Misc. fixes
authorTheodore Tso <tytso@mit.edu>
Tue, 4 Jun 1991 13:20:10 +0000 (13:20 +0000)
committerTheodore Tso <tytso@mit.edu>
Tue, 4 Jun 1991 13:20:10 +0000 (13:20 +0000)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2147 dc483132-0cff-0310-8789-dd5450dbe970

12 files changed:
src/lib/gssapi/ac_cred.c
src/lib/gssapi/acc_sec.c
src/lib/gssapi/check_tok.c
src/lib/gssapi/dsp_name.c
src/lib/gssapi/gssapi.h
src/lib/gssapi/imp_name.c
src/lib/gssapi/ind_mechs.c
src/lib/gssapi/init_sec.c
src/lib/gssapi/make_tok.c
src/lib/gssapi/rel_cred.c
src/lib/gssapi/seal.c
src/lib/gssapi/unseal.c

index 38102630c7117308db214623513b1100fa0b5ead..21f532b86a54ca59de6c2b789b9bf8c58c4e11a7 100644 (file)
@@ -66,7 +66,7 @@ OM_uint32 gss_acquire_cred(minor_status, desired_name, time_req,
         * Should we return failure here?
         */
        if (!do_kerberos)
-               return(gss_make_re(GSS_RE_FAILURE));
+               return(GSS_S_FAILURE);
        output_cred_handle->cred_flags = 0;
 
        /*
@@ -78,7 +78,7 @@ OM_uint32 gss_acquire_cred(minor_status, desired_name, time_req,
         */
        if (*minor_status = krb5_copy_principal(desired_name,
                                                &output_cred_handle->principal)) {
-               return(gss_make_re(GSS_RE_FAILURE));
+               return(GSS_S_FAILURE);
        }
        if (gss_krb5_fetchfrom) {
                /* use the named keytab */
@@ -117,7 +117,7 @@ OM_uint32 gss_acquire_cred(minor_status, desired_name, time_req,
                if (!(set = (gss_OID_set)
                      malloc (sizeof(struct gss_OID_set_desc)))) {
                        *minor_status = ENOMEM;
-                       return(gss_make_re(GSS_RE_FAILURE));
+                       return(GSS_S_FAILURE);
                }
                set->count = 1;
                set->elements = &gss_OID_krb5;
index 0cf361deae645c94a6e54306e81efe445a947790..0c227bcae49942b35393dc8107284a4522c8321c 100644 (file)
@@ -30,11 +30,14 @@ extern krb5_flags    krb5_kdc_default_options;
  *     forth.
  */
 
-static krb5_error_code gss_krb5_keyproc(cred_handle, principal, vno, key)
-       krb5_pointer    cred_handle;
-       krb5_principal  principal;
-       krb5_kvno       vno;
-       krb5_keyblock   **key;
+static krb5_error_code gss_krb5_keyproc(DECLARG(krb5_pointer, cred_handle),
+                                       DECLARG(krb5_principal, principal),
+                                       DECLARG(krb5_kvno, vno),
+                                       DECLARG(krb5_keyblock **, key))
+OLDDECLARG(krb5_pointer, cred_handle)
+OLDDECLARG(krb5_principal, principal)
+OLDDECLARG(krb5_kvno, vno)
+OLDDECLARG(krb5_keyblock **, key)
 {
        gss_cred_id_t   *creds;
        
@@ -91,16 +94,17 @@ OM_uint32 gss_accept_sec_context(minor_status, context_handle,
                        return(retval);
                inbuf.length = input_token->length-5;
                inbuf.data = ( (char *) input_token->value)+5;
-               sender_addr.addrtype = channel.sender_addrtype;
-               sender_addr.length = channel.sender_address.length;
-               sender_addr.contents = channel.sender_address.value;
+               sender_addr.addrtype = channel->initiator_addrtype;
+               sender_addr.length = channel->initiator_address.length;
+               sender_addr.contents = (krb5_octet *)
+                       channel->initiator_address.value;
                server = verifier_cred_handle.principal;
                /*
                 * Setup the replay cache.
                 */
                if (*minor_status = krb5_get_server_rcache(server[1]->data,
                                                           &rcache))
-                       return(gss_make_re(GSS_RE_FAILURE));
+                       return(GSS_S_FAILURE);
                /*
                 * Now let's rip apart the packet
                 */
@@ -108,42 +112,44 @@ OM_uint32 gss_accept_sec_context(minor_status, context_handle,
                                                0, gss_krb5_keyproc,
                                                &verifier_cred_handle,
                                                rcache, &authdat))
-                       return(gss_make_re(GSS_RE_FAILURE));
+                       return(GSS_S_FAILURE);
                if (*minor_status = krb5_rc_close(rcache))
-                       return(gss_make_re(GSS_RE_FAILURE));
+                       return(GSS_S_FAILURE);
                
