Include authenticator and ticket authdata in gss-api

author Sam Hartman <hartmans@mit.edu>

Thu, 26 Feb 2009 20:07:05 +0000 (20:07 +0000)

committer Sam Hartman <hartmans@mit.edu>

Thu, 26 Feb 2009 20:07:05 +0000 (20:07 +0000)
author Sam Hartman <hartmans@mit.edu>
Thu, 26 Feb 2009 20:07:05 +0000 (20:07 +0000)
committer Sam Hartman <hartmans@mit.edu>
Thu, 26 Feb 2009 20:07:05 +0000 (20:07 +0000)
diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin

index c0fdcd2d855c6a315b27bb57bef03eb69ec6b602..72a412a858870884ccbef2bafc1aa6de3fa9610a 100644 (file)
--- a/src/include/krb5/krb5.hin
+++ b/src/include/krb5/krb5.hin
@@ -1718,6 +1718,14 @@ krb5_error_code KRB5_CALLCONV krb5_copy_authdata
         (krb5_context,
                 krb5_authdata * const *,
                 krb5_authdata ***);
+krb5_error_code KRB5_CALLCONV krb5_merge_authdata
+       (krb5_context,
+               krb5_authdata * const *,
+        krb5_authdata *const *,
+               krb5_authdata ***);
+/* Merge two authdata arrays, such as the array from a ticket
+ * and authenticator */
+
  krb5_error_code KRB5_CALLCONV krb5_copy_authenticator
         (krb5_context,
                 const krb5_authenticator *,
diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c

index e2ec1fe76a6423695d88623a0d105276f7fe5768..dd17c044b66946637355329ac24855a8dd5ccec1 100644 (file)
--- a/src/lib/gssapi/krb5/accept_sec_context.c
+++ b/src/lib/gssapi/krb5/accept_sec_context.c
@@ -811,9 +811,9 @@ kg_accept_krb5(minor_status, context_handle,
      }
  
      /* XXX move this into gss_name_t */
-    if (ticket->enc_part2->authorization_data != NULL &&
-        (code = krb5_copy_authdata(context,
+    if (        (code = krb5_merge_authdata(context,
                                     ticket->enc_part2->authorization_data,
+                                            authdat->authorization_data,
                                     &ctx->authdata))) {
          major_status = GSS_S_FAILURE;
          goto fail;
diff --git a/src/lib/krb5/krb/copy_auth.c b/src/lib/krb5/krb/copy_auth.c

index e9472eec8057ff27dc7ba59789695ec1c165d049..4946eca625caa508804cadbea5bfb3dc2445a744 100644 (file)
--- a/src/lib/krb5/krb/copy_auth.c
+++ b/src/lib/krb5/krb/copy_auth.c
@@ -77,30 +77,47 @@ krb5_copy_authdatum(krb5_context context, const krb5_authdata *inad, krb5_authda
   * Copy an authdata array, with fresh allocation.
   */
  krb5_error_code KRB5_CALLCONV
-krb5_copy_authdata(krb5_context context, krb5_authdata *const *inauthdat, krb5_authdata ***outauthdat)
+krb5_merge_authdata(krb5_context context, krb5_authdata *const *inauthdat1, krb5_authdata * const *inauthdat2,
+                   krb5_authdata ***outauthdat)
  {
      krb5_error_code retval;
      krb5_authdata ** tempauthdat;
-    register unsigned int nelems = 0;
+    register unsigned int nelems = 0, nelems2 = 0;
  
-    if (!inauthdat) {
+    if (!inauthdat1 && !inauthdat2) {
             *outauthdat = 0;
             return 0;
      }
  
-    while (inauthdat[nelems]) nelems++;
+    if (inauthdat1) 
+       while (inauthdat1[nelems]) nelems++;
+    if (inauthdat2) 
+       while (inauthdat2[nelems2]) nelems2++;
  
      /* one more for a null terminated list */
-    if (!(tempauthdat = (krb5_authdata **) calloc(nelems+1,
+    if (!(tempauthdat = (krb5_authdata **) calloc(nelems+nelems2+1,
                                                   sizeof(*tempauthdat))))
         return ENOMEM;
  
-    for (nelems = 0; inauthdat[nelems]; nelems++) {
-       retval = krb5_copy_authdatum(context, inauthdat[nelems],
-                                    &tempauthdat[nelems]);
-       if (retval) {
-           krb5_free_authdata(context, tempauthdat);
-           return retval;
+    if (inauthdat1) {
+       for (nelems = 0; inauthdat1[nelems]; nelems++) {
+           retval = krb5_copy_authdatum(context, inauthdat1[nelems],
+                                        &tempauthdat[nelems]);
+           if (retval) {
+               krb5_free_authdata(context, tempauthdat);
+               return retval;
+           }
+       }
+    }
+
+    if (inauthdat2) {
+       for (nelems2 = 0; inauthdat2[nelems2]; nelems2++) {
+           retval = krb5_copy_authdatum(context, inauthdat2[nelems2],
+                                        &tempauthdat[nelems++]);
+           if (retval) {
+               krb5_free_authdata(context, tempauthdat);
+               return retval;
+           }
         }
      }
  
@@ -108,6 +125,13 @@ krb5_copy_authdata(krb5_context context, krb5_authdata *const *inauthdat, krb5_a
      return 0;
  }
  
+krb5_error_code KRB5_CALLCONV
+krb5_copy_authdata(krb5_context context,
+                  krb5_authdata *const *in_authdat, krb5_authdata ***out)
+{
+    return krb5_merge_authdata(context, in_authdat, NULL, out);
+}
+
  krb5_error_code KRB5_CALLCONV
  krb5_decode_authdata_container(krb5_context context,
                                krb5_authdatatype type,
diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports

index 2671ebca577ee5065b1cc79be8e847f30a6c0f71..a6b892983e6be26e814e3cd85f851d5a9c8205e7 100644 (file)
--- a/src/lib/krb5/libkrb5.exports
+++ b/src/lib/krb5/libkrb5.exports
@@ -354,6 +354,7 @@ krb5_make_fulladdr
  krb5_max_dgram_size
  krb5_max_skdc_timeout
  krb5_mcc_ops
+krb5_merge_authdata
  krb5_mk_1cred
  krb5_mk_error
  krb5_mk_ncred
author	Sam Hartman <hartmans@mit.edu>
	Thu, 26 Feb 2009 20:07:05 +0000 (20:07 +0000)
committer	Sam Hartman <hartmans@mit.edu>
	Thu, 26 Feb 2009 20:07:05 +0000 (20:07 +0000)
src/include/krb5/krb5.hin		patch \| blob \| history
src/lib/gssapi/krb5/accept_sec_context.c		patch \| blob \| history
src/lib/krb5/krb/copy_auth.c		patch \| blob \| history
src/lib/krb5/libkrb5.exports		patch \| blob \| history