diff options
| author | Theodore Tso <tytso@mit.edu> | 1998-07-02 22:24:56 +0000 |
|---|---|---|
| committer | Theodore Tso <tytso@mit.edu> | 1998-07-02 22:24:56 +0000 |
| commit | 3c047f859f1c3868eeff3d8668fff01ef193cd08 (patch) | |
| tree | 81a896c4ce51bf7c7010df9e2186ecc084dbc023 /src/lib/gssapi | |
| parent | c869683e808e9b3114d53db7a3cd3847d16fea11 (diff) | |
| download | krb5-3c047f859f1c3868eeff3d8668fff01ef193cd08.tar.gz krb5-3c047f859f1c3868eeff3d8668fff01ef193cd08.tar.xz krb5-3c047f859f1c3868eeff3d8668fff01ef193cd08.zip | |
k5unseal.c (kg_unseal): Clean up lint warnings
accept_sec_context.c (krb5_gss_accept_sec_context): Don't return an
error token if we can't provide the server name to the KRB5 error
structure (because cred isn't initialized).
gssapi_krb5.c, gssapi_krb5.h: Export the oid of static arrays as
krb5_gss_oid_array since it's needed by gss_import_sec_context.
import_sec_context.c: Fix up the OID of the mechanism in the imported
security context so that we use the static OID if at all possible.
This is needed since gss_inquire_context() must return a static OID.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10618 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/gssapi')
| -rw-r--r-- | src/lib/gssapi/krb5/ChangeLog | 17 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/accept_sec_context.c | 4 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/gssapi_krb5.c | 17 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/gssapi_krb5.h | 2 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/import_sec_context.c | 21 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/k5unseal.c | 34 |
6 files changed, 66 insertions, 29 deletions
diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index e92054205..bc5c57875 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,20 @@ +1998-06-08 Theodore Ts'o <tytso@rsts-11.mit.edu> + + * k5unseal.c (kg_unseal): Clean up lint warnings. + + * accept_sec_context.c (krb5_gss_accept_sec_context): Don't return + an error token if we can't provide the server name to the + KRB5 error structure (because cred isn't initialized). + + * gssapi_krb5.c, gssapi_krb5.h: Export the oid of static + arrays as krb5_gss_oid_array since it's needed by + gss_import_sec_context. + + * import_sec_context.c: Fix up the OID of the mechanism in the + imported security context so that we use the static + OID if at all possible. This is needed since + gss_inquire_context() must return a static OID. + Sun May 24 21:57:03 1998 Theodore Y. Ts'o <tytso@mit.edu> * import_name.c (krb5_gss_import_name): Fix typo which caused diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index 181e67565..ee204d3e0 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -159,7 +159,7 @@ krb5_gss_accept_sec_context(minor_status, context_handle, char *sptr; long tmp; int bigend; - krb5_gss_cred_id_t cred; + krb5_gss_cred_id_t cred = 0; krb5_data ap_req; int i; krb5_error_code code; @@ -679,7 +679,7 @@ fail: krb5_free_ap_req(context, request); } - if (gss_flags & GSS_C_MUTUAL_FLAG) { + if (cred && (gss_flags & GSS_C_MUTUAL_FLAG)) { /* * The client is expecting a response, so we can send an * error token back diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c index 9b631a1cd..c0942c39a 100644 --- a/src/lib/gssapi/krb5/gssapi_krb5.c +++ b/src/lib/gssapi/krb5/gssapi_krb5.c @@ -53,24 +53,25 @@ * except the last in each value's encoding. */ -static const gss_OID_desc oids[] = { +const gss_OID_desc krb5_gss_oid_array[] = { /* this is the unofficial, wrong OID */ {5, "\053\005\001\005\002"}, /* this is the official, rfc-specified OID */ {9, "\052\206\110\206\367\022\001\002\002"}, {10, "\052\206\110\206\367\022\001\002\002\001"}, {10, "\052\206\110\206\367\022\001\002\002\002"}, + { 0, 0 } }; -const gss_OID_desc * const gss_mech_krb5_old = oids+0; -const gss_OID_desc * const gss_mech_krb5 = oids+1; -const gss_OID_desc * const gss_nt_krb5_name = oids+2; -const gss_OID_desc * const gss_nt_krb5_principal = oids+3; +const gss_OID_desc * const gss_mech_krb5_old = krb5_gss_oid_array+0; +const gss_OID_desc * const gss_mech_krb5 = krb5_gss_oid_array+1; +const gss_OID_desc * const gss_nt_krb5_name = krb5_gss_oid_array+2; +const gss_OID_desc * const gss_nt_krb5_principal = krb5_gss_oid_array+3; static const gss_OID_set_desc oidsets[] = { - {1, (gss_OID) oids+0}, - {1, (gss_OID) oids+1}, - {2, (gss_OID) oids+0}, + {1, (gss_OID) krb5_gss_oid_array+0}, + {1, (gss_OID) krb5_gss_oid_array+1}, + {2, (gss_OID) krb5_gss_oid_array+0}, }; const gss_OID_set_desc * const gss_mech_set_krb5_old = oidsets+0; diff --git a/src/lib/gssapi/krb5/gssapi_krb5.h