-}
-int g_validate_cred_id(vdb, cred)
- g_set *vdb;
- gss_cred_id_t cred;
-{
- return(g_validate(vdb, V_CRED_ID, (void *) cred));
-}
-int g_validate_ctx_id(vdb, ctx)
- g_set *vdb;
- gss_ctx_id_t ctx;
-{
- return(g_validate(vdb, V_CTX_ID, (void *) ctx));
-}
-int g_validate_lucidctx_id(vdb, lctx)
- g_set *vdb;
- void *lctx;
-{
- return(g_validate(vdb, V_LCTX_ID, (void *) lctx));
-}
-
-/* delete */
-
-int g_delete_name(vdb, name)
- g_set *vdb;
- gss_name_t name;
-{
- return(g_delete(vdb, V_NAME, (void *) name));
-}
-int g_delete_cred_id(vdb, cred)
- g_set *vdb;
- gss_cred_id_t cred;
-{
- return(g_delete(vdb, V_CRED_ID, (void *) cred));
-}
-int g_delete_ctx_id(vdb, ctx)
- g_set *vdb;
- gss_ctx_id_t ctx;
-{
- return(g_delete(vdb, V_CTX_ID, (void *) ctx));
-}
-int g_delete_lucidctx_id(vdb, lctx)
- g_set *vdb;
- void *lctx;
-{
- return(g_delete(vdb, V_LCTX_ID, (void *) lctx));
-}
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/*
- * Copyright 1990,1994 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-/* Stub functions for those without the hash library */
-
-#include "gssapiP_generic.h"
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_LIMITS_H
-#include <limits.h>
-#endif
-
-/* functions for each type */
-
-/* save */
-
-int g_save_name(vdb, name)
- void **vdb;
- gss_name_t *name;
-{
- return 1;
-}
-int g_save_cred_id(vdb, cred)
- void **vdb;
- gss_cred_id_t *cred;
-{
- return 1;
-}
-int g_save_ctx_id(vdb, ctx)
- void **vdb;
- gss_ctx_id_t *ctx;
-{
- return 1;
-}
-int g_save_lucidctx_id(vdb, lctx)
- void **vdb;
- void *lctx;
-{
- return 1;
-}
-
-/* validate */
-
-int g_validate_name(vdb, name)
- void **vdb;
- gss_name_t *name;
-{
- return 1;
-}
-int g_validate_cred_id(vdb, cred)
- void **vdb;
- gss_cred_id_t *cred;
-{
- return 1;
-}
-int g_validate_ctx_id(vdb, ctx)
- void **vdb;
- gss_ctx_id_t *ctx;
-{
- return 1;
-}
-int g_validate_lucidctx_id(vdb, lctx)
- void **vdb;
- void *lctx;
-{
- return 1;
-}
-
-/* delete */
-
-int g_delete_name(vdb, name)
- void **vdb;
- gss_name_t *name;
-{
- return 1;
-}
-int g_delete_cred_id(vdb, cred)
- void **vdb;
- gss_cred_id_t *cred;
-{
- return 1;
-}
-int g_delete_ctx_id(vdb, ctx)
- void **vdb;
- gss_ctx_id_t *ctx;
-{
- return 1;
-}
-int g_delete_lucidctx_id(vdb, lctx)
- void **vdb;
- void *lctx;
-{
- return 1;
-}
ctx->established = 1;
if (src_name) {
- if ((code = kg_duplicate_name(ctx->k5_context, ctx->there,
- KG_INIT_NAME_INTERN, &name))) {
+ code = kg_duplicate_name(ctx->k5_context, ctx->there, &name);
+ if (code) {
major_status = GSS_S_FAILURE;
goto fail;
}
ctx->big_endian = bigend;
ctx->cred_rcache = cred_rcache;
- /* Intern the ctx pointer so that delete_sec_context works */
- if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) {
- xfree(ctx);
- ctx = 0;
-
- code = G_VALIDATE_FAILED;
- major_status = GSS_S_FAILURE;
- goto fail;
- }
-
/* XXX move this into gss_name_t */
if ( (code = krb5_merge_authdata(context,
ticket->enc_part2->authorization_data,
/* set the return arguments */
if (src_name) {
- if ((code = kg_duplicate_name(context, ctx->there,
- KG_INIT_NAME_INTERN, &name))) {
+ code = kg_duplicate_name(context, ctx->there, &name);
+ if (code) {
major_status = GSS_S_FAILURE;
goto fail;
}
if (src_name)
*src_name = (gss_name_t) name;
- if (delegated_cred_handle) {
- if (!kg_save_cred_id((gss_cred_id_t) deleg_cred)) {
