diff options
| author | Chris Provenzano <proven@mit.edu> | 1995-01-13 21:13:02 +0000 |
|---|---|---|
| committer | Chris Provenzano <proven@mit.edu> | 1995-01-13 21:13:02 +0000 |
| commit | 76b4a6c8894254b2e1e71442c1a7cd21e56aa7d3 (patch) | |
| tree | 7b57e2d8e700452d38132518d22a0df1f3b0dbe0 /src/lib/gssapi | |
| parent | 74c7303ec59ce3a6eff36bb4bbf14719dee2ad84 (diff) | |
| download | krb5-76b4a6c8894254b2e1e71442c1a7cd21e56aa7d3.tar.gz krb5-76b4a6c8894254b2e1e71442c1a7cd21e56aa7d3.tar.xz krb5-76b4a6c8894254b2e1e71442c1a7cd21e56aa7d3.zip | |
Removed all references to DECLARG and OLDDECLARG.
Added krb5_context to all krb5_routines
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4808 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/gssapi')
30 files changed, 474 insertions, 415 deletions
diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index f96624871..2f29814c5 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,7 @@ +Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) + + * Added krb5_context to all krb5_routines + Mon Jan 9 19:27:55 1995 Theodore Y. Ts'o (tytso@dcl) * display_name.c (krb5_gss_display_name): gss_display_name() diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index e76bc1b5a..f703da86d 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -25,7 +25,9 @@ #include <memory.h> #include <krb5/widen.h> -static krb5_error_code rd_req_keyproc(keyprocarg, server, kvno, keyblock) +static krb5_error_code +rd_req_keyproc(context, keyprocarg, server, kvno, keyblock) + krb5_context context; krb5_pointer keyprocarg; krb5_principal server; krb5_kvno kvno; @@ -35,18 +37,20 @@ static krb5_error_code rd_req_keyproc(keyprocarg, server, kvno, keyblock) krb5_error_code code; krb5_keytab_entry ktentry; - if (code = krb5_kt_get_entry((krb5_keytab) keyprocarg, server, kvno, - &ktentry)) + if (code = krb5_kt_get_entry(context, (krb5_keytab) keyprocarg, server, + kvno, &ktentry)) return(code); - code = krb5_copy_keyblock(&ktentry.key, keyblock); + code = krb5_copy_keyblock(context, &ktentry.key, keyblock); - (void) krb5_kt_free_entry(&ktentry); + (void) krb5_kt_free_entry(context, &ktentry); return(code); } -static krb5_error_code make_ap_rep(authdat, subkey, seq_send, token) +static krb5_error_code +make_ap_rep(context, authdat, subkey, seq_send, token) + krb5_context context; krb5_tkt_authent *authdat; krb5_keyblock *subkey; krb5_int32 *seq_send; @@ -64,11 +68,12 @@ static krb5_error_code make_ap_rep(authdat, subkey, seq_send, token) ap_rep_data.cusec = authdat->authenticator->cusec; ap_rep_data.subkey = authdat->authenticator->subkey; - if (code = krb5_generate_seq_number(authdat->ticket->enc_part2->session, + if (code = krb5_generate_seq_number(context, + authdat->ticket->enc_part2->session, &ap_rep_data.seq_number)) return(code); - if (code = krb5_mk_rep(&ap_rep_data, subkey, &ap_rep)) + if (code = krb5_mk_rep(context, &ap_rep_data, subkey, &ap_rep)) return(code); /* build up the token */ @@ -104,11 +109,13 @@ static krb5_error_code make_ap_rep(authdat, subkey, seq_send, token) return(0); } -OM_uint32 krb5_gss_accept_sec_context(minor_status, context_handle, - verifier_cred_handle, input_token, - input_chan_bindings, src_name, mech_type, - output_token, ret_flags, time_rec, - delegated_cred_handle) +OM_uint32 +krb5_gss_accept_sec_context(context, minor_status, context_handle, + verifier_cred_handle, input_token, + input_chan_bindings, src_name, mech_type, + output_token, ret_flags, time_rec, + delegated_cred_handle) + krb5_context context; OM_uint32 *minor_status; gss_ctx_id_t *context_handle; gss_cred_id_t verifier_cred_handle; @@ -212,8 +219,9 @@ OM_uint32 krb5_gss_accept_sec_context(minor_status, context_handle, /* get the rcache pointer */ if (code = - krb5_get_server_rcache(krb5_princ_component(cred->princ, - ((krb5_princ_size(cred->princ)>1)?1:0)), + krb5_get_server_rcache(context, + krb5_princ_component(context, cred->princ, + ((krb5_princ_size(context, cred->princ)>1)?1:0)), &rcache)) { *minor_status = code; return(GSS_S_FAILURE); @@ -221,22 +229,23 @@ OM_uint32 krb5_gss_accept_sec_context(minor_status, context_handle, /* decode the message */ - if (code = krb5_rd_req(&ap_req, cred->princ, paddr, NULL, &rd_req_keyproc, - (krb5_pointer) cred->keytab, rcache, &authdat)) { - (void) krb5_rc_close(rcache); + if (code = krb5_rd_req(context, &ap_req, cred->princ, paddr, NULL, + &rd_req_keyproc, (krb5_pointer) cred->keytab, + rcache, &authdat)) { + (void) krb5_rc_close(context, rcache); *minor_status = code; return(GSS_S_FAILURE); } /* close and free the rcache */ - krb5_rc_close(rcache); + krb5_rc_close(context, rcache); /* make sure the necessary parts of the authdat are present */ if ((authdat->authenticator->subkey == NULL) || (authdat->ticket->enc_part2 == NULL)) { - krb5_free_tkt_authent(authdat); + krb5_free_tkt_authent(context, authdat); *minor_status = KG_NO_SUBKEY; return(GSS_S_FAILURE); } @@ -248,7 +257,7 @@ OM_uint32 krb5_gss_accept_sec_context(minor_status, context_handle, can interoperate with an implementation whcih supports negotiation */ if ((authdat->authenticator->checksum->checksum_type != CKSUMTYPE_KG_CB) || (authdat->authenticator->checksum->length < 24)) { - krb5_free_tkt_authent(authdat); + krb5_free_tkt_authent(context, authdat); *minor_status = 0; return(GSS_S_BAD_BINDINGS); } @@ -275,7 +284,7 @@ OM_uint32 krb5_gss_accept_sec_context(minor_status, context_handle, if (tmp != RSA_MD5_CKSUM_LENGTH) { xfree(md5.contents); - krb5_free_tkt_authent(authdat); + krb5_free_tkt_authent(context, authdat); *minor_status = KG_BAD_LENGTH; return(GSS_S_FAILURE); } @@ -285,7 +294,7 @@ OM_uint32 krb5_gss_accept_sec_context(minor_status, context_handle, if (code = kg_checksum_channel_bindings(input_chan_bindings, &md5, bigend)) { - krb5_free_tkt_authent(authdat); + krb5_free_tkt_authent(context, authdat); *minor_status = code; return(GSS_S_FAILURE); } @@ -293,7 +302,7 @@ OM_uint32 krb5_gss_accept_sec_context(minor_status, context_handle, TREAD_STR(ptr, ptr2, md5.length); if (memcmp(ptr2, md5.contents, md5.length) != 0) { xfree(md5.contents); - krb5_free_tkt_authent(authdat); + krb5_free_tkt_authent(context, authdat); *minor_status = 0; return(GSS_S_BAD_BINDINGS); } @@ -316,43 +325,43 @@ OM_uint32 krb5_gss_accept_sec_context(minor_status, context_handle, ctx->cred = cred; ctx->big_endian = bigend; - if (code = krb5_copy_principal(cred->princ, &ctx->here)) { + if (code = krb5_copy_principal(context, cred->princ, &ctx->here)) { xfree(ctx); - krb5_free_tkt_authent(authdat); + krb5_free_tkt_authent(context, authdat); *minor_status = code; return(GSS_S_FAILURE); } - if (code = krb5_copy_principal(authdat->authenticator->client, + if (code = krb5_copy_principal(context, authdat->authenticator->client, &ctx->there)) { - krb5_free_principal(ctx->here); + krb5_free_principal(context, ctx->here); xfree(ctx); - krb5_free_tkt_authent(authdat); + krb5_free_tkt_authent(context, authdat); *minor_status = code; return(GSS_S_FAILURE); } - if (code = krb5_copy_keyblock(authdat->authenticator->subkey, + if (code = krb5_copy_keyblock(context, authdat->authenticator->subkey, &ctx->subkey)) { - krb5_free_principal(ctx->there); - krb5_free_principal(ctx->here); + krb5_free_principal(context, ctx->there); + krb5_free_principal(context, ctx->here); xfree(ctx); - krb5_free_tkt_authent(authdat); + krb5_free_tkt_authent(context, authdat); *minor_status = code; return(GSS_S_FAILURE); } /* fill in the encryption descriptors */ - krb5_use_cstype(&ctx->enc.eblock, ETYPE_RAW_DES_CBC); + krb5_use_cstype(context, &ctx->enc.eblock, ETYPE_RAW_DES_CBC); ctx->enc.processed = 0; - if (code = krb5_copy_keyblock(ctx->subkey, &ctx->enc.key)) + if (code = krb5_copy_keyblock(context, ctx->subkey, &ctx->enc.key)) return(code); for (i=0; i<ctx->enc.key->length; i++) /*SUPPRESS 113*/ ctx->enc.key->contents[i] ^= 0xf0; - krb5_use_cstype(&ctx->seq.eblock, ETYPE_RAW_DES_CBC); + krb5_use_cstype(context, &ctx->seq.eblock, ETYPE_RAW_DES_CBC); ctx->seq.processed = 0; ctx->seq.key = ctx->subkey; @@ -369,9 +378,9 @@ OM_uint32 krb5_gss_accept_sec_context(minor_status, context_handle, if (ctx->mutual) { if (code = make_ap_rep(authdat, ctx->subkey, &ctx->seq_send, &token)) { - (void)krb5_gss_delete_sec_context(minor_status, (gss_ctx_id_t *) &ctx, - NULL); - krb5_free_tkt_authent(authdat); + (void)krb5_gss_delete_sec_context(context, minor_status, + (gss_ctx_id_t *) &ctx, NULL); + krb5_free_tkt_authent(context, authdat); *minor_status = code; return(GSS_S_FAILURE); } @@ -382,16 +391,16 @@ OM_uint32 krb5_gss_accept_sec_context(minor_status, context_handle, } /* done