From cae1d5bec69d569c8f6e9e51001cdb20e81ef7ee Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Tue, 4 Jun 1991 13:20:10 +0000 Subject: [PATCH] Misc. fixes git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2147 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/ac_cred.c | 6 ++-- src/lib/gssapi/acc_sec.c | 68 +++++++++++++++++++++----------------- src/lib/gssapi/check_tok.c | 23 +++++++------ src/lib/gssapi/dsp_name.c | 9 +++-- src/lib/gssapi/gssapi.h | 67 ++++++++++++++++++++++++++++--------- src/lib/gssapi/imp_name.c | 10 +++--- src/lib/gssapi/ind_mechs.c | 2 +- src/lib/gssapi/init_sec.c | 55 +++++++++++++++--------------- src/lib/gssapi/make_tok.c | 10 +++--- src/lib/gssapi/rel_cred.c | 2 +- src/lib/gssapi/seal.c | 14 ++++---- src/lib/gssapi/unseal.c | 16 +++++---- 12 files changed, 168 insertions(+), 114 deletions(-) diff --git a/src/lib/gssapi/ac_cred.c b/src/lib/gssapi/ac_cred.c index 38102630c..21f532b86 100644 --- a/src/lib/gssapi/ac_cred.c +++ b/src/lib/gssapi/ac_cred.c @@ -66,7 +66,7 @@ OM_uint32 gss_acquire_cred(minor_status, desired_name, time_req, * Should we return failure here? */ if (!do_kerberos) - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); output_cred_handle->cred_flags = 0; /* @@ -78,7 +78,7 @@ OM_uint32 gss_acquire_cred(minor_status, desired_name, time_req, */ if (*minor_status = krb5_copy_principal(desired_name, &output_cred_handle->principal)) { - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); } if (gss_krb5_fetchfrom) { /* use the named keytab */ @@ -117,7 +117,7 @@ OM_uint32 gss_acquire_cred(minor_status, desired_name, time_req, if (!(set = (gss_OID_set) malloc (sizeof(struct gss_OID_set_desc)))) { *minor_status = ENOMEM; - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); } set->count = 1; set->elements = &gss_OID_krb5; diff --git a/src/lib/gssapi/acc_sec.c b/src/lib/gssapi/acc_sec.c index 0cf361dea..0c227bcae 100644 --- a/src/lib/gssapi/acc_sec.c +++ b/src/lib/gssapi/acc_sec.c @@ -30,11 +30,14 @@ extern krb5_flags krb5_kdc_default_options; * forth. */ -static krb5_error_code gss_krb5_keyproc(cred_handle, principal, vno, key) - krb5_pointer cred_handle; - krb5_principal principal; - krb5_kvno vno; - krb5_keyblock **key; +static krb5_error_code gss_krb5_keyproc(DECLARG(krb5_pointer, cred_handle), + DECLARG(krb5_principal, principal), + DECLARG(krb5_kvno, vno), + DECLARG(krb5_keyblock **, key)) +OLDDECLARG(krb5_pointer, cred_handle) +OLDDECLARG(krb5_principal, principal) +OLDDECLARG(krb5_kvno, vno) +OLDDECLARG(krb5_keyblock **, key) { gss_cred_id_t *creds; @@ -91,16 +94,17 @@ OM_uint32 gss_accept_sec_context(minor_status, context_handle, return(retval); inbuf.length = input_token->length-5; inbuf.data = ( (char *) input_token->value)+5; - sender_addr.addrtype = channel.sender_addrtype; - sender_addr.length = channel.sender_address.length; - sender_addr.contents = channel.sender_address.value; + sender_addr.addrtype = channel->initiator_addrtype; + sender_addr.length = channel->initiator_address.length; + sender_addr.contents = (krb5_octet *) + channel->initiator_address.value; server = verifier_cred_handle.principal; /* * Setup the replay cache. */ if (*minor_status = krb5_get_server_rcache(server[1]->data, &rcache)) - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); /* * Now let's rip apart the packet */ @@ -108,42 +112,44 @@ OM_uint32 gss_accept_sec_context(minor_status, context_handle, 0, gss_krb5_keyproc, &verifier_cred_handle, rcache, &authdat)) - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); if (*minor_status = krb5_rc_close(rcache)) - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); /* * Allocate the context handle structure */ - if (!(context = malloc(sizeof(struct gss_ctx_id_desc)))) { + if (!