                /*
                 * Allocate the context handle structure
                 */
-               if (!(context = malloc(sizeof(struct gss_ctx_id_desc)))) {
+               if (!(context = (gss_ctx_id_t)
+                     malloc(sizeof(struct gss_ctx_id_desc)))) {
                        *minor_status = ENOMEM;
-                       return(gss_make_re(GSS_RE_FAILURE));
+                       return(GSS_S_FAILURE);
                }
                context->mech_type = &gss_OID_krb5;
                context->flags = 0;
                context->state =  GSS_KRB_STATE_DOWN;
                context->am_client = 0;
+               context->rcache = NULL;
                
-               context->my_address.addrtype = channel.sender_addrtype;
-               context->my_address.length = channel.sender_address.length;
-               if (!(context->my_address.contents =
+               context->my_address.addrtype = channel->initiator_addrtype;
+               context->my_address.length = channel->initiator_address.length;
+               if (!(context->my_address.contents = (krb5_octet *)
                      malloc(context->my_address.length))) {
                        xfree(context);
-                       return(gss_make_re(GSS_RE_FAILURE));
+                       return(GSS_S_FAILURE);
                }
                memcpy((char *) context->my_address.contents,
-                      (char *) channel.sender_address.value,
+                      (char *) channel->initiator_address.value,
                       context->my_address.length);
-               context->his_address.addrtype = channel.receiver_addrtype;
-               context->his_address.length = channel.receiver_address.length;
-               if (!(context->his_address.contents =
+               context->his_address.addrtype = channel->acceptor_addrtype;
+               context->his_address.length = channel->acceptor_address.length;
+               if (!(context->his_address.contents = (krb5_octet *)
                      malloc(context->my_address.length))) {
                        xfree(context->my_address.contents);
                        xfree(context);
-                       return(gss_make_re(GSS_RE_FAILURE));
+                       return(GSS_S_FAILURE);
                }
                memcpy((char *) context->his_address.contents,
-                      (char *) channel.receiver_address.value,
+                      (char *) channel->acceptor_address.value,
                       context->his_address.length);
                
                /*
@@ -162,7 +168,7 @@ OM_uint32 gss_accept_sec_context(minor_status, context_handle,
                                xfree(context->my_address.contents);
                                xfree(context);
                                krb5_free_tkt_authent(authdat);
-                               return(gss_make_re(GSS_RE_FAILURE));
+                               return(GSS_S_FAILURE);
                        }
 
                        repl.ctime = authdat->authenticator->ctime;
@@ -178,7 +184,7 @@ OM_uint32 gss_accept_sec_context(minor_status, context_handle,
                                xfree(context->my_address.contents);
                                xfree(context);
                                krb5_free_tkt_authent(authdat);
-                               return(gss_make_re(GSS_RE_FAILURE));
+                               return(GSS_S_FAILURE);
                        }
                        if (*minor_status = gss_make_token(minor_status,
                                                           GSS_API_KRB5_TYPE,
@@ -191,7 +197,7 @@ OM_uint32 gss_accept_sec_context(minor_status, context_handle,
                                xfree(context);
                                xfree(outbuf.data);
                                krb5_free_tkt_authent(authdat);
-                               return(gss_make_re(GSS_RE_FAILURE));
+                               return(GSS_S_FAILURE);
                        }
                }
                        
@@ -204,7 +210,7 @@ OM_uint32 gss_accept_sec_context(minor_status, context_handle,
                        xfree(context->his_address.contents);
                        xfree(context->my_address.contents);
                        xfree(context);
-                       return(gss_make_re(GSS_RE_FAILURE));
+                       return(GSS_S_FAILURE);
                }
                if (*minor_status =
                    krb5_copy_principal(authdat->authenticator->client,
@@ -213,7 +219,7 @@ OM_uint32 gss_accept_sec_context(minor_status, context_handle,
                        xfree(context->his_address.contents);
                        xfree(context->my_address.contents);
                        xfree(context);
-                       return(gss_make_re(GSS_RE_FAILURE));
+                       return(GSS_S_FAILURE);
                }
                if (*minor_status =
                    krb5_copy_keyblock(authdat->ticket->enc_part2->session,
@@ -223,7 +229,7 @@ OM_uint32 gss_accept_sec_context(minor_status, context_handle,
                        xfree(context->his_address.contents);
                        xfree(context->my_address.contents);
                        xfree(context);
-                       return(gss_make_re(GSS_RE_FAILURE));
+                       return(GSS_S_FAILURE);
                }
                context->his_seq_num = authdat->authenticator->seq_number;
                context->cusec = authdat->authenticator->cusec;
@@ -245,7 +251,7 @@ OM_uint32 gss_accept_sec_context(minor_status, context_handle,
                                xfree(context->his_address.contents);
                                xfree(context->my_address.contents);
                                xfree(context);
-                               return(gss_make_re(GSS_RE_FAILURE));
+                               return(GSS_S_FAILURE);
                        }
                }
                if (mech_type)
@@ -258,7 +264,7 @@ OM_uint32 gss_accept_sec_context(minor_status, context_handle,
                /*
                 * Context is non-null, this is the second time through....
                 */
-               return(gss_make_re(GSS_RE_FAILURE));
+               return(GSS_S_FAILURE);
        }
 }
 
