From: Theodore Tso Date: Thu, 19 Jan 1995 03:02:16 +0000 (+0000) Subject: Fixed bugs in introduction of context variables; if the global context is X-Git-Tag: krb5-1.0-beta5~831 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=a4c08d0030804a3ecb282cdc9c9dad790644064c;p=krb5.git Fixed bugs in introduction of context variables; if the global context is not initialized, initialize it automatically. Initialize the connection context's krb5_context varaible in init_security_context and accept_security_context. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4824 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index f703da86d..c6e2dc47b 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -319,6 +319,7 @@ krb5_gss_accept_sec_context(context, minor_status, context_handle, return(GSS_S_FAILURE); } + ctx->context = context; ctx->initiate = 0; ctx->mutual = gss_flags & GSS_C_MUTUAL_FLAG; ctx->seed_init = 0; @@ -377,7 +378,8 @@ krb5_gss_accept_sec_context(context, minor_status, context_handle, /* generate an AP_REP if necessary */ if (ctx->mutual) { - if (code = make_ap_rep(authdat, ctx->subkey, &ctx->seq_send, &token)) { + if (code = make_ap_rep(context, authdat, ctx->subkey, &ctx->seq_send, + &token)) { (void)krb5_gss_delete_sec_context(context, minor_status, (gss_ctx_id_t *) &ctx, NULL); krb5_free_tkt_authent(context, authdat); diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index 0bcf10c6e..ae68b4f15 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -309,7 +309,7 @@ krb5_gss_acquire_cred(context, minor_status, desired_name, time_req, if ((cred_usage == GSS_C_ACCEPT) || (cred_usage == GSS_C_BOTH)) - if ((ret = acquire_accept_cred(minor_status, desired_name, + if ((ret = acquire_accept_cred(context, minor_status, desired_name, &(cred->princ), cred)) != GSS_S_COMPLETE) { if (cred->princ) @@ -326,7 +326,7 @@ krb5_gss_acquire_cred(context, minor_status, desired_name, time_req, if ((cred_usage == GSS_C_INITIATE) || (cred_usage == GSS_C_BOTH)) if ((ret = - acquire_init_cred(minor_status, + acquire_init_cred(context, minor_status, cred->princ?(gss_name_t)cred->princ:desired_name, &(cred->princ), cred)) != GSS_S_COMPLETE) { diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h index 822df1898..0e3544b55 100644 --- a/src/lib/gssapi/krb5/gssapiP_krb5.h +++ b/src/lib/gssapi/krb5/gssapiP_krb5.h @@ -96,6 +96,8 @@ typedef struct _krb5_gss_ctx_id_rec { extern void *kg_vdb; +extern krb5_context kg_context; + /* helper macros */ #define kg_save_name(name) g_save_name(&kg_vdb,name) @@ -339,4 +341,6 @@ PROTOTYPE( (krb5_context, int* /* locally_initiated */ )); +OM_uint32 kg_get_context(); + #endif /* _GSSAPIP_KRB5_H_ */ diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c index 249c12562..4b23217fa 100644 --- a/src/lib/gssapi/krb5/gssapi_krb5.c +++ b/src/lib/gssapi/krb5/gssapi_krb5.c @@ -81,6 +81,9 @@ kg_get_defcred(minor_status, cred) if (defcred == GSS_C_NO_CREDENTIAL) { OM_uint32 major; + if (!kg_context && kg_get_context()) + return GSS_S_FAILURE; + if ((major = krb5_gss_acquire_cred(kg_context, minor_status, GSS_C_NO_NAME, GSS_C_INDEFINITE, GSS_C_NULL_OID_SET, GSS_C_INITIATE, @@ -105,5 +108,18 @@ kg_release_defcred(minor_status) return(GSS_S_COMPLETE); } + if (!kg_context && kg_get_context()) + return GSS_S_FAILURE; + return(krb5_gss_release_cred(kg_context, minor_status, &defcred)); } + +OM_uint32 +kg_get_context() +{ + if (kg_context) + return GSS_S_COMPLETE; + if (krb5_init_context(&kg_context)) + return GSS_S_FAILURE; + return GSS_S_COMPLETE; +} diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index 63f277716..37fa6b218 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -226,6 +226,7 @@ krb5_gss_init_sec_context(context, minor_status, claimant_cred_handle, /* fill in the ctx */ + ctx->context = context; ctx->initiate = 1; ctx->mutual = req_flags & GSS_C_MUTUAL_FLAG; ctx->seed_init = 0; @@ -257,7 +258,7 @@ krb5_gss_init_sec_context(context, minor_status, claimant_cred_handle, return(GSS_S_FAILURE); } - if (code = make_ap_req(ctx->cred, ctx->there, &ctx->endtime, + if (code = make_ap_req(context, ctx->cred, ctx->there, &ctx->endtime, input_chan_bindings, ctx->mutual, &ctx->subkey, &ctx->flags, &ctx->seq_send, &token)) { diff --git a/src/lib/gssapi/krb5/k5seal.c b/src/lib/gssapi/krb5/k5seal.c index 5cc622dad..da431f1e2 100644 --- a/src/lib/gssapi/krb5/k5seal.c +++ b/src/lib/gssapi/krb5/k5seal.c @@ -223,8 +223,8 @@ kg_seal(minor_status, context_handle, conf_req_flag, qop_req, return(GSS_S_FAILURE); } - if (code = make_seal_token(&ctx->enc, &ctx->seq, &ctx->seq_send, - ctx->initiate, + if (code = make_seal_token(ctx->context, &ctx->enc, &ctx->seq, + &ctx->seq_send, ctx->initiate, input_message_buffer, output_message_buffer, conf_req_flag, toktype, ctx->big_endian)) { *minor_status = code; diff --git a/src/lib/gssapi/krb5/krb5_gss_glue.c b/src/lib/gssapi/krb5/krb5_gss_glue.c index a1c0f7f6a..c8907e1bc 100644 --- a/src/lib/gssapi/krb5/krb5_gss_glue.c +++ b/src/lib/gssapi/krb5/krb5_gss_glue.c @@ -22,8 +22,6 @@ #include "gssapiP_krb5.h" -extern krb5_context kg_context; - OM_uint32 gss_accept_sec_context(minor_status, context_handle, verifier_cred_handle, input_token, input_chan_bindings, src_name, mech_type, @@ -50,7 +48,10 @@ gss_accept_sec_context(minor_status, context_handle, verifier_cred_handle, ctx = (krb5_gss_ctx_id_rec *) context_handle; - return(krb5_gss_accept_sec_context(ctx->context, minor_status, + if (!kg_context && kg_get_context()) + return GSS_S_FAILURE; + + return(krb5_gss_accept_sec_context(kg_context, minor_status, context_handle, verifier_cred_handle, input_token, @@ -75,6 +76,9 @@ gss_acquire_cred(minor_status, desired_name, time_req, desired_mechs, gss_OID_set *actual_mechs; OM_uint32 *time_rec; { + if (!kg_context && kg_get_context()) + return GSS_S_FAILURE; + return(krb5_gss_acquire_cred(kg_context, minor_status, desired_name, time_req, @@ -92,6 +96,9 @@ gss_compare_name(minor_status, name1, name2, name_equal) gss_name_t name2; int *name_equal; { + if (!kg_context && kg_get_context()) + return GSS_S_FAILURE; + return(krb5_gss_compare_name(kg_context, minor_status, name1, name2, name_equal)); } @@ -143,6 +150,9 @@ gss_display_name(minor_status, input_name, output_name_buffer, output_name_type) gss_buffer_t output_name_buffer; gss_OID *output_name_type; { + if (!kg_context && kg_get_context()) + return GSS_S_FAILURE; + return(krb5_gss_display_name(kg_context, minor_status, input_name, output_name_buffer, output_name_type)); } @@ -157,6 +167,9 @@ gss_display_status(minor_status, status_value, status_type, int *message_context; gss_buffer_t status_string; { + if (!kg_context && kg_get_context()) + return GSS_S_FAILURE; + return(krb5_gss_display_status(kg_context, minor_status, status_value, status_type, mech_type, message_context, status_string)); @@ -169,6 +182,9 @@ gss_import_name(minor_status, input_name_buffer, input_name_type, output_name) const_gss_OID input_name_type; gss_name_t *output_name; { + if (!kg_context && kg_get_context()) + return GSS_S_FAILURE; + return(krb5_gss_import_name(kg_context, minor_status, input_name_buffer, input_name_type, output_name)); } @@ -178,6 +194,9 @@ gss_indicate_mechs(minor_status, mech_set) OM_uint32 *minor_status; gss_OID_set *mech_set; { + if (!kg_context && kg_get_context()) + return GSS_S_FAILURE; + return(krb5_gss_indicate_mechs(kg_context, minor_status, mech_set)); } @@ -200,6 +219,9 @@ gss_init_sec_context(minor_status, claimant_cred_handle, context_handle, int *ret_flags; OM_uint32 *time_rec; { + if (!kg_context && kg_get_context()) + return GSS_S_FAILURE; + return(krb5_gss_init_sec_context(kg_context, minor_status, claimant_cred_handle, context_handle, target_name, mech_type, req_flags, @@ -246,6 +268,9 @@ gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, int *cred_usage; gss_OID_set *mechanisms; { + if (!kg_context && kg_get_context()) + return GSS_S_FAILURE; + return(krb5_gss_inquire_cred(kg_context, minor_status, cred_handle, name, lifetime_ret, cred_usage, mechanisms)); } @@ -275,6 +300,9 @@ gss_release_cred(minor_status, cred_handle) OM_uint32 *minor_status; gss_cred_id_t *cred_handle; { + if (!kg_context && kg_get_context()) + return GSS_S_FAILURE; + return(krb5_gss_release_cred(kg_context, minor_status, cred_handle)); } @@ -283,6 +311,9 @@ gss_release_name(minor_status, input_name) OM_uint32 *minor_status; gss_name_t *input_name; { + if (!kg_context && kg_get_context()) + return GSS_S_FAILURE; + return(krb5_gss_release_name(kg_context, minor_status, input_name)); } diff --git a/src/lib/gssapi/krb5/util_cksum.c b/src/lib/gssapi/krb5/util_cksum.c index 691f6d754..df95d8349 100644 --- a/src/lib/gssapi/krb5/util_cksum.c +++ b/src/lib/gssapi/krb5/util_cksum.c @@ -34,6 +34,9 @@ kg_checksum_channel_bindings(cb, cksum, bigend) long tmp; krb5_error_code code; + if (!kg_context && (code=kg_get_context())) + return code; + /* generate a buffer full of zeros if no cb specified */ if (cb == GSS_C_NO_CHANNEL_BINDINGS) { @@ -44,7 +47,7 @@ kg_checksum_channel_bindings(cb, cksum, bigend) cksum->checksum_type = CKSUMTYPE_RSA_MD5; memset(cksum->contents, '\0', - (cksum->length = krb5_checksum_size(global_context, CKSUMTYPE_RSA_MD5))); + (cksum->length = krb5_checksum_size(kg_context, CKSUMTYPE_RSA_MD5))); return(0); } @@ -78,7 +81,7 @@ kg_checksum_channel_bindings(cb, cksum, bigend) /* checksum the data */ - if (code = krb5_calculate_checksum(global_context, CKSUMTYPE_RSA_MD5, + if (code = krb5_calculate_checksum(kg_context, CKSUMTYPE_RSA_MD5, buf, len, NULL, 0, cksum)) { xfree(cksum->contents); xfree(buf); diff --git a/src/lib/gssapi/krb5/util_crypt.c b/src/lib/gssapi/krb5/util_crypt.c index bee58ceee..3b954e9e2 100644 --- a/src/lib/gssapi/krb5/util_crypt.c +++ b/src/lib/gssapi/krb5/util_crypt.c @@ -25,8 +25,6 @@ static unsigned char zeros[8] = {0,0,0,0,0,0,0,0}; -extern krb5_context kg_context; - int kg_confounder_size(ed) krb5_gss_enc_desc *ed; { @@ -40,8 +38,9 @@ kg_make_confounder(ed, buf) krb5_gss_enc_desc *ed; unsigned char *buf; { - return(krb5_random_confounder(kg_context, - ed->eblock.crypto_entry->block_length, buf)); + krb5_error_code code; + + return(krb5_random_confounder( ed->eblock.crypto_entry->block_length, buf)); } int kg_encrypt_size(ed, n) @@ -61,6 +60,9 @@ kg_encrypt(ed, iv, in, out, length) { krb5_error_code code; + if (!kg_context && (code=kg_get_context())) + return code; + if (! ed->processed) { if (code = krb5_process_key(kg_context, &ed->eblock, ed->key)) return(code); @@ -88,6 +90,9 @@ kg_decrypt(ed, iv, in, out, length) int elen; char *buf; + if (!kg_context && (code=kg_get_context())) + return code; + if (! ed->processed) { if (code = krb5_process_key(kg_context, &ed->eblock, ed->key)) return(code); diff --git a/src/lib/gssapi/krb5/util_seed.c b/src/lib/gssapi/krb5/util_seed.c index cb7430179..8792b8bd9 100644 --- a/src/lib/gssapi/krb5/util_seed.c +++ b/src/lib/gssapi/krb5/util_seed.c @@ -25,8 +25,6 @@ static unsigned char zeros[16] = {0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0}; -extern krb5_context kg_context; - krb5_error_code kg_make_seed(key, seed) krb5_keyblock *key; @@ -36,6 +34,9 @@ kg_make_seed(key, seed) krb5_gss_enc_desc ed; int i; + if (!kg_context && (code=kg_get_context())) + return code; + if (code = krb5_copy_keyblock(kg_context, key, &ed.key)) return(code);