with authdat! */ - krb5_free_tkt_authent(authdat); + krb5_free_tkt_authent(context, authdat); /* set the return arguments */ if (src_name) { - if (code = krb5_copy_principal(ctx->there, &name)) { + if (code = krb5_copy_principal(context, ctx->there, &name)) { if (token.value) xfree(token.value); - (void)krb5_gss_delete_sec_context(minor_status, (gss_ctx_id_t *) &ctx, - NULL); + (void)krb5_gss_delete_sec_context(context, minor_status, + (gss_ctx_id_t *) &ctx, NULL); *minor_status = code; return(GSS_S_FAILURE); } @@ -401,12 +410,12 @@ OM_uint32 krb5_gss_accept_sec_context(minor_status, context_handle, *mech_type = (gss_OID) gss_mech_krb5; if (time_rec) { - if (code = krb5_timeofday(&now)) { + if (code = krb5_timeofday(context, &now)) { if (src_name) - krb5_free_principal(name); + krb5_free_principal(context, name); xfree(token.value); - (void)krb5_gss_delete_sec_context(minor_status, (gss_ctx_id_t *) &ctx, - NULL); + (void)krb5_gss_delete_sec_context(context, minor_status, + (gss_ctx_id_t *) &ctx, NULL); *minor_status = code; return(GSS_S_FAILURE); } @@ -422,10 +431,10 @@ OM_uint32 krb5_gss_accept_sec_context(minor_status, context_handle, if (src_name) if (! kg_save_name((gss_name_t) name)) { - krb5_free_principal(name); + krb5_free_principal(context, name); if (token.value) xfree(token.value); - (void)krb5_gss_delete_sec_context(minor_status, + (void)krb5_gss_delete_sec_context(context, minor_status, (gss_ctx_id_t *) &ctx, NULL); *minor_status = G_VALIDATE_FAILED; return(GSS_S_FAILURE); @@ -436,12 +445,12 @@ OM_uint32 krb5_gss_accept_sec_context(minor_status, context_handle, if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) { if (src_name) { (void) kg_delete_name((gss_name_t) name); - krb5_free_principal(name); + krb5_free_principal(context, name); } if (token.value) xfree(token.value); - (void)krb5_gss_delete_sec_context(minor_status, (gss_ctx_id_t *) &ctx, - NULL); + (void)krb5_gss_delete_sec_context(context, minor_status, + (gss_ctx_id_t *) &ctx, NULL); *minor_status = G_VALIDATE_FAILED; return(GSS_S_FAILURE); } diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index e951131fa..0bcf10c6e 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -29,8 +29,9 @@ If successful, set the keytab-specific fields in cred */ -static OM_uint32 acquire_accept_cred(minor_status, desired_name, output_princ, - cred) +static OM_uint32 +acquire_accept_cred(context, minor_status, desired_name, output_princ, cred) + krb5_context context; OM_uint32 *minor_status; gss_name_t desired_name; krb5_principal *output_princ; @@ -47,7 +48,7 @@ static OM_uint32 acquire_accept_cred(minor_status, desired_name, output_princ, /* open the default keytab */ - if (code = krb5_kt_default(&kt)) { + if (code = krb5_kt_default(context, &kt)) { *minor_status = code; return(GSS_S_CRED_UNAVAIL); } @@ -68,33 +69,33 @@ static OM_uint32 acquire_accept_cred(minor_status, desired_name, output_princ, /* iterate over the keytab searching for the principal */ - if (code = krb5_kt_start_seq_get(kt, &cur)) { + if (code = krb5_kt_start_seq_get(context, kt, &cur)) { *minor_status = code; return(GSS_S_FAILURE); } - while (!(code = krb5_kt_next_entry(kt, &entry, &cur))) { - if (krb5_principal_compare(entry.principal, princ)) { + while (!(code = krb5_kt_next_entry(context, kt, &entry, &cur))) { + if (krb5_principal_compare(context, entry.principal, princ)) { code = 0; - krb5_kt_free_entry(&entry); + krb5_kt_free_entry(context, &entry); break; } - krb5_kt_free_entry(&entry); + krb5_kt_free_entry(context, &entry); } if (code == KRB5_KT_END) { /* this means that the principal wasn't in the keytab */ - (void)krb5_kt_end_seq_get(kt, &cur); + (void)krb5_kt_end_seq_get(context, kt, &cur); *minor_status = KG_KEYTAB_NOMATCH; return(GSS_S_CRED_UNAVAIL); } else if (code) { /* this means some error occurred reading the keytab */ - (void)krb5_kt_end_seq_get(kt, &cur); + (void)krb5_kt_end_seq_get(context, kt, &cur); *minor_status = code; return(GSS_S_FAILURE); } else { /* this means that we found a matching entry */ - if (code = krb5_kt_end_seq_get(kt, &cur)) { + if (code = krb5_kt_end_seq_get(context, kt, &cur)) { *minor_status = code; return(GSS_S_FAILURE); } @@ -113,8 +114,9 @@ static OM_uint32 acquire_accept_cred(minor_status, desired_name, output_princ, If successful, set the ccache-specific fields in cred. */ -static OM_uint32 acquire_init_cred(minor_status, desired_name, output_princ, - cred) +static OM_uint32 +acquire_init_cred(context, minor_status, desired_name, output_princ, cred) + krb5_context context; OM_uint32 *minor_status; gss_name_t desired_name; krb5_principal *output_princ; @@ -132,7 +134,7 @@ static OM_uint32 acquire_init_cred(minor_status, desired_name, output_princ, /* open the default credential cache */ - if (code = krb5_cc_default(&ccache)) { + if (code = krb5_cc_default(context, &ccache)) { *minor_status = code; return(GSS_S_CRED_UNAVAIL); } @@ -140,27 +142,27 @@ static OM_uint32 acquire_init_cred(minor_status, desired_name, output_princ, /* turn off OPENCLOSE mode while extensive frobbing is going on */ flags = 0; /* turns off OPENCLOSE mode */ - if (code = krb5_cc_set_flags(ccache, flags)) { + if (code = krb5_cc_set_flags(context, ccache, flags)) { *minor_status = code; return(GSS_S_FAILURE); } /* get out the principal name and see if it matches */ - if (code = krb5_cc_get_principal(ccache, &princ)) { - (void)krb5_cc_close(ccache); + if (code = krb5_cc_get_principal(context, ccache, &princ)) { + (void)krb5_cc_close(context, ccache); *minor_status = code; return(GSS_S_FAILURE); } if (desired_name != GSS_C_NO_NAME) { - if (! krb5_principal_compare(princ, (krb5_principal) desired_name)) { - (void)krb5_free_principal(princ); - (void)krb5_cc_close(ccache); + if (! krb5_principal_compare(context, princ, (krb5_principal) desired_name)) { + (void)krb5_free_principal(context, princ); + (void)krb5_cc_close(context, ccache); *minor_status = KG_CCACHE_NOMATCH; return(GSS_S_CRED_UNAVAIL); } - (void)krb5_free_principal(princ); + (void)krb5_free_principal(context, princ); princ = (krb5_principal) desired_name; } else { *output_princ = princ; @@ -168,8 +170,8 @@ static OM_uint32 acquire_init_cred(minor_status, desired_name, output_princ, /* iterate over the ccache, find the tgt */ - if (code = krb5_cc_start_seq_get(ccache, &cur)) { - (void)krb5_cc_close(ccache); + if (code = krb5_cc_start_seq_get(context, ccache, &cur)) { + (void)krb5_cc_close(context, ccache); *minor_status = code; return(GSS_S_FAILURE); } @@ -180,7 +182,7 @@ static OM_uint32 acquire_init_cred(minor_status, desired_name, output_princ, got_endtime = 0; - while (!(code = krb5_cc_next_cred(ccache, &cur, &creds))) { + while (!(code = krb5_cc_next_cred(context, ccache, &cur, &creds))) { if ((creds.server->length == 2) && (strcmp(creds.server->realm.data, princ->realm.data) == 0) && (strcmp((char *) creds.server->data[0].data, "krbtgt") == 0) && @@ -190,7 +192,7 @@ static OM_uint32 acquire_init_cred(minor_status, desired_name, output_princ, got_endtime = 1; *minor_status = 0; code = 0; - krb5_free_cred_contents(&creds); + krb5_free_cred_contents(context, &creds); break; } if (got_endtime == 0) { @@ -198,25 +200,25 @@ static OM_uint32 acquire_init_cred(minor_status, desired_name, output_princ, got_endtime = 1; *minor_status = KG_TGT_MISSING; } - krb5_free_cred_contents(&creds); + krb5_free_cred_contents(context, &creds); } if (code && code != KRB5_CC_END) { /* this means some error occurred reading the ccache */ - (void)krb5_cc_end_seq_get(ccache, &cur); - (void)krb5_cc_close(ccache); + (void)krb5_cc_end_seq_get(context, ccache, &cur); + (void)krb5_cc_close(context, ccache); *minor_status = code; return(GSS_S_FAILURE); } else { /* this means that we found an endtime to use. */ - if (code = krb5_cc_end_seq_get(ccache, &cur)) { - (void)krb5_cc_close(ccache); + if (code = krb5_cc_end_seq_get(context, ccache, &cur)) { + (void)krb5_cc_close(context, ccache); *minor_status = code; return(GSS_S_FAILURE); } flags = KRB5_TC_OPENCLOSE; /* turns on OPENCLOSE mode */ - if (code = krb5_cc_set_flags(ccache, flags)) { - (void)krb5_cc_close(ccache); + if (code = krb5_cc_set_flags(context, ccache, flags)) { + (void)krb5_cc_close(context, ccache); *minor_status = code; return(GSS_S_FAILURE); } @@ -230,9 +232,11 @@ static OM_uint32 acquire_init_cred(minor_status, desired_name, output_princ, } /*ARGSUSED*/ -OM_uint32 krb5_gss_acquire_cred(minor_status, desired_name, time_req, - desired_mechs, cred_usage, output_cred_handle, - actual_mechs, time_rec) +OM_uint32 +krb5_gss_acquire_cred(context, minor_status, desired_name, time_req, + desired_mechs, cred_usage, output_cred_handle, + actual_mechs, time_rec) + krb5_context context; OM_uint32 *minor_status; gss_name_t desired_name; OM_uint32 time_req; @@ -309,7 +313,7 @@ OM_uint32 krb5_gss_acquire_cred(minor_status, desired_name, time_req, &(cred->princ), cred)) != GSS_S_COMPLETE) { if (cred->princ) - krb5_free_principal(cred->princ); + krb5_free_principal(context, cred->princ); xfree(cred); /* minor_status set by acquire_accept_cred() */ return(ret); @@ -327,9 +331,9 @@ OM_uint32 krb5_gss_acquire_cred(minor_status, desired_name, time_req, &(cred->princ), cred)) != GSS_S_COMPLETE) { if (cred->keytab) - krb5_kt_close(cred->keytab); + krb5_kt_close(context, cred->keytab); if (cred->princ) - krb5_free_principal(cred->princ); + krb5_free_principal(context, cred->princ); xfree(cred); /* minor_status set by acquire_init_cred() */ return(ret); @@ -338,12 +342,12 @@ OM_uint32 krb5_gss_acquire_cred(minor_status, desired_name, time_req, /* if the princ wasn't filled in already, fill it in now */ if (!cred->princ) - if (code = krb5_copy_principal((krb5_principal) desired_name, + if (code = krb5_copy_principal(context, (krb5_principal) desired_name, &(cred->princ))) { if (cred->ccache) - (void)krb5_cc_close(cred->ccache); + (void)krb5_cc_close(context, cred->ccache); if (cred->keytab) - (void)krb5_kt_close(cred->keytab); + (void)krb5_kt_close(context, cred->keytab); xfree(cred); *minor_status = code; return(GSS_S_FAILURE); @@ -359,13 +363,13 @@ OM_uint32 krb5_gss_acquire_cred(minor_status, desired_name, time_req, } else { krb5_timestamp now; - if (code = krb5_timeofday(&now)) { + if (code = krb5_timeofday(context, &now)) { if (cred->ccache) - (void)krb5_cc_close(cred->ccache); + (void)krb5_cc_close(context, cred->ccache); if (cred->keytab) - (void)krb5_kt_close(cred->keytab); + (void)krb5_kt_close(context, cred->keytab); if (cred->princ) - krb5_free_principal(cred->princ); + krb5_free_principal(context, cred->princ); xfree(cred); *minor_status = code; return(GSS_S_FAILURE); @@ -380,11 +384,11 @@ OM_uint32 krb5_gss_acquire_cred(minor_status, desired_name, time_req, if (actual_mechs) { if (! g_copy_OID_set(gss_mech_set_krb5, &mechs)) { if (cred->ccache) - (void)krb5_cc_close(cred->ccache); + (void)krb5_cc_close(context, cred->ccache); if (cred->keytab) - (void)krb5_kt_close(cred->keytab); + (void)krb5_kt_close(context, cred->keytab); if (cred->princ) - krb5_free_principal(cred->princ); + krb5_free_principal(context, cred->princ); xfree(cred); *minor_status = ENOMEM; return(GSS_S_FAILURE); @@ -397,11 +401,11 @@ OM_uint32 krb5_gss_acquire_cred(minor_status, desired_name, time_req, free(mechs->elements); free(mechs); if (cred->ccache) - (void)krb5_cc_close(cred->ccache); + (void)krb5_cc_close(context, cred->ccache); if (cred->keytab) - (void)krb5_kt_close(cred->keytab); + (void)krb5_kt_close(context, cred->keytab); if (cred->princ) - krb5_free_principal(cred->princ); + krb5_free_principal(context, cred->princ); xfree(cred); *minor_status = G_VALIDATE_FAILED; return(GSS_S_FAILURE); diff --git a/src/lib/gssapi/krb5/compare_name.c b/src/lib/gssapi/krb5/compare_name.c index aac295c5a..932753600 100644 --- a/src/lib/gssapi/krb5/compare_name.c +++ b/src/lib/gssapi/krb5/compare_name.c @@ -23,7 +23,8 @@ #include "gssapiP_krb5.h" OM_uint32 -krb5_gss_compare_name(minor_status, name1, name2, name_equal) +krb5_gss_compare_name(context, minor_status, name1, name2, name_equal) + krb5_context context; OM_uint32 *minor_status; gss_name_t name1; gss_name_t name2; @@ -40,7 +41,7 @@ krb5_gss_compare_name(minor_status, name1, name2, name_equal) } *minor_status = 0; - *name_equal = krb5_principal_compare((krb5_principal) name1, + *name_equal = krb5_principal_compare(context, (krb5_principal) name1, (krb5_principal) name2); return(GSS_S_COMPLETE); } diff --git a/src/lib/gssapi/krb5/context_time.c b/src/lib/gssapi/krb5/context_time.c index 08cefda6a..02989ee31 100644 --- a/src/lib/gssapi/krb5/context_time.c +++ b/src/lib/gssapi/krb5/context_time.c @@ -23,7 +23,8 @@ #include "gssapiP_krb5.h" OM_uint32 -krb5_gss_context_time(minor_status, context_handle, time_rec) +krb5_gss_context_time(context, minor_status, context_handle, time_rec) + krb5_context context; OM_uint32 *minor_status; gss_ctx_id_t context_handle; OM_uint32 *time_rec; @@ -46,7 +47,7 @@ krb5_gss_context_time(minor_status, context_handle, time_rec) return(GSS_S_NO_CONTEXT); } - if (code = krb5_timeofday(&now)) { + if (code = krb5_timeofday(context, &now)) { *minor_status = code; return(GSS_S_FAILURE); } diff --git a/src/lib/gssapi/krb5/delete_sec_context.c b/src/lib/gssapi/krb5/delete_sec_context.c index 3e8d554e7..73bd9b05a 100644 --- a/src/lib/gssapi/krb5/delete_sec_context.c +++ b/src/lib/gssapi/krb5/delete_sec_context.c @@ -23,7 +23,8 @@ #include "gssapiP_krb5.h" OM_uint32 -krb5_gss_delete_sec_context(minor_status, context_handle, output_token) +krb5_gss_delete_sec_context(context, minor_status, context_handle, output_token) + krb5_context context; OM_uint32 *minor_status; gss_ctx_id_t *context_handle; gss_buffer_t output_token; @@ -69,15 +70,15 @@ krb5_gss_delete_sec_context(minor_status, context_handle, output_token) ctx = (gss_ctx_id_t) *context_handle; if (ctx->enc.processed) - krb5_finish_key(&ctx->enc.eblock); - krb5_free_keyblock(ctx->enc.key); + krb5_finish_key(context, &ctx->enc.eblock); + krb5_free_keyblock(context, ctx->enc.key); if (ctx->seq.processed) - krb5_finish_key(&ctx->seq.eblock); + krb5_finish_key(context, &ctx->seq.eblock); - krb5_free_principal(ctx->here); - krb5_free_principal(ctx->there); - krb5_free_keyblock(ctx->subkey); + krb5_free_principal(context, ctx->here); + krb5_free_principal(context, ctx->there); + krb5_free_keyblock(context, ctx->subkey); xfree(ctx); diff --git a/src/lib/gssapi/krb5/display_name.c b/src/lib/gssapi/krb5/display_name.c index c1f6eae36..badb61e18 100644 --- a/src/lib/gssapi/krb5/display_name.c +++ b/src/lib/gssapi/krb5/display_name.c @@ -23,8 +23,9 @@ #include "gssapiP_krb5.h" OM_uint32 -krb5_gss_display_name(minor_status, input_name, output_name_buffer, +krb5_gss_display_name(context, minor_status, input_name, output_name_buffer, output_name_type) + krb5_context context; OM_uint32 *minor_status; gss_name_t input_name; gss_buffer_t output_name_buffer; @@ -41,7 +42,7 @@ krb5_gss_display_name(minor_status, input_name, output_name_buffer, return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME); } - if (code = krb5_unparse_name((krb5_principal) input_name, &str)) { + if (code = krb5_unparse_name(context, (krb5_principal) input_name, &str)) { *minor_status = code; return(GSS_S_FAILURE); } diff --git a/src/lib/gssapi/krb5/display_status.c b/src/lib/gssapi/krb5/display_status.c index bf3771321..1cedfe5ce 100644 --- a/src/lib/gssapi/krb5/display_status.c +++ b/src/lib/gssapi/krb5/display_status.c @@ -32,8 +32,9 @@ static int init_et = 0; /**/ OM_uint32 -krb5_gss_display_status(minor_status, status_value, status_type, +krb5_gss_display_status(context, minor_status, status_value, status_type, mech_type, message_context, status_string) + krb5_context context; OM_uint32 *minor_status; OM_uint32 status_value; int status_type; @@ -55,7 +56,7 @@ krb5_gss_display_status(minor_status, status_value, status_type, message_context, status_string)); } else if (status_type == GSS_C_MECH_CODE) { if (!init_et) { - krb5_init_ets(); + krb5_init_ets(context); initialize_k5g_error_table(); init_et = 1; } diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h index 95fb7bc4e..822df1898 100644 --- a/src/lib/gssapi/krb5/gssapiP_krb5.h +++ b/src/lib/gssapi/krb5/gssapiP_krb5.h @@ -91,6 +91,7 @@ typedef struct _krb5_gss_ctx_id_rec { krb5_int32 seq_recv; int established; int big_endian; + krb5_context context; } krb5_gss_ctx_id_rec, krb5_gss_ctx_id_t; extern void *kg_vdb; @@ -111,7 +112,9 @@ extern void *kg_vdb; /** helper functions **/ -OM_uint32 kg_get_defcred PROTOTYPE((OM_uint32 *minor_status, gss_cred_id_t *cred)); +OM_uint32 kg_get_defcred + PROTOTYPE((OM_uint32 *minor_status, + gss_cred_id_t *cred)); OM_uint32 kg_release_defcred PROTOTYPE((OM_uint32 *minor_status)); @@ -157,7 +160,8 @@ OM_uint32 kg_unseal PROTOTYPE((OM_uint32 *minor_status, /** declarations of internal name mechanism functions **/ OM_uint32 krb5_gss_acquire_cred -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ gss_name_t, /* desired_name */ OM_uint32, /* time_req */ gss_OID_set, /* desired_mechs */ @@ -168,12 +172,14 @@ PROTOTYPE( (OM_uint32*, /* minor_status */ )); OM_uint32 krb5_gss_release_cred -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ gss_cred_id_t* /* cred_handle */ )); OM_uint32 krb5_gss_init_sec_context -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ gss_cred_id_t, /* claimant_cred_handle */ gss_ctx_id_t*, /* context_handle */ gss_name_t, /* target_name */ @@ -190,7 +196,8 @@ PROTOTYPE( (OM_uint32*, /* minor_status */ )); OM_uint32 krb5_gss_accept_sec_context -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ gss_ctx_id_t*, /* context_handle */ gss_cred_id_t, /* verifier_cred_handle */ gss_buffer_t, /* input_token_buffer */ @@ -205,25 +212,29 @@ PROTOTYPE( (OM_uint32*, /* minor_status */ )); OM_uint32 krb5_gss_process_context_token -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_buffer_t /* token_buffer */ )); OM_uint32 krb5_gss_delete_sec_context -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ gss_ctx_id_t*, /* context_handle */ gss_buffer_t /* output_token */ )); OM_uint32 krb5_gss_context_time -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ OM_uint32* /* time_rec */ )); OM_uint32 krb5_gss_sign -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ int, /* qop_req */ gss_buffer_t, /* message_buffer */ @@ -231,7 +242,8 @@ PROTOTYPE( (OM_uint32*, /* minor_status */ )); OM_uint32 krb5_gss_verify -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_buffer_t, /* message_buffer */ gss_buffer_t, /* token_buffer */ @@ -239,7 +251,8 @@ PROTOTYPE( (OM_uint32*, /* minor_status */ )); OM_uint32 krb5_gss_seal -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ int, /* conf_req_flag */ int, /* qop_req */ @@ -249,7 +262,8 @@ PROTOTYPE( (OM_uint32*, /* minor_status */ )); OM_uint32 krb5_gss_unseal -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_buffer_t, /* input_message_buffer */ gss_buffer_t, /* output_message_buffer */ @@ -258,7 +272,8 @@ PROTOTYPE( (OM_uint32*, /* minor_status */ )); OM_uint32 krb5_gss_display_status -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ OM_uint32, /* status_value */ int, /* status_type */ const_gss_OID, /* mech_type */ @@ -267,38 +282,44 @@ PROTOTYPE( (OM_uint32*, /* minor_status */ )); OM_uint32 krb5_gss_indicate_mechs -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ gss_OID_set* /* mech_set */ )); OM_uint32 krb5_gss_compare_name -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ gss_name_t, /* name1 */ gss_name_t, /* name2 */ int* /* name_equal */ )); OM_uint32 krb5_gss_display_name -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ gss_name_t, /* input_name */ gss_buffer_t, /* output_name_buffer */ gss_OID* /* output_name_type */ )); OM_uint32 krb5_gss_import_name -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ gss_buffer_t, /* input_name_buffer */ const_gss_OID, /* input_name_type */ gss_name_t* /* output_name */ )); OM_uint32 krb5_gss_release_name -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ gss_name_t* /* input_name */ )); OM_uint32 krb5_gss_inquire_cred -PROTOTYPE( (OM_uint32 *, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32 *, /* minor_status */ gss_cred_id_t, /* cred_handle */ gss_name_t *, /* name */ OM_uint32 *, /* lifetime */ @@ -307,7 +328,8 @@ PROTOTYPE( (OM_uint32 *, /* minor_status */ )); OM_uint32 krb5_gss_inquire_context -PROTOTYPE( (OM_uint32*, /* minor_status */ +PROTOTYPE( (krb5_context, + OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_name_t*, /* initiator_name */ gss_name_t*, /* acceptor_name */ diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c index da88b706c..249c12562 100644 --- a/src/lib/gssapi/krb5/gssapi_krb5.c +++ b/src/lib/gssapi/krb5/gssapi_krb5.c @@ -61,6 +61,8 @@ static const gss_OID_set_desc oidsets[] = { const gss_OID_set_desc * const gss_mech_set_krb5 = oidsets+0; +krb5_context kg_context; + void *kg_vdb = NULL; /** default credential support */ @@ -79,10 +81,10 @@ kg_get_defcred(minor_status, cred) if (defcred == GSS_C_NO_CREDENTIAL) { OM_uint32 major; - if ((major = krb5_gss_acquire_cred(minor_status, GSS_C_NO_NAME, - GSS_C_INDEFINITE, GSS_C_NULL_OID_SET, - GSS_C_INITIATE, &defcred, NULL, - NULL)) && + if ((major = krb5_gss_acquire_cred(kg_context, minor_status, + GSS_C_NO_NAME, GSS_C_INDEFINITE, + GSS_C_NULL_OID_SET, GSS_C_INITIATE, + &defcred, NULL, NULL)) && GSS_ERROR(major)) { defcred = GSS_C_NO_CREDENTIAL; return(major); @@ -103,5 +105,5 @@ kg_release_defcred(minor_status) return(GSS_S_COMPLETE); } - return(krb5_gss_release_cred(minor_status, &defcred)); + return(krb5_gss_release_cred(kg_context, minor_status, &defcred)); } diff --git a/src/lib/gssapi/krb5/gssapi_krb5.h b/src/lib/gssapi/krb5/gssapi_krb5.h index 6a8c445d7..53f247583 100644 --- a/src/lib/gssapi/krb5/gssapi_krb5.h +++ b/src/lib/gssapi/krb5/gssapi_krb5.h @@ -39,9 +39,10 @@ extern const gss_OID_desc * const gss_nt_krb5_principal; #define gss_krb5_nt_machine_uid_name gss_nt_machine_uid_name #define gss_krb5_nt_string_uid_name gss_nt_string_uid_name -OM_uint32 gss_krb5_get_tkt_flags PROTOTYPE((OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - krb5_flags *ticket_flags)); +OM_uint32 gss_krb5_get_tkt_flags + PROTOTYPE((OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + krb5_flags *ticket_flags)); #endif /* _GSSAPI_KRB5_H_ */ diff --git a/src/lib/gssapi/krb5/import_name.c b/src/lib/gssapi/krb5/import_name.c index 9a839361e..47417bb66 100644 --- a/src/lib/gssapi/krb5/import_name.c +++ b/src/lib/gssapi/krb5/import_name.c @@ -36,8 +36,9 @@ */ OM_uint32 -krb5_gss_import_name(minor_status, input_name_buffer, input_name_type, - output_name) +krb5_gss_import_name(context, minor_status, input_name_buffer, + input_name_type, output_name) + krb5_context context; OM_uint32 *minor_status; gss_buffer_t input_name_buffer; const_gss_OID input_name_type; @@ -76,7 +77,7 @@ krb5_gss_import_name(minor_status, input_name_buffer, input_name_type, *host = '\0'; host++; - code = krb5_sname_to_principal(host, service, KRB5_NT_SRV_HST, + code = krb5_sname_to_principal(context, host, service, KRB5_NT_SRV_HST, &princ); xfree(tmp); @@ -91,7 +92,7 @@ krb5_gss_import_name(minor_status, input_name_buffer, input_name_type, input = *((krb5_principal *) input_name_buffer->value); - if (code = krb5_copy_principal(input, &princ)) { + if (code = krb5_copy_principal(context, input, &princ)) { *minor_status = code; return(GSS_S_FAILURE); } @@ -119,7 +120,7 @@ krb5_gss_import_name(minor_status, input_name_buffer, input_name_type, /* at this point, stringrep is set, or if not, *minor_status is. */ if (stringrep) - code = krb5_parse_name((char *) stringrep, &princ); + code = krb5_parse_name(context, (char *) stringrep, &princ); else return(GSS_S_BAD_NAME); } @@ -135,7 +136,7 @@ krb5_gss_import_name(minor_status, input_name_buffer, input_name_type, /* save the name in the validation database */ if (! kg_save_name((gss_name_t) princ)) { - krb5_free_principal(princ); + krb5_free_principal(context, princ); *minor_status = G_VALIDATE_FAILED; return(GSS_S_FAILURE); } diff --git a/src/lib/gssapi/krb5/indicate_mechs.c b/src/lib/gssapi/krb5/indicate_mechs.c index d4dff7cd2..f10087345 100644 --- a/src/lib/gssapi/krb5/indicate_mechs.c +++ b/src/lib/gssapi/krb5/indicate_mechs.c @@ -23,7 +23,8 @@ #include "gssapiP_krb5.h" OM_uint32 -krb5_gss_indicate_mechs(minor_status, mech_set) +krb5_gss_indicate_mechs(context, minor_status, mech_set) + krb5_context context; OM_uint32 *minor_status; gss_OID_set *mech_set; { diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index fbdd7486b..63f277716 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -24,8 +24,9 @@ #include <memory.h> static krb5_error_code -make_ap_req(cred, server, endtime, chan_bindings, do_mutual, subkey, flags, - seqnum, token) +make_ap_req(context, cred, server, endtime, chan_bindings, do_mutual, + subkey, flags, seqnum, token) + krb5_context context; krb5_gss_cred_id_t cred; krb5_principal server; krb5_timestamp *endtime; @@ -70,20 +71,20 @@ make_ap_req(cred, server, endtime, chan_bindings, do_mutual, subkey, flags, /* fill in the necessary fields in creds */ memset((char *) &creds, 0, sizeof(creds)); - if (code = krb5_copy_principal(cred->princ, &creds.client)) + if (code = krb5_copy_principal(context, cred->princ, &creds.client)) return code; - if (code = krb5_copy_principal(server, &creds.server)) { - krb5_free_cred_contents(&creds); + if (code = krb5_copy_principal(context, server, &creds.server)) { + krb5_free_cred_contents(context, &creds); return code; } creds.times.endtime = *endtime; /* call mk_req. subkey and ap_req need to be used or destroyed */ - if (code = krb5_mk_req_extended(do_mutual?AP_OPTS_MUTUAL_REQUIRED:0, + if (code = krb5_mk_req_extended(context, do_mutual?AP_OPTS_MUTUAL_REQUIRED:0, &checksum, 