diff options
| author | Simo Sorce <simo@redhat.com> | 2014-08-09 22:46:54 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2014-08-10 14:29:38 -0400 |
| commit | fb6ffe0c50e166bf095736a051e4840bd5a5ad4f (patch) | |
| tree | 6794f411cfb011bb5bc259afe94bd868c049a806 /src/gss_auth.c | |
| parent | 3914c4b1bd9a94dc9998e7e1a7105a9835da84e0 (diff) | |
| download | gss-ntlmssp-fb6ffe0c50e166bf095736a051e4840bd5a5ad4f.tar.gz gss-ntlmssp-fb6ffe0c50e166bf095736a051e4840bd5a5ad4f.tar.xz gss-ntlmssp-fb6ffe0c50e166bf095736a051e4840bd5a5ad4f.zip | |
Add macros to handle returning errors
These macros prevent the chance of not setting minor_status approproiately.
They also hook into the tracing system, so any time an error is set, then it
can be traced to exactly what finction (and in which line) it was set.
Diffstat (limited to 'src/gss_auth.c')
| -rw-r--r-- | src/gss_auth.c | 95 |
1 files changed, 42 insertions, 53 deletions
diff --git a/src/gss_auth.c b/src/gss_auth.c index 91a231d..fd1139c 100644 --- a/src/gss_auth.c +++ b/src/gss_auth.c @@ -5,7 +5,7 @@ #include "gss_ntlmssp.h" -uint32_t gssntlm_cli_auth(uint32_t *minor, +uint32_t gssntlm_cli_auth(uint32_t *minor_status, struct gssntlm_ctx *ctx, struct gssntlm_cred *cred, struct ntlm_buffer *target_info, @@ -23,8 +23,8 @@ uint32_t gssntlm_cli_auth(uint32_t *minor, struct ntlm_buffer mic = { micbuf, 16 }; bool add_mic = false; bool key_exch; - uint32_t retmaj = GSS_S_FAILURE; - uint32_t retmin = 0; + uint32_t retmaj; + uint32_t retmin; switch (cred->type) { @@ -35,8 +35,7 @@ uint32_t gssntlm_cli_auth(uint32_t *minor, memset(&nt_chal_resp, 0, sizeof(nt_chal_resp)); lm_chal_resp.data = malloc(1); if (!lm_chal_resp.data) { - retmin = ENOMEM; - retmaj = GSS_S_FAILURE; + set_GSSERR(ENOMEM); goto done; } lm_chal_resp.data[0] = 0; @@ -54,7 +53,7 @@ uint32_t gssntlm_cli_auth(uint32_t *minor, if (target_info->length == 0 && input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS) { - retmaj = GSS_S_UNAVAILABLE; + set_GSSERRS(0, GSS_S_BAD_BINDINGS); goto done; } @@ -68,8 +67,7 @@ uint32_t gssntlm_cli_auth(uint32_t *minor, input_chan_bindings->acceptor_addrtype != 0 || input_chan_bindings->acceptor_address.length != 0 || input_chan_bindings->application_data.length == 0) { - retmin = EINVAL; - retmaj = GSS_S_BAD_BINDINGS; + set_GSSERRS(EINVAL, GSS_S_BAD_BINDINGS); goto done; } cb.length = input_chan_bindings->application_data.length; @@ -91,9 +89,9 @@ uint32_t gssntlm_cli_auth(uint32_t *minor, &srv_time, add_mic_ptr); if (retmin) { if (retmin == ERR_DECODE) { - retmaj = GSS_S_DEFECTIVE_TOKEN; + set_GSSERRS(0, GSS_S_DEFECTIVE_TOKEN); } else { - retmaj = GSS_S_FAILURE; + set_GSSERR(0); } goto done; } @@ -102,8 +100,7 @@ uint32_t gssntlm_cli_auth(uint32_t *minor, long int tdiff; tdiff = ntlm_timestamp_now() - srv_time; if ((tdiff / 10000000) > MAX_CHALRESP_LIFETIME) { - retmin = EINVAL; - retmaj = GSS_S_CONTEXT_EXPIRED; + set_GSSERRS(EINVAL, GSS_S_CONTEXT_EXPIRED); goto done; } } @@ -112,7 +109,7 @@ uint32_t gssntlm_cli_auth(uint32_t *minor, /* Random client challenge */ retmin = RAND_BUFFER(&cli_chal); if (retmin) { - retmaj = GSS_S_FAILURE; + set_GSSERR(retmin); goto done; } @@ -122,7 +119,7 @@ uint32_t gssntlm_cli_auth(uint32_t *minor, cred->cred.user.user.data.user.domain, &ntlmv2_key); if (retmin) { - retmaj = GSS_S_FAILURE; + set_GSSERR(retmin); goto done; } @@ -132,7 +129,7 @@ uint32_t gssntlm_cli_auth(uint32_t *minor, srv_time, &client_target_info, &nt_chal_resp); if (retmin) { - retmaj = GSS_S_FAILURE; + set_GSSERR(retmin); goto done; } @@ -144,7 +141,7 @@ uint32_t gssntlm_cli_auth(uint32_t *minor, client_chal, &lm_chal_resp); if (retmin) { - retmaj = GSS_S_FAILURE; + set_GSSERR(retmin); goto done; } } @@ -158,7 +155,7 @@ uint32_t gssntlm_cli_auth(uint32_t *minor, retmin = ntlmv2_session_base_key(&ntlmv2_key, &nt_proof, &key_exchange_key); if (retmin) { - retmaj = GSS_S_FAILURE; + set_GSSERR(retmin); goto done; } } else { @@ -174,15 +171,14 @@ uint32_t gssntlm_cli_auth(uint32_t *minor, lm_chal_resp.length = 24; lm_chal_resp.data = calloc(1, lm_chal_resp.length); if (!nt_chal_resp.data || !lm_chal_resp.data) { - retmin = ENOMEM; - retmaj = GSS_S_FAILURE; + set_GSSERR(ENOMEM); goto done; } /* Random client challenge */ retmin = RAND_BUFFER(&cli_chal); if (retmin) { - retmaj = GSS_S_FAILURE; + set_GSSERR(retmin); goto done; } @@ -192,7 +188,7 @@ uint32_t gssntlm_cli_auth(uint32_t *minor, ext_sec, ctx->server_chal, client_chal, &nt_chal_resp); if (retmin) { - retmaj = GSS_S_FAILURE; + set_GSSERR(retmin); goto done; } @@ -203,7 +199,7 @@ uint32_t gssntlm_cli_auth(uint32_t *minor, ext_sec, ctx->server_chal, client_chal, &lm_chal_resp); if (retmin) { - retmaj = GSS_S_FAILURE; + set_GSSERR(retmin); goto done; } } @@ -211,7 +207,7 @@ uint32_t gssntlm_cli_auth(uint32_t *minor, retmin = ntlm_session_base_key(&cred->cred.user.nt_hash, &session_base_key); if (retmin) { - retmaj = GSS_S_FAILURE; + set_GSSERR(retmin); goto done; } @@ -222,7 +218,7 @@ uint32_t gssntlm_cli_auth(uint32_t *minor, &session_base_key, &lm_chal_resp, &key_exchange_key); if (retmin) { - retmaj = GSS_S_FAILURE; + set_GSSERR(retmin); goto done; } } @@ -232,7 +228,7 @@ uint32_t gssntlm_cli_auth(uint32_t *minor, retmin = ntlm_exported_session_key(&key_exchange_key, key_exch, &ctx->exported_session_key); if (retmin) { - retmaj = GSS_S_FAILURE; + set_GSSERR(retmin); goto done; } @@ -241,7 +237,7 @@ uint32_t gssntlm_cli_auth(uint32_t *minor, &ctx->exported_session_key, &encrypted_random_session_key); if (retmin) { - retmaj = GSS_S_FAILURE; + set_GSSERR(retmin); goto done; } } @@ -260,7 +256,7 @@ uint32_t gssntlm_cli_auth(uint32_t *minor, add_mic ? &auth_mic : NULL, &ctx->auth_msg); if (retmin) { - retmaj = GSS_S_FAILURE; + set_GSSERR(retmin); goto done; } @@ -272,7 +268,7 @@ uint32_t gssntlm_cli_auth(uint32_t *minor, retmin = ntlm_mic(&ctx->exported_session_key, &ctx->nego_msg, &ctx->chal_msg, &ctx->auth_msg, &mic); if (retmin) { - retmaj = GSS_S_FAILURE; + set_GSSERR(retmin); goto done; } /* now that we have the mic, copy it