(context = (gss_ctx_id_t) + malloc(sizeof(struct gss_ctx_id_desc)))) { *minor_status = ENOMEM; - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); } context->mech_type = &gss_OID_krb5; context->flags = 0; context->state = GSS_KRB_STATE_DOWN; context->am_client = 0; + context->rcache = NULL; - context->my_address.addrtype = channel.sender_addrtype; - context->my_address.length = channel.sender_address.length; - if (!(context->my_address.contents = + context->my_address.addrtype = channel->initiator_addrtype; + context->my_address.length = channel->initiator_address.length; + if (!(context->my_address.contents = (krb5_octet *) malloc(context->my_address.length))) { xfree(context); - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); } memcpy((char *) context->my_address.contents, - (char *) channel.sender_address.value, + (char *) channel->initiator_address.value, context->my_address.length); - context->his_address.addrtype = channel.receiver_addrtype; - context->his_address.length = channel.receiver_address.length; - if (!(context->his_address.contents = + context->his_address.addrtype = channel->acceptor_addrtype; + context->his_address.length = channel->acceptor_address.length; + if (!(context->his_address.contents = (krb5_octet *) malloc(context->my_address.length))) { xfree(context->my_address.contents); xfree(context); - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); } memcpy((char *) context->his_address.contents, - (char *) channel.receiver_address.value, + (char *) channel->acceptor_address.value, context->his_address.length); /* @@ -162,7 +168,7 @@ OM_uint32 gss_accept_sec_context(minor_status, context_handle, xfree(context->my_address.contents); xfree(context); krb5_free_tkt_authent(authdat); - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); } repl.ctime = authdat->authenticator->ctime; @@ -178,7 +184,7 @@ OM_uint32 gss_accept_sec_context(minor_status, context_handle, xfree(context->my_address.contents); xfree(context); krb5_free_tkt_authent(authdat); - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); } if (*minor_status = gss_make_token(minor_status, GSS_API_KRB5_TYPE, @@ -191,7 +197,7 @@ OM_uint32 gss_accept_sec_context(minor_status, context_handle, xfree(context); xfree(outbuf.data); krb5_free_tkt_authent(authdat); - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); } } @@ -204,7 +210,7 @@ OM_uint32 gss_accept_sec_context(minor_status, context_handle, xfree(context->his_address.contents); xfree(context->my_address.contents); xfree(context); - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); } if (*minor_status = krb5_copy_principal(authdat->authenticator->client, @@ -213,7 +219,7 @@ OM_uint32 gss_accept_sec_context(minor_status, context_handle, xfree(context->his_address.contents); xfree(context->my_address.contents); xfree(context); - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); } if (*minor_status = krb5_copy_keyblock(authdat->ticket->enc_part2->session, @@ -223,7 +229,7 @@ OM_uint32 gss_accept_sec_context(minor_status, context_handle, xfree(context->his_address.contents); xfree(context->my_address.contents); xfree(context); - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); } context->his_seq_num = authdat->authenticator->seq_number; context->cusec = authdat->authenticator->cusec; @@ -245,7 +251,7 @@ OM_uint32 gss_accept_sec_context(minor_status, context_handle, xfree(context->his_address.contents); xfree(context->my_address.contents); xfree(context); - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); } } if (mech_type) @@ -258,7 +264,7 @@ OM_uint32 gss_accept_sec_context(minor_status, context_handle, /* * Context is non-null, this is the second time