From 3c047f859f1c3868eeff3d8668fff01ef193cd08 Mon Sep 17 00:00:00 2001
From: Theodore Tso <tytso@mit.edu>
Date: Thu, 2 Jul 1998 22:24:56 +0000
Subject: [PATCH] k5unseal.c (kg_unseal):  Clean up lint warnings

accept_sec_context.c (krb5_gss_accept_sec_context): Don't return an
	error token if we can't provide the server name to the KRB5 error
	structure (because cred isn't initialized).

gssapi_krb5.c, gssapi_krb5.h: Export the oid of static arrays as
	krb5_gss_oid_array since it's needed by gss_import_sec_context.

import_sec_context.c: Fix up the OID of the mechanism in the imported
	security context so that we use the static OID if at all possible.
	This is needed since gss_inquire_context() must return a static OID.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10618 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/gssapi/krb5/ChangeLog            | 17 ++++++++++++
 src/lib/gssapi/krb5/accept_sec_context.c |  4 +--
 src/lib/gssapi/krb5/gssapi_krb5.c        | 17 ++++++------
 src/lib/gssapi/krb5/gssapi_krb5.h        |  2 ++
 src/lib/gssapi/krb5/import_sec_context.c | 21 +++++++++++++++
 src/lib/gssapi/krb5/k5unseal.c           | 34 +++++++++++-------------
 6 files changed, 66 insertions(+), 29 deletions(-)

diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog
index e92054205..bc5c57875 100644
--- a/src/lib/gssapi/krb5/ChangeLog
+++ b/src/lib/gssapi/krb5/ChangeLog
@@ -1,3 +1,20 @@
+1998-06-08  Theodore Ts'o  <tytso@rsts-11.mit.edu>
+
+	* k5unseal.c (kg_unseal):  Clean up lint warnings.
+
+	* accept_sec_context.c (krb5_gss_accept_sec_context): Don't return
+		an error token if we can't provide the server name to the
+		KRB5 error structure (because cred isn't initialized).
+
+	* gssapi_krb5.c, gssapi_krb5.h: Export the oid of static
+		arrays as krb5_gss_oid_array since it's needed by
+		gss_import_sec_context.
+
+	* import_sec_context.c: Fix up the OID of the mechanism in the
+		imported security context so that we use the static
+		OID if at all possible.  This is needed since
+		gss_inquire_context() must return a static OID.
+
 Sun May 24 21:57:03 1998  Theodore Y. Ts'o  <tytso@mit.edu>
 
 	* import_name.c (krb5_gss_import_name): Fix typo which caused
diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c
index 181e67565..ee204d3e0 100644
--- a/src/lib/gssapi/krb5/accept_sec_context.c
+++ b/src/lib/gssapi/krb5/accept_sec_context.c
@@ -159,7 +159,7 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
    char *sptr;
    long tmp;
    int bigend;
-   krb5_gss_cred_id_t cred;
+   krb5_gss_cred_id_t cred = 0;
    krb5_data ap_req;
    int i;
    krb5_error_code code;
@@ -679,7 +679,7 @@ fail:
 	   krb5_free_ap_req(context, request);
    }
 
-   if (gss_flags & GSS_C_MUTUAL_FLAG) {
+   if (cred && (gss_flags & GSS_C_MUTUAL_FLAG)) {
 	   /*
 	    * The client is expecting a response, so we can send an
 	    * error token back
diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c
index 9b631a1cd..c0942c39a 100644
--- a/src/lib/gssapi/krb5/gssapi_krb5.c
+++ b/src/lib/gssapi/krb5/gssapi_krb5.c
@@ -53,24 +53,25 @@
  * except the last in each value's encoding.
  */
 
-static const gss_OID_desc oids[] = {
+const gss_OID_desc krb5_gss_oid_array[] = {
    /* this is the unofficial, wrong OID */
    {5, "\053\005\001\005\002"},
    /* this is the official, rfc-specified OID */
    {9, "\052\206\110\206\367\022\001\002\002"},
    {10, "\052\206\110\206\367\022\001\002\002\001"},
    {10, "\052\206\110\206\367\022\001\002\002\002"},
+   { 0, 0 }
 };
 