- major_status = GSS_S_FAILURE;
- code = G_VALIDATE_FAILED;
- goto fail;
- }
-
+ if (delegated_cred_handle)
*delegated_cred_handle = (gss_cred_id_t) deleg_cred;
- }
/* finally! */
if (deleg_cred->ccache)
(void)krb5_cc_close(context, deleg_cred->ccache);
if (deleg_cred->name)
- kg_release_name(context, 0, &deleg_cred->name);
+ kg_release_name(context, &deleg_cred->name);
xfree(deleg_cred);
}
if (token.value)
xfree(token.value);
if (name) {
- (void) kg_release_name(context, 0, &name);
+ (void) kg_release_name(context, &name);
}
*minor_status = code;
}
assert(cred->name == NULL);
- code = kg_duplicate_name(context, desired_name, 0, &cred->name);
+ code = kg_duplicate_name(context, desired_name, &cred->name);
if (code) {
*minor_status = code;
return GSS_S_FAILURE;
*time_rec = (cred->tgt_expire > now) ? (cred->tgt_expire - now) : 0;
}
- if (!kg_save_cred_id((gss_cred_id_t)cred)) {
- ret = GSS_S_FAILURE;
- goto error_out;
- }
-
*minor_status = 0;
*output_cred_handle = (gss_cred_id_t) cred;
krb5_kt_close(context, cred->keytab);
#endif /* LEAN_CLIENT */
if (cred->name)
- kg_release_name(context, 0, &cred->name);
+ kg_release_name(context, &cred->name);
k5_mutex_destroy(&cred->lock);
xfree(cred);
}
{
struct acquire_cred_args args;
- if (desired_name && !kg_validate_name(desired_name)) {
- *minor_status = G_VALIDATE_FAILED;
- return GSS_S_FAILURE;
- }
-
memset(&args, 0, sizeof(args));
args.desired_name = desired_name;
args.time_req = time_req;
{
struct acquire_cred_args args;
- if (desired_name && !kg_validate_name(desired_name)) {
- *minor_status = G_VALIDATE_FAILED;
- return GSS_S_FAILURE;
- }
-
memset(&args, 0, sizeof(args));
args.desired_name = desired_name;
args.time_req = time_req;
{
struct acquire_cred_args args;
- if (desired_name && !kg_validate_name(desired_name)) {
- *minor_status = G_VALIDATE_FAILED;
- return GSS_S_FAILURE;
- }
-
memset(&args, 0, sizeof(args));
args.desired_name = desired_name;
args.password = password;
{
struct acquire_cred_args args;
- if (desired_name && !kg_validate_name(desired_name)) {
- *minor_status = G_VALIDATE_FAILED;
- return GSS_S_FAILURE;
- }
-
memset(&args, 0, sizeof(args));
args.desired_name = desired_name;
args.password = password;
krb5_context context;
krb5_error_code code;
- if (! kg_validate_name(name1)) {
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
- }
-
- if (! kg_validate_name(name2)) {
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
- }
-
code = krb5_gss_init_context(&context);
if (code) {
*minor_status = code;
krb5_timestamp now;
krb5_deltat lifetime;
- /* validate the context handle */
- if (! kg_validate_ctx_id(context_handle)) {
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- return(GSS_S_NO_CONTEXT);
- }
-
ctx = (krb5_gss_ctx_id_rec *) context_handle;
if (! ctx->established) {
return(GSS_S_COMPLETE);
}
- /*SUPPRESS 29*/
- /* validate the context handle */
- if (! kg_validate_ctx_id(*context_handle)) {
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- return(GSS_S_NO_CONTEXT);
- }
-
ctx = (krb5_gss_ctx_id_t) *context_handle;
context = ctx->k5_context;
}
}
- /* invalidate the context handle */
-
- (void)kg_delete_ctx_id(*context_handle);
-
/* free all the context state */
if (ctx->seqstate)
krb5_k_free_key(context, ctx->seq);
if (ctx->here)
- kg_release_name(context, 0, &ctx->here);
+ kg_release_name(context, &ctx->here);