through.... */ - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); } } diff --git a/src/lib/gssapi/check_tok.c b/src/lib/gssapi/check_tok.c index 24073490a..27d6899e7 100644 --- a/src/lib/gssapi/check_tok.c +++ b/src/lib/gssapi/check_tok.c @@ -16,32 +16,35 @@ #include -OM_uint32 gss_check_token(minor_status, input_token, mechanism, type) - OM_uint32 *minor_status; - gss_buffer_t input_token; - unsigned char mechanism; - unsigned char type; +OM_uint32 gss_check_token(DECLARG(OM_uint32 *, minor_status), + DECLARG(gss_buffer_t, input_token), + DECLARG(unsigned int, mechanism), + DECLARG(unsigned int, type)) +OLDDECLARG(OM_uint32 *, minor_status) +OLDDECLARG(gss_buffer_t, input_token) +OLDDECLARG(unsigned int, mechanism) +OLDDECLARG(unsigned int, type) { char *buf; *minor_status = 0; if (!input_token) - return(gss_make_ce(GSS_CE_CALL_INACCESSIBLE_READ)); + return(GSS_S_CALL_INACCESSIBLE_READ); if (input_token->length < 4) - return(gss_make_re(GSS_RE_DEFECTIVE_TOKEN)); + return(GSS_S_DEFECTIVE_TOKEN); buf = input_token->value; if (buf[0] != GSS_API_IMPL_VERSION) - return(gss_make_re(GSS_RE_DEFECTIVE_TOKEN)); + return(GSS_S_DEFECTIVE_TOKEN); if (mechanism && (mechanism != buf[1])) - return(gss_make_re(GSS_RE_BAD_MECH)); + return(GSS_S_BAD_MECH); if (type && (type != buf[2])) - return(gss_make_re(GSS_RE_FAILURE) | GSS_SS_UNSEQ_TOKEN); + return(GSS_S_FAILURE | GSS_S_UNSEQ_TOKEN); return(GSS_S_COMPLETE); } diff --git a/src/lib/gssapi/dsp_name.c b/src/lib/gssapi/dsp_name.c index cdce73751..fa763bfb6 100644 --- a/src/lib/gssapi/dsp_name.c +++ b/src/lib/gssapi/dsp_name.c @@ -15,16 +15,21 @@ #include -OM_uint32 gss_display_name(minor_status, input_name, output_name_buffer) +OM_uint32 gss_display_name(minor_status, input_name, output_name_buffer, + output_name_type) OM_uint32 *minor_status; gss_name_t input_name; gss_buffer_t output_name_buffer; + gss_OID *output_name_type; { char *str; if (*minor_status = krb5_unparse_name(input_name, &str)) - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); output_name_buffer->value = str; output_name_buffer->length = strlen(str); + if (output_name_type) + *output_name_type = &gss_OID_krb5; + return(GSS_S_COMPLETE); } diff --git a/src/lib/gssapi/gssapi.h b/src/lib/gssapi/gssapi.h index 929ea3b78..d0351aa25 100644 --- a/src/lib/gssapi/gssapi.h +++ b/src/lib/gssapi/gssapi.h @@ -9,12 +9,21 @@ #include #include +/* + * Some compilers can't handle void * + */ +#ifdef __STDC__ +#define Voidptr void * +#else +#define Voidptr char * +#endif + typedef unsigned int OM_uint32; typedef unsigned short OM_uint16; typedef struct gss_buffer_desc_struct { size_t length; - void *value; + Voidptr value; } gss_buffer_desc, *gss_buffer_t; typedef struct gss_OID_desc { @@ -45,19 +54,19 @@ typedef struct gss_ctx_id_desc { } *gss_ctx_id_t; /* structure for address */ -typedef struct channel_bindings_struct { - OM_uint32 sender_addrtype; - gss_buffer_desc sender_address; - OM_uint32 receiver_addrtype; - gss_buffer_desc receiver_address; - gss_buffer_desc appl_specific; -} gss_channel_bindings; - -#define GSS_ADDRTYPE_INET 0x0002 -#define GSS_ADDRTYPE_CHAOS 0x0005 -#define GSS_ADDRTYPE_XNS 0x0006 -#define GSS_ADDRTYPE_ISO 0x0007 -#define GSS_ADDRTYPE_DDP 0x0010 +typedef struct gss_channel_bindings_desc { + OM_uint32 initiator_addrtype; + gss_buffer_desc initiator_address; + OM_uint32 acceptor_addrtype; + gss_buffer_desc acceptor_address; + gss_buffer_desc application_data; +} *gss_channel_bindings; + +#define GSS_C_AF_INET 0x0002 +#define GSS_C_AF_CHAOS 0x0005 +#define GSS_C_AF_XNS 0x0006 +#define GSS_C_AF_ISO 0x0007 +#define GSS_C_AF_DDP 0x0010 #define GSS_KRB_STATE_DOWN 1 #define GSS_KRB_STATE_MUTWAIT 2 @@ -88,6 +97,8 @@ typedef struct