index 24073490a79b937e28c8dfb11fd843cef91a3be1..27d6899e717353de25645e2801042f9ad774e082 100644 (file)
 
 #include <gssapi.h>
 
-OM_uint32 gss_check_token(minor_status, input_token, mechanism, type)
-       OM_uint32       *minor_status;
-       gss_buffer_t    input_token;
-       unsigned char   mechanism;
-       unsigned char   type;
+OM_uint32 gss_check_token(DECLARG(OM_uint32 *, minor_status),
+                         DECLARG(gss_buffer_t, input_token),
+                         DECLARG(unsigned int, mechanism),
+                         DECLARG(unsigned int, type))
+OLDDECLARG(OM_uint32 *, minor_status)
+OLDDECLARG(gss_buffer_t, input_token)
+OLDDECLARG(unsigned int, mechanism)
+OLDDECLARG(unsigned int, type)
 {
        char    *buf;
        
        *minor_status = 0;
        
        if (!input_token)
-               return(gss_make_ce(GSS_CE_CALL_INACCESSIBLE_READ));
+               return(GSS_S_CALL_INACCESSIBLE_READ);
 
        if (input_token->length < 4)
-               return(gss_make_re(GSS_RE_DEFECTIVE_TOKEN));
+               return(GSS_S_DEFECTIVE_TOKEN);
 
        buf = input_token->value;
        
        if (buf[0] != GSS_API_IMPL_VERSION)
-               return(gss_make_re(GSS_RE_DEFECTIVE_TOKEN));
+               return(GSS_S_DEFECTIVE_TOKEN);
        
        if (mechanism && (mechanism != buf[1]))
-               return(gss_make_re(GSS_RE_BAD_MECH));
+               return(GSS_S_BAD_MECH);
 
        if (type && (type != buf[2]))
-               return(gss_make_re(GSS_RE_FAILURE) | GSS_SS_UNSEQ_TOKEN);
+               return(GSS_S_FAILURE | GSS_S_UNSEQ_TOKEN);
 
        return(GSS_S_COMPLETE);
 }
index cdce73751d30515a44659b9a5744bb164e5e75a5..fa763bfb649f6e20199e7d06cb99823ef95e2559 100644 (file)
 
 #include <gssapi.h>
 
-OM_uint32 gss_display_name(minor_status, input_name, output_name_buffer)
+OM_uint32 gss_display_name(minor_status, input_name, output_name_buffer,
+                          output_name_type)
        OM_uint32       *minor_status;
        gss_name_t      input_name;
        gss_buffer_t    output_name_buffer;
+       gss_OID         *output_name_type;
 {
        char            *str;
        
        if (*minor_status = krb5_unparse_name(input_name, &str))
-               return(gss_make_re(GSS_RE_FAILURE));
+               return(GSS_S_FAILURE);
        output_name_buffer->value = str;
        output_name_buffer->length = strlen(str);
+       if (output_name_type)
+               *output_name_type = &gss_OID_krb5;
+               
        return(GSS_S_COMPLETE);
 }
index 929ea3b78de82f863f2832010faea8d74f944496..d0351aa2550eb89c81814225c2edd0e8f233e653 100644 (file)
@@ -9,12 +9,21 @@
 #include <krb5/func-proto.h>
 #include <com_err.h>
 
+/*
+ * Some compilers can't handle void *
+ */
+#ifdef __STDC__
+#define Voidptr void *
+#else
+#define Voidptr char *
+#endif
+
 typedef unsigned int   OM_uint32;
 typedef unsigned short OM_uint16;
 
 typedef struct gss_buffer_desc_struct {
        size_t  length;
-       void    *value;
+       Voidptr value;
 } gss_buffer_desc, *gss_buffer_t;
 
 typedef struct gss_OID_desc {
@@ -45,19 +54,19 @@ typedef struct gss_ctx_id_desc {
 } *gss_ctx_id_t;
 
