From 73fe95dbaa5701493d4c5ecc62a5d4bec4cb75c7 Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Thu, 29 Feb 1996 06:27:31 +0000 Subject: [PATCH] mglueP.h: For MS-DOS, add #include of malloc.h g_acquire_cred.c (gss_acquire_cred): Fix so that the call works when desired_name is NULL (meaning use the default credentials). g_imp_sec_context.c (gss_import_sec_context): g_exp_sec_context.c (gss_export_sec_context): Fix to import/export the framing security context (so that this call actually works!). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7574 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/mechglue/ChangeLog | 13 +++ src/lib/gssapi/mechglue/g_acquire_cred.c | 95 ++++++++++++++------- src/lib/gssapi/mechglue/g_exp_sec_context.c | 50 ++++++++--- src/lib/gssapi/mechglue/g_imp_sec_context.c | 80 +++++++++++++---- src/lib/gssapi/mechglue/mglueP.h | 4 + 5 files changed, 180 insertions(+), 62 deletions(-) diff --git a/src/lib/gssapi/mechglue/ChangeLog b/src/lib/gssapi/mechglue/ChangeLog index 47c69a62d..d944aecd9 100644 --- a/src/lib/gssapi/mechglue/ChangeLog +++ b/src/lib/gssapi/mechglue/ChangeLog @@ -1,3 +1,16 @@ +Wed Feb 28 20:33:47 1996 Theodore Y. Ts'o + + * mglueP.h: For MS-DOS, add #include of malloc.h + + * g_acquire_cred.c (gss_acquire_cred): Fix so that the call works + when desired_name is NULL (meaning use the default + credentials). + + * g_imp_sec_context.c (gss_import_sec_context): + * g_exp_sec_context.c (gss_export_sec_context): Fix to + import/export the framing security context (so that this + call actually works!). + Tue Feb 27 18:44:51 1996 Theodore Y. Ts'o * g_initialize.c (gss_initialize): Don't fprintf to stderr on diff --git a/src/lib/gssapi/mechglue/g_acquire_cred.c b/src/lib/gssapi/mechglue/g_acquire_cred.c index b9763c950..f6bd7743c 100644 --- a/src/lib/gssapi/mechglue/g_acquire_cred.c +++ b/src/lib/gssapi/mechglue/g_acquire_cred.c @@ -98,6 +98,7 @@ OM_uint32 * time_rec; gss_union_cred_t creds; gss_OID_set_desc default_OID_set; gss_OID_desc default_OID; + gss_OID specific_mech_type = 0; gss_mechanism mech; /* @@ -124,9 +125,6 @@ OM_uint32 * time_rec; if (minor_status) *minor_status = 0; - if (desired_name == 0) - return GSS_S_BAD_NAME; - /* No need to continue if we don't have a place to store the creds */ if (output_cred_handle == NULL) return GSS_S_COMPLETE; @@ -134,6 +132,9 @@ OM_uint32 * time_rec; /* get desired_name cast as a union_name type */ union_name = (gss_union_name_t) desired_name; + + if (union_name) + specific_mech_type = union_name->mech_type; /* * if desired_mechs equals GSS_C_NULL_OID_SET, then pick an @@ -145,7 +146,7 @@ OM_uint32 * time_rec; * mechanism; otherwise, we get the mechanism for the * mechanism-specific name. */ - mech = __gss_get_mechanism(union_name->mech_type); + mech = __gss_get_mechanism(specific_mech_type); if (mech == NULL) return (GSS_S_BAD_MECH); @@ -184,14 +185,16 @@ OM_uint32 * time_rec; * If this is a mechanism-specific name, then only use the * mechanism of the name. */ - if (union_name->mech_type && !g_OID_equal(union_name->mech_type, - &mech->mech_type)) + if (specific_mech_type && !g_OID_equal(specific_mech_type, + &mech->mech_type)) continue; /* * If this is not a mechanism-specific name, then we need to * do an import the external name in union_name first. */ - if (!union_name->mech_type) { + if (union_name == 0) + internal_name = (gss_name_t) 0; + else if (!union_name->mech_type) { if (__gss_import_internal_name(&temp_minor_status, &mech->mech_type, union_name, &internal_name)) { @@ -219,11 +222,27 @@ OM_uint32 * time_rec; creds_returned[j].available = 