gss_cred_id_desc { #define GSS_C_NULL_OID_SET ((gss_OID_set) 0) #define GSS_C_NO_CREDENTIAL (gss_default_credentials) +extern gss_cred_id_t gss_default_credentials; + /* * Indefinite time */ @@ -158,6 +169,13 @@ typedef struct gss_cred_id_desc { #define gss_routine_error(r) ((r) & 0x00ff0000) #define gss_supplementary_info(r) ((r) & 0x0000ffff) +/* + * gss_acquire_cred --- cred_usage values + */ +#define GSS_C_INITIATE 0x0001 +#define GSS_C_ACCEPT 0x0002 +#define GSS_C_BOTH 0x0003 + /* * gss_init_sec_context flags */ @@ -172,12 +190,28 @@ typedef struct gss_cred_id_desc { */ #define GSS_C_QOP_DEFAULT 0 +/* + * Values for gss_display_status + */ +#define GSS_C_GSS_CODE 1 +#define GSS_C_MECH_CODE 2 + /* * OID declarations */ extern struct gss_OID_desc gss_OID_krb5; extern struct gss_OID_desc gss_OID_krb5_name; +/* + * XXX Stuff to make Kannan's flogin stuff happy. + */ +#define GSS_C_MAX_TOKEN 1024 +#define GSS_C_MAX_PRINTABLE_NAME 1024 + +#define GSS_C_READ (1 << 0) +#define GSS_C_WRITE (1 << 1) +#define GSS_C_EXECUTE (1 << 2) + /* * Function declaragions, generated by mkptypes */ @@ -223,7 +257,8 @@ int gss_compare_OID PROTOTYPE((gss_OID oid1, /* dsp_name.c */ OM_uint32 gss_display_name PROTOTYPE((OM_uint32 *minor_status, gss_name_t input_name, - gss_buffer_t output_name_buffer)); + gss_buffer_t output_name_buffer, + gss_OID *output_name_type)); /* imp_name.c */ OM_uint32 gss_import_name PROTOTYPE((OM_uint32 *minor_status, @@ -258,7 +293,7 @@ OM_uint32 gss_make_token PROTOTYPE((OM_uint32 *minor_status, unsigned int mechanism, unsigned int type, size_t length, - void *data, + Voidptr data, gss_buffer_t output_token)); /* rel_buffer.c */ diff --git a/src/lib/gssapi/imp_name.c b/src/lib/gssapi/imp_name.c index 62a243371..755526f7c 100644 --- a/src/lib/gssapi/imp_name.c +++ b/src/lib/gssapi/imp_name.c @@ -39,14 +39,14 @@ OM_uint32 gss_import_name(minor_status, input_name_buffer, input_name_type, } if (*minor_status = krb5_parse_name(input_name_buffer->value, output_name)) - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); else return(GSS_S_COMPLETE); } /* * It's of an unknown type. We don't know how to deal. */ - return(gss_make_re(GSS_RE_BAD_NAMETYPE)); + return(GSS_S_BAD_NAMETYPE); } @@ -62,7 +62,7 @@ OM_uint32 gss_service_import_name(minor_status, input_name_buffer, output_name) if (!(str = malloc(input_name_buffer->length+1))) { *minor_status = ENOMEM; - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); } memcpy(str, input_name_buffer->value, input_name_buffer->length); str[input_name_buffer->length] = '\0'; @@ -73,7 +73,7 @@ OM_uint32 gss_service_import_name(minor_status, input_name_buffer, output_name) service = cp = str + 8; if (!(cp = index(cp, '@'))) { free(str); - return(gss_make_re(GSS_RE_BAD_NAME)); + return(GSS_S_BAD_NAME); } *cp++ = 0; host = cp; @@ -85,7 +85,7 @@ OM_uint32 gss_service_import_name(minor_status, input_name_buffer, output_name) sprintf(buf, "%s/%s", kservice, host); if (*minor_status = krb5_parse_name(buf, output_name)) - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); else return(GSS_S_COMPLETE); } diff --git a/src/lib/gssapi/ind_mechs.c b/src/lib/gssapi/ind_mechs.c index be9ba63eb..ffd4ea0d0 100644 --- a/src/lib/gssapi/ind_mechs.c +++ b/src/lib/gssapi/ind_mechs.c @@ -27,7 +27,7 @@ OM_uint32 gss_indicate_mechs(minor_status, mech_set) *minor_status = 0; if (!