if (ctx->there)
- kg_release_name(context, 0, &ctx->there);
+ kg_release_name(context, &ctx->there);
if (ctx->subkey)
krb5_k_free_key(context, ctx->subkey);
if (ctx->acceptor_subkey)
output_name_buffer->length = 0;
output_name_buffer->value = NULL;
- if (! kg_validate_name(input_name)) {
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- krb5_free_context(context);
- return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
- }
if (krb5_princ_type(context, k5name->princ) == KRB5_NT_WELLKNOWN) {
if (krb5_principal_compare(context, k5name->princ,
krb5_anonymous_principal()))
return GSS_S_FAILURE;
}
- if (! kg_validate_name(input_name)) {
- if (minor_status)
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- krb5_free_context(context);
- return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
- }
-
princ = (krb5_gss_name_t)input_name;
- if ((code = kg_duplicate_name(context, princ, KG_INIT_NAME_INTERN, &outprinc))) {
+ code = kg_duplicate_name(context, princ, &outprinc);
+ if (code) {
*minor_status = code;
save_error_info(*minor_status, context);
krb5_free_context(context);
}
krb5_free_context(context);
*dest_name = (gss_name_t) outprinc;
- assert(kg_validate_name(*dest_name));
return(GSS_S_COMPLETE);
}
exported_name->length = 0;
exported_name->value = NULL;
- if (! kg_validate_name(input_name)) {
- if (minor_status)
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- krb5_free_context(context);
- return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
- }
-
if ((code = krb5_unparse_name(context, ((krb5_gss_name_t) input_name)->princ,
&str))) {
if (minor_status)
retval = GSS_S_FAILURE;
*minor_status = 0;
- if (!kg_validate_ctx_id(*context_handle)) {
- kret = (OM_uint32) G_VALIDATE_FAILED;
- retval = GSS_S_NO_CONTEXT;
- goto error_out;
- }
-
ctx = (krb5_gss_ctx_id_t) *context_handle;
context = ctx->k5_context;
kret = krb5_gss_ser_init(context);
extern k5_mutex_t gssint_krb5_keytab_lock;
#endif /* LEAN_CLIENT */
-/* helper macros */
-
-#define kg_save_name(name) g_save_name(&kg_vdb,name)
-#define kg_save_cred_id(cred) g_save_cred_id(&kg_vdb,cred)
-#define kg_save_ctx_id(ctx) g_save_ctx_id(&kg_vdb,ctx)
-#define kg_save_lucidctx_id(lctx) g_save_lucidctx_id(&kg_vdb,lctx)
-
-#define kg_validate_name(name) g_validate_name(&kg_vdb,name)
-#define kg_validate_cred_id(cred) g_validate_cred_id(&kg_vdb,cred)
-#define kg_validate_ctx_id(ctx) (g_validate_ctx_id(&kg_vdb,ctx) && \
- ((krb5_gss_ctx_id_t)ctx)->magic == \
- KG_CONTEXT)
-#define kg_validate_lucidctx_id(lctx) g_validate_lucidctx_id(&kg_vdb,lctx)
-
-#define kg_delete_name(name) g_delete_name(&kg_vdb,name)
-#define kg_delete_cred_id(cred) g_delete_cred_id(&kg_vdb,cred)
-#define kg_delete_ctx_id(ctx) g_delete_ctx_id(&kg_vdb,ctx)
-#define kg_delete_lucidctx_id(lctx) g_delete_lucidctx_id(&kg_vdb,lctx)
-
/** helper functions **/
OM_uint32 kg_get_defcred
int gss_krb5int_rotate_left (void *ptr, size_t bufsiz, size_t rc);
/* naming_exts.c */
-#define KG_INIT_NAME_INTERN 0x1
-#define KG_INIT_NAME_NO_COPY 0x2
+#define KG_INIT_NAME_NO_COPY 0x1
krb5_error_code
kg_init_name(krb5_context context, krb5_principal principal,
krb5_flags flags, krb5_gss_name_t *name);
krb5_error_code
-kg_release_name(krb5_context context,
- krb5_flags flags,
- krb5_gss_name_t *name);
+kg_release_name(krb5_context context, krb5_gss_name_t *name);