1; creds_acquired++; } - - if (!union_name->mech_type) { - (void) __gss_release_internal_name(&temp_minor_status, - &mech->mech_type, - &internal_name); + + if (union_name == 0) { + /* + * If desired_name was NULL, then do an inquire + * credentials from the first mechanism that suceeds and + * use that as the union name. + * + * XXX status returns? + */ + status = mech->gss_inquire_cred(mech->context, &temp_minor_status, + creds_returned[j].cred, + &internal_name, 0, 0, 0); + status = __gss_convert_name_to_union_name(&temp_minor_status, + mech, internal_name, + (gss_name_t *) &union_name); + } else { + if (!union_name->mech_type) { + (void) __gss_release_internal_name(&temp_minor_status, + &mech->mech_type, + &internal_name); + } } } @@ -307,32 +326,44 @@ OM_uint32 * time_rec; * gss_inquire_name() is called, we must then call gss_import_name() * to get the internal name that is required at that point. */ - if (gss_display_name(&temp_minor_status, desired_name, - &creds->auxinfo.name, &creds->auxinfo.name_type) - != GSS_S_COMPLETE) { - - /* This really shouldn't ever fail, but just in case.... */ - - for (k=0; k < creds->count; k++) { - free(creds->mechs_array[k].elements); - if (actual_mechs) - free((*actual_mechs)->elements[k].elements); + if (desired_name) { + status = gss_display_name(&temp_minor_status, desired_name, + &creds->auxinfo.name, + &creds->auxinfo.name_type); + if (status) { + status = GSS_S_BAD_NAME; + goto error_out; } - - if (actual_mechs) { - free((*actual_mechs)->elements); - free(*actual_mechs); - *actual_mechs = GSS_C_NULL_OID_SET; + } else { + status = gss_display_name(&temp_minor_status, union_name, + &creds->auxinfo.name, + &creds->auxinfo.name_type); + if (status) { + status = GSS_S_BAD_NAME; + goto error_out; } - free(creds->cred_array); - free(creds->mechs_array); - free(creds); - - return(GSS_S_BAD_NAME); } *output_cred_handle = (gss_cred_id_t) creds; return(GSS_S_COMPLETE); + +error_out: + for (k=0; k < creds->count; k++) { + free(creds->mechs_array[k].elements); + if (actual_mechs) + free((*actual_mechs)->elements[k].elements); + } + + if (actual_mechs) { + free((*actual_mechs)->elements); + free(*actual_mechs); + *actual_mechs = GSS_C_NULL_OID_SET; + } + free(creds->cred_array); + free(creds->mechs_array); + free(creds); + + return(status); } /* V2 interface */ diff --git a/src/lib/gssapi/mechglue/g_exp_sec_context.c b/src/lib/gssapi/mechglue/g_exp_sec_context.c index adb1354b4..51ab428e6 100644 --- a/src/lib/gssapi/mechglue/g_exp_sec_context.c +++ b/src/lib/gssapi/mechglue/g_exp_sec_context.c @@ -29,6 +29,7 @@ #include "mglueP.h" #include +#include #ifdef HAVE_STDLIB_H #include #endif @@ -44,8 +45,11 @@ gss_buffer_t interprocess_token; { OM_uint32 status; + OM_uint32 length; gss_union_ctx_id_t ctx; gss_mechanism mech; + gss_buffer_desc token; + char *buf; gss_initialize(); @@ -59,20 +63,42 @@ gss_buffer_t interprocess_token; ctx = (gss_union_ctx_id_t) *context_handle; mech = __gss_get_mechanism (ctx->mech_type); + if (!mech) + return GSS_S_BAD_MECH; + if (!mech->gss_export_sec_context) + return GSS_S_BAD_BINDINGS; + + status = mech->gss_export_sec_context(mech->context, minor_status, + &ctx->internal_ctx_id, &token); + if (status != GSS_S_COMPLETE) + return (status); - if (mech) { + length = token.length + 4 + ctx->mech_type->length; + interprocess_token->length = length; + interprocess_token->value = malloc(length); + if (interprocess_token->value == 0) { + (void) gss_release_buffer(minor_status, &token); + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + buf = interprocess_token->value; + length = ctx->mech_type->length; + buf[3] = (unsigned