(set = (gss_OID_set) malloc (sizeof(struct gss_OID_set_desc)))) { *minor_status = ENOMEM; - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); } set->count = 1; set->elements = &gss_OID_krb5; diff --git a/src/lib/gssapi/init_sec.c b/src/lib/gssapi/init_sec.c index a4f03c527..c7b4042c6 100644 --- a/src/lib/gssapi/init_sec.c +++ b/src/lib/gssapi/init_sec.c @@ -76,7 +76,7 @@ OM_uint32 gss_init_sec_context(minor_status, claimant_cred_handle, */ if ((mech_type != GSS_C_NULL_OID) && !gss_compare_OID(mech_type, &gss_OID_krb5)) { - return(gss_make_re(GSS_RE_BAD_MECH)); + return(GSS_S_BAD_MECH); } if (actual_mech_type) *actual_mech_type = &gss_OID_krb5; @@ -98,20 +98,21 @@ OM_uint32 gss_init_sec_context(minor_status, claimant_cred_handle, * fill in with defaults. */ if (*minor_status = krb5_cc_default(&ccache)) { - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); } claimant_cred_handle.ccache = ccache; if (*minor_status = krb5_cc_get_principal(ccache, &claimant_cred_handle.principal)) - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); } /* * Allocate the context handle structure */ - if (!(context = malloc(sizeof(struct gss_ctx_id_desc)))) { + if (!(context = (gss_ctx_id_t) + malloc(sizeof(struct gss_ctx_id_desc)))) { *minor_status = ENOMEM; - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); } context->mech_type = &gss_OID_krb5; context->state = GSS_KRB_STATE_DOWN; @@ -121,34 +122,35 @@ OM_uint32 gss_init_sec_context(minor_status, claimant_cred_handle, if (*minor_status = krb5_copy_principal(claimant_cred_handle.principal, &context->me)) - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); if (*minor_status = krb5_copy_principal(target_name, &context->him)) - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); context->flags = req_flags | GSS_C_CONF_FLAG;; context->am_client = 1; context->session_key = NULL; - context->my_address.addrtype = channel.sender_addrtype; - context->my_address.length = channel.sender_address.length; - if (!(context->my_address.contents = + context->rcache = NULL; + context->my_address.addrtype = channel->initiator_addrtype; + context->my_address.length = channel->initiator_address.length; + if (!(context->my_address.contents = (krb5_octet *) malloc(context->my_address.length))) { xfree(context); - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); } memcpy((char *) context->my_address.contents, - (char *) channel.sender_address.value, + (char *) channel->initiator_address.value, context->my_address.length); - context->his_address.addrtype = channel.receiver_addrtype; - context->his_address.length = channel.receiver_address.length; - if (!(context->his_address.contents = + context->his_address.addrtype = channel->acceptor_addrtype; + context->his_address.length = channel->acceptor_address.length; + if (!(context->his_address.contents = (krb5_octet *) malloc(context->my_address.length))) { xfree(context->my_address.contents); xfree(context); - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); } memcpy((char *) context->his_address.contents, - (char *) channel.receiver_address.value, + (char *) channel->acceptor_address.value, context->his_address.length); /* * Generate a random sequence number @@ -159,7 +161,7 @@ OM_uint32 gss_init_sec_context(minor_status, claimant_cred_handle, xfree(context->his_address.contents); xfree(context->my_address.contents); free((char *)context); - return(make_gss_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); } context->his_seq_num = 0; /* @@ -178,7 +180,7 @@ OM_uint32 gss_init_sec_context(minor_status, claimant_cred_handle, &creds)) { krb5_free_cred_contents(&creds); free((char *)context); - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); } /* * Setup the ap_req_options @@ -190,7 +192,6 @@ OM_uint32 gss_init_sec_context(minor_status, claimant_cred_handle, * OK, get the authentication header! */ if (*minor_status = krb5_mk_req_extended(ap_req_options, 0, - &creds.times, kdc_options, context->my_seq_num, 0, ccache, &creds, &authent, @@ -198,7 +199,7 @@ OM_uint32 gss_init_sec_context(minor_status, claimant_cred_handle, memset((char *)&authent, 0, sizeof(authent)); krb5_free_cred_contents(&creds); free((char *)context); - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); } context->cusec = authent.cusec; context->ctime = authent.ctime; @@ -210,7 +211,7 @@ OM_uint32 gss_init_sec_context(minor_status, claimant_cred_handle, xfree(outbuf.data); krb5_free_cred_contents(&creds); free((char *)context); - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); } if (*minor_status = gss_make_token(minor_status, @@ -222,7 +223,7 @@ OM_uint32 gss_init_sec_context(minor_status, claimant_cred_handle, xfree(outbuf.data); krb5_free_cred_contents(&creds); free((char *) context); - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); } /* * Send over the requested flags information @@ -241,7 +242,7 @@ OM_uint32 gss_init_sec_context(minor_status, claimant_cred_handle, krb5_free_cred_contents(&creds); if (ap_req_options & AP_OPTS_MUTUAL_REQUIRED) { context->state = GSS_KRB_STATE_MUTWAIT; - return(GSS_SS_CONTINUE_NEEDED); + return(GSS_S_CONTINUE_NEEDED); } else { context->state = GSS_KRB_STATE_UP; return(GSS_S_COMPLETE); @@ -251,7 +252,7 @@ OM_uint32 gss_init_sec_context(minor_status, claimant_cred_handle, context = *context_handle; if (context->state != GSS_KRB_STATE_MUTWAIT) - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); if (retval = gss_check_token(minor_status, input_token, GSS_API_KRB5_TYPE, GSS_API_KRB5_REP)) @@ -261,11 +262,11 @@ OM_uint32 gss_init_sec_context(minor_status, claimant_cred_handle, if (*minor_status = krb5_rd_rep(&inbuf, context->session_key, &repl)) - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); if ((repl->ctime != context->ctime) || (repl->cusec != context->cusec)) { *minor_status = KRB5_SENDAUTH_MUTUAL_FAILED; - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); } context->his_seq_num = repl->seq_number; context->state = GSS_KRB_STATE_UP; diff --git a/src/lib/gssapi/make_tok.c b/src/lib/gssapi/make_tok.c index 97a46bebb..b5fbbd3fe 100644 --- a/src/lib/gssapi/make_tok.c +++ b/src/lib/gssapi/make_tok.c @@ -18,10 +18,10 @@ OM_uint32 gss_make_token(minor_status, mechanism, type, length, data, output_token) OM_uint32 *minor_status; - unsigned char mechanism; - unsigned char type; + unsigned int mechanism; + unsigned int type; size_t length; - void *data; + Voidptr data; gss_buffer_t output_token; { char *buf; @@ -36,9 +36,9 @@ OM_uint32 gss_make_token(minor_status, mechanism, type, length, data, offset++; if (!(buf = malloc(length+offset))) { *minor_status = ENOMEM; - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); } - output_token->value = buf; + output_token->value = (Voidptr) buf; output_token->length = length+4; buf[0] = GSS_API_IMPL_VERSION; buf[1] = mechanism; /* Authentication mechanism */ diff --git a/src/lib/gssapi/rel_cred.c b/src/lib/gssapi/rel_cred.c index e2f09d17d..c118deaa3 100644 --- a/src/lib/gssapi/rel_cred.c +++ b/src/lib/gssapi/rel_cred.c @@ -21,7 +21,7 @@ OM_uint32 gss_release_cred(minor_status, cred_handle) { krb5_free_principal(cred_handle->principal); if (*minor_status = krb5_cc_close(cred_handle->ccache)) - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); xfree(cred_handle->srvtab.contents); return(GSS_S_COMPLETE); } diff --git a/src/lib/gssapi/seal.c b/src/lib/gssapi/seal.c index d6e78e946..0b76c761d 100644 --- a/src/lib/gssapi/seal.c +++ b/src/lib/gssapi/seal.c @@ -45,7 +45,7 @@ OM_uint32 gss_seal(minor_status, context, conf_req_flag, qop_req, krb5_keytype_array[context->session_key->keytype]-> system->block_length; if (!