 /* structure for address */
-typedef struct channel_bindings_struct {
-    OM_uint32          sender_addrtype;
-    gss_buffer_desc    sender_address;
-    OM_uint32          receiver_addrtype;
-    gss_buffer_desc    receiver_address;
-    gss_buffer_desc    appl_specific;
-} gss_channel_bindings;
-
-#define        GSS_ADDRTYPE_INET       0x0002
-#define        GSS_ADDRTYPE_CHAOS      0x0005
-#define        GSS_ADDRTYPE_XNS        0x0006
-#define        GSS_ADDRTYPE_ISO        0x0007
-#define GSS_ADDRTYPE_DDP       0x0010
+typedef struct gss_channel_bindings_desc {
+    OM_uint32          initiator_addrtype;
+    gss_buffer_desc    initiator_address;
+    OM_uint32          acceptor_addrtype;
+    gss_buffer_desc    acceptor_address;
+    gss_buffer_desc    application_data;
+} *gss_channel_bindings;
+
+#define        GSS_C_AF_INET   0x0002
+#define        GSS_C_AF_CHAOS  0x0005
+#define        GSS_C_AF_XNS    0x0006
+#define        GSS_C_AF_ISO    0x0007
+#define GSS_C_AF_DDP   0x0010
 
 #define GSS_KRB_STATE_DOWN     1
 #define GSS_KRB_STATE_MUTWAIT  2
@@ -88,6 +97,8 @@ typedef struct gss_cred_id_desc {
 #define GSS_C_NULL_OID_SET     ((gss_OID_set) 0)
 #define GSS_C_NO_CREDENTIAL    (gss_default_credentials)
 
+extern gss_cred_id_t   gss_default_credentials;
+
 /*
  * Indefinite time
  */
@@ -158,6 +169,13 @@ typedef struct gss_cred_id_desc {
 #define gss_routine_error(r)           ((r) & 0x00ff0000)
 #define gss_supplementary_info(r)      ((r) & 0x0000ffff)
 
+/*
+ * gss_acquire_cred --- cred_usage values
+ */
+#define GSS_C_INITIATE 0x0001
+#define GSS_C_ACCEPT   0x0002
+#define GSS_C_BOTH     0x0003
+       
 /*
  * gss_init_sec_context flags
  */
@@ -172,12 +190,28 @@ typedef struct gss_cred_id_desc {
  */
 #define GSS_C_QOP_DEFAULT      0
 
+/*
+ * Values for gss_display_status
+ */
+#define GSS_C_GSS_CODE 1
+#define GSS_C_MECH_CODE 2
+
 /*
  * OID declarations
  */
 extern struct gss_OID_desc gss_OID_krb5;
 extern struct gss_OID_desc gss_OID_krb5_name;
 
+/*
+ * XXX Stuff to make Kannan's flogin stuff happy.
+ */
+#define GSS_C_MAX_TOKEN 1024
+#define GSS_C_MAX_PRINTABLE_NAME 1024
+
+#define GSS_C_READ       (1 << 0)
+#define GSS_C_WRITE      (1 << 1)
+#define GSS_C_EXECUTE    (1 << 2)
+
 /*
  * Function declaragions, generated by mkptypes
  */
@@ -223,7 +257,8 @@ int gss_compare_OID PROTOTYPE((gss_OID oid1,
 /* dsp_name.c */
 OM_uint32 gss_display_name PROTOTYPE((OM_uint32 *minor_status,
                                      gss_name_t input_name,
-                                     gss_buffer_t output_name_buffer));
+                                     gss_buffer_t output_name_buffer,
+                                     gss_OID *output_name_type));
 
 /* imp_name.c */
 OM_uint32 gss_import_name PROTOTYPE((OM_uint32 *minor_status,
@@ -258,7 +293,7 @@ OM_uint32 gss_make_token PROTOTYPE((OM_uint32 *minor_status,
                                    unsigned int mechanism,
                                    unsigned int type,
                                    size_t length,
-                                   void *data,
+                                   Voidptr data,
                                    gss_buffer_t output_token));
 
 /* rel_buffer.c */
index 62a2433715cef8b551cfbbe486a6243ab5675546..755526f7c6f494cd90f3aefe45a37ba84f3b098d 100644 (file)
@@ -39,14 +39,14 @@ OM_uint32 gss_import_name(minor_status, input_name_buffer, input_name_type,
                }
                if (*minor_status = krb5_parse_name(input_name_buffer->value,
                                                    output_name))
-                       return(gss_make_re(GSS_RE_FAILURE));
+                       return(GSS_S_FAILURE);
                else 
                        return(GSS_S_COMPLETE);
        }
        /*
         * It's of an unknown type.  We don't know how to deal.
         */
-       return(gss_make_re(GSS_RE_BAD_NAMETYPE));
+       return(GSS_S_BAD_NAMETYPE);
 }
        
