From 2c00e1c235063a9fc812563c32acefcba1574e4f Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Sat, 19 Oct 1996 05:05:24 +0000 Subject: [PATCH] ser_sctx.c (kg_oid_externalize, kg_oid_internalize, kg_oid_size): Add a GSSAPI OID magic number to the externalized OID, so that if the OID is skipped, (it is optional), the serialization code can resyncronize if necessary. (kg_queue_internalize, kg_queue_externalize, kg_queue_size): New functions to externalize the gssapi queue. (kg_ctx_size, kg_ctx_exteranlize, kg_ctx_import): Changed to include the mech_used field and to include the auth context. gssapi_krb5.c (kg_get_context): Add calls to correctly initialize the serializers needed by import and export sec context. delete_sec_context.c (krb5_gss_delete_sec_context): Remember to release the mech_used OID if necessary! git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9213 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/krb5/ChangeLog | 21 ++++ src/lib/gssapi/krb5/delete_sec_context.c | 9 +- src/lib/gssapi/krb5/gssapiP_krb5.h | 2 +- src/lib/gssapi/krb5/gssapi_krb5.c | 24 +++- src/lib/gssapi/krb5/ser_sctx.c | 139 ++++++++++++++++++++++- 5 files changed, 183 insertions(+), 12 deletions(-) diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index 87a06bf5e..fb51f0dba 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,24 @@ +Sat Oct 19 00:38:22 1996 Theodore Y. Ts'o + + * ser_sctx.c (kg_oid_externalize, kg_oid_internalize, + kg_oid_size): Add a GSSAPI OID magic number to the + externalized OID, so that if the OID is skipped, (it is + optional), the serialization code can resyncronize if + necessary. + (kg_queue_internalize, kg_queue_externalize, + kg_queue_size): New functions to externalize the gssapi + queue. + (kg_ctx_size, kg_ctx_exteranlize, kg_ctx_import): Changed + to include the mech_used field and to include the auth + context. + + * gssapi_krb5.c (kg_get_context): Add calls to correctly + initialize the serializers needed by import and export sec + context. + + * delete_sec_context.c (krb5_gss_delete_sec_context): Remember to + release the mech_used OID if necessary! + Wed Oct 16 17:53:17 1996 Marc Horowitz * accept_sec_context.c (krb5_gss_accept_sec_context): return an diff --git a/src/lib/gssapi/krb5/delete_sec_context.c b/src/lib/gssapi/krb5/delete_sec_context.c index 5b5ff74fa..b38dfbed5 100644 --- a/src/lib/gssapi/krb5/delete_sec_context.c +++ b/src/lib/gssapi/krb5/delete_sec_context.c @@ -63,9 +63,9 @@ krb5_gss_delete_sec_context(minor_status, context_handle, output_token) gss_buffer_desc empty; empty.length = 0; empty.value = NULL; - if (major = kg_seal(context, minor_status, *context_handle, 0, - GSS_C_QOP_DEFAULT, - &empty, NULL, output_token, KG_TOK_DEL_CTX)) + if ((major = kg_seal(context, minor_status, *context_handle, 0, + GSS_C_QOP_DEFAULT, + &empty, NULL, output_token, KG_TOK_DEL_CTX))) return(major); } @@ -94,6 +94,9 @@ krb5_gss_delete_sec_context(minor_status, context_handle, output_token) if (ctx->auth_context) krb5_auth_con_free(context, ctx->auth_context); + + if (ctx->mech_used) + gss_release_oid(minor_status, &ctx->mech_used); /* Zero out context */ memset(ctx, 0, sizeof(*ctx)); diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h index c76d83981..ee327baf6 100644 --- a/src/lib/gssapi/krb5/gssapiP_krb5.h +++ b/src/lib/gssapi/krb5/gssapiP_krb5.h @@ -120,7 +120,7 @@ typedef struct _krb5_gss_ctx_id_rec { int established; int big_endian; krb5_auth_context auth_context; - const gss_OID_desc *mech_used; + gss_OID_desc *mech_used; } krb5_gss_ctx_id_rec, *krb5_gss_ctx_id_t; extern void *kg_vdb; diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c index e13b4537f..9b631a1cd 100644 --- a/src/lib/gssapi/krb5/gssapi_krb5.c +++ b/src/lib/gssapi/krb5/gssapi_krb5.c @@ -130,13 +130,27 @@ kg_get_context(minor_status, context) static krb5_context kg_context = NULL; krb5_error_code code; - if ((! kg_context) && - (code = krb5_init_context(&kg_context))) { - *minor_status = (OM_uint32) code; - return GSS_S_FAILURE; + if (!kg_context) { + if ((code = krb5_init_context(&kg_context))) + goto fail; + if ((code = krb5_ser_context_init(kg_context))) + goto fail; + if ((code = krb5_ser_auth_context_init(kg_context))) + goto fail; + if ((code = krb5_ser_ccache_init(kg_context))) + goto fail; + if ((code = krb5_ser_rcache_init(kg_context))) + goto fail; + if ((code = krb5_ser_keytab_init(kg_context))) + goto fail; + if ((code = krb5_ser_auth_context_init(kg_context))) + goto fail; } - *context = kg_context; *minor_status = 0; return GSS_S_COMPLETE; + +fail: + *minor_status = (OM_uint32) code; + return GSS_S_FAILURE; } diff --git a/src/lib/gssapi/krb5/ser_sctx.c b/src/lib/gssapi/krb5/ser_sctx.c index 428e52c14..259cce5b8 