init_sec_context.c (krb5_gss_init_sec_context): Fixed error checking

author Theodore Tso <tytso@mit.edu>

Thu, 25 Jul 1996 06:09:57 +0000 (06:09 +0000)

committer Theodore Tso <tytso@mit.edu>

Thu, 25 Jul 1996 06:09:57 +0000 (06:09 +0000)
author Theodore Tso <tytso@mit.edu>
Thu, 25 Jul 1996 06:09:57 +0000 (06:09 +0000)
committer Theodore Tso <tytso@mit.edu>
Thu, 25 Jul 1996 06:09:57 +0000 (06:09 +0000)
diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog

index 273469d768c924714babc6acbcefc94068cd0da7..c60a1efb5949999a21642c63007dc916eadec843 100644 (file)
--- a/src/lib/gssapi/krb5/ChangeLog
+++ b/src/lib/gssapi/krb5/ChangeLog
@@ -1,3 +1,9 @@
+Thu Jul 25 02:08:17 1996  Theodore Y. Ts'o  <tytso@mit.edu>
+
+       * init_sec_context.c (krb5_gss_init_sec_context): Fixed error
+               checking so that if you pass a bad mechanism type, it
+               *will* get flagged as an error.
+
  Wed Jul 24 22:54:37 1996  Ezra Peisach  <epeisach@kangaroo.mit.edu>
  
         * acquire_cred.c (krb5_gss_acquire_cred): Initialize variable
@@ -5,6 +11,9 @@ Wed Jul 24 22:54:37 1996  Ezra Peisach  <epeisach@kangaroo.mit.edu>
  
  Wed Jul 24 19:40:55 1996  Theodore Y. Ts'o  <tytso@mit.edu>
  
+       * rel_oid.c (krb5_gss_release_oid): 
+       * krb5_gss_glue.c(gss_release_oid): Re-enable function
+
         * ser_sctx.c (kg_oid_externalize): Add proper return code
  
         * accept_sec_context.c (krb5_gss_accept_sec_context): 
diff --git a/src/lib/gssapi/krb5/Makefile.in b/src/lib/gssapi/krb5/Makefile.in

index ae9c5cfea562cff63d3633fe10dde1a9ea98d6f1..32d1880ebb0962121cfe0b9a26f8973434839e36 100644 (file)
--- a/src/lib/gssapi/krb5/Makefile.in
+++ b/src/lib/gssapi/krb5/Makefile.in
@@ -53,6 +53,7 @@ SRCS = \
         $(srcdir)/krb5_gss_glue.c \
         $(srcdir)/process_context_token.c \
         $(srcdir)/rel_cred.c \
+       $(srcdir)/rel_oid.c \
         $(srcdir)/rel_name.c \
         $(srcdir)/seal.c \
         $(srcdir)/ser_sctx.c \
@@ -68,7 +69,6 @@ SRCS = \
  
  #      $(srcdir)/pname_to_uid.c \
  #      $(srcdir)/k5mech.c \
-#      $(srcdir)/rel_oid.c
  
  OBJS = \
         accept_sec_context.$(OBJEXT) \
@@ -93,6 +93,7 @@ OBJS = \
         krb5_gss_glue.$(OBJEXT) \
         process_context_token.$(OBJEXT) \
         rel_cred.$(OBJEXT) \
+       rel_oid.$(OBJEXT) \
         rel_name.$(OBJEXT) \
         seal.$(OBJEXT) \
         ser_sctx.$(OBJEXT) \
@@ -108,7 +109,6 @@ OBJS = \
  
  #      k5mech.$(OBJEXT) \
  #      pname_to_uid.$(OBJEXT) \
-#      rel_oid.$(OBJEXT)
  
  HDRS= $(ETHDRS)
  
@@ -117,7 +117,9 @@ EXPORTED_HEADERS= gssapi_krb5.h
  
  all-unix:: $(SRCS) $(HDRS) includes $(OBJS)
  all-mac:: $(SRCS) $(HDRS) includes $(OBJS)
-all-windows:: $(SRCS) $(HDRS) includes $(OBJS)
+all-windows:: win-include $(SRCS) $(HDRS) $(OBJS)
+
+win-include::
         if not exist $(EHDRDIR)\nul mkdir $(EHDRDIR)
         copy gssapi_krb5.h $(EHDRDIR)
  
diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c

index e5cbcc4d009b9dabae777858a5b7862936163648..f6f3fd25d9242d8acdcbbfdbfce05b54e4933672 100644 (file)
--- a/src/lib/gssapi/krb5/init_sec_context.c
+++ b/src/lib/gssapi/krb5/init_sec_context.c
@@ -22,6 +22,7 @@
  
  #include "gssapiP_krb5.h"
  #include <memory.h>
+#include <stdlib.h>
  
  /*
   * $Id$
@@ -261,11 +262,19 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
  
