This should allow use of the CFX_EXERCISE code to better check interoperability
of MS and MIT code with regard to future extensibility.
* init_sec_context.c (make_gss_checksum) [CFX_EXERCISE]: Don't crash on null
pointer in debugging code.
(new_connection): Disable CFX_EXERCISE unknown-token-id case detection.
* accept_sec_context.c (krb5_gss_accept_sec_context) [CFX_EXERCISE]: Log to
/tmp/gsslog whether delegation or extra option bytes were present.
ticket: new
target_version: 1.3.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15983
dc483132-0cff-0310-8789-
dd5450dbe970
+2004-01-27 Ken Raeburn <raeburn@mit.edu>
+
+ * init_sec_context.c (make_gss_checksum) [CFX_EXERCISE]: Don't
+ crash on null pointer in debugging code.
+ (new_connection): Disable CFX_EXERCISE unknown-token-id case
+ detection.
+
+ * accept_sec_context.c (krb5_gss_accept_sec_context)
+ [CFX_EXERCISE]: Log to /tmp/gsslog whether delegation or extra
+ option bytes were present.
+
2004-01-05 Ken Raeburn <raeburn@mit.edu>
* init_sec_context.c: Include auth_con.h if CFX_EXERCISE is
} /* if i >= 4 */
/* ignore any additional trailing data, for now */
- } /* if */
+#ifdef CFX_EXERCISE
+ {
+ FILE *f = fopen("/tmp/gsslog", "a");
+ if (f) {
+ fprintf(f,
+ "initial context token with delegation, %d extra bytes\n",
+ i);
+ fclose(f);
+ }
+ }
+#endif
+ } else {
+#ifdef CFX_EXERCISE
+ {
+ FILE *f = fopen("/tmp/gsslog", "a");
+ if (f) {
+ if (gss_flags & GSS_C_DELEG_FLAG)
+ fprintf(f,
+ "initial context token, delegation flag but too small\n");
+ else
+ /* no deleg flag, length might still be too big */
+ fprintf(f,
+ "initial context token, %d extra bytes\n",
+ authdat->checksum->length - 24);
+ fclose(f);
+ }
+ }
+#endif
+ }
}
/* create the ctx struct and start filling it in */
data->checksum_data.length = 24;
}
#ifdef CFX_EXERCISE
- if (data->ctx->auth_context->keyblock->enctype == 18) {
+ if (data->ctx->auth_context->keyblock != NULL
+ && data->ctx->auth_context->keyblock->enctype == 18) {
srand(time(0) ^ getpid());
/* Our ftp client code stupidly assumes a base64-encoded
version of the token will fit in 10K, so don't make this
/* complain if the input token is non-null */
if (input_token != GSS_C_NO_BUFFER && input_token->length != 0) {
-#ifdef CFX_EXERCISE
+#if 0 /* def CFX_EXERCISE */
if (*context_handle != GSS_C_NO_CONTEXT
&& ((krb5_gss_ctx_id_t)*context_handle)->testing_unknown_tokid) {
/* XXX Should check for a KRB_ERROR message that we can
projects / krb5.git / commitdiff