100644 --- a/src/lib/gssapi/krb5/ser_sctx.c +++ b/src/lib/gssapi/krb5/ser_sctx.c @@ -234,10 +234,12 @@ kg_oid_externalize(kcontext, arg, buffer, lenremain) { gss_OID oid = (gss_OID) arg; + (void) krb5_ser_pack_int32(KV5M_GSS_OID, buffer, lenremain); (void) krb5_ser_pack_int32((krb5_int32) oid->length, buffer, lenremain); (void) krb5_ser_pack_bytes((krb5_octet *) oid->elements, oid->length, buffer, lenremain); + (void) krb5_ser_pack_int32(KV5M_GSS_OID, buffer, lenremain); return 0; } @@ -248,16 +250,45 @@ kg_oid_internalize(kcontext, argp, buffer, lenremain) krb5_octet **buffer; size_t *lenremain; { + krb5_error_code kret; gss_OID oid; krb5_int32 ibuf; + krb5_octet *bp; + size_t remain; + + bp = *buffer; + remain = *lenremain; + + /* Read in and check our magic number */ + if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) + return (EINVAL); + + if (ibuf != KV5M_GSS_OID) + return (EINVAL); oid = (gss_OID) malloc(sizeof(gss_OID_desc)); if (oid == NULL) return ENOMEM; - (void) krb5_ser_unpack_int32(&ibuf, buffer, lenremain); + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); oid->length = ibuf; + oid->elements = malloc(ibuf); + if (oid->elements == 0) { + free(oid); + return ENOMEM; + } (void) krb5_ser_unpack_bytes((krb5_octet *) oid->elements, - oid->length, buffer, lenremain); + oid->length, &bp, &remain); + + /* Read in and check our trailing magic number */ + if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) + return (EINVAL); + + if (ibuf != KV5M_GSS_OID) + return (EINVAL); + + *buffer = bp; + *lenremain = remain; + *argp = (krb5_pointer) oid; return 0; } @@ -273,7 +304,8 @@ kg_oid_size(kcontext, arg, sizep) kret = EINVAL; if ((oid = (gss_OID) arg)) { - required = sizeof(krb5_int32); + required = 2*sizeof(krb5_int32); /* For the header and trailer */ + required += sizeof(krb5_int32); required += oid->length; kret = 0; @@ -284,6 +316,76 @@ kg_oid_size(kcontext, arg, sizep) return(kret); } +static krb5_error_code +kg_queue_externalize(kcontext, arg, buffer, lenremain) + krb5_context kcontext; + krb5_pointer arg; + krb5_octet **buffer; + size_t *lenremain; +{ + (void) krb5_ser_pack_int32(KV5M_GSS_QUEUE, buffer, lenremain); + g_queue_externalize(arg, buffer, lenremain); + (void) krb5_ser_pack_int32(KV5M_GSS_QUEUE, buffer, lenremain); + return 0; +} + +static krb5_error_code +kg_queue_internalize(kcontext, argp, buffer, lenremain) + krb5_context kcontext; + krb5_pointer *argp; + krb5_octet **buffer; + size_t *lenremain; +{ + krb5_error_code kret; + gss_OID oid; + krb5_int32 ibuf; + krb5_octet *bp; + size_t remain; + + bp = *buffer; + remain = *lenremain; + + /* Read in and check our magic number */ + if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) + return (EINVAL); + + if (ibuf != KV5M_GSS_QUEUE) + return (EINVAL); + + g_queue_internalize(argp, &bp, &remain); + + /* Read in and check our trailing magic number */ + if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) + return (EINVAL); + + if (ibuf != KV5M_GSS_QUEUE) + return (EINVAL); + + *buffer = bp; + *lenremain = remain; + return 0; +} + +krb5_error_code +kg_queue_size(kcontext, arg, sizep) + krb5_context kcontext; + krb5_pointer arg; + size_t *sizep; +{ + krb5_error_code kret; + size_t required; + + kret = EINVAL; + if (arg) { + required = 2*sizeof(krb5_int32); /* For the header and trailer */ + g_queue_size(arg, &required); + + kret = 0; + *sizep += required; + } + return(kret); +} + /* * Determine the size required for this krb5_gss_ctx_id_rec. */ @@ -354,6 +456,14 @@ kg_ctx_size(kcontext, arg, sizep) (krb5_pointer) ctx->mech_used, &required); + if (!kret && ctx->seqstate) + kret = kg_queue_size(kcontext, ctx->seqstate, &required); + + if (!kret) + kret = krb5_size_opaque(kcontext, + KV5M_AUTH_CONTEXT, + (krb5_pointer) ctx->auth_context, + &required); if (!kret) *sizep += required; } @@ -451,6 +561,16 @@ kg_ctx_externalize(kcontext, arg, buffer, lenremain) (krb5_pointer) &ctx->seq, &bp, &remain); + if (!kret && ctx->seqstate) + kret = kg_queue_externalize(kcontext, + ctx->seqstate, &bp, &remain); + + if (!kret) + kret = krb5_externalize_opaque(kcontext, + KV5M_AUTH_CONTEXT, + (krb5_pointer) ctx->auth_context, + &bp, &remain); + if (!kret) { (void) krb5_ser_pack_int32(KG_CONTEXT, &bp, &remain); *buffer = bp; @@ -574,6 +694,19 @@ kg_ctx_internalize(kcontext, argp, buffer, lenremain) } } + if (!kret) { + kret = kg_queue_internalize(kcontext, &ctx->seqstate, + &bp, &remain); + if (kret == EINVAL) + kret = 0; + } + + if (!kret) + kret = krb5_internalize_opaque(kcontext, + KV5M_AUTH_CONTEXT, + (krb5_pointer *) &ctx->auth_context, + &bp, &remain); + /* Get trailer */ if (!kret && !(kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)) && -- 2.26.2