-const gss_OID_desc * const gss_mech_krb5_old = oids+0;
-const gss_OID_desc * const gss_mech_krb5 = oids+1;
-const gss_OID_desc * const gss_nt_krb5_name = oids+2;
-const gss_OID_desc * const gss_nt_krb5_principal = oids+3;
+const gss_OID_desc * const gss_mech_krb5_old = krb5_gss_oid_array+0;
+const gss_OID_desc * const gss_mech_krb5 = krb5_gss_oid_array+1;
+const gss_OID_desc * const gss_nt_krb5_name = krb5_gss_oid_array+2;
+const gss_OID_desc * const gss_nt_krb5_principal = krb5_gss_oid_array+3;
 
 static const gss_OID_set_desc oidsets[] = {
-   {1, (gss_OID) oids+0},
-   {1, (gss_OID) oids+1},
-   {2, (gss_OID) oids+0},
+   {1, (gss_OID) krb5_gss_oid_array+0},
+   {1, (gss_OID) krb5_gss_oid_array+1},
+   {2, (gss_OID) krb5_gss_oid_array+0},
 };
 
 const gss_OID_set_desc * const gss_mech_set_krb5_old = oidsets+0;
diff --git a/src/lib/gssapi/krb5/gssapi_krb5.h b/src/lib/gssapi/krb5/gssapi_krb5.h
index b2ef5806b..a1f51919d 100644
--- a/src/lib/gssapi/krb5/gssapi_krb5.h
+++ b/src/lib/gssapi/krb5/gssapi_krb5.h
@@ -39,6 +39,8 @@ extern const gss_OID_set_desc * const gss_mech_set_krb5_both;
 extern const gss_OID_desc * const gss_nt_krb5_name;
 extern const gss_OID_desc * const gss_nt_krb5_principal;
 
+extern const gss_OID_desc krb5_gss_oid_array[];
+
 #define gss_krb5_nt_general_name	gss_nt_krb5_name
 #define gss_krb5_nt_principal		gss_nt_krb5_principal
 #define gss_krb5_nt_service_name	gss_nt_service_name
diff --git a/src/lib/gssapi/krb5/import_sec_context.c b/src/lib/gssapi/krb5/import_sec_context.c
index c1d1bfa72..baf901ca5 100644
--- a/src/lib/gssapi/krb5/import_sec_context.c
+++ b/src/lib/gssapi/krb5/import_sec_context.c
@@ -27,6 +27,26 @@
  */
 #include "gssapiP_krb5.h"
 
+/*
+ * Fix up the OID of the mechanism so that uses the static version of
+ * the OID if possible.
+ */
+static gss_OID convert_static_oid(oid)
+     gss_OID	FAR oid;
+{
+	const gss_OID_desc 	*p;
+	OM_uint32		minor_status;
+	
+	for (p = krb5_gss_oid_array; p->length; p++) {
+		if ((oid->length == p->length) &&
+		    (memcmp(oid->elements, p->elements, p->length) == 0)) {
+			gss_release_oid(&minor_status, &oid);
+			return p;
+		}
+	}
+	return oid;
+}
+
 OM_uint32
 krb5_gss_import_sec_context(minor_status, interprocess_token, context_handle)
     OM_uint32		*minor_status;
@@ -65,6 +85,7 @@ krb5_gss_import_sec_context(minor_status, interprocess_token, context_handle)
        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
        return(GSS_S_FAILURE);
     }
+    ctx->mech_used = convert_static_oid(ctx->mech_used);
     