krb5_error_code
-kg_duplicate_name(krb5_context context,
- const krb5_gss_name_t src,
- krb5_flags flags,
+kg_duplicate_name(krb5_context context, const krb5_gss_name_t src,
krb5_gss_name_t *dst);
krb5_boolean
*data_set = GSS_C_NO_BUFFER_SET;
- if (!kg_validate_ctx_id(context_handle))
- return GSS_S_NO_CONTEXT;
-
ctx = (krb5_gss_ctx_id_rec *) context_handle;
if (!ctx->established)
if (desired_object == GSS_C_NO_OID)
return GSS_S_CALL_INACCESSIBLE_READ;
- if (*context_handle != GSS_C_NO_CONTEXT) {
- krb5_gss_ctx_id_rec *ctx;
-
- if (!kg_validate_ctx_id(*context_handle))
- return GSS_S_NO_CONTEXT;
-
- ctx = (krb5_gss_ctx_id_rec *) context_handle;
- }
-
#if 0
for (i = 0; i < sizeof(krb5_gss_set_sec_context_option_ops)/
sizeof(krb5_gss_set_sec_context_option_ops[0]); i++) {
return GSS_S_FAILURE;
}
- if (!kg_validate_name(pname)) {
- *minor = (OM_uint32)G_VALIDATE_FAILED;
- krb5_free_context(context);
- return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME;
- }
-
kname = (krb5_gss_name_t)pname;
code = krb5_aname_to_localname(context, kname->princ,
return GSS_S_BAD_NAMETYPE;
}
- if (!kg_validate_name(pname)) {
- *minor = (OM_uint32)G_VALIDATE_FAILED;
- return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME;
- }
-
kname = (krb5_gss_name_t)pname;
code = krb5_gss_init_context(&context);
} else
ctx = (iakerb_ctx_id_t)*context_handle;
- if (!kg_validate_name(target_name)) {
- *minor_status = G_VALIDATE_FAILED;
- major_status = GSS_S_CALL_BAD_STRUCTURE | GSS_S_BAD_NAME;
- goto cleanup;
- }
-
kname = (krb5_gss_name_t)target_name;
if (claimant_cred_handle != GSS_C_NO_CREDENTIAL) {
/* Create a name and save it in the validation database. */
code = kg_init_name(context, princ, service, host, ad_context,
- KG_INIT_NAME_INTERN | KG_INIT_NAME_NO_COPY, &name);
+ KG_INIT_NAME_NO_COPY, &name);
if (code)
goto cleanup;
princ = NULL;
}
krb5_free_context(context);
- /* intern the context handle */
- if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) {
- (void)krb5_gss_delete_sec_context(minor_status,
- (gss_ctx_id_t *) &ctx, NULL);
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- return(GSS_S_FAILURE);
- }
ctx->mech_used = krb5_gss_convert_static_mech_oid(ctx->mech_used);
*context_handle = (gss_ctx_id_t) ctx;
ctx->krb_times.endtime = now + time_req;
}
- if ((code = kg_duplicate_name(context, cred->name, 0, &ctx->here)))
+ if ((code = kg_duplicate_name(context, cred->name, &ctx->here)))
goto cleanup;
- if ((code = kg_duplicate_name(context, (krb5_gss_name_t)target_name, 0, &ctx->there)))
+ if ((code = kg_duplicate_name(context, (krb5_gss_name_t)target_name,
+ &ctx->there)))
goto cleanup;
code = get_credentials(context, cred, ctx->there, now,
if (actual_mech_type)
*actual_mech_type = mech_type;
- /* At this point, the context is constructed and valid; intern it. */
- if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) {
- code = G_VALIDATE_FAILED;
- goto cleanup;
- }
-
/* return successfully */
*context_handle = (gss_ctx_id_t) ctx;
if (ctx_free->auth_context)
krb5_auth_con_free(context, ctx_free->auth_context);
if (ctx_free->here)
- kg_release_name(context, 0, &ctx_free->here);
+ kg_release_name(context, &ctx_free->here);
if (ctx_free->there)
- kg_release_name(context, 0, &ctx_free->there);
+ kg_release_name(context, &ctx_free->there);
if (ctx_free->subkey)