char) (length & 0xFF); + length >>= 8; + buf[2] = (unsigned char) (length & 0xFF); + length >>= 8; + buf[1] = (unsigned char) (length & 0xFF); + length >>= 8; + buf[0] = (unsigned char) (length & 0xFF); + memcpy(buf+4, ctx->mech_type->elements, ctx->mech_type->length); + memcpy(buf+4+ctx->mech_type->length, token.value, token.length); - if (mech->gss_export_sec_context) - status = mech->gss_export_sec_context( - mech->context, - minor_status, - &ctx->internal_ctx_id, - interprocess_token); - else - status = GSS_S_BAD_BINDINGS; + (void) gss_release_buffer(minor_status, &token); - return(status); - } + free(ctx->mech_type->elements); + free(ctx->mech_type); + free(ctx); + *context_handle = 0; - return(GSS_S_NO_CONTEXT); + return(GSS_S_COMPLETE); } diff --git a/src/lib/gssapi/mechglue/g_imp_sec_context.c b/src/lib/gssapi/mechglue/g_imp_sec_context.c index c8d95f98b..177142b4e 100644 --- a/src/lib/gssapi/mechglue/g_imp_sec_context.c +++ b/src/lib/gssapi/mechglue/g_imp_sec_context.c @@ -29,6 +29,7 @@ #include "mglueP.h" #include +#include #ifdef HAVE_STDLIB_H #include #endif @@ -43,37 +44,80 @@ gss_buffer_t interprocess_token; gss_ctx_id_t * context_handle; { - OM_uint32 status; + OM_uint32 length, status; + char *p; gss_union_ctx_id_t ctx; + gss_buffer_desc token; gss_mechanism mech; gss_initialize(); - if (context_handle == NULL || *context_handle==GSS_C_NO_CONTEXT) - return GSS_S_NO_CONTEXT; + *minor_status = 0; + + if (interprocess_token->length == 0 || interprocess_token->value == 0) + return (GSS_S_DEFECTIVE_TOKEN); + + status = GSS_S_FAILURE; + + ctx = (gss_union_ctx_id_t) malloc(sizeof(gss_union_ctx_id_desc)); + if (!ctx) { + *minor_status = ENOMEM; + goto error_out; + } + ctx->mech_type = (gss_OID) malloc(sizeof(gss_OID_desc)); + if (!ctx->mech_type) { + *minor_status = ENOMEM; + goto error_out; + } + p = interprocess_token->value; + length = *p++; + length = (length << 8) + *p++; + length = (length << 8) + *p++; + length = (length << 8) + *p++; + + ctx->mech_type->length = length; + ctx->mech_type->elements = malloc((size_t) length); + if (!ctx->mech_type->elements) { + *minor_status = ENOMEM; + goto error_out; + } + memcpy(ctx->mech_type->elements, p, length); + p += length; + + token.length = interprocess_token->length - 4 - length; + token.value = p; /* * select the approprate underlying mechanism routine and * call it. */ - ctx = (gss_union_ctx_id_t) *context_handle; mech = __gss_get_mechanism (ctx->mech_type); + if (!mech) { + status = GSS_S_BAD_MECH; + goto error_out; + } + if (!mech->gss_import_sec_context) { + status = GSS_S_BAD_BINDINGS; + goto error_out; + } + + status = mech->gss_import_sec_context(mech->context, minor_status, + &token, &ctx->internal_ctx_id); - if (mech) { - - if (mech->gss_import_sec_context) - status = mech->gss_import_sec_context( - mech->context, - minor_status, - interprocess_token, - &ctx->internal_ctx_id); - - else - status = GSS_S_BAD_BINDINGS; - - return(status); + if (status == GSS_S_COMPLETE) { + *context_handle = ctx; + return (GSS_S_COMPLETE); } - return(GSS_S_NO_CONTEXT); +error_out: + if (ctx) { + if (ctx->mech_type) { + if (ctx->mech_type->elements) + free(ctx->mech_type->elements); + free(ctx->mech_type); + } + free(ctx); + } + return status; } diff --git a/src/lib/gssapi/mechglue/mglueP.h b/src/lib/gssapi/mechglue/mglueP.h index bd0fe68a5..60c94eefe 100644 --- a/src/lib/gssapi/mechglue/mglueP.h +++ b/src/lib/gssapi/mechglue/mglueP.h @@ -12,6 +12,10 @@ #include "mechglue.h" #include +#ifdef _MSDOS +#include +#endif + /* * Array of context IDs typed by mechanism OID */ -- 2.26.2