From eac86677d66fe140f7ca54205773c95687e4abe5 Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Wed, 11 Jun 1997 20:45:39 +0000 Subject: [PATCH] gss-server.c (server_establish_context): Rearrange server establish context loop to match with the draft-ietf-gssv2-cbind-04.txt suggestion --- always send the output token even in the case of an error, and call gss_delete_sec_context() if needed. gss-client.c (client_establish_context): Check for error condition after sending the output token, if present. In case of error, call delete_sec_context if necessary. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10096 dc483132-0cff-0310-8789-dd5450dbe970 --- src/appl/gss-sample/ChangeLog | 12 ++++++++++++ src/appl/gss-sample/gss-client.c | 20 ++++++++++++-------- src/appl/gss-sample/gss-server.c | 19 +++++++++++-------- 3 files changed, 35 insertions(+), 16 deletions(-) diff --git a/src/appl/gss-sample/ChangeLog b/src/appl/gss-sample/ChangeLog index 7cc938680..68aa4ab30 100644 --- a/src/appl/gss-sample/ChangeLog +++ b/src/appl/gss-sample/ChangeLog @@ -1,3 +1,15 @@ +Fri Jun 6 15:05:57 1997 Theodore Y. Ts'o + + * gss-server.c (server_establish_context): Rearrange server + establish context loop to match with the + draft-ietf-gssv2-cbind-04.txt suggestion --- always send + the output token even in the case of an error, and call + gss_delete_sec_context() if needed. + + * gss-client.c (client_establish_context): Check for error + condition after sending the output token, if present. In + case of error, call delete_sec_context if necessary. + Wed Feb 5 20:25:57 1997 Tom Yu * Makefile.in: diff --git a/src/appl/gss-sample/gss-client.c b/src/appl/gss-sample/gss-client.c index b91ea87aa..e0bca99c4 100644 --- a/src/appl/gss-sample/gss-client.c +++ b/src/appl/gss-sample/gss-client.c @@ -132,7 +132,7 @@ int client_establish_context(s, service_name, deleg_flag, oid, { gss_buffer_desc send_tok, recv_tok, *token_ptr; gss_name_t target_name; - OM_uint32 maj_stat, min_stat; + OM_uint32 maj_stat, min_stat, init_sec_min_stat; /* * Import the name into target_name. Use send_tok to save @@ -168,7 +168,7 @@ int client_establish_context(s, service_name, deleg_flag, oid, do { maj_stat = - gss_init_sec_context(&min_stat, + gss_init_sec_context(&init_sec_min_stat, GSS_C_NO_CREDENTIAL, gss_context, target_name, @@ -186,12 +186,6 @@ int client_establish_context(s, service_name, deleg_flag, oid, if (token_ptr != GSS_C_NO_BUFFER) (void) gss_release_buffer(&min_stat, &recv_tok); - if (maj_stat!=GSS_S_COMPLETE && maj_stat!=GSS_S_CONTINUE_NEEDED) { - display_status("initializing context", maj_stat, min_stat); - (void) gss_release_name(&min_stat, &target_name); - return -1; - } - if (send_tok.length != 0) { printf("Sending init_sec_context token (size=%d)...", send_tok.length); @@ -202,6 +196,16 @@ int client_establish_context(s, service_name, deleg_flag, oid, } } (void) gss_release_buffer(&min_stat, &send_tok); + + if (maj_stat!=GSS_S_COMPLETE && maj_stat!=GSS_S_CONTINUE_NEEDED) { + display_status("initializing context", maj_stat, + init_sec_min_stat); + (void) gss_release_name(&min_stat, &target_name); + if (*gss_context == GSS_C_NO_CONTEXT) + gss_delete_sec_context(&min_stat, gss_context, + GSS_C_NO_BUFFER); + return -1; + } if (maj_stat == GSS_S_CONTINUE_NEEDED) { printf("continue needed..."); diff --git a/src/appl/gss-sample/gss-server.c b/src/appl/gss-sample/gss-server.c index c2549e4b6..f195b45a0 100644 --- a/src/appl/gss-sample/gss-server.c +++ b/src/appl/gss-sample/gss-server.c @@ -137,7 +137,7 @@ int server_establish_context(s, server_creds, context, client_name, ret_flags) gss_buffer_desc send_tok, recv_tok; gss_name_t client; gss_OID doid; - OM_uint32 maj_stat, min_stat; + OM_uint32 maj_stat, min_stat, acc_sec_min_stat; gss_buffer_desc oid_name; *context = GSS_C_NO_CONTEXT; @@ -152,7 +152,7 @@ int server_establish_context(s, server_creds, context, client_name, ret_flags) } maj_stat = - gss_accept_sec_context(&min_stat, + gss_accept_sec_context(&acc_sec_min_stat, context, server_creds, &recv_tok, @@ -164,12 +164,6 @@ int server_establish_context(s, server_creds, context, client_name, ret_flags) NULL, /* ignore time_rec */ NULL); /* ignore del_cred_handle */ - if (maj_stat!=GSS_S_COMPLETE && maj_stat!=GSS_S_CONTINUE_NEEDED) { - display_status("accepting context", maj_stat, min_stat); - (void) gss_release_buffer(&min_stat, &recv_tok); - return -1; - } - (void) gss_release_buffer(&min_stat, &recv_tok); if (send_tok.length != 0) { @@ -186,6 +180,15 @@ int server_establish_context(s, server_creds, context, client_name, ret_flags) (void) gss_release_buffer(&min_stat, &send_tok); } + if (maj_stat!=GSS_S_COMPLETE && maj_stat!=GSS_S_CONTINUE_NEEDED) { + display_status("accepting context", maj_stat, + acc_sec_min_stat); + if (*context == GSS_C_NO_CONTEXT) + gss_delete_sec_context(&min_stat, context, + GSS_C_NO_BUFFER); + return -1; + } + if (verbose && log) { if (maj_stat == GSS_S_CONTINUE_NEEDED) fprintf(log, "continue needed...\n"); -- 2.26.2