                             
@@ -62,7 +62,7 @@ OM_uint32 gss_service_import_name(minor_status, input_name_buffer, output_name)
        
        if (!(str = malloc(input_name_buffer->length+1))) {
                *minor_status = ENOMEM;
-               return(gss_make_re(GSS_RE_FAILURE));
+               return(GSS_S_FAILURE);
        }
        memcpy(str, input_name_buffer->value, input_name_buffer->length);
        str[input_name_buffer->length] = '\0';
@@ -73,7 +73,7 @@ OM_uint32 gss_service_import_name(minor_status, input_name_buffer, output_name)
        service = cp = str + 8;
        if (!(cp = index(cp, '@'))) {
                free(str);
-               return(gss_make_re(GSS_RE_BAD_NAME));
+               return(GSS_S_BAD_NAME);
        }
        *cp++ = 0;
        host = cp;
@@ -85,7 +85,7 @@ OM_uint32 gss_service_import_name(minor_status, input_name_buffer, output_name)
        sprintf(buf, "%s/%s", kservice, host);
        
        if (*minor_status = krb5_parse_name(buf, output_name)) 
-               return(gss_make_re(GSS_RE_FAILURE));
+               return(GSS_S_FAILURE);
        else 
                return(GSS_S_COMPLETE);
 }      
index be9ba63eb57430c9ce07ad316beb45e7430539c9..ffd4ea0d0313092de78aae3116a808eed37aa6bd 100644 (file)
@@ -27,7 +27,7 @@ OM_uint32 gss_indicate_mechs(minor_status, mech_set)
        *minor_status = 0;
        if (!(set = (gss_OID_set) malloc (sizeof(struct gss_OID_set_desc)))) {
                *minor_status = ENOMEM;
-               return(gss_make_re(GSS_RE_FAILURE));
+               return(GSS_S_FAILURE);
        }
        set->count = 1;
        set->elements = &gss_OID_krb5;
index a4f03c52718cd86fb95385983ad872aa67238fba..c7b4042c6a2c8f835c7231190666943c453726c7 100644 (file)
@@ -76,7 +76,7 @@ OM_uint32 gss_init_sec_context(minor_status, claimant_cred_handle,
                 */
                if ((mech_type != GSS_C_NULL_OID) &&
                    !gss_compare_OID(mech_type, &gss_OID_krb5)) {
-                       return(gss_make_re(GSS_RE_BAD_MECH));
+                       return(GSS_S_BAD_MECH);
                }
                if (actual_mech_type)
                        *actual_mech_type = &gss_OID_krb5;
@@ -98,20 +98,21 @@ OM_uint32 gss_init_sec_context(minor_status, claimant_cred_handle,
                         * fill in with defaults.
                         */
                        if (*minor_status = krb5_cc_default(&ccache)) {
-                               return(gss_make_re(GSS_RE_FAILURE));
+                               return(GSS_S_FAILURE);
                        }
                        claimant_cred_handle.ccache = ccache;
                        if (*minor_status =
                            krb5_cc_get_principal(ccache,
                                                  &claimant_cred_handle.principal))
-                               return(gss_make_re(GSS_RE_FAILURE));
+                               return(GSS_S_FAILURE);
                }
                /*
                 * Allocate the context handle structure
                 */
-               if (!(context = malloc(sizeof(struct gss_ctx_id_desc)))) {
+               if (!(context = (gss_ctx_id_t)
+                     malloc(sizeof(struct gss_ctx_id_desc)))) {
                        *minor_status = ENOMEM;
-                       return(gss_make_re(GSS_RE_FAILURE));
+                       return(GSS_S_FAILURE);
                }
                context->mech_type = &gss_OID_krb5;
                context->state =  GSS_KRB_STATE_DOWN;
@@ -121,34 +122,35 @@ OM_uint32 gss_init_sec_context(minor_status, claimant_cred_handle,
                if (*minor_status =
                    krb5_copy_principal(claimant_cred_handle.principal,
                                        &context->me))
-                       return(gss_make_re(GSS_RE_FAILURE));
+                       return(GSS_S_FAILURE);
                if (*minor_status =
                    krb5_copy_principal(target_name,
                                        &context->him))
-                       return(gss_make_re(GSS_RE_FAILURE));
+                       return(GSS_S_FAILURE);
                context->flags = req_flags | GSS_C_CONF_FLAG;;
                context->am_client = 1;
                context->session_key = NULL;
-               context->my_address.addrtype = channel.sender_addrtype;
-               context->my_address.length = channel.sender_address.length;
-               if (!(context->my_address.contents =
+               context->rcache = NULL;
+               context->my_address.addrtype = channel->initiator_addrtype;
+               context->my_address.length = channel->initiator_address.length;
+               if (!(context->my_address.contents = (krb5_octet *)
                      malloc(context->my_address.length))) {
