diff options
Diffstat (limited to 'proxy/src/mechglue/gpp_init_sec_context.c')
-rw-r--r-- | proxy/src/mechglue/gpp_init_sec_context.c | 57 |
1 files changed, 32 insertions, 25 deletions
diff --git a/proxy/src/mechglue/gpp_init_sec_context.c b/proxy/src/mechglue/gpp_init_sec_context.c index e70e8fc..c80937c 100644 --- a/proxy/src/mechglue/gpp_init_sec_context.c +++ b/proxy/src/mechglue/gpp_init_sec_context.c @@ -91,35 +91,18 @@ OM_uint32 gssi_init_sec_context(OM_uint32 *minor_status, GSSI_TRACE(); + *minor_status = 0; + if (target_name == GSS_C_NO_NAME) { return GSS_S_CALL_INACCESSIBLE_READ; } - tmaj = GSS_S_COMPLETE; - tmin = 0; - if (mech_type == GSS_C_NO_OID || gpp_is_special_oid(mech_type)) { - maj = GSS_S_BAD_MECH; - min = 0; - goto done; + return GSS_S_BAD_MECH; } - if (claimant_cred_handle != GSS_C_NO_CREDENTIAL) { - cred_handle = (struct gpp_cred_handle *)claimant_cred_handle; - if (cred_handle->local) { - /* ok this means a previous call decided to short circuit to the - * local mech, so let's just re-enter the mechglue here, as we - * have no way to export creds yet. */ - behavior = GPP_LOCAL_ONLY; - } - } else { - cred_handle = calloc(1, sizeof(struct gpp_cred_handle)); - if (!cred_handle) { - maj = GSS_S_FAILURE; - min = ENOMEM; - goto done; - } - } + tmaj = GSS_S_COMPLETE; + tmin = 0; if (*context_handle) { ctx_handle = (struct gpp_context_handle *)*context_handle; @@ -141,6 +124,23 @@ OM_uint32 gssi_init_sec_context(OM_uint32 *minor_status, } } + if (claimant_cred_handle != GSS_C_NO_CREDENTIAL) { + cred_handle = (struct gpp_cred_handle *)claimant_cred_handle; + if (cred_handle->local) { + /* ok this means a previous call decided to short circuit to the + * local mech, so let's just re-enter the mechglue here, as we + * have no way to export creds yet. */ + behavior = GPP_LOCAL_ONLY; + } + } else { + cred_handle = calloc(1, sizeof(struct gpp_cred_handle)); + if (!cred_handle) { + maj = GSS_S_FAILURE; + min = ENOMEM; + goto done; + } + } + name = (struct gpp_name_handle *)target_name; behavior = gpp_get_behavior(); @@ -205,11 +205,18 @@ done: min = tmin; } if (maj != GSS_S_COMPLETE && maj != GSS_S_CONTINUE_NEEDED) { - free(ctx_handle); + if (ctx_handle && + ctx_handle->local == GSS_C_NO_CONTEXT && + ctx_handle->remote == NULL) { + free(ctx_handle); + ctx_handle = NULL; + } *minor_status = gpp_map_error(min); - } else { - *context_handle = (gss_ctx_id_t)ctx_handle; } + /* always replace the provided context handle to avoid + * dangling pointers when a context has been passed in */ + *context_handle = (gss_ctx_id_t)ctx_handle; + if (claimant_cred_handle == GSS_C_NO_CREDENTIAL) { free(cred_handle); } |