krb5_k_free_key(context, ctx_free->subkey);
xfree(ctx_free);
if (code)
goto fail;
- /* validate the context handle */
- /*SUPPRESS 29*/
- if (! kg_validate_ctx_id(*context_handle)) {
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- return(GSS_S_NO_CONTEXT);
- }
-
ctx = (krb5_gss_ctx_id_t) *context_handle;
/* make sure the context is non-established, and that certain
if (actual_mech_type)
*actual_mech_type = NULL;
- /* verify that the target_name is valid and usable */
-
- if (! kg_validate_name(target_name)) {
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- save_error_info(*minor_status, context);
- if (*context_handle == GSS_C_NO_CONTEXT)
- krb5_free_context(context);
- return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
- }
-
/* verify the credential, or use the default */
/*SUPPRESS 29*/
if (claimant_cred_handle == GSS_C_NO_CREDENTIAL) {
if (acceptor_name)
*acceptor_name = (gss_name_t) NULL;
- /* validate the context handle */
- if (! kg_validate_ctx_id(context_handle)) {
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- return(GSS_S_NO_CONTEXT);
- }
-
ctx = (krb5_gss_ctx_id_rec *) context_handle;
if (! ctx->established) {
if (initiator_name) {
if ((code = kg_duplicate_name(context,
- ctx->initiate?ctx->here:ctx->there,
- KG_INIT_NAME_INTERN,
+ ctx->initiate ? ctx->here : ctx->there,
&initiator))) {
*minor_status = code;
save_error_info(*minor_status, context);
if (acceptor_name) {
if ((code = kg_duplicate_name(context,
- ctx->initiate?ctx->there:ctx->here,
- KG_INIT_NAME_INTERN,
+ ctx->initiate ? ctx->there : ctx->here,
&acceptor))) {
if (initiator)
- kg_release_name(context, KG_INIT_NAME_INTERN,
- &initiator);
+ kg_release_name(context, &initiator);
*minor_status = code;
save_error_info(*minor_status, context);
return(GSS_S_FAILURE);
if (name) {
if (cred->name) {
- code = kg_duplicate_name(context, cred->name, KG_INIT_NAME_INTERN,
- &ret_name);
+ code = kg_duplicate_name(context, cred->name, &ret_name);
} else if ((cred->usage == GSS_C_ACCEPT || cred->usage == GSS_C_BOTH)
&& cred->keytab != NULL) {
/* This is a default acceptor cred; use a name from the keytab if
code = k5_kt_get_principal(context, cred->keytab, &princ);
if (code == 0) {
code = kg_init_name(context, princ, NULL, NULL, NULL,
- KG_INIT_NAME_NO_COPY | KG_INIT_NAME_INTERN,
- &ret_name);
+ KG_INIT_NAME_NO_COPY, &ret_name);
if (code)
krb5_free_principal(context, princ);
} else if (code == KRB5_KT_NOTFOUND)
&mechs))) {
k5_mutex_unlock(&cred->lock);
if (ret_name)
- kg_release_name(context, KG_INIT_NAME_INTERN, &ret_name);
+ kg_release_name(context, &ret_name);
/* *minor_status set above */
goto fail;
}
return GSS_S_FAILURE;
}
- /* validate the context handle */
- if (! kg_validate_ctx_id(context_handle)) {
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- return(GSS_S_NO_CONTEXT);
- }
-
ctx = (krb5_gss_ctx_id_rec *) context_handle;
if (! ctx->established) {
return GSS_S_FAILURE;
}
- if (!kg_validate_ctx_id(context_handle)) {
- *minor_status = (OM_uint32)G_VALIDATE_FAILED;
- return GSS_S_NO_CONTEXT;
- }
-
ctx = (krb5_gss_ctx_id_rec *)context_handle;
if (!ctx->established) {
*minor_status = KG_CTX_INCOMPLETE;
return GSS_S_FAILURE;
}
- if (!kg_validate_ctx_id(context_handle)) {
- *minor_status = (OM_uint32)G_VALIDATE_FAILED;
- return GSS_S_NO_CONTEXT;
- }
-