                        xfree(context);
-                       return(gss_make_re(GSS_RE_FAILURE));
+                       return(GSS_S_FAILURE);
                }
                memcpy((char *) context->my_address.contents,
-                      (char *) channel.sender_address.value,
+                      (char *) channel->initiator_address.value,
                       context->my_address.length);
-               context->his_address.addrtype = channel.receiver_addrtype;
-               context->his_address.length = channel.receiver_address.length;
-               if (!(context->his_address.contents =
+               context->his_address.addrtype = channel->acceptor_addrtype;
+               context->his_address.length = channel->acceptor_address.length;
+               if (!(context->his_address.contents = (krb5_octet *)
                      malloc(context->my_address.length))) {
                        xfree(context->my_address.contents);
                        xfree(context);
-                       return(gss_make_re(GSS_RE_FAILURE));
+                       return(GSS_S_FAILURE);
                }
                memcpy((char *) context->his_address.contents,
-                      (char *) channel.receiver_address.value,
+                      (char *) channel->acceptor_address.value,
                       context->his_address.length);
                /*
                 * Generate a random sequence number
@@ -159,7 +161,7 @@ OM_uint32 gss_init_sec_context(minor_status, claimant_cred_handle,
                        xfree(context->his_address.contents);
                        xfree(context->my_address.contents);
                        free((char *)context);
-                       return(make_gss_re(GSS_RE_FAILURE));
+                       return(GSS_S_FAILURE);
                }
                context->his_seq_num = 0;
                /*
@@ -178,7 +180,7 @@ OM_uint32 gss_init_sec_context(minor_status, claimant_cred_handle,
                                                         &creds)) {
                        krb5_free_cred_contents(&creds);
                        free((char *)context);
-                       return(gss_make_re(GSS_RE_FAILURE));
+                       return(GSS_S_FAILURE);
                }
                /*
                 * Setup the ap_req_options
@@ -190,7 +192,6 @@ OM_uint32 gss_init_sec_context(minor_status, claimant_cred_handle,
                 * OK, get the authentication header!
                 */
                if (*minor_status = krb5_mk_req_extended(ap_req_options, 0,
-                                                 &creds.times,
                                                  kdc_options,
                                                  context->my_seq_num, 0,
                                                  ccache, &creds, &authent,
@@ -198,7 +199,7 @@ OM_uint32 gss_init_sec_context(minor_status, claimant_cred_handle,
                        memset((char *)&authent, 0, sizeof(authent));
                        krb5_free_cred_contents(&creds);
                        free((char *)context);
-                       return(gss_make_re(GSS_RE_FAILURE));    
+                       return(GSS_S_FAILURE);  
                }
                context->cusec = authent.cusec;
                context->ctime = authent.ctime;
@@ -210,7 +211,7 @@ OM_uint32 gss_init_sec_context(minor_status, claimant_cred_handle,
                        xfree(outbuf.data);
                        krb5_free_cred_contents(&creds);
                        free((char *)context);
-                       return(gss_make_re(GSS_RE_FAILURE));
+                       return(GSS_S_FAILURE);
                }
                
                if (*minor_status = gss_make_token(minor_status,
@@ -222,7 +223,7 @@ OM_uint32 gss_init_sec_context(minor_status, claimant_cred_handle,
                        xfree(outbuf.data);
                        krb5_free_cred_contents(&creds);
                        free((char *) context);
-                       return(gss_make_re(GSS_RE_FAILURE));
+                       return(GSS_S_FAILURE);
                }
                /*
                 * Send over the requested flags information
@@ -241,7 +242,7 @@ OM_uint32 gss_init_sec_context(minor_status, claimant_cred_handle,
                krb5_free_cred_contents(&creds);
                if (ap_req_options & AP_OPTS_MUTUAL_REQUIRED) {
                        context->state = GSS_KRB_STATE_MUTWAIT;
-                       return(GSS_SS_CONTINUE_NEEDED);
+                       return(GSS_S_CONTINUE_NEEDED);
                } else {
                        context->state = GSS_KRB_STATE_UP;
                        return(GSS_S_COMPLETE);
@@ -251,7 +252,7 @@ OM_uint32 gss_init_sec_context(minor_status, claimant_cred_handle,
                context = *context_handle;
 
