From d809d383f4d8eb3ee5e6d4dd0a828259f1f6c0d7 Mon Sep 17 00:00:00 2001 From: Ken Raeburn Date: Tue, 27 Jan 2004 06:41:26 +0000 Subject: [PATCH] need more testing support for MS This should allow use of the CFX_EXERCISE code to better check interoperability of MS and MIT code with regard to future extensibility. * init_sec_context.c (make_gss_checksum) [CFX_EXERCISE]: Don't crash on null pointer in debugging code. (new_connection): Disable CFX_EXERCISE unknown-token-id case detection. * accept_sec_context.c (krb5_gss_accept_sec_context) [CFX_EXERCISE]: Log to /tmp/gsslog whether delegation or extra option bytes were present. ticket: new target_version: 1.3.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15983 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/krb5/ChangeLog | 11 +++++++++ src/lib/gssapi/krb5/accept_sec_context.c | 30 +++++++++++++++++++++++- src/lib/gssapi/krb5/init_sec_context.c | 5 ++-- 3 files changed, 43 insertions(+), 3 deletions(-) diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index 669fbc25f..f29dfe00c 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,14 @@ +2004-01-27 Ken Raeburn + + * init_sec_context.c (make_gss_checksum) [CFX_EXERCISE]: Don't + crash on null pointer in debugging code. + (new_connection): Disable CFX_EXERCISE unknown-token-id case + detection. + + * accept_sec_context.c (krb5_gss_accept_sec_context) + [CFX_EXERCISE]: Log to /tmp/gsslog whether delegation or extra + option bytes were present. + 2004-01-05 Ken Raeburn * init_sec_context.c: Include auth_con.h if CFX_EXERCISE is diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index c27d82363..6ab291b1b 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -567,7 +567,35 @@ krb5_gss_accept_sec_context(minor_status, context_handle, } /* if i >= 4 */ /* ignore any additional trailing data, for now */ - } /* if */ +#ifdef CFX_EXERCISE + { + FILE *f = fopen("/tmp/gsslog", "a"); + if (f) { + fprintf(f, + "initial context token with delegation, %d extra bytes\n", + i); + fclose(f); + } + } +#endif + } else { +#ifdef CFX_EXERCISE + { + FILE *f = fopen("/tmp/gsslog", "a"); + if (f) { + if (gss_flags & GSS_C_DELEG_FLAG) + fprintf(f, + "initial context token, delegation flag but too small\n"); + else + /* no deleg flag, length might still be too big */ + fprintf(f, + "initial context token, %d extra bytes\n", + authdat->checksum->length - 24); + fclose(f); + } + } +#endif + } } /* create the ctx struct and start filling it in */ diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index 20d416fe3..2dd320cd8 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -194,7 +194,8 @@ make_gss_checksum (krb5_context context, krb5_auth_context auth_context, data->checksum_data.length = 24; } #ifdef CFX_EXERCISE - if (data->ctx->auth_context->keyblock->enctype == 18) { + if (data->ctx->auth_context->keyblock != NULL + && data->ctx->auth_context->keyblock->enctype == 18) { srand(time(0) ^ getpid()); /* Our ftp client code stupidly assumes a base64-encoded version of the token will fit in 10K, so don't make this @@ -477,7 +478,7 @@ new_connection( /* complain if the input token is non-null */ if (input_token != GSS_C_NO_BUFFER && input_token->length != 0) { -#ifdef CFX_EXERCISE +#if 0 /* def CFX_EXERCISE */ if (*context_handle != GSS_C_NO_CONTEXT && ((krb5_gss_ctx_id_t)*context_handle)->testing_unknown_tokid) { /* XXX Should check for a KRB_ERROR message that we can -- 2.26.2