(i_vector=malloc(eblock_size))) { - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); } memset(i_vector, 0, eblock_size); if (*minor_status = krb5_mk_priv(&inbuf, ETYPE_DES_CBC_CRC, @@ -57,7 +57,7 @@ OM_uint32 gss_seal(minor_status, context, conf_req_flag, qop_req, 0, /* no rcache */ i_vector, &outbuf)) - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); if (*minor_status = gss_make_token(minor_status, GSS_API_KRB5_TYPE, GSS_API_KRB5_PRIV, @@ -65,7 +65,7 @@ OM_uint32 gss_seal(minor_status, context, conf_req_flag, qop_req, outbuf.data, output_message_buffer)) { xfree(outbuf.data); - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); } if (conf_state) *conf_state = 1; @@ -86,7 +86,7 @@ OM_uint32 gss_seal(minor_status, context, conf_req_flag, qop_req, safe_flags, 0, /* no rcache */ &outbuf)) - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); if (*minor_status = gss_make_token(minor_status, GSS_API_KRB5_TYPE, GSS_API_KRB5_SAFE, @@ -94,7 +94,7 @@ OM_uint32 gss_seal(minor_status, context, conf_req_flag, qop_req, outbuf.data, output_message_buffer)) { xfree(outbuf.data); - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); } if (conf_state) *conf_state = 0; @@ -103,7 +103,8 @@ OM_uint32 gss_seal(minor_status, context, conf_req_flag, qop_req, return(GSS_S_COMPLETE); } } - + +#ifdef notdef /* * XXX This is done inefficiently; the token in gss_sign does not need * to include the text of the data, just a cryptographic checksum to @@ -125,3 +126,4 @@ OM_uint32 gss_sign(minor_status, context, qop_req, input_message_buffer, NULL, output_message_buffer)); } +#endif diff --git a/src/lib/gssapi/unseal.c b/src/lib/gssapi/unseal.c index fc51e551b..311c06402 100644 --- a/src/lib/gssapi/unseal.c +++ b/src/lib/gssapi/unseal.c @@ -33,10 +33,10 @@ OM_uint32 gss_unseal(minor_status, context, input_message_buffer, if (retval = gss_check_token(minor_status, input_message_buffer, GSS_API_KRB5_TYPE, 0)) return(retval); - token_type = ((char *) input_message_buffer->value)[4]; + token_type = ((char *) input_message_buffer->value)[2]; if ((token_type != GSS_API_KRB5_SAFE) && (token_type != GSS_API_KRB5_PRIV)) - return(gss_make_re(GSS_RE_DEFECTIVE_TOKEN)); + return(GSS_S_DEFECTIVE_TOKEN); inbuf.length = input_message_buffer->length-4; inbuf.data = ( (char *) input_message_buffer->value)+4; if (token_type == GSS_API_KRB5_PRIV) { @@ -53,7 +53,7 @@ OM_uint32 gss_unseal(minor_status, context, input_message_buffer, krb5_keytype_array[context->session_key->keytype]-> system->block_length; if (!(i_vector=malloc(eblock_size))) { - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); } memset(i_vector, 0, eblock_size); if (*minor_status = krb5_rd_priv(&inbuf, @@ -65,7 +65,7 @@ OM_uint32 gss_unseal(minor_status, context, input_message_buffer, i_vector, 0, /* no rcache */ &outbuf)) - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); if (conf_state) *conf_state = 1; } else { @@ -81,7 +81,7 @@ OM_uint32 gss_unseal(minor_status, context, input_message_buffer, safe_flags, 0, /* no rcache */ &outbuf)) - return(gss_make_re(GSS_RE_FAILURE)); + return(GSS_S_FAILURE); if (conf_state) *conf_state = 0; } @@ -92,6 +92,7 @@ OM_uint32 gss_unseal(minor_status, context, input_message_buffer, return(GSS_S_COMPLETE); } +#ifdef notdef OM_uint32 gss_verify(minor_status, context, message_buffer, token_buffer, qop_state) OM_uint32 *minor_status; @@ -109,12 +110,13 @@ OM_uint32 gss_verify(minor_status, context, message_buffer, output_message_buffer, NULL, qop_state)) return(retval); if (token_buffer->length != output_message_buffer->length) - ret = gss_make_re(GSS_RE_BAD_SIG); + ret = GSS_S_BAD_SIG; else if (!memcmp(token_buffer->value, output_message_buffer->value, token_buffer->length)) - ret = gss_make_re(GSS_RE_BAD_SIG); + ret = GSS_S_BAD_SIG; if (retval = gss_release_buffer(minor_status, output_message_buffer)) return(retval); return(ret); } +#endif -- 2.26.2