                if (context->state != GSS_KRB_STATE_MUTWAIT)
-                       return(gss_make_re(GSS_RE_FAILURE));
+                       return(GSS_S_FAILURE);
                if (retval = gss_check_token(minor_status, input_token,
                                             GSS_API_KRB5_TYPE,
                                             GSS_API_KRB5_REP))
@@ -261,11 +262,11 @@ OM_uint32 gss_init_sec_context(minor_status, claimant_cred_handle,
                
                if (*minor_status = krb5_rd_rep(&inbuf, context->session_key,
                                                &repl))
-                       return(gss_make_re(GSS_RE_FAILURE));
+                       return(GSS_S_FAILURE);
                if ((repl->ctime != context->ctime) ||
                    (repl->cusec != context->cusec)) {
                        *minor_status = KRB5_SENDAUTH_MUTUAL_FAILED;
-                       return(gss_make_re(GSS_RE_FAILURE));
+                       return(GSS_S_FAILURE);
                }
                context->his_seq_num = repl->seq_number;
                context->state = GSS_KRB_STATE_UP;
index 97a46bebb1607b147b802a8c6d9f3431a42b99f3..b5fbbd3fecf78be3c7bf51311a2d620a8541c118 100644 (file)
 OM_uint32 gss_make_token(minor_status, mechanism, type, length, data,
                         output_token)
        OM_uint32       *minor_status;
-       unsigned char   mechanism;
-       unsigned char   type;
+       unsigned int    mechanism;
+       unsigned int    type;
        size_t          length;
-       void            *data;
+       Voidptr         data;
        gss_buffer_t    output_token;
 {
        char    *buf;
@@ -36,9 +36,9 @@ OM_uint32 gss_make_token(minor_status, mechanism, type, length, data,
                offset++;
        if (!(buf = malloc(length+offset))) {
                *minor_status = ENOMEM;
-               return(gss_make_re(GSS_RE_FAILURE));
+               return(GSS_S_FAILURE);
        }
-       output_token->value = buf;
+       output_token->value = (Voidptr) buf;
        output_token->length = length+4;
        buf[0] = GSS_API_IMPL_VERSION;
        buf[1] = mechanism;             /* Authentication mechanism */
index e2f09d17d76bb15a51df79904b5b026ba06359fe..c118deaa3546278ee8d152533f3040403512e2d3 100644 (file)
@@ -21,7 +21,7 @@ OM_uint32 gss_release_cred(minor_status, cred_handle)
 {
        krb5_free_principal(cred_handle->principal);
        if (*minor_status = krb5_cc_close(cred_handle->ccache))
-               return(gss_make_re(GSS_RE_FAILURE));
+               return(GSS_S_FAILURE);
        xfree(cred_handle->srvtab.contents);
        return(GSS_S_COMPLETE);
 }
index d6e78e946866d01d8db0ee86d4f2c4b08ab96194..0b76c761dc23af10b84c95f1cd2b4af9394d9d97 100644 (file)
@@ -45,7 +45,7 @@ OM_uint32 gss_seal(minor_status, context, conf_req_flag, qop_req,
                        krb5_keytype_array[context->session_key->keytype]->
                                system->block_length;
                if (!(i_vector=malloc(eblock_size))) {
-                       return(gss_make_re(GSS_RE_FAILURE));
+                       return(GSS_S_FAILURE);
                }
                memset(i_vector, 0, eblock_size);
                if (*minor_status = krb5_mk_priv(&inbuf, ETYPE_DES_CBC_CRC,
@@ -57,7 +57,7 @@ OM_uint32 gss_seal(minor_status, context, conf_req_flag, qop_req,
                                                 0, /* no rcache */
                                                 i_vector,
                                                 &outbuf))
-                       return(gss_make_re(GSS_RE_FAILURE));
+                       return(GSS_S_FAILURE);
                if (*minor_status = gss_make_token(minor_status,
                                                   GSS_API_KRB5_TYPE,
                                                   GSS_API_KRB5_PRIV,
@@ -65,7 +65,7 @@ OM_uint32 gss_seal(minor_status, context, conf_req_flag, qop_req,
                                                   outbuf.data,
                                                   output_message_buffer)) {
                        xfree(outbuf.data);
-                       return(gss_make_re(GSS_RE_FAILURE));
+                       return(GSS_S_FAILURE);
                }
                if (conf_state)
                        *conf_state = 1;
@@ -86,7 +86,7 @@ OM_uint32 gss_seal(minor_status, context, conf_req_flag, qop_req,
                                                 safe_flags,
                                                 0, /* no rcache */
                                                 &outbuf))
-                       return(gss_make_re(GSS_RE_FAILURE));
+                       return(GSS_S_FAILURE);
                if (*minor_status = gss_make_token(minor_status,
                                                   GSS_API_KRB5_TYPE,
                                                   GSS_API_KRB5_SAFE,
@@ -94,7 +94,7 @@ OM_uint32 gss_seal(minor_status, context, conf_req_flag, qop_req,
                                                   outbuf.data,
                                                   output_message_buffer)) {
                        xfree(outbuf.data);
-                       return(gss_make_re(GSS_RE_FAILURE));
+                       return(GSS_S_FAILURE);
                }
                if (conf_state)
                        *conf_state = 0;
@@ -103,7 +103,8 @@ OM_uint32 gss_seal(minor_status, context, conf_req_flag, qop_req,
                return(GSS_S_COMPLETE);
        }
 }
-       
+
+#ifdef notdef
 /*
  * XXX This is done inefficiently; the token in gss_sign does not need
  * to include the text of the data, just a cryptographic checksum to
@@ -125,3 +126,4 @@ OM_uint32 gss_sign(minor_status, context, qop_req,
                        input_message_buffer, NULL, output_message_buffer));
 }
 
