accept_sec_context.c (krb5_gss_accept_sec_context): Will now obtain
authorTheodore Tso <tytso@mit.edu>
Sat, 24 Jan 1998 03:12:04 +0000 (03:12 +0000)
committerTheodore Tso <tytso@mit.edu>
Sat, 24 Jan 1998 03:12:04 +0000 (03:12 +0000)
default credentials if no credentials are given.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10375 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/gssapi/krb5/ChangeLog
src/lib/gssapi/krb5/accept_sec_context.c

index 0e4650f08695a9442424538a48768d7d1b91030f..df0c1fe5ea46d8c3f87090545cf076c51f49d2c6 100644 (file)
@@ -1,3 +1,8 @@
+Fri Jun 27 08:37:11 1997  Theodore Ts'o  <tytso@rsts-11.mit.edu>
+
+       * accept_sec_context.c (krb5_gss_accept_sec_context): Will now
+               obtain default credentials if no credentials are given.
+
 Wed Dec  3 02:16:18 1997  Theodore Y. Ts'o  <tytso@mit.edu>
 
        * init_sec_context.c (make_ap_req): Enforce a stricter requirement
index e3cf97257102cd2876f51d8767b4d65e78da90ee..b9f614cf609f4a638ae7f9a2c0db927a3c2f1d53 100644 (file)
@@ -175,6 +175,7 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
    OM_uint32 major_status = GSS_S_FAILURE;
    krb5_error krb_error_data;
    krb5_data scratch;
+   gss_cred_id_t cred_handle = NULL;
    krb5_gss_cred_id_t deleg_cred = NULL;
 
    if (GSS_ERROR(kg_get_context(minor_status, &context)))
@@ -206,28 +207,30 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
       return(GSS_S_FAILURE);
    }
 
-   /* validate the cred handle - no default */
-
-   /*SUPPRESS 29*/
+   /* handle default cred handle */
    if (verifier_cred_handle == GSS_C_NO_CREDENTIAL) {
-      *minor_status = 0;
-      return(GSS_S_NO_CRED);
-   } else {
-      OM_uint32 major;
-          
-      major = krb5_gss_validate_cred(minor_status, verifier_cred_handle);
-      if (GSS_ERROR(major))
-         return(major);
-   }
+          major_status = krb5_gss_acquire_cred(&code, GSS_C_NO_NAME,
+                               GSS_C_INDEFINITE, GSS_C_NO_OID_SET,
+                               GSS_C_ACCEPT, &cred_handle,
+                               NULL, NULL);
+          if (major_status != GSS_S_COMPLETE)
+                  goto fail;
+   } else
+          cred_handle = verifier_cred_handle;
+
+   major_status = krb5_gss_validate_cred(minor_status, verifier_cred_handle);
+   if (GSS_ERROR(major_status))
+          goto fail;
 
-   cred = (krb5_gss_cred_id_t) verifier_cred_handle;
+   cred = (krb5_gss_cred_id_t) cred_handle;
 
    /* make sure the supplied credentials are valid for accept */
 
    if ((cred->usage != GSS_C_ACCEPT) &&
        (cred->usage != GSS_C_BOTH)) {
-      *minor_status = 0;
-      return(GSS_S_NO_CRED);
+          code = 0;
+          major_status = GSS_S_NO_CRED;
+          goto fail;
    }
 
    /* verify the token's integrity, and leave the token in ap_req.
@@ -246,24 +249,26 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
         * old behavior.
         */
        if (err != G_WRONG_MECH ||
-           (err = g_verify_token_header((gss_OID) gss_mech_krb5_old,
-                                        &(ap_req.length), 
-                                        &ptr, KG_TOK_CTX_AP_REQ,
-                                        input_token->length))) {
-            *minor_status = err;
-            return(GSS_S_DEFECTIVE_TOKEN);
+           (code = g_verify_token_header((gss_OID) gss_mech_krb5_old,
+                                         &(ap_req.length), 
+                                         &ptr, KG_TOK_CTX_AP_REQ,
+                                         input_token->length))) {
+               major_status = GSS_S_DEFECTIVE_TOKEN;
+               goto fail;
        } else {
             if (! cred->prerfc_mech) {
-                 *minor_status = G_WRONG_MECH;
-                 return(GSS_S_DEFECTIVE_TOKEN);
+                    code = G_WRONG_MECH;
+                    major_status = GSS_S_DEFECTIVE_TOKEN;
+                    goto fail;
             }
 
             mech_used = gss_mech_krb5_old;
        }
    } else {
        if (! cred->rfc_mech) {
-            *minor_status = G_WRONG_MECH;
-            return(GSS_S_DEFECTIVE_TOKEN);
+               code = G_WRONG_MECH;
+               major_status = GSS_S_DEFECTIVE_TOKEN;
+               goto fail;
        }
 
        mech_used = gss_mech_krb5;
@@ -688,5 +693,8 @@ fail:
 
           *output_token = token;
    }
+   if (!verifier_cred_handle && cred_handle) {
+          krb5_gss_release_cred(&code, cred_handle);
+   }
    return (major_status);
 }