ctx = (krb5_gss_ctx_id_rec *)context_handle;
if (!ctx->established) {
*minor_status = KG_CTX_INCOMPLETE;
int vfyflags = 0;
OM_uint32 ret;
- /* validate the context handle */
- if (! kg_validate_ctx_id(context_handle)) {
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- return(GSS_S_NO_CONTEXT);
- }
-
ctx = (krb5_gss_ctx_id_rec *) context_handle;
if (! ctx->established) {
krb5_gss_ctx_id_rec *ctx;
OM_uint32 code;
- if (!kg_validate_ctx_id(context_handle)) {
- *minor_status = (OM_uint32)G_VALIDATE_FAILED;
- return GSS_S_NO_CONTEXT;
- }
-
ctx = (krb5_gss_ctx_id_rec *)context_handle;
if (!ctx->established) {
*minor_status = KG_CTX_INCOMPLETE;
if (kret)
goto error_out;
- /* Success! Record the context and return the buffer */
- if (! kg_save_lucidctx_id((void *)lctx)) {
- kret = G_VALIDATE_FAILED;
- goto error_out;
- }
-
rep.value = &lctx;
rep.length = sizeof(lctx);
goto error_out;
}
- /* Verify pointer is valid lucid context */
- if (! kg_validate_lucidctx_id(kctx)) {
- kret = G_VALIDATE_FAILED;
- goto error_out;
- }
-
/* Determine version and call correct free routine */
version = ((gss_krb5_lucid_context_version_t *)kctx)->version;
switch (version) {
case 1:
- (void)kg_delete_lucidctx_id(kctx);
free_external_lucid_ctx_v1((gss_krb5_lucid_context_v1_t*) kctx);
break;
default:
name->ad_context = ad_context;
}
- if ((flags & KG_INIT_NAME_INTERN) &&
- !kg_save_name((gss_name_t)name)) {
- code = G_VALIDATE_FAILED;
- goto cleanup;
- }
-
*ret_name = name;
cleanup:
if (code != 0)
- kg_release_name(context, 0, &name);
+ kg_release_name(context, &name);
return code;
}
krb5_error_code
kg_release_name(krb5_context context,
- krb5_flags flags,
krb5_gss_name_t *name)
{
if (*name != NULL) {
- if (flags & KG_INIT_NAME_INTERN)
- kg_delete_name((gss_name_t)*name);
krb5_free_principal(context, (*name)->princ);
free((*name)->service);
free((*name)->host);
krb5_error_code
kg_duplicate_name(krb5_context context,
const krb5_gss_name_t src,
- krb5_flags flags,
krb5_gss_name_t *dst)
{
krb5_error_code code;
return code;
code = kg_init_name(context, src->princ, src->service, src->host,
- src->ad_context, flags, dst);
+ src->ad_context, 0, dst);
k5_mutex_unlock(&src->lock);
return GSS_S_FAILURE;
}
- if (!kg_validate_name(name)) {
- *minor_status = (OM_uint32)G_VALIDATE_FAILED;
- krb5_free_context(context);
- return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME;
- }
-
kname = (krb5_gss_name_t)name;
code = k5_mutex_lock(&kname->lock);
return GSS_S_FAILURE;
}
- if (!kg_validate_name(name)) {
- *minor_status = (OM_uint32)G_VALIDATE_FAILED;
- krb5_free_context(context);
- return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME;
- }
-
kname = (krb5_gss_name_t)name;
code = k5_mutex_lock(&kname->lock);
return GSS_S_FAILURE;
}
- if (!kg_validate_name(name)) {
- *minor_status = (OM_uint32)G_VALIDATE_FAILED;
- krb5_free_context(context);
- return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME;
- }
-
kname = (krb5_gss_name_t)name;
code = k5_mutex_lock(&kname->lock);
return GSS_S_FAILURE;
}
- if (!kg_validate_name(name)) {
- *minor_status = (OM_uint32)G_VALIDATE_FAILED;
- krb5_free_context(context);
- return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME;
- }
-
kname = (krb5_gss_name_t)name;
code = k5_mutex_lock(&kname->lock);
return GSS_S_FAILURE;
}
- if (!kg_validate_name(name)) {