     *context_handle = (gss_ctx_id_t) ctx;
 
diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c
index 70d2d4d7b..041cae06a 100644
--- a/src/lib/gssapi/krb5/k5unseal.c
+++ b/src/lib/gssapi/krb5/k5unseal.c
@@ -47,7 +47,7 @@ kg_unseal(context, minor_status, context_handle, input_token_buffer,
    krb5_error_code code;
    int bodysize;
    int tmsglen;
-   int conflen;
+   int conflen = 0;
    int signalg;
    int sealalg;
    gss_buffer_desc token;
@@ -58,7 +58,7 @@ kg_unseal(context, minor_status, context_handle, input_token_buffer,
    char *data_ptr;
    krb5_timestamp now;
    unsigned char *plain;
-   int cksum_len;
+   int cksum_len = 0;
    int plainlen;
    int err;
    int direction;
@@ -89,9 +89,9 @@ kg_unseal(context, minor_status, context_handle, input_token_buffer,
 
    ptr = (unsigned char *) input_token_buffer->value;
 
-   if (err = g_verify_token_header((gss_OID) ctx->mech_used, &bodysize,
-				   &ptr, toktype,
-				   input_token_buffer->length)) {
+   if ((err = g_verify_token_header((gss_OID) ctx->mech_used, &bodysize,
+				    &ptr, toktype,
+				    input_token_buffer->length))) {
       *minor_status = err;
       return(GSS_S_DEFECTIVE_TOKEN);
    }
@@ -159,8 +159,8 @@ kg_unseal(context, minor_status, context_handle, input_token_buffer,
 	    return(GSS_S_FAILURE);
 	 }
 
-	 if (code = kg_decrypt(context, &ctx->enc, NULL,
-			       ptr+14+cksum_len, plain, tmsglen)) {
+	 if ((code = kg_decrypt(context, &ctx->enc, NULL,
+				ptr+14+cksum_len, plain, tmsglen))) {
 	    xfree(plain);
 	    *minor_status = code;
 	    return(GSS_S_FAILURE);
@@ -185,11 +185,7 @@ kg_unseal(context, minor_status, context_handle, input_token_buffer,
 	    *minor_status = ENOMEM;
 	    return(GSS_S_FAILURE);
 	 }
-
-	 if ((sealalg == 0xffff) && ctx->big_endian)
-	    memcpy(token.value, plain, token.length);
-	 else
-	    memcpy(token.value, plain+conflen, token.length);
+	 memcpy(token.value, plain+conflen, token.length);
       }
    } else if (toktype == KG_TOK_SIGN_MSG) {
       token = *message_buffer;
@@ -285,10 +281,10 @@ kg_unseal(context, minor_status, context_handle, input_token_buffer,
 
       xfree(cksum.contents);
 #else
-      if (code = kg_encrypt(context, &ctx->seq,
-			    (g_OID_equal(ctx->mech_used, gss_mech_krb5_old) ?
-			     ctx->seq.key->contents : NULL),
-			    md5cksum.contents, md5cksum.contents, 16)) {
+      if ((code = kg_encrypt(context, &ctx->seq,
+			     (g_OID_equal(ctx->mech_used, gss_mech_krb5_old) ?
+			      ctx->seq.key->contents : NULL),
+			     md5cksum.contents, md5cksum.contents, 16))) {
 	 xfree(md5cksum.contents);
 	 if (toktype == KG_TOK_SEAL_MSG)
 	    xfree(token.value);
@@ -386,7 +382,7 @@ kg_unseal(context, minor_status, context_handle, input_token_buffer,
    if (qop_state)
       *qop_state = GSS_C_QOP_DEFAULT;
 
-   if (code = krb5_timeofday(context, &now)) {
+   if ((code = krb5_timeofday(context, &now))) {
       *minor_status = code;
       return(GSS_S_FAILURE);
    }
@@ -398,8 +394,8 @@ kg_unseal(context, minor_status, context_handle, input_token_buffer,
 
    /* do sequencing checks */
 
-   if (code = kg_get_seq_num(context, &(ctx->seq), ptr+14, ptr+6, &direction,
-			     &seqnum)) {
+   if ((code = kg_get_seq_num(context, &(ctx->seq), ptr+14, ptr+6, &direction,
+			      &seqnum))) {
       if (toktype == KG_TOK_SEAL_MSG)
 	 xfree(token.value);
       *minor_status = code;
-- 
2.26.2