0, 0, subkey, cred->ccache, &creds, &authent, &ap_req)) { - krb5_free_cred_contents(&creds); + krb5_free_cred_contents(context, &creds); return(code); } @@ -94,7 +95,7 @@ make_ap_req(cred, server, endtime, chan_bindings, do_mutual, subkey, flags, /* free stuff which was created */ - krb5_free_cred_contents(&creds); + krb5_free_cred_contents(context, &creds); /* build up the token */ @@ -103,7 +104,7 @@ make_ap_req(cred, server, endtime, chan_bindings, do_mutual, subkey, flags, if ((t = (unsigned char *) xmalloc(tlen)) == NULL) { xfree(ap_req.data); - krb5_free_keyblock(*subkey); + krb5_free_keyblock(context, *subkey); return(ENOMEM); } @@ -129,11 +130,12 @@ make_ap_req(cred, server, endtime, chan_bindings, do_mutual, subkey, flags, } OM_uint32 -krb5_gss_init_sec_context(minor_status, claimant_cred_handle, +krb5_gss_init_sec_context(context, minor_status, claimant_cred_handle, context_handle, target_name, mech_type, req_flags, time_req, input_chan_bindings, input_token, actual_mech_type, output_token, ret_flags, time_rec) + krb5_context context; OM_uint32 *minor_status; gss_cred_id_t claimant_cred_handle; gss_ctx_id_t *context_handle; @@ -233,7 +235,7 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, if (time_req == 0 || time_req == GSS_C_INDEFINITE) { ctx->endtime = 0; } else { - if (code = krb5_timeofday(&now)) { + if (code = krb5_timeofday(context, &now)) { free(ctx); *minor_status = code; return(GSS_S_FAILURE); @@ -241,15 +243,15 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, ctx->endtime = now + time_req; } - if (code = krb5_copy_principal(cred->princ, &ctx->here)) { + if (code = krb5_copy_principal(context, cred->princ, &ctx->here)) { xfree(ctx); *minor_status = code; return(GSS_S_FAILURE); } - if (code = krb5_copy_principal((krb5_principal) target_name, + if (code = krb5_copy_principal(context, (krb5_principal) target_name, &ctx->there)) { - krb5_free_principal(ctx->here); + krb5_free_principal(context, ctx->here); xfree(ctx); *minor_status = code; return(GSS_S_FAILURE); @@ -259,8 +261,8 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, input_chan_bindings, ctx->mutual, &ctx->subkey, &ctx->flags, &ctx->seq_send, &token)) { - krb5_free_principal(ctx->here); - krb5_free_principal(ctx->there); + krb5_free_principal(context, ctx->here); + krb5_free_principal(context, ctx->there); xfree(ctx); *minor_status = code; return(GSS_S_FAILURE); @@ -270,15 +272,15 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, /* the encryption key is the session key XOR 0xf0f0f0f0f0f0f0f0 */ - krb5_use_cstype(&ctx->enc.eblock, ETYPE_RAW_DES_CBC); + krb5_use_cstype(context, &ctx->enc.eblock, ETYPE_RAW_DES_CBC); ctx->enc.processed = 0; - if (code = krb5_copy_keyblock(ctx->subkey, &ctx->enc.key)) + if (code = krb5_copy_keyblock(context, ctx->subkey, &ctx->enc.key)) return(code); for (i=0; i<ctx->enc.key->length; i++) /*SUPPRESS 113*/ ctx->enc.key->contents[i] ^= 0xf0; - krb5_use_cstype(&ctx->seq.eblock, ETYPE_RAW_DES_CBC); + krb5_use_cstype(context, &ctx->seq.eblock, ETYPE_RAW_DES_CBC); ctx->seq.processed = 0; ctx->seq.key = ctx->subkey; @@ -289,9 +291,9 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) { xfree(token.value); - krb5_free_keyblock(ctx->subkey); - krb5_free_principal(ctx->here); - krb5_free_principal(ctx->there); + krb5_free_keyblock(context, ctx->subkey); + krb5_free_principal(context, ctx->here); + krb5_free_principal(context, ctx->there); xfree(ctx); *minor_status = G_VALIDATE_FAILED; @@ -301,10 +303,10 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, /* compute time_rec */ if (time_rec) { - if (code = krb5_timeofday(&now)) { + if (code = krb5_timeofday(context, &now)) { xfree(token.value); - (void)krb5_gss_delete_sec_context(minor_status, (gss_ctx_id_t) ctx, - NULL); + (void)krb5_gss_delete_sec_context(context, minor_status, + (gss_ctx_id_t) ctx, NULL); *minor_status = code; return(GSS_S_FAILURE); } @@ -352,13 +354,16 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, if ((ctx->established) || (((gss_cred_id_t) ctx->cred) != claimant_cred_handle) || ((req_flags & GSS_C_MUTUAL_FLAG) == 0)) { - (void)krb5_gss_delete_sec_context(minor_status, context_handle, NULL); + (void)krb5_gss_delete_sec_context(context, minor_status, + context_handle, NULL); *minor_status = KG_CONTEXT_ESTABLISHED; return(GSS_S_FAILURE); } - if (! krb5_principal_compare(ctx->there, (krb5_principal) target_name)) { - (void)krb5_gss_delete_sec_context(minor_status, context_handle, NULL); + if (! krb5_principal_compare(context, ctx->there, + (krb5_principal) target_name)) { + (void)krb5_gss_delete_sec_context(context, minor_status, + context_handle, NULL); *minor_status = 0; return(GSS_S_BAD_NAME); } @@ -366,7 +371,8 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, /* verify the token and leave the AP_REP message in ap_rep */ if (input_token == GSS_C_NO_BUFFER) { - (void)krb5_gss_delete_sec_context(minor_status, context_handle, NULL); + (void)krb5_gss_delete_sec_context(context, minor_status, + context_handle, NULL); *minor_status = 0; return(GSS_S_DEFECTIVE_TOKEN); } @@ -383,8 +389,9 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, TREAD_STR(ptr, ap_rep.data, ap_rep.length); /* decode the ap_rep */ - if (code = krb5_rd_rep(&ap_rep, ctx->subkey, &ap_rep_data)) { - (void)krb5_gss_delete_sec_context(minor_status, context_handle, NULL); + if (code = krb5_rd_rep(context, &ap_rep, ctx->subkey, &ap_rep_data)) { + (void)krb5_gss_delete_sec_context(context, minor_status, + context_handle, NULL); *minor_status = code; return(GSS_S_FAILURE); } @@ -393,7 +400,7 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, ctx->seq_recv = ap_rep_data->seq_number; /* free the ap_rep_data */ - krb5_free_ap_rep_enc_part(ap_rep_data); + krb5_free_ap_rep_enc_part(context, ap_rep_data); /* set established */ ctx->established = 1; @@ -401,8 +408,9 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, /* set returns */ if (time_rec) { - if (code = krb5_timeofday(&now)) { - (void)krb5_gss_delete_sec_context(minor_status, (gss_ctx_id_t) ctx, + if (code = krb5_timeofday(context, &now)) { + (void)krb5_gss_delete_sec_context(context, minor_status, + (gss_ctx_id_t) ctx, NULL); *minor_status = code; return(GSS_S_FAILURE); diff --git a/src/lib/gssapi/krb5/inquire_context.c b/src/lib/gssapi/krb5/inquire_context.c index aefea92de..3fd7abefa 100644 --- a/src/lib/gssapi/krb5/inquire_context.c +++ b/src/lib/gssapi/krb5/inquire_context.c @@ -23,9 +23,10 @@ #include "gssapiP_krb5.h" OM_uint32 -krb5_gss_inquire_context(minor_status, context_handle, initiator_name, +krb5_gss_inquire_context(context, minor_status, context_handle, initiator_name, acceptor_name, lifetime_rec, mech_type, ret_flags, locally_initiated) + krb5_context context; OM_uint32 *minor_status; gss_ctx_id_t context_handle; gss_name_t *initiator_name; @@ -62,7 +63,7 @@ krb5_gss_inquire_context(minor_status, context_handle, initiator_name, init = NULL; accept = NULL; - if (code = krb5_timeofday(&now)) { + if (code = krb5_timeofday(context, &now)) { *minor_status = code; return(GSS_S_FAILURE); } @@ -71,30 +72,32 @@ krb5_gss_inquire_context(minor_status, context_handle, initiator_name, lifetime = 0; if (initiator_name) { - if (code = krb5_copy_principal(ctx->initiate?ctx->here:ctx->there, + if (code = krb5_copy_principal(context, + ctx->initiate?ctx->here:ctx->there, &init)) { *minor_status = code; return(GSS_S_FAILURE); } if (! kg_save_name((gss_name_t) init)) { - krb5_free_principal(init); + krb5_free_principal(context, init); *minor_status = G_VALIDATE_FAILED; return(GSS_S_FAILURE); } } if (acceptor_name) { - if (code = krb5_copy_principal(ctx->initiate?ctx->there:ctx->here, + if (code = krb5_copy_principal(context, + ctx->initiate?ctx->there:ctx->here, &accept)) { - if (init) krb5_free_principal(init); + if (init) krb5_free_principal(context, init); *minor_status = code; return(GSS_S_FAILURE); } if (! kg_save_name((gss_name_t) accept)) { - krb5_free_principal(accept); + krb5_free_principal(context, accept); if (init) { kg_delete_name((gss_name_t) accept); - krb5_free_principal(init); + krb5_free_principal(context, init); } *minor_status = G_VALIDATE_FAILED; return(GSS_S_FAILURE); diff --git a/src/lib/gssapi/krb5/inquire_cred.c b/src/lib/gssapi/krb5/inquire_cred.c index ea8ed4b04..1101e14cb 100644 --- a/src/lib/gssapi/krb5/inquire_cred.c +++ b/src/lib/gssapi/krb5/inquire_cred.c @@ -23,8 +23,9 @@ #include "gssapiP_krb5.h" OM_uint32 -krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, +krb5_gss_inquire_cred(context, minor_status, cred_handle, name, lifetime_ret, cred_usage, mechanisms) + krb5_context