- *minor_status = (OM_uint32)G_VALIDATE_FAILED;
- krb5_free_context(context);
- return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME;
- }
-
kname = (krb5_gss_name_t)name;
code = k5_mutex_lock(&kname->lock);
return GSS_S_FAILURE;
}
- if (!kg_validate_name(name)) {
- *minor_status = (OM_uint32)G_VALIDATE_FAILED;
- krb5_free_context(context);
- return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME;
- }
-
kname = (krb5_gss_name_t)name;
code = k5_mutex_lock(&kname->lock);
return GSS_S_FAILURE;
}
- if (!kg_validate_name(name)) {
- *minor_status = (OM_uint32)G_VALIDATE_FAILED;
- krb5_free_context(context);
- return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME;
- }
-
kname = (krb5_gss_name_t)name;
code = k5_mutex_lock(&kname->lock);
prf_out->length = 0;
prf_out->value = NULL;
- if (!kg_validate_ctx_id(context)) {
- *minor_status = G_VALIDATE_FAILED;
- return GSS_S_NO_CONTEXT;
- }
-
t.length = 0;
t.data = NULL;
krb5_gss_ctx_id_rec *ctx;
OM_uint32 majerr;
- /* validate the context handle */
- if (! kg_validate_ctx_id(context_handle)) {
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- return(GSS_S_NO_CONTEXT);
- }
-
ctx = (krb5_gss_ctx_id_t) context_handle;
if (! ctx->established) {
return(GSS_S_COMPLETE);
}
- if (! kg_delete_cred_id(*cred_handle)) {
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- krb5_free_context(context);
- return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_NO_CRED);
- }
-
cred = (krb5_gss_cred_id_t)*cred_handle;
k5_mutex_destroy(&cred->lock);
else
code3 = 0;
if (cred->name)
- kg_release_name(context, 0, &cred->name);
+ kg_release_name(context, &cred->name);
if (cred->req_enctypes)
free(cred->req_enctypes);
return GSS_S_FAILURE;
}
- if (! kg_validate_name(*input_name)) {
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- krb5_free_context(context);
- return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
- }
-
- kg_release_name(context, KG_INIT_NAME_INTERN,
- (krb5_gss_name_t *)input_name);
+ kg_release_name(context, (krb5_gss_name_t *)input_name);
krb5_free_context(context);
*input_name = (gss_name_t) NULL;
*time_rec = cred->tgt_expire - now;
}
- if (!kg_save_cred_id((gss_cred_id_t)cred)) {
- code = G_VALIDATE_FAILED;
- goto cleanup;
- }
-
major_status = GSS_S_COMPLETE;
*minor_status = 0;
*output_cred = cred;
if (GSS_ERROR(major_status) && cred != NULL) {
k5_mutex_destroy(&cred->lock);
krb5_cc_destroy(context, cred->ccache);
- kg_release_name(context, 0, &cred->name);
+ kg_release_name(context, &cred->name);
xfree(cred);
}
if (ctx->subkey)
krb5_k_free_key(kcontext, ctx->subkey);
if (ctx->there)
- kg_release_name(kcontext, 0, &ctx->there);
+ kg_release_name(kcontext, &ctx->there);
if (ctx->here)
- kg_release_name(kcontext, 0, &ctx->here);
+ kg_release_name(kcontext, &ctx->here);
xfree(ctx);
}
}
krb5_error_code code;
krb5_principal princ;
- if (!kg_validate_cred_id(cred_handle)) {
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_DEFECTIVE_CREDENTIAL);
- }
-
cred = (krb5_gss_cred_id_t) cred_handle;
code = k5_mutex_lock(&cred->lock);
return(GSS_S_FAILURE);
}
- /* validate the context handle */
- if (! kg_validate_ctx_id(context_handle)) {
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- return(GSS_S_NO_CONTEXT);
- }
-
ctx = (krb5_gss_ctx_id_rec *) context_handle;
if (! ctx->established) {
*minor_status = KG_CTX_INCOMPLETE;