diff options
| -rw-r--r-- | src/lib/gssapi/krb5/ChangeLog | 14 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/acquire_cred.c | 17 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/add_cred.c | 20 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/compare_name.c | 11 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/context_time.c | 6 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/copy_ccache.c | 9 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/disp_name.c | 11 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/duplicate_name.c | 11 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/inq_cred.c | 15 |
9 files changed, 92 insertions, 22 deletions
diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index ae317482fe..d410601323 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,17 @@ +2004-03-19 Ken Raeburn <raeburn@mit.edu> + + * acquire_cred.c (krb5_gss_acquire_cred): Create and destroy a + local krb5 context. + * add_cred.c (krb5_gss_add_cred): Likewise. + * compare_name.c (krb5_gss_compare_name): Likewise. + * copy_ccache.c (gss_krb5_copy_ccache): Likewise. + * disp_name.c (krb5_gss_display_name): Likewise. + * duplicate_name.c (krb5_gss_duplicate_name): Likewise. + * inq_cred.c (krb5_gss_inquire_cred): Likewise. + + * context_time.c (krb5_gss_context_time): Use the krb5 context in + the GSS security context. + 2004-03-15 Ken Raeburn <raeburn@mit.edu> * k5seal.c (kg_seal): Extract the krb5 context from the security diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index 0a0de14b99..e652c664c1 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -331,9 +331,6 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, OM_uint32 ret; krb5_error_code code; - if (GSS_ERROR(kg_get_context(minor_status, &context))) - return(GSS_S_FAILURE); - /* make sure all outputs are valid */ *output_cred_handle = NULL; @@ -402,6 +399,13 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, /* if requested, acquire credentials for accepting */ /* this will fill in cred->princ if the desired_name is not specified */ + code = krb5_init_context(&context); + if (code) { + xfree(cred); + *minor_status = (OM_uint32) code; + return GSS_S_FAILURE; + } + if ((cred_usage == GSS_C_ACCEPT) || (cred_usage == GSS_C_BOTH)) if ((ret = acquire_accept_cred(context, minor_status, desired_name, @@ -410,6 +414,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, if (cred->princ) krb5_free_principal(context, cred->princ); xfree(cred); + krb5_free_context(context); /* minor_status set by acquire_accept_cred() */ return(ret); } @@ -430,6 +435,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, if (cred->princ) krb5_free_principal(context, cred->princ); xfree(cred); + krb5_free_context(context); /* minor_status set by acquire_init_cred() */ return(ret); } @@ -444,6 +450,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, if (cred->keytab) (void)krb5_kt_close(context, cred->keytab); xfree(cred); + krb5_free_context(context); *minor_status = code; return(GSS_S_FAILURE); } @@ -466,6 +473,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, if (cred->princ) krb5_free_principal(context, cred->princ); xfree(cred); + krb5_free_context(context); *minor_status = code; return(GSS_S_FAILURE); } @@ -494,6 +502,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, if (cred->princ) krb5_free_principal(context, cred->princ); xfree(cred); + krb5_free_context(context); /* *minor_status set above */ return(ret); } @@ -511,6 +520,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, if (cred->princ) krb5_free_principal(context, cred->princ); xfree(cred); + krb5_free_context(context); *minor_status = (OM_uint32) G_VALIDATE_FAILED; return(GSS_S_FAILURE); } @@ -522,5 +532,6 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, if (actual_mechs) *actual_mechs = ret_mechs; + krb5_free_context(context); return(GSS_S_COMPLETE); } diff --git a/src/lib/gssapi/krb5/add_cred.c b/src/lib/gssapi/krb5/add_cred.c index 254abfe068..085b96d31b 100644 --- a/src/lib/gssapi/krb5/add_cred.c +++ b/src/lib/gssapi/krb5/add_cred.c @@ -138,8 +138,11 @@ krb5_gss_add_cred(minor_status, input_cred_handle, return(GSS_S_DUPLICATE_ELEMENT); } - if (GSS_ERROR(kg_get_context(minor_status, &context))) - return(GSS_S_FAILURE); + code = krb5_init_context(&context); + if (code) { + *minor_status = code; + return GSS_S_FAILURE; + } /* verify the desired_name */ @@ -147,6 +150,7 @@ krb5_gss_add_cred(minor_status, input_cred_handle, if ((desired_name != (gss_name_t) NULL) && (! kg_validate_name(desired_name))) { *minor_status = (OM_uint32) G_VALIDATE_FAILED; + krb5_free_context(context); return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME); } @@ -156,6 +160,7 @@ krb5_gss_add_cred(minor_status, input_cred_handle, !krb5_principal_compare(context, (krb5_principal) desired_name, cred->princ)) { *minor_status = 0; + krb5_free_context(context); return(GSS_S_BAD_NAME); } @@ -172,6 +177,7 @@ krb5_gss_add_cred(minor_status, input_cred_handle, (krb5_gss_cred_id_t) xmalloc(sizeof(krb5_gss_cred_id_rec))) == NULL) { *minor_status = ENOMEM; + krb5_free_context(context); return(GSS_S_FAILURE); } memset(new_cred, 0, sizeof(krb5_gss_cred_id_rec)); @@ -187,6 +193,7 @@ krb5_gss_add_cred(minor_status, input_cred_handle, xfree(new_cred); *minor_status = code; + krb5_free_context(context); return(GSS_S_FAILURE); } @@ -198,6 +205,7 @@ krb5_gss_add_cred(minor_status, input_cred_handle, xfree(new_cred); *minor_status = ENOMEM; + krb5_free_context(context); return(GSS_S_FAILURE); } @@ -214,6 +222,7 @@ krb5_gss_add_cred(minor_status, input_cred_handle, xfree(new_cred); *minor_status = code; + krb5_free_context(context); return(GSS_S_FAILURE); } @@ -224,6 +233,7 @@ krb5_gss_add_cred(minor_status, input_cred_handle, xfree(new_cred); *minor_status = code; + krb5_free_context(context); return(GSS_S_FAILURE); } } else { @@ -241,6 +251,7 @@ krb5_gss_add_cred(minor_status, input_cred_handle, krb5_free_principal(context, new_cred->princ); xfree(new_cred); + krb5_free_context(context); *minor_status = code; return(GSS_S_FAILURE); } @@ -261,6 +272,7 @@ krb5_gss_add_cred(minor_status, input_cred_handle, krb5_free_principal(context, new_cred->princ); xfree(new_cred); + krb5_free_context(context); *minor_status = ENOMEM; return(GSS_S_FAILURE); } @@ -279,6 +291,7 @@ krb5_gss_add_cred(minor_status, input_cred_handle, if (new_cred->princ) krb5_free_principal(context, new_cred->princ); xfree(new_cred); + krb5_free_context(context); *minor_status = code; return(GSS_S_FAILURE); @@ -299,6 +312,7 @@ krb5_gss_add_cred(minor_status, input_cred_handle, if (new_cred->princ) krb5_free_principal(context, new_cred->princ); xfree(new_cred); + krb5_free_context(context); *minor_status = (OM_uint32) G_VALIDATE_FAILED; return(GSS_S_FAILURE); @@ -325,6 +339,7 @@ krb5_gss_add_cred(minor_status, input_cred_handle, if (output_cred_handle) (void) krb5_gss_release_cred(&dummy, (gss_cred_id_t *) &cred); + krb5_free_context(context); return(major_status); } @@ -337,6 +352,7 @@ krb5_gss_add_cred(minor_status, input_cred_handle, if (output_cred_handle) *output_cred_handle = cred; + krb5_free_context(context); *minor_status = 0; return(GSS_S_COMPLETE); } diff --git a/src/lib/gssapi/krb5/compare_name.c b/src/lib/gssapi/krb5/compare_name.c index 75a534220d..12201bf001 100644 --- a/src/lib/gssapi/krb5/compare_name.c +++ b/src/lib/gssapi/krb5/compare_name.c @@ -34,9 +34,7 @@ krb5_gss_compare_name(minor_status, name1, name2, name_equal) int *name_equal; { krb5_context context; - - if (GSS_ERROR(kg_get_context(minor_status, &context))) - return(GSS_S_FAILURE); + krb5_error_code code; if (! kg_validate_name(name1)) { *minor_status = (OM_uint32) G_VALIDATE_FAILED; @@ -48,8 +46,15 @@ krb5_gss_compare_name(minor_status, name1, name2, name_equal) return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME); } + code = krb5_init_context(&context); + if (code) { + *minor_status = code; + return GSS_S_FAILURE; + } + *minor_status = 0; *name_equal = krb5_principal_compare(context, (krb5_principal) name1, (krb5_principal) name2); + krb5_free_context(context); return(GSS_S_COMPLETE); } diff --git a/src/lib/gssapi/krb5/context_time.c b/src/lib/gssapi/krb5/context_time.c index 8b94ee587d..8b7930ffd9 100644 --- a/src/lib/gssapi/krb5/context_time.c +++ b/src/lib/gssapi/krb5/context_time.c @@ -32,15 +32,11 @@ krb5_gss_context_time(minor_status, context_handle, time_rec) gss_ctx_id_t context_handle; OM_uint32 *time_rec; { - krb5_context context; krb5_error_code code; krb5_gss_ctx_id_rec *ctx; krb5_timestamp now; krb5_deltat lifetime; - if (GSS_ERROR(kg_get_context(minor_status, &context))) - return(GSS_S_FAILURE); - /* validate the context handle */ if (! kg_validate_ctx_id(context_handle)) { *minor_status = (OM_uint32) G_VALIDATE_FAILED; @@ -54,7 +50,7 @@ krb5_gss_context_time(minor_status, context_handle, time_rec) return(GSS_S_NO_CONTEXT); } - if ((code = krb5_timeofday(context, &now))) { + if ((code = krb5_timeofday(ctx->k5_context, &now))) { *minor_status = code; return(GSS_S_FAILURE); } diff --git a/src/lib/gssapi/krb5/copy_ccache.c b/src/lib/gssapi/krb5/copy_ccache.c index 3770cb7322..d20f72c77c 100644 --- a/src/lib/gssapi/krb5/copy_ccache.c +++ b/src/lib/gssapi/krb5/copy_ccache.c @@ -24,18 +24,23 @@ gss_krb5_copy_ccache(minor_status, cred_handle, out_ccache) return(GSS_S_FAILURE); } - if (GSS_ERROR(kg_get_context(minor_status, &context))) - return (GSS_S_FAILURE); + code = krb5_init_context(&context); + if (code) { + *minor_status = code; + return GSS_S_FAILURE; + } code = krb5_cc_start_seq_get(context, k5creds->ccache, &cursor); if (code) { *minor_status = code; + krb5_free_context(context); return(GSS_S_FAILURE); } while (!code && !krb5_cc_next_cred(context, k5creds->ccache, &cursor, &creds)) code = krb5_cc_store_cred(context, out_ccache, &creds); krb5_cc_end_seq_get(context, k5creds->ccache, &cursor); + krb5_free_context(context); if (code) { *minor_status = code; return(GSS_S_FAILURE); diff --git a/src/lib/gssapi/krb5/disp_name.c b/src/lib/gssapi/krb5/disp_name.c index ba01fd4ea7..419f350b50 100644 --- a/src/lib/gssapi/krb5/disp_name.c +++ b/src/lib/gssapi/krb5/disp_name.c @@ -34,31 +34,38 @@ krb5_gss_display_name(minor_status, input_name, output_name_buffer, krb5_error_code code; char *str; - if (GSS_ERROR(kg_get_context(minor_status, &context))) - return(GSS_S_FAILURE); + code = krb5_init_context(&context); + if (code) { + *minor_status = code; + return GSS_S_FAILURE; + } output_name_buffer->length = 0; output_name_buffer->value = NULL; if (! kg_validate_name(input_name)) { *minor_status = (OM_uint32) G_VALIDATE_FAILED; + krb5_free_context(context); return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME); } if ((code = krb5_unparse_name(context, (krb5_principal) input_name, &str))) { *minor_status = code; + krb5_free_context(context); return(GSS_S_FAILURE); } if (! g_make_string_buffer(str, output_name_buffer)) { krb5_free_unparsed_name(context, str); + krb5_free_context(context); *minor_status = (OM_uint32) G_BUFFER_ALLOC; return(GSS_S_FAILURE); } krb5_free_unparsed_name(context, str); + krb5_free_context(context); *minor_status = 0; if (output_name_type) diff --git a/src/lib/gssapi/krb5/duplicate_name.c b/src/lib/gssapi/krb5/duplicate_name.c index 3b8506cb02..c186ed4f0f 100644 --- a/src/lib/gssapi/krb5/duplicate_name.c +++ b/src/lib/gssapi/krb5/duplicate_name.c @@ -35,27 +35,34 @@ OM_uint32 krb5_gss_duplicate_name(OM_uint32 *minor_status, krb5_error_code code; krb5_principal princ, outprinc; - if (GSS_ERROR(kg_get_context(minor_status, &context))) - return(GSS_S_FAILURE); + code = krb5_init_context(&context); + if (code) { + *minor_status = code; + return GSS_S_FAILURE; + } if (! kg_validate_name(input_name)) { if (minor_status) *minor_status = (OM_uint32) G_VALIDATE_FAILED; + krb5_free_context(context); return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME); } princ = input_name; if ((code = krb5_copy_principal(context, princ, &outprinc))) { *minor_status = code; + krb5_free_context(context); return(GSS_S_FAILURE); } if (! kg_save_name((gss_name_t) outprinc)) { krb5_free_principal(context, outprinc); + krb5_free_context(context); *minor_status = (OM_uint32) G_VALIDATE_FAILED; return(GSS_S_FAILURE); } + krb5_free_context(context); *dest_name = (gss_name_t) outprinc; return(GSS_S_COMPLETE); diff --git a/src/lib/gssapi/krb5/inq_cred.c b/src/lib/gssapi/krb5/inq_cred.c index 14ec0daa10..b0a426aa54 100644 --- a/src/lib/gssapi/krb5/inq_cred.c +++ b/src/lib/gssapi/krb5/inq_cred.c @@ -93,8 +93,11 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, ret = GSS_S_FAILURE; - if (GSS_ERROR(kg_get_context(minor_status, &context))) - return(GSS_S_FAILURE); + code = krb5_init_context(&context); + if (code) { + *minor_status = code; + return GSS_S_FAILURE; + } if (name) *name = NULL; if (mechanisms) *mechanisms = NULL; @@ -106,14 +109,17 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, if ((major = kg_get_defcred(minor_status, (gss_cred_id_t)&cred)) && GSS_ERROR(major)) { + krb5_free_context(context); return(major); } } else { OM_uint32 major; major = krb5_gss_validate_cred(minor_status, cred_handle); - if (GSS_ERROR(major)) + if (GSS_ERROR(major)) { + krb5_free_context(context); return(major); + } cred = (krb5_gss_cred_id_t) cred_handle; } @@ -161,6 +167,7 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, (void) gss_release_oid_set(minor_status, &mechs); krb5_free_principal(context, ret_name); *minor_status = (OM_uint32) G_VALIDATE_FAILED; + krb5_free_context(context); return(GSS_S_FAILURE); } *name = (gss_name_t) ret_name; @@ -178,6 +185,7 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, if (cred_handle == GSS_C_NO_CREDENTIAL) krb5_gss_release_cred(minor_status, (gss_cred_id_t)cred); + krb5_free_context(context); *minor_status = 0; return((lifetime == 0)?GSS_S_CREDENTIALS_EXPIRED:GSS_S_COMPLETE); fail: @@ -186,6 +194,7 @@ fail: krb5_gss_release_cred(&tmp_min_stat, (gss_cred_id_t)cred); } + krb5_free_context(context); return ret; } |