From bbf8f5cba683498e1128bec71ee47b729da77157 Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Thu, 25 Jul 1996 06:09:57 +0000 Subject: [PATCH] init_sec_context.c (krb5_gss_init_sec_context): Fixed error checking so that if you pass a bad mechanism type, it *will* get flagged as an error. rel_oid.c (krb5_gss_release_oid): krb5_gss_glue.c(gss_release_oid): Re-enable function git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8813 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/krb5/ChangeLog | 9 +++++++++ src/lib/gssapi/krb5/Makefile.in | 8 +++++--- src/lib/gssapi/krb5/init_sec_context.c | 21 +++++++++++++++------ src/lib/gssapi/krb5/krb5_gss_glue.c | 2 -- src/lib/gssapi/krb5/rel_oid.c | 13 ++----------- 5 files changed, 31 insertions(+), 22 deletions(-) diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index 273469d76..c60a1efb5 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,9 @@ +Thu Jul 25 02:08:17 1996 Theodore Y. Ts'o + + * init_sec_context.c (krb5_gss_init_sec_context): Fixed error + checking so that if you pass a bad mechanism type, it + *will* get flagged as an error. + Wed Jul 24 22:54:37 1996 Ezra Peisach * acquire_cred.c (krb5_gss_acquire_cred): Initialize variable @@ -5,6 +11,9 @@ Wed Jul 24 22:54:37 1996 Ezra Peisach Wed Jul 24 19:40:55 1996 Theodore Y. Ts'o + * rel_oid.c (krb5_gss_release_oid): + * krb5_gss_glue.c(gss_release_oid): Re-enable function + * ser_sctx.c (kg_oid_externalize): Add proper return code * accept_sec_context.c (krb5_gss_accept_sec_context): diff --git a/src/lib/gssapi/krb5/Makefile.in b/src/lib/gssapi/krb5/Makefile.in index ae9c5cfea..32d1880eb 100644 --- a/src/lib/gssapi/krb5/Makefile.in +++ b/src/lib/gssapi/krb5/Makefile.in @@ -53,6 +53,7 @@ SRCS = \ $(srcdir)/krb5_gss_glue.c \ $(srcdir)/process_context_token.c \ $(srcdir)/rel_cred.c \ + $(srcdir)/rel_oid.c \ $(srcdir)/rel_name.c \ $(srcdir)/seal.c \ $(srcdir)/ser_sctx.c \ @@ -68,7 +69,6 @@ SRCS = \ # $(srcdir)/pname_to_uid.c \ # $(srcdir)/k5mech.c \ -# $(srcdir)/rel_oid.c OBJS = \ accept_sec_context.$(OBJEXT) \ @@ -93,6 +93,7 @@ OBJS = \ krb5_gss_glue.$(OBJEXT) \ process_context_token.$(OBJEXT) \ rel_cred.$(OBJEXT) \ + rel_oid.$(OBJEXT) \ rel_name.$(OBJEXT) \ seal.$(OBJEXT) \ ser_sctx.$(OBJEXT) \ @@ -108,7 +109,6 @@ OBJS = \ # k5mech.$(OBJEXT) \ # pname_to_uid.$(OBJEXT) \ -# rel_oid.$(OBJEXT) HDRS= $(ETHDRS) @@ -117,7 +117,9 @@ EXPORTED_HEADERS= gssapi_krb5.h all-unix:: $(SRCS) $(HDRS) includes $(OBJS) all-mac:: $(SRCS) $(HDRS) includes $(OBJS) -all-windows:: $(SRCS) $(HDRS) includes $(OBJS) +all-windows:: win-include $(SRCS) $(HDRS) $(OBJS) + +win-include:: if not exist $(EHDRDIR)\nul mkdir $(EHDRDIR) copy gssapi_krb5.h $(EHDRDIR) diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index e5cbcc4d0..f6f3fd25d 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -22,6 +22,7 @@ #include "gssapiP_krb5.h" #include +#include /* * $Id$ @@ -261,11 +262,19 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, /* verify the mech_type */ + err = 0; if (mech_type == GSS_C_NULL_OID) { mech_type = cred->rfc_mech?gss_mech_krb5:gss_mech_krb5_old; - } else if ((g_OID_equal(mech_type, gss_mech_krb5) && !cred->rfc_mech) || - (g_OID_equal(mech_type, gss_mech_krb5_old) && - !cred->prerfc_mech)) { + } else if (g_OID_equal(mech_type, gss_mech_krb5)) { + if (!cred->rfc_mech) + err = 1; + } else if (g_OID_equal(mech_type, gss_mech_krb5_old)) { + if (!cred->prerfc_mech) + err = 1; + } else + err = 1; + + if (err) { *minor_status = 0; return(GSS_S_BAD_MECH); } @@ -495,9 +504,9 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, ptr = (unsigned char *) input_token->value; - if (err = g_verify_token_header((gss_OID) mech_type, &(ap_rep.length), - &ptr, KG_TOK_CTX_AP_REP, - input_token->length)) { + if ((err = g_verify_token_header((gss_OID) mech_type, &(ap_rep.length), + &ptr, KG_TOK_CTX_AP_REP, + input_token->length))) { *minor_status = err; return(GSS_S_DEFECTIVE_TOKEN); } diff --git a/src/lib/gssapi/krb5/krb5_gss_glue.c b/src/lib/gssapi/krb5/krb5_gss_glue.c index f22e9d633..fe3b0208f 100644 --- a/src/lib/gssapi/krb5/krb5_gss_glue.c +++ b/src/lib/gssapi/krb5/krb5_gss_glue.c @@ -370,7 +370,6 @@ gss_release_buffer(minor_status, buffer) buffer)); } -#if 0 /* V2 */ OM_uint32 INTERFACE gss_release_oid(minor_status, oid) @@ -379,7 +378,6 @@ gss_release_oid(minor_status, oid) { return(krb5_gss_release_oid(minor_status, oid)); } -#endif OM_uint32 INTERFACE gss_release_oid_set(minor_status, set) diff --git a/src/lib/gssapi/krb5/rel_oid.c b/src/lib/gssapi/krb5/rel_oid.c index d5ec7bcc7..f35727e3f 100644 --- a/src/lib/gssapi/krb5/rel_oid.c +++ b/src/lib/gssapi/krb5/rel_oid.c @@ -27,11 +27,6 @@ */ #include "gssapiP_krb5.h" -#if 0 -/* - * Don't compile this, since nothing is actually using it. The - * mechanism glue layer will just use the internal release function. - */ OM_uint32 krb5_gss_release_oid(minor_status, oid) OM_uint32 *minor_status; @@ -46,8 +41,7 @@ krb5_gss_release_oid(minor_status, oid) * descriptor. This allows applications to freely mix their own heap- * allocated OID values with OIDs returned by GSS-API. */ - if (krb5_gss_internal_release_oid(NULL, minor_status, - oid) != GSS_S_COMPLETE) { + if (krb5_gss_internal_release_oid(minor_status, oid) != GSS_S_COMPLETE) { /* Pawn it off on the generic routine */ return(generic_gss_release_oid(minor_status, oid)); } @@ -57,16 +51,13 @@ krb5_gss_release_oid(minor_status, oid) return(GSS_S_COMPLETE); } } -#endif OM_uint32 -krb5_gss_internal_release_oid(ct, minor_status, oid) - void *ct; +krb5_gss_internal_release_oid(minor_status, oid) OM_uint32 *minor_status; gss_OID *oid; { - krb5_context context = ct; /* * This function only knows how to release internal OIDs. It will * return GSS_S_CONTINUE_NEEDED for any OIDs it does not recognize. -- 2.26.2