into the auth message */ @@ -282,30 +278,28 @@ uint32_t gssntlm_cli_auth(uint32_t *minor, ctx->int_flags |= NTLMSSP_CTX_FLAG_AUTH_WITH_MIC; } - retmin = 0; - retmaj = GSS_S_COMPLETE; + set_GSSERRS(0, GSS_S_COMPLETE); break; case GSSNTLM_CRED_EXTERNAL: retmin = external_cli_auth(ctx, cred, in_flags, input_chan_bindings); if (retmin) { - retmaj = GSS_S_FAILURE; + set_GSSERR(retmin); goto done; } - retmaj = GSS_S_COMPLETE; + set_GSSERRS(0, GSS_S_COMPLETE); break; default: - retmin = EINVAL; - retmaj = GSS_S_FAILURE; + set_GSSERR(EINVAL); } done: ntlm_free_buffer_data(&client_target_info); ntlm_free_buffer_data(&nt_chal_resp); ntlm_free_buffer_data(&lm_chal_resp); - *minor = retmin; - return retmaj; + + return GSSERR(); } @@ -315,7 +309,7 @@ bool is_ntlm_v1(struct ntlm_buffer *nt_chal_resp) } -uint32_t gssntlm_srv_auth(uint32_t *minor, +uint32_t gssntlm_srv_auth(uint32_t *minor_status, struct gssntlm_ctx *ctx, struct gssntlm_cred *cred, struct ntlm_buffer *nt_chal_resp, @@ -332,15 +326,13 @@ uint32_t gssntlm_srv_auth(uint32_t *minor, int retries; if (key_exchange_key->length != 16) { - *minor = EINVAL; - return GSS_S_FAILURE; + return GSSERRS(EINVAL, GSS_S_FAILURE); } ntlm_v1 = is_ntlm_v1(nt_chal_resp); if (ntlm_v1 && !gssntlm_sec_lm_ok(ctx) && !gssntlm_sec_ntlm_ok(ctx)) { - *minor = EPERM; - return GSS_S_FAILURE; + return GSSERRS(EPERM, GSS_S_FAILURE); } ext_sec = (ctx->neg_flags & NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY); @@ -379,7 +371,7 @@ uint32_t gssntlm_srv_auth(uint32_t *minor, cred->cred.user.user.data.user.name, domstr, &ntlmv2_key); if (retmin) { - retmaj = GSS_S_FAILURE; + set_GSSERR(retmin); goto done; } @@ -397,7 +389,7 @@ uint32_t gssntlm_srv_auth(uint32_t *minor, } if (retmin) { - retmaj = GSS_S_FAILURE; + set_GSSERR(retmin); goto done; } @@ -405,7 +397,7 @@ uint32_t gssntlm_srv_auth(uint32_t *minor, retmin = ntlm_session_base_key(&cred->cred.user.nt_hash, &session_base_key); if (retmin) { - retmaj = GSS_S_FAILURE; + set_GSSERR(retmin); goto done; } break; @@ -420,7 +412,7 @@ uint32_t gssntlm_srv_auth(uint32_t *minor, retmin = ntlmv2_session_base_key(&ntlmv2_key, &nt_proof, &session_base_key); if (retmin) { - retmaj = GSS_S_FAILURE; + set_GSSERR(retmin); goto done; } break; @@ -429,14 +421,13 @@ uint32_t gssntlm_srv_auth(uint32_t *minor, retmin = external_srv_auth(ctx, cred, nt_chal_resp, lm_chal_resp, &session_base_key); if (retmin) { - retmaj = GSS_S_FAILURE; + set_GSSERR(retmin); goto done; } break; default: - retmin = EINVAL; - retmaj = GSS_S_FAILURE; + set_GSSERR(EINVAL); goto done; } @@ -448,7 +439,7 @@ uint32_t gssntlm_srv_auth(uint32_t *minor, &session_base_key, lm_chal_resp, key_exchange_key); if (retmin) { - retmaj = GSS_S_FAILURE; + set_GSSERR(retmin); goto done; } } else { @@ -456,10 +447,8 @@ uint32_t gssntlm_srv_auth(uint32_t *minor, session_base_key.data, session_base_key.length); } - retmaj = GSS_S_COMPLETE; - retmin = 0; + set_GSSERRS(0, GSS_S_COMPLETE); done: - *minor = retmin; - return retmaj; + return GSSERR(); } |