diff options
author | Ken Raeburn <raeburn@mit.edu> | 2004-03-15 17:45:01 +0000 |
---|---|---|
committer | Ken Raeburn <raeburn@mit.edu> | 2004-03-15 17:45:01 +0000 |
commit | 730ebd39f1e4cdc77c7f9719274e7e1a4346c9f8 (patch) | |
tree | c4efc953c40618a56d75e1a258bea4865bcdcbbe /src/lib/gssapi/krb5/import_sec_context.c | |
parent | 85fa9e1e2073d2c0ec2a82205bcfd13080e854f0 (diff) | |
download | krb5-730ebd39f1e4cdc77c7f9719274e7e1a4346c9f8.tar.gz krb5-730ebd39f1e4cdc77c7f9719274e7e1a4346c9f8.tar.xz krb5-730ebd39f1e4cdc77c7f9719274e7e1a4346c9f8.zip |
* k5seal.c (kg_seal): Extract the krb5 context from the security context
instead of requiring it be passed in as an argument.
* k5unseal.c (kg_unseal): Likewise.
* gssapiP_krb5.h (kg_seal, kg_unseal): Declarations updated.
* delete_sec_context.c, process_context_token.c, seal.c, sign.c, unseal.c,
verify.c: Callers changed.
* inq_context.c (krb5_gss_inquire_context): Use krb5 context contained in
security context instead of calling kg_get_context.
* wrap_size_limit.c (krb5_gss_wrap_size_limit): Likewise.
* import_sec_context.c (krb5_gss_ser_init): New function.
(krb5_gss_import_sec_context): Create a krb5 context locally to use for the
import.
* export_sec_context.c (krb5_gss_export_sec_context): Use the krb5 context in
the security context.
* gssapiP_krb5.h (krb5_gss_ser_init): Declare.
* gssapi_krb5.c (kg_get_context): Don't call krb5 serialization initialization
code here.
* accept_sec_context.c (krb5_gss_accept_sec_context): Free the new krb5 context
in an error case not caught before.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16171 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/gssapi/krb5/import_sec_context.c')
-rw-r--r-- | src/lib/gssapi/krb5/import_sec_context.c | 43 |
1 files changed, 37 insertions, 6 deletions
diff --git a/src/lib/gssapi/krb5/import_sec_context.c b/src/lib/gssapi/krb5/import_sec_context.c index 3745a7c235..19ddb09d37 100644 --- a/src/lib/gssapi/krb5/import_sec_context.c +++ b/src/lib/gssapi/krb5/import_sec_context.c @@ -1,7 +1,7 @@ /* * lib/gssapi/krb5/import_sec_context.c * - * Copyright 1995 by the Massachusetts Institute of Technology. + * Copyright 1995,2004 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -29,6 +29,8 @@ * import_sec_context.c - Internalize the security context. */ #include "gssapiP_krb5.h" +/* for serialization initialization functions */ +#include "k5-int.h" /* * Fix up the OID of the mechanism so that uses the static version of @@ -50,6 +52,22 @@ gss_OID krb5_gss_convert_static_mech_oid(oid) return oid; } +krb5_error_code +krb5_gss_ser_init (krb5_context context) +{ + krb5_error_code code; + static krb5_error_code (*const fns[])(krb5_context) = { + krb5_ser_context_init, krb5_ser_auth_context_init, + krb5_ser_ccache_init, krb5_ser_rcache_init, krb5_ser_keytab_init, + }; + int i; + + for (i = 0; i < sizeof(fns)/sizeof(fns[0]); i++) + if ((code = (fns[i])(context)) != 0) + return code; + return 0; +} + OM_uint32 krb5_gss_import_sec_context(minor_status, interprocess_token, context_handle) OM_uint32 *minor_status; @@ -62,8 +80,21 @@ krb5_gss_import_sec_context(minor_status, interprocess_token, context_handle) krb5_gss_ctx_id_t ctx; krb5_octet *ibp; - if (GSS_ERROR(kg_get_context(minor_status, &context))) - return(GSS_S_FAILURE); + /* This is a bit screwy. We create a krb5 context because we need + one when calling the serialization code. However, one of the + objects we're unpacking is a krb5 context, so when we finish, + we can throw this one away. */ + kret = krb5_init_context(&context); + if (kret) { + *minor_status = kret; + return GSS_S_FAILURE; + } + kret = krb5_gss_ser_init(context); + if (kret) { + krb5_free_context(context); + *minor_status = kret; + return GSS_S_FAILURE; + } /* Assume a tragic failure */ ctx = (krb5_gss_ctx_id_t) NULL; @@ -72,9 +103,9 @@ krb5_gss_import_sec_context(minor_status, interprocess_token, context_handle) /* Internalize the context */ ibp = (krb5_octet *) interprocess_token->value; blen = (size_t) interprocess_token->length; - if ((kret = kg_ctx_internalize(context, - (krb5_pointer *) &ctx, - &ibp, &blen))) { + kret = kg_ctx_internalize(context, (krb5_pointer *) &ctx, &ibp, &blen); + krb5_free_context(context); + if (kret) { *minor_status = (OM_uint32) kret; return(GSS_S_FAILURE); } |