diff options
| author | Sam Hartman <hartmans@mit.edu> | 2009-02-26 20:07:05 +0000 |
|---|---|---|
| committer | Sam Hartman <hartmans@mit.edu> | 2009-02-26 20:07:05 +0000 |
| commit | f860222766842720a2fbf8d4953c6dcacbe50afc (patch) | |
| tree | 7fe4a756f58b7007c3258767474c07102b3467ef /src | |
| parent | 159c4ceaa29e24dff59c7991769ec12007c8e3e9 (diff) | |
| download | krb5-f860222766842720a2fbf8d4953c6dcacbe50afc.tar.gz krb5-f860222766842720a2fbf8d4953c6dcacbe50afc.tar.xz krb5-f860222766842720a2fbf8d4953c6dcacbe50afc.zip | |
Include authenticator and ticket authdata in gss-api
Currently, the GSS-API routines for handling authdata only extract the
authorization data from the ticket, not that from the authenticator.
This is incorrect. Introduce a new function krb5_merge_authadata to
merge two authdata arrays into a newly allocated result array. Use
this function in accept_sec_context.c to include both sets of
authdata.
ticket: 6400
Target_version: 1.7
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22056 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/krb5/krb5.hin | 8 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/accept_sec_context.c | 4 | ||||
| -rw-r--r-- | src/lib/krb5/krb/copy_auth.c | 46 | ||||
| -rw-r--r-- | src/lib/krb5/libkrb5.exports | 1 |
4 files changed, 46 insertions, 13 deletions
diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin index c0fdcd2d8..72a412a85 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -1718,6 +1718,14 @@ krb5_error_code KRB5_CALLCONV krb5_copy_authdata (krb5_context, krb5_authdata * const *, krb5_authdata ***); +krb5_error_code KRB5_CALLCONV krb5_merge_authdata + (krb5_context, + krb5_authdata * const *, + krb5_authdata *const *, + krb5_authdata ***); +/* Merge two authdata arrays, such as the array from a ticket + * and authenticator */ + krb5_error_code KRB5_CALLCONV krb5_copy_authenticator (krb5_context, const krb5_authenticator *, diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index e2ec1fe76..dd17c044b 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -811,9 +811,9 @@ kg_accept_krb5(minor_status, context_handle, } /* XXX move this into gss_name_t */ - if (ticket->enc_part2->authorization_data != NULL && - (code = krb5_copy_authdata(context, + if ( (code = krb5_merge_authdata(context, ticket->enc_part2->authorization_data, + authdat->authorization_data, &ctx->authdata))) { major_status = GSS_S_FAILURE; goto fail; diff --git a/src/lib/krb5/krb/copy_auth.c b/src/lib/krb5/krb/copy_auth.c index e9472eec8..4946eca62 100644 --- a/src/lib/krb5/krb/copy_auth.c +++ b/src/lib/krb5/krb/copy_auth.c @@ -77,30 +77,47 @@ krb5_copy_authdatum(krb5_context context, const krb5_authdata *inad, krb5_authda * Copy an authdata array, with fresh allocation. */ krb5_error_code KRB5_CALLCONV -krb5_copy_authdata(krb5_context context, krb5_authdata *const *inauthdat, krb5_authdata ***outauthdat) +krb5_merge_authdata(krb5_context context, krb5_authdata *const *inauthdat1, krb5_authdata * const *inauthdat2, + krb5_authdata ***outauthdat) { krb5_error_code retval; krb5_authdata ** tempauthdat; - register unsigned int nelems = 0; + register unsigned int nelems = 0, nelems2 = 0; - if (!inauthdat) { + if (!inauthdat1 && !inauthdat2) { *outauthdat = 0; return 0; } - while (inauthdat[nelems]) nelems++; + if (inauthdat1) + while (inauthdat1[nelems]) nelems++; + if (inauthdat2) + while (inauthdat2[nelems2]) nelems2++; /* one more for a null terminated list */ - if (!(tempauthdat = (krb5_authdata **) calloc(nelems+1, + if (!(tempauthdat = (krb5_authdata **) calloc(nelems+nelems2+1, sizeof(*tempauthdat)))) return ENOMEM; - for (nelems = 0; inauthdat[nelems]; nelems++) { - retval = krb5_copy_authdatum(context, inauthdat[nelems], - &tempauthdat[nelems]); - if (retval) { - krb5_free_authdata(context, tempauthdat); - return retval; + if (inauthdat1) { + for (nelems = 0; inauthdat1[nelems]; nelems++) { + retval = krb5_copy_authdatum(context, inauthdat1[nelems], + &tempauthdat[nelems]); + if (retval) { + krb5_free_authdata(context, tempauthdat); + return retval; + } + } + } + + if (inauthdat2) { + for (nelems2 = 0; inauthdat2[nelems2]; nelems2++) { + retval = krb5_copy_authdatum(context, inauthdat2[nelems2], + &tempauthdat[nelems++]); + if (retval) { + krb5_free_authdata(context, tempauthdat); + return retval; + } } } @@ -109,6 +126,13 @@ krb5_copy_authdata(krb5_context context, krb5_authdata *const *inauthdat, krb5_a } krb5_error_code KRB5_CALLCONV +krb5_copy_authdata(krb5_context context, + krb5_authdata *const *in_authdat, krb5_authdata ***out) +{ + return krb5_merge_authdata(context, in_authdat, NULL, out); +} + +krb5_error_code KRB5_CALLCONV krb5_decode_authdata_container(krb5_context context, krb5_authdatatype type, const krb5_authdata *container, diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports index 2671ebca5..a6b892983 100644 --- a/src/lib/krb5/libkrb5.exports +++ b/src/lib/krb5/libkrb5.exports @@ -354,6 +354,7 @@ krb5_make_fulladdr krb5_max_dgram_size krb5_max_skdc_timeout krb5_mcc_ops +krb5_merge_authdata krb5_mk_1cred krb5_mk_error krb5_mk_ncred |