+#endif
index fc51e551b1d8257aeb00951c9ac009f2b0a8f6c8..311c064022d1c92d8e27f08e1805132464332f31 100644 (file)
@@ -33,10 +33,10 @@ OM_uint32 gss_unseal(minor_status, context, input_message_buffer,
        if (retval = gss_check_token(minor_status, input_message_buffer,
                                     GSS_API_KRB5_TYPE, 0))
                return(retval);
-       token_type = ((char *) input_message_buffer->value)[4];
+       token_type = ((char *) input_message_buffer->value)[2];
        if ((token_type != GSS_API_KRB5_SAFE) &&
            (token_type != GSS_API_KRB5_PRIV))
-               return(gss_make_re(GSS_RE_DEFECTIVE_TOKEN));
+               return(GSS_S_DEFECTIVE_TOKEN);
        inbuf.length = input_message_buffer->length-4;
        inbuf.data = ( (char *) input_message_buffer->value)+4;
        if (token_type == GSS_API_KRB5_PRIV) {
@@ -53,7 +53,7 @@ OM_uint32 gss_unseal(minor_status, context, input_message_buffer,
                        krb5_keytype_array[context->session_key->keytype]->
                                system->block_length;
                if (!(i_vector=malloc(eblock_size))) {
-                       return(gss_make_re(GSS_RE_FAILURE));
+                       return(GSS_S_FAILURE);
                }
                memset(i_vector, 0, eblock_size);
                if (*minor_status = krb5_rd_priv(&inbuf, 
@@ -65,7 +65,7 @@ OM_uint32 gss_unseal(minor_status, context, input_message_buffer,
                                                 i_vector,
                                                 0, /* no rcache */
                                                 &outbuf))
-                       return(gss_make_re(GSS_RE_FAILURE));
+                       return(GSS_S_FAILURE);
                if (conf_state)
                        *conf_state = 1;
        } else {
@@ -81,7 +81,7 @@ OM_uint32 gss_unseal(minor_status, context, input_message_buffer,
                                                 safe_flags,
                                                 0, /* no rcache */
                                                 &outbuf))
-                       return(gss_make_re(GSS_RE_FAILURE));
+                       return(GSS_S_FAILURE);
                if (conf_state)
                        *conf_state = 0;
        }
@@ -92,6 +92,7 @@ OM_uint32 gss_unseal(minor_status, context, input_message_buffer,
        return(GSS_S_COMPLETE);
 }
        
+#ifdef notdef
 OM_uint32 gss_verify(minor_status, context, message_buffer,  
                   token_buffer, qop_state)
        OM_uint32       *minor_status;
@@ -109,12 +110,13 @@ OM_uint32 gss_verify(minor_status, context, message_buffer,
                     output_message_buffer, NULL, qop_state))
                return(retval);
        if (token_buffer->length != output_message_buffer->length)
-               ret = gss_make_re(GSS_RE_BAD_SIG);
+               ret = GSS_S_BAD_SIG;
        else if (!memcmp(token_buffer->value, output_message_buffer->value,
                         token_buffer->length))
-               ret = gss_make_re(GSS_RE_BAD_SIG);
+               ret = GSS_S_BAD_SIG;
        if (retval = gss_release_buffer(minor_status, output_message_buffer))
                return(retval);
        return(ret);
 }
 
+#endif