context; OM_uint32 *minor_status; gss_cred_id_t cred_handle; gss_name_t *name; @@ -60,7 +61,7 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, cred = (krb5_gss_cred_id_t) cred_handle; - if (code = krb5_timeofday(&now)) { + if (code = krb5_timeofday(context, &now)) { *minor_status = code; return(GSS_S_FAILURE); } @@ -69,7 +70,7 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, lifetime = 0; if (name) { - if (code = krb5_copy_principal(cred->princ, &ret_name)) { + if (code = krb5_copy_principal(context, cred->princ, &ret_name)) { *minor_status = code; return(GSS_S_FAILURE); } @@ -77,7 +78,7 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, if (mechanisms) if (! g_copy_OID_set(gss_mech_set_krb5, &mechs)) { - krb5_free_principal(ret_name); + krb5_free_principal(context, ret_name); *minor_status = ENOMEM; return(GSS_S_FAILURE); } @@ -85,7 +86,7 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, if (name) { if (! kg_save_name((gss_name_t) ret_name)) { (void)gss_release_oid_set(minor_status, &mechs); - krb5_free_principal(ret_name); + krb5_free_principal(context, ret_name); *minor_status = G_VALIDATE_FAILED; return(GSS_S_FAILURE); } diff --git a/src/lib/gssapi/krb5/k5seal.c b/src/lib/gssapi/krb5/k5seal.c index d7f76bfd7..5cc622dad 100644 --- a/src/lib/gssapi/krb5/k5seal.c +++ b/src/lib/gssapi/krb5/k5seal.c @@ -25,8 +25,9 @@ #include <krb5/rsa-md5.h> static krb5_error_code -make_seal_token(enc_ed, seq_ed, seqnum, direction, text, token, +make_seal_token(context, enc_ed, seq_ed, seqnum, direction, text, token, encrypt, toktype, bigend) + krb5_context context; krb5_gss_enc_desc *enc_ed; krb5_gss_enc_desc *seq_ed; krb5_int32 *seqnum; @@ -145,7 +146,7 @@ make_seal_token(enc_ed, seq_ed, seqnum, direction, text, token, /* XXX this depends on the key being a single-des key, but that's all that kerberos supports right now */ - if (code = krb5_calculate_checksum(CKSUMTYPE_DESCBC, md5.digest, 16, + if (code = krb5_calculate_checksum(context, CKSUMTYPE_DESCBC, md5.digest, 16, seq_ed->key->contents, seq_ed->key->length, &desmac)) { @@ -217,7 +218,7 @@ kg_seal(minor_status, context_handle, conf_req_flag, qop_req, return(GSS_S_NO_CONTEXT); } - if (code = krb5_timeofday(&now)) { + if (code = krb5_timeofday(ctx->context, &now)) { *minor_status = code; return(GSS_S_FAILURE); } diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c index 78d328d5a..ca0eca182 100644 --- a/src/lib/gssapi/krb5/k5unseal.c +++ b/src/lib/gssapi/krb5/k5unseal.c @@ -173,8 +173,8 @@ kg_unseal(minor_status, context_handle, input_token_buffer, message_buffer, /* XXX this depends on the key being a single-des key, but that's all that kerberos supports right now */ - if (code = krb5_calculate_checksum(CKSUMTYPE_DESCBC, md5.digest, 16, - ctx->seq.key->contents, + if (code = krb5_calculate_checksum(context, CKSUMTYPE_DESCBC, md5.digest, + 16, ctx->seq.key->contents, ctx->seq.key->length, &desmac)) { if (toktype == KG_TOK_SEAL_MSG) @@ -239,7 +239,7 @@ kg_unseal(minor_status, context_handle, input_token_buffer, message_buffer, if (qop_state) *qop_state = GSS_C_QOP_DEFAULT; - if (code = krb5_timeofday(&now)) { + if (code = krb5_timeofday(ctx->context, &now)) { *minor_status = code; return(GSS_S_FAILURE); } diff --git a/src/lib/gssapi/krb5/krb5_gss_glue.c b/src/lib/gssapi/krb5/krb5_gss_glue.c index ed31c9051..a1c0f7f6a 100644 --- a/src/lib/gssapi/krb5/krb5_gss_glue.c +++ b/src/lib/gssapi/krb5/krb5_gss_glue.c @@ -22,18 +22,12 @@ #include "gssapiP_krb5.h" +extern krb5_context kg_context; + OM_uint32 -gss_accept_sec_context(minor_status, - context_handle, - verifier_cred_handle, - input_token, - input_chan_bindings, - src_name, - mech_type, - output_token, - ret_flags, - time_rec, - delegated_cred_handle) +gss_accept_sec_context(minor_status, context_handle, verifier_cred_handle, + input_token, input_chan_bindings, src_name, mech_type, + output_token, ret_flags, time_rec, delegated_cred_handle) OM_uint32 *minor_status; gss_ctx_id_t *context_handle; gss_cred_id_t verifier_cred_handle; @@ -46,7 +40,17 @@ gss_accept_sec_context(minor_status, OM_uint32 *time_rec; gss_cred_id_t *delegated_cred_handle; { - return(krb5_gss_accept_sec_context(minor_status, + krb5_gss_ctx_id_t * ctx; + + /* validate the context handle */ + if (! kg_validate_ctx_id(context_handle)) { + *minor_status = G_VALIDATE_FAILED; + return(GSS_S_NO_CONTEXT); + } + + ctx = (krb5_gss_ctx_id_rec *) context_handle; + + return(krb5_gss_accept_sec_context(ctx->context, minor_status, context_handle, verifier_cred_handle, input_token, @@ -60,14 +64,8 @@ gss_accept_sec_context(minor_status, } OM_uint32 -gss_acquire_cred(minor_status, - desired_name, - time_req, - desired_mechs, - cred_usage, - output_cred_handle, - actual_mechs, - time_rec) +gss_acquire_cred(minor_status, desired_name, time_req, desired_mechs, + cred_usage, output_cred_handle, actual_mechs, time_rec) OM_uint32 *minor_status; gss_name_t desired_name; OM_uint32 time_req; @@ -77,7 +75,7 @@ gss_acquire_cred(minor_status, gss_OID_set *actual_mechs; OM_uint32 *time_rec; { - return(krb5_gss_acquire_cred(minor_status, + return(krb5_gss_acquire_cred(kg_context, minor_status, desired_name, time_req, desired_mechs, @@ -88,70 +86,70 @@ gss_acquire_cred(minor_status, } OM_uint32 -gss_compare_name(minor_status, - name1, - name2, - name_equal) +gss_compare_name(minor_status, name1, name2, name_equal) OM_uint32 *minor_status; gss_name_t name1; gss_name_t name2; int *name_equal; { - return(krb5_gss_compare_name(minor_status, - name1, - name2, - name_equal)); + return(krb5_gss_compare_name(kg_context, minor_status, name1, + name2, name_equal)); } OM_uint32 -gss_context_time(minor_status, - context_handle, - time_rec) +gss_context_time(minor_status, context_handle, time_rec) OM_uint32 *minor_status; gss_ctx_id_t context_handle; OM_uint32 *time_rec; { - return(krb5_gss_context_time(minor_status, - context_handle, + krb5_gss_ctx_id_t * ctx; + + /* validate the context handle */ + if (! kg_validate_ctx_id(context_handle)) { + *minor_status = G_VALIDATE_FAILED; + return(GSS_S_NO_CONTEXT); + } + + ctx = (krb5_gss_ctx_id_rec *) context_handle; + + return(krb5_gss_context_time(ctx->context, minor_status, context_handle, time_rec)); } OM_uint32 -gss_delete_sec_context(minor_status, - context_handle, - output_token) +gss_delete_sec_context(minor_status, context_handle, output_token) OM_uint32 *minor_status; gss_ctx_id_t *context_handle; gss_buffer_t output_token; { - return(krb5_gss_delete_sec_context(minor_status, - context_handle, - output_token)); + krb5_gss_ctx_id_t * ctx; + + /* validate the context handle */ + if (! kg_validate_ctx_id(context_handle)) { + *minor_status = G_VALIDATE_FAILED; + return(GSS_S_NO_CONTEXT); + } + + ctx = (krb5_gss_ctx_id_rec *) context_handle; + + return(krb5_gss_delete_sec_context(ctx->context, minor_status, + context_handle, output_token)); } OM_uint32 -gss_display_name(minor_status, - input_name, - output_name_buffer, - output_name_type) +gss_display_name(minor_status, input_name, output_name_buffer, output_name_type) OM_uint32 *minor_status; gss_name_t input_name; gss_buffer_t output_name_buffer; gss_OID *output_name_type; { - return(krb5_gss_display_name(minor_status, - input_name, - output_name_buffer, - output_name_type)); + return(krb5_gss_display_name(kg_context, minor_status, input_name, + output_name_buffer, output_name_type)); } OM_uint32 -gss_display_status(minor_status, - status_value, - status_type, - mech_type, - message_context, - status_string) +gss_display_status(minor_status, status_value, status_type, + mech_type, message_context, status_string) OM_uint32 *minor_status; OM_uint32 status_value; int status_type; @@ -159,28 +157,20 @@ gss_display_status(minor_status, int *message_context; gss_buffer_t status_string; { - return(krb5_gss_display_status(minor_status, - status_value, - status_type, - mech_type, - message_context, + return(krb5_gss_display_status(kg_context, minor_status, status_value, + status_type, mech_type, message_context, status_string)); } OM_uint32 -gss_import_name(minor_status, - input_name_buffer, - input_name_type, - output_name) +gss_import_name(minor_status, input_name_buffer, input_name_type, output_name) OM_uint32 *minor_status; gss_buffer_t input_name_buffer; const_gss_OID input_name_type; gss_name_t *output_name; { - return(krb5_gss_import_name(minor_status, - input_name_buffer, - input_name_type, - output_name)); + return(krb5_gss_import_name(kg_context, minor_status, input_name_buffer, + input_name_type, output_name)); } OM_uint32 @@ -188,24 +178,14 @@ gss_indicate_mechs(minor_status, mech_set) OM_uint32 *minor_status; gss_OID_set *mech_set; { - return(krb5_gss_indicate_mechs(minor_status, - mech_set)); + return(krb5_gss_indicate_mechs(kg_context, minor_status, mech_set)); } OM_uint32 -gss_init_sec_context(minor_status, - claimant_cred_handle, - context_handle, - target_name, - mech_type, - req_flags, - time_req, - input_chan_bindings, - input_token, - actual_mech_type, - output_token, - ret_flags, - time_rec) +gss_init_sec_context(minor_status, claimant_cred_handle, context_handle, + target_name, mech_type, req_flags, time_req, + input_chan_bindings, input_token, actual_mech_type, + output_token, ret_flags, time_rec) OM_uint32 *minor_status; gss_cred_id_t claimant_cred_handle; gss_ctx_id_t *context_handle; @@ -220,29 +200,17 @@ gss_init_sec_context(minor_status, int *ret_flags; OM_uint32 *time_rec; { - return(krb5_gss_init_sec_context(minor_status, - claimant_cred_handle, - context_handle, - target_name, - mech_type, - req_flags, - time_req, - input_chan_bindings, - input_token, - actual_mech_type, - output_token, - ret_flags, + return(krb5_gss_init_sec_context(kg_context, minor_status, + claimant_cred_handle, context_handle, + target_name, mech_type, req_flags, + time_req, input_chan_bindings, input_token, + actual_mech_type, output_token, ret_flags, time_rec)); } OM_uint32 -gss_inquire_context(minor_status, - context_handle, - initiator_name, - acceptor_name, - lifetime_rec, - mech_type, - ret_flags, +gss_inquire_context(minor_status, context_handle, initiator_name, acceptor_name, + lifetime_rec, mech_type, ret_flags, locally_initiated) OM_uint32 *minor_status; gss_ctx_id_t context_handle; @@ -253,23 +221,24 @@ gss_inquire_context(minor_status, int *ret_flags; int *locally_initiated; { - return(krb5_gss_inquire_context(minor_status, - context_handle, - initiator_name, - acceptor_name, - lifetime_rec, - mech_type, - ret_flags, - locally_initiated)); + krb5_gss_ctx_id_t * ctx; + + /* validate the context handle */ + if (! kg_validate_ctx_id(context_handle)) { + *minor_status = G_VALIDATE_FAILED; + return(GSS_S_NO_CONTEXT); + } + + ctx = (krb5_gss_ctx_id_rec *) context_handle; + + return(krb5_gss_inquire_context(ctx->context, minor_status, context_handle, + initiator_name, acceptor_name, lifetime_rec, + mech_type, ret_flags, locally_initiated)); } OM_uint32 -gss_inquire_cred(minor_status, - cred_handle, - name, - lifetime_ret, - cred_usage, - mechanisms) +gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, + cred_usage, mechanisms) OM_uint32 *minor_status; gss_cred_id_t cred_handle; gss_name_t *name; @@ -277,25 +246,28 @@ gss_inquire_cred(minor_status, int *cred_usage; gss_OID_set *mechanisms; { - return(krb5_gss_inquire_cred(minor_status, - cred_handle, - name, - lifetime_ret, - cred_usage, - mechanisms)); + return(krb5_gss_inquire_cred(kg_context, minor_status, cred_handle, + name, lifetime_ret, cred_usage, mechanisms)); } OM_uint32 -gss_process_context_token(minor_status, - context_handle, - token_buffer) +gss_process_context_token(minor_status, context_handle, token_buffer) OM_uint32 *minor_status; gss_ctx_id_t context_handle; gss_buffer_t token_buffer; { - return(krb5_gss_process_context_token(minor_status, - context_handle, - token_buffer)); + krb5_gss_ctx_id_t * ctx; + + /* validate the context handle */ + if (! kg_validate_ctx_id(context_handle)) { + *minor_status = G_VALIDATE_FAILED; + return(GSS_S_NO_CONTEXT); + } + + ctx = (krb5_gss_ctx_id_rec *) context_handle; + + return(krb5_gss_process_context_token(ctx->context, minor_status, + context_handle, token_buffer)); } OM_uint32 @@ -303,8 +275,7 @@ gss_release_cred(minor_status, cred_handle) OM_uint32 *minor_status; gss_cred_id_t *cred_handle; { - return(krb5_gss_release_cred(minor_status, - cred_handle)); + return(krb5_gss_release_cred(kg_context, minor_status, cred_handle)); } OM_uint32 @@ -312,8 +283,7 @@ gss_release_name(minor_status, input_name) OM_uint32 *minor_status; gss_name_t *input_name; { - return(krb5_gss_release_name(minor_status, - input_name)); + return(krb5_gss_release_name(kg_context, minor_status, input_name)); } OM_uint32 @@ -330,18 +300,12 @@ gss_release_oid_set(minor_status, set) OM_uint32* minor_status; gss_OID_set *set; { - return(generic_gss_release_oid_set(minor_status, - set)); + return(generic_gss_release_oid_set(minor_status, set)); } OM_uint32 -gss_seal(minor_status, - context_handle, - conf_req_flag, - qop_req, - input_message_buffer, - conf_state, - output_message_buffer) +gss_seal(minor_status, context_handle, conf_req_flag, qop_req, + input_message_buffer, conf_state, output_message_buffer) OM_uint32 *minor_status; gss_ctx_id_t context_handle; int conf_req_flag; @@ -350,41 +314,46 @@ gss_seal(minor_status, int *conf_state; gss_buffer_t output_message_buffer; { - return(krb5_gss_seal(minor_status, - context_handle, - conf_req_flag, - qop_req, - input_message_buffer, - conf_state, - output_message_buffer)); + krb5_gss_ctx_id_t * ctx; + + /* validate the context handle */ + if (! kg_validate_ctx_id(context_handle)) { + *minor_status = G_VALIDATE_FAILED; + return(GSS_S_NO_CONTEXT); + } + + ctx = (krb5_gss_ctx_id_rec *) context_handle; + + return(krb5_gss_seal(ctx->context, minor_status, context_handle, + conf_req_flag, qop_req, input_message_buffer, + conf_state, output_message_buffer)); } OM_uint32 -gss_sign(minor_status, - context_handle, - qop_req, - message_buffer, - message_token) +gss_sign(minor_status, context_handle, qop_req, message_buffer, message_token) OM_uint32 *minor_status; gss_ctx_id_t context_handle; int qop_req; gss_buffer_t message_buffer; gss_buffer_t message_token; { - return(krb5_gss_sign(minor_status, - context_handle, - qop_req, - message_buffer, - message_token)); + krb5_gss_ctx_id_t * ctx; + + /* validate the context handle */ + if (! kg_validate_ctx_id(context_handle)) { + *minor_status = G_VALIDATE_FAILED; + return(GSS_S_NO_CONTEXT); + } + + ctx = (krb5_gss_ctx_id_rec *) context_handle; + + return(krb5_gss_sign(ctx->context, minor_status, context_handle, + qop_req, message_buffer, message_token)); } OM_uint32 -gss_unseal(minor_status, - context_handle, - input_message_buffer, - output_message_buffer, - conf_state, - qop_state) +gss_unseal(minor_status, context_handle, input_message_buffer, + output_message_buffer, conf_state, qop_state) OM_uint32 *minor_status; gss_ctx_id_t context_handle; gss_buffer_t input_message_buffer; @@ -392,29 +361,40 @@ gss_unseal(minor_status, int *conf_state; int *qop_state; { - return(krb5_gss_unseal(minor_status, - context_handle, - input_message_buffer, - output_message_buffer, - conf_state, - qop_state)); + krb5_gss_ctx_id_t * ctx; + + /* validate the context handle */ + if (! kg_validate_ctx_id(context_handle)) { + *minor_status = G_VALIDATE_FAILED; + return(GSS_S_NO_CONTEXT); + } + + ctx = (krb5_gss_ctx_id_rec *) context_handle; + + return(krb5_gss_unseal(ctx->context, minor_status, context_handle, + input_message_buffer, output_message_buffer, + conf_state, qop_state)); } OM_uint32 -gss_verify(minor_status, - context_handle, - message_buffer, - token_buffer, - qop_state) +gss_verify(minor_status, context_handle, message_buffer, + token_buffer, qop_state) OM_uint32 *minor_status; gss_ctx_id_t context_handle; gss_buffer_t message_buffer; gss_buffer_t token_buffer; int *qop_state; { - return(krb5_gss_verify(minor_status, - context_handle, - message_buffer, - token_buffer, - qop_state)); + krb5_gss_ctx_id_t * ctx; + + /* validate the context handle */ + if (! kg_validate_ctx_id(context_handle)) { + *minor_status = G_VALIDATE_FAILED; + return(GSS_S_NO_CONTEXT); + } + + ctx = (krb5_gss_ctx_id_rec *) context_handle; + + return(krb5_gss_verify(ctx->context, minor_status, context_handle, + message_buffer, token_buffer, qop_state)); } diff --git a/src/lib/gssapi/krb5/process_context_token.c b/src/lib/gssapi/krb5/process_context_token.c index e5d142bc0..5a7a65215 100644 --- a/src/lib/gssapi/krb5/process_context_token.c +++ b/src/lib/gssapi/krb5/process_context_token.c @@ -23,7 +23,9 @@ #include "gssapiP_krb5.h" OM_uint32 -krb5_gss_process_context_token(minor_status, context_handle, token_buffer) +krb5_gss_process_context_token(context, minor_status, context_handle, + token_buffer) + krb5_context context; OM_uint32 *minor_status; gss_ctx_id_t context_handle; gss_buffer_t token_buffer; @@ -53,6 +55,6 @@ krb5_gss_process_context_token(minor_status, context_handle, token_buffer) /* that's it. delete the context */ - return(krb5_gss_delete_sec_context(minor_status, &context_handle, + return(krb5_gss_delete_sec_context(context, minor_status, &context_handle, GSS_C_NO_BUFFER)); } diff --git a/src/lib/gssapi/krb5/release_cred.c b/src/lib/gssapi/krb5/release_cred.c index 83ce7f101..21cfc5fba 100644 --- a/src/lib/gssapi/krb5/release_cred.c +++ b/src/lib/gssapi/krb5/release_cred.c @@ -23,7 +23,8 @@ #include "gssapiP_krb5.h" OM_uint32 -krb5_gss_release_cred(minor_status, cred_handle) +krb5_gss_release_cred(context, minor_status, cred_handle) + krb5_context context; OM_uint32 *minor_status; gss_cred_id_t *cred_handle; { @@ -41,17 +42,17 @@ krb5_gss_release_cred(minor_status, cred_handle) cred = *cred_handle; if (cred->ccache) - code1 = krb5_cc_close(cred->ccache); + code1 = krb5_cc_close(context, cred->ccache); else code1 = 0; if (cred->keytab) - code2 = krb5_kt_close(cred->keytab); + code2 = krb5_kt_close(context, cred->keytab); else code2 = 0; if (cred->princ) - krb5_free_principal(cred->princ); + krb5_free_principal(context, cred->princ); xfree(cred); *cred_handle = NULL; diff --git a/src/lib/gssapi/krb5/release_name.c b/src/lib/gssapi/krb5/release_name.c index 0371756ad..4756d08bd 100644 --- a/src/lib/gssapi/krb5/release_name.c +++ b/src/lib/gssapi/krb5/release_name.c @@ -23,7 +23,8 @@ #include "gssapiP_krb5.h" OM_uint32 -krb5_gss_release_name(minor_status, input_name) +krb5_gss_release_name(context, minor_status, input_name) + krb5_context context; OM_uint32 *minor_status; gss_name_t *input_name; { @@ -34,7 +35,7 @@ krb5_gss_release_name(minor_status, input_name) (void)kg_delete_name(*input_name); - krb5_free_principal((krb5_principal) *input_name); + krb5_free_principal(context, (krb5_principal) *input_name); *input_name = GSS_C_NO_NAME; diff --git a/src/lib/gssapi/krb5/seal.c b/src/lib/gssapi/krb5/seal.c index 691e9eea6..a0e06ebde 100644 --- a/src/lib/gssapi/krb5/seal.c +++ b/src/lib/gssapi/krb5/seal.c @@ -23,9 +23,10 @@ #include "gssapiP_krb5.h" OM_uint32 -krb5_gss_seal(minor_status, context_handle, conf_req_flag, - qop_req, input_message_buffer, conf_state, - output_message_buffer) +krb5_gss_seal(context, minor_status, context_handle, conf_req_flag, + qop_req, input_message_buffer, conf_state, + output_message_buffer) + krb5_context context; OM_uint32 *minor_status; gss_ctx_id_t context_handle; int conf_req_flag; diff --git a/src/lib/gssapi/krb5/sign.c b/src/lib/gssapi/krb5/sign.c index 7c139f18d..bafc0837d 100644 --- a/src/lib/gssapi/krb5/sign.c +++ b/src/lib/gssapi/krb5/sign.c @@ -23,9 +23,10 @@ #include "gssapiP_krb5.h" OM_uint32 -krb5_gss_sign(minor_status, context_handle, +krb5_gss_sign(context, minor_status, context_handle, qop_req, message_buffer, message_token) + krb5_context context; OM_uint32 *minor_status; gss_ctx_id_t context_handle; int qop_req; diff --git a/src/lib/gssapi/krb5/unseal.c b/src/lib/gssapi/krb5/unseal.c index a9c46c695..3449951af 100644 --- a/src/lib/gssapi/krb5/unseal.c +++ b/src/lib/gssapi/krb5/unseal.c @@ -23,9 +23,10 @@ #include "gssapiP_krb5.h" OM_uint32 -krb5_gss_unseal(minor_status, context_handle, +krb5_gss_unseal(context, minor_status, context_handle, input_message_buffer, output_message_buffer, conf_state, qop_state) + krb5_context context; OM_uint32 *minor_status; gss_ctx_id_t context_handle; gss_buffer_t input_message_buffer; diff --git a/src/lib/gssapi/krb5/util_cksum.c b/src/lib/gssapi/krb5/util_cksum.c index fab785ec3..691f6d754 100644 --- a/src/lib/gssapi/krb5/util_cksum.c +++ b/src/lib/gssapi/krb5/util_cksum.c @@ -23,7 +23,8 @@ #include "gssapiP_krb5.h" #include <memory.h> -krb5_error_code kg_checksum_channel_bindings(cb, cksum, bigend) +krb5_error_code +kg_checksum_channel_bindings(cb, cksum, bigend) gss_channel_bindings_t cb; krb5_checksum *cksum; int bigend; @@ -38,12 +39,12 @@ krb5_error_code kg_checksum_channel_bindings(cb, cksum, bigend) if (cb == GSS_C_NO_CHANNEL_BINDINGS) { /* allocate the cksum contents buffer */ if ((cksum->contents = (krb5_octet *) - xmalloc(krb5_checksum_size(CKSUMTYPE_RSA_MD5))) == NULL) + xmalloc(krb5_checksum_size(context, CKSUMTYPE_RSA_MD5))) == NULL) return(ENOMEM); cksum->checksum_type = CKSUMTYPE_RSA_MD5; memset(cksum->contents, '\0', - (cksum->length = krb5_checksum_size(CKSUMTYPE_RSA_MD5))); + (cksum->length = krb5_checksum_size(global_context, CKSUMTYPE_RSA_MD5))); return(0); } @@ -59,7 +60,7 @@ krb5_error_code kg_checksum_channel_bindings(cb, cksum, bigend) /* allocate the cksum contents buffer */ if ((cksum->contents = (krb5_octet *) - xmalloc(krb5_checksum_size(CKSUMTYPE_RSA_MD5))) == NULL) { + xmalloc(krb5_checksum_size(context, CKSUMTYPE_RSA_MD5))) == NULL) { free(buf); return(ENOMEM); } @@ -77,8 +78,8 @@ krb5_error_code kg_checksum_channel_bindings(cb, cksum, bigend) /* checksum the data */ - if (code = krb5_calculate_checksum(CKSUMTYPE_RSA_MD5, buf, len, - NULL, 0, cksum)) { + if (code = krb5_calculate_checksum(global_context, CKSUMTYPE_RSA_MD5, + buf, len, NULL, 0, cksum)) { xfree(cksum->contents); xfree(buf); return(code); diff --git a/src/lib/gssapi/krb5/util_crypt.c b/src/lib/gssapi/krb5/util_crypt.c index d58c3c56d..bee58ceee 100644 --- a/src/lib/gssapi/krb5/util_crypt.c +++ b/src/lib/gssapi/krb5/util_crypt.c @@ -25,6 +25,8 @@ static unsigned char zeros[8] = {0,0,0,0,0,0,0,0}; +extern krb5_context kg_context; + int kg_confounder_size(ed) krb5_gss_enc_desc *ed; { @@ -38,7 +40,8 @@ kg_make_confounder(ed, buf) krb5_gss_enc_desc *ed; unsigned char *buf; { - return(krb5_random_confounder(ed->eblock.crypto_entry->block_length, buf)); + return(krb5_random_confounder(kg_context, + ed->eblock.crypto_entry->block_length, buf)); } int kg_encrypt_size(ed, n) @@ -59,12 +62,13 @@ kg_encrypt(ed, iv, in, out, length) krb5_error_code code; if (! ed->processed) { - if (code = krb5_process_key(&ed->eblock, ed->key)) + if (code = krb5_process_key(kg_context, &ed->eblock, ed->key)) return(code); ed->processed = 1; } - if (code = krb5_encrypt(in, out, length, &ed->eblock, iv?iv:(krb5_pointer)zeros)) + if (code = krb5_encrypt(kg_context, in, out, length, &ed->eblock, + iv?iv:(krb5_pointer)zeros)) return(code); return(0); @@ -85,7 +89,7 @@ kg_decrypt(ed, iv, in, out, length) char *buf; if (! ed->processed) { - if (code = krb5_process_key(&ed->eblock, ed->key)) + if (code = krb5_process_key(kg_context, &ed->eblock, ed->key)) return(code); ed->processed = 1; } @@ -94,7 +98,8 @@ kg_decrypt(ed, iv, in, out, length) if ((buf = (char *) xmalloc(elen)) == NULL) return(ENOMEM); - if (code = krb5_decrypt(in, buf, elen, &ed->eblock, iv?iv:(krb5_pointer)zeros)) { + if (code = krb5_decrypt(kg_context, in, buf, elen, &ed->eblock, + iv?iv:(krb5_pointer)zeros)) { xfree(buf); return(code); } diff --git a/src/lib/gssapi/krb5/util_seed.c b/src/lib/gssapi/krb5/util_seed.c index 9586ff06d..cb7430179 100644 --- a/src/lib/gssapi/krb5/util_seed.c +++ b/src/lib/gssapi/krb5/util_seed.c @@ -25,6 +25,8 @@ static unsigned char zeros[16] = {0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0}; +extern krb5_context kg_context; + krb5_error_code kg_make_seed(key, seed) krb5_keyblock *key; @@ -34,7 +36,7 @@ kg_make_seed(key, seed) krb5_gss_enc_desc ed; int i; - if (code = krb5_copy_keyblock(key, &ed.key)) + if (code = krb5_copy_keyblock(kg_context, key, &ed.key)) return(code); /* reverse the key bytes, as per spec */ @@ -42,13 +44,13 @@ kg_make_seed(key, seed) for (i=0; i<ed.key->length; i++) ed.key->contents[i] = key->contents[key->length - 1 - i]; - krb5_use_cstype(&ed.eblock, ETYPE_RAW_DES_CBC); + krb5_use_cstype(kg_context, &ed.eblock, ETYPE_RAW_DES_CBC); ed.processed = 0; code = kg_encrypt(&ed, NULL, zeros, seed, 16); - krb5_finish_key(&ed.eblock); - krb5_free_keyblock(ed.key); + krb5_finish_key(kg_context, &ed.eblock); + krb5_free_keyblock(kg_context, ed.key); return(code); } diff --git a/src/lib/gssapi/krb5/util_seqnum.c b/src/lib/gssapi/krb5/util_seqnum.c index 30877fa4f..47381f682 100644 --- a/src/lib/gssapi/krb5/util_seqnum.c +++ b/src/lib/gssapi/krb5/util_seqnum.c @@ -22,7 +22,8 @@ #include "gssapiP_krb5.h" -krb5_error_code kg_make_seq_num(ed, direction, seqnum, cksum, buf) +krb5_error_code +kg_make_seq_num(ed, direction, seqnum, cksum, buf) krb5_gss_enc_desc *ed; int direction; int seqnum; diff --git a/src/lib/gssapi/krb5/verify.c b/src/lib/gssapi/krb5/verify.c index c08ea25a2..398b1d771 100644 --- a/src/lib/gssapi/krb5/verify.c +++ b/src/lib/gssapi/krb5/verify.c @@ -23,9 +23,10 @@ #include "gssapiP_krb5.h" OM_uint32 -krb5_gss_verify(minor_status, context_handle, +krb5_gss_verify(context, minor_status, context_handle, message_buffer, token_buffer, qop_state) + krb5_context context; OM_uint32 *minor_status; gss_ctx_id_t context_handle; gss_buffer_t message_buffer; |