     /* verify the mech_type */
  
+   err = 0;
     if (mech_type == GSS_C_NULL_OID) {
        mech_type = cred->rfc_mech?gss_mech_krb5:gss_mech_krb5_old;
-   } else if ((g_OID_equal(mech_type, gss_mech_krb5) && !cred->rfc_mech) ||
-             (g_OID_equal(mech_type, gss_mech_krb5_old) &&
-              !cred->prerfc_mech)) {
+  } else if (g_OID_equal(mech_type, gss_mech_krb5)) {
+      if (!cred->rfc_mech)
+         err = 1;
+  } else if (g_OID_equal(mech_type, gss_mech_krb5_old)) {
+      if (!cred->prerfc_mech)
+         err = 1;
+  } else
+      err = 1;
+   
+   if (err) {
        *minor_status = 0;
        return(GSS_S_BAD_MECH);
     }
@@ -495,9 +504,9 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
  
        ptr = (unsigned char *) input_token->value;
  
-      if (err = g_verify_token_header((gss_OID) mech_type, &(ap_rep.length),
-                                     &ptr, KG_TOK_CTX_AP_REP,
-                                     input_token->length)) {
+      if ((err = g_verify_token_header((gss_OID) mech_type, &(ap_rep.length),
+                                      &ptr, KG_TOK_CTX_AP_REP,
+                                      input_token->length))) {
          *minor_status = err;
          return(GSS_S_DEFECTIVE_TOKEN);
        }
diff --git a/src/lib/gssapi/krb5/krb5_gss_glue.c b/src/lib/gssapi/krb5/krb5_gss_glue.c

index f22e9d63377967666c57ede7ba04f1b495442433..fe3b0208f771d9f1293983d03e2b164b89305141 100644 (file)
--- a/src/lib/gssapi/krb5/krb5_gss_glue.c
+++ b/src/lib/gssapi/krb5/krb5_gss_glue.c
@@ -370,7 +370,6 @@ gss_release_buffer(minor_status, buffer)
                                      buffer));
  }
  
-#if 0
  /* V2 */
  OM_uint32 INTERFACE
  gss_release_oid(minor_status, oid)
@@ -379,7 +378,6 @@ gss_release_oid(minor_status, oid)
  {
      return(krb5_gss_release_oid(minor_status, oid));
  }
-#endif
  
  OM_uint32 INTERFACE
  gss_release_oid_set(minor_status, set)
diff --git a/src/lib/gssapi/krb5/rel_oid.c b/src/lib/gssapi/krb5/rel_oid.c

index d5ec7bcc7222dd2c5f29d4c990b68f7c34f9a387..f35727e3f1b34d384d427bd59fc3b91e0e373c63 100644 (file)
--- a/src/lib/gssapi/krb5/rel_oid.c
+++ b/src/lib/gssapi/krb5/rel_oid.c
@@ -27,11 +27,6 @@
   */
  #include "gssapiP_krb5.h"
  
-#if 0
-/*
- * Don't compile this, since nothing is actually using it.  The 
- * mechanism glue layer will just use the internal release function.
- */
  OM_uint32
  krb5_gss_release_oid(minor_status, oid)
      OM_uint32  *minor_status;
@@ -46,8 +41,7 @@ krb5_gss_release_oid(minor_status, oid)
       * descriptor.  This allows applications to freely mix their own heap-
       * allocated OID values with OIDs returned by GSS-API.
       */
-    if (krb5_gss_internal_release_oid(NULL, minor_status,
-                                          oid) != GSS_S_COMPLETE) {
+    if (krb5_gss_internal_release_oid(minor_status, oid) != GSS_S_COMPLETE) {
         /* Pawn it off on the generic routine */
         return(generic_gss_release_oid(minor_status, oid));
      }
@@ -57,16 +51,13 @@ krb5_gss_release_oid(minor_status, oid)
         return(GSS_S_COMPLETE);
      }
  }
-#endif
  
  
  OM_uint32
-krb5_gss_internal_release_oid(ct, minor_status, oid)
-    void *ct;
+krb5_gss_internal_release_oid(minor_status, oid)
      OM_uint32  *minor_status;
      gss_OID    *oid;
  {
-    krb5_context context = ct;
      /*
       * This function only knows how to release internal OIDs. It will
       * return GSS_S_CONTINUE_NEEDED for any OIDs it does not recognize.
author	Theodore Tso <tytso@mit.edu>
	Thu, 25 Jul 1996 06:09:57 +0000 (06:09 +0000)
committer	Theodore Tso <tytso@mit.edu>
	Thu, 25 Jul 1996 06:09:57 +0000 (06:09 +0000)
src/lib/gssapi/krb5/ChangeLog		patch \| blob \| history
src/lib/gssapi/krb5/Makefile.in		patch \| blob \| history
src/lib/gssapi/krb5/init_sec_context.c		patch \| blob \| history
src/lib/gssapi/krb5/krb5_gss_glue.c		patch \| blob \| history
src/lib/gssapi/krb5/rel_oid.c		patch \| blob \| history