b/src/lib/gssapi/krb5/gssapi_krb5.h index b2ef5806b..a1f51919d 100644 --- a/src/lib/gssapi/krb5/gssapi_krb5.h +++ b/src/lib/gssapi/krb5/gssapi_krb5.h @@ -39,6 +39,8 @@ extern const gss_OID_set_desc * const gss_mech_set_krb5_both; extern const gss_OID_desc * const gss_nt_krb5_name; extern const gss_OID_desc * const gss_nt_krb5_principal; +extern const gss_OID_desc krb5_gss_oid_array[]; + #define gss_krb5_nt_general_name gss_nt_krb5_name #define gss_krb5_nt_principal gss_nt_krb5_principal #define gss_krb5_nt_service_name gss_nt_service_name diff --git a/src/lib/gssapi/krb5/import_sec_context.c b/src/lib/gssapi/krb5/import_sec_context.c index c1d1bfa72..baf901ca5 100644 --- a/src/lib/gssapi/krb5/import_sec_context.c +++ b/src/lib/gssapi/krb5/import_sec_context.c @@ -27,6 +27,26 @@ */ #include "gssapiP_krb5.h" +/* + * Fix up the OID of the mechanism so that uses the static version of + * the OID if possible. + */ +static gss_OID convert_static_oid(oid) + gss_OID FAR oid; +{ + const gss_OID_desc *p; + OM_uint32 minor_status; + + for (p = krb5_gss_oid_array; p->length; p++) { + if ((oid->length == p->length) && + (memcmp(oid->elements, p->elements, p->length) == 0)) { + gss_release_oid(&minor_status, &oid); + return p; + } + } + return oid; +} + OM_uint32 krb5_gss_import_sec_context(minor_status, interprocess_token, context_handle) OM_uint32 *minor_status; @@ -65,6 +85,7 @@ krb5_gss_import_sec_context(minor_status, interprocess_token, context_handle) *minor_status = (OM_uint32) G_VALIDATE_FAILED; return(GSS_S_FAILURE); } + ctx->mech_used = convert_static_oid(ctx->mech_used); *context_handle = (gss_ctx_id_t) ctx; diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c index 70d2d4d7b..041cae06a 100644 --- a/src/lib/gssapi/krb5/k5unseal.c +++ b/src/lib/gssapi/krb5/k5unseal.c @@ -47,7 +47,7 @@ kg_unseal(context, minor_status, context_handle, input_token_buffer, krb5_error_code code; int bodysize; int tmsglen; - int conflen; + int conflen = 0; int signalg; int sealalg; gss_buffer_desc token; @@ -58,7 +58,7 @@ kg_unseal(context, minor_status, context_handle, input_token_buffer, char *data_ptr; krb5_timestamp now; unsigned char *plain; - int cksum_len; + int cksum_len = 0; int plainlen; int err; int direction; @@ -89,9 +89,9 @@ kg_unseal(context, minor_status, context_handle, input_token_buffer, ptr = (unsigned char *) input_token_buffer->value; - if (err = g_verify_token_header((gss_OID) ctx->mech_used, &bodysize, - &ptr, toktype, - input_token_buffer->length)) { + if ((err = g_verify_token_header((gss_OID) ctx->mech_used, &bodysize, + &ptr, toktype, + input_token_buffer->length))) { *minor_status = err; return(GSS_S_DEFECTIVE_TOKEN); } @@ -159,8 +159,8 @@ kg_unseal(context, minor_status, context_handle, input_token_buffer, return(GSS_S_FAILURE); } - if (code = kg_decrypt(context, &ctx->enc, NULL, - ptr+14+cksum_len, plain, tmsglen)) { + if ((code = kg_decrypt(context, &ctx->enc, NULL, + ptr+14+cksum_len, plain, tmsglen))) { xfree(plain); *minor_status = code; return(GSS_S_FAILURE); @@ -185,11 +185,7 @@ kg_unseal(context, minor_status, context_handle, input_token_buffer, *minor_status = ENOMEM; return(GSS_S_FAILURE); } - - if ((sealalg == 0xffff) && ctx->big_endian) - memcpy(token.value, plain, token.length); - else - memcpy(token.value, plain+conflen, token.length); + memcpy(token.value, plain+conflen, token.length); } } else if (toktype == KG_TOK_SIGN_MSG) { token = *message_buffer; @@ -285,10 +281,10 @@ kg_unseal(context, minor_status, context_handle, input_token_buffer, xfree(cksum.contents); #else - if (code = kg_encrypt(context, &ctx->seq, - (g_OID_equal(ctx->mech_used, gss_mech_krb5_old) ? - ctx->seq.key->contents : NULL), - md5cksum.contents, md5cksum.contents, 16)) { + if ((code = kg_encrypt(context, &ctx->seq, + (g_OID_equal(ctx->mech_used, gss_mech_krb5_old) ? + ctx->seq.key->contents : NULL), + md5cksum.contents, md5cksum.contents, 16))) { xfree(md5cksum.contents); if (toktype == KG_TOK_SEAL_MSG) xfree(token.value); @@ -386,7 +382,7 @@ kg_unseal(context, minor_status, context_handle, input_token_buffer, if (qop_state) *qop_state = GSS_C_QOP_DEFAULT; - if (code = krb5_timeofday(context, &now)) { + if ((code = krb5_timeofday(context, &now))) { *minor_status = code; return(GSS_S_FAILURE); } @@ -398,8 +394,8 @@ kg_unseal(context, minor_status, context_handle, input_token_buffer, /* do sequencing checks */ - if (code = kg_get_seq_num(context, &(ctx->seq), ptr+14, ptr+6, &direction, - &seqnum)) { + if ((code = kg_get_seq_num(context, &(ctx->seq), ptr+14, ptr+6, &direction, + &seqnum))) { if (toktype == KG_TOK_SEAL_MSG) xfree(token.value); *minor_status = code; |