diff options
| -rw-r--r-- | ChangeLog | 14 | ||||
| -rw-r--r-- | utils/gssd/context.c | 16 | ||||
| -rw-r--r-- | utils/gssd/context.h | 3 | ||||
| -rw-r--r-- | utils/gssd/context_mit.c | 23 | ||||
| -rw-r--r-- | utils/gssd/gssd_proc.c | 4 | ||||
| -rw-r--r-- | utils/gssd/svcgssd_proc.c | 2 |
6 files changed, 43 insertions, 19 deletions
@@ -1,4 +1,18 @@ 2006-03-28 kwc@citi.umich.edu + Update krb5 code to use glue routine lucid context functions + + + + The gssd code should not know about the glue layer's context structure. + A previous patch added gss_export_lucid_sec_context() and + gss_free_lucid_sec_context() functions to the gssapi glue layer. + Use these functions rather than calling directly to the Kerberos + gssapi code (which requires the Kerberos context handle rather + than the glue's context handle). + + (really this time) + +2006-03-28 kwc@citi.umich.edu Separate out context handling code for MIT Kerberos and SPKM3 into their own file. diff --git a/utils/gssd/context.c b/utils/gssd/context.c index 02d162f..4bab3e7 100644 --- a/utils/gssd/context.c +++ b/utils/gssd/context.c @@ -41,19 +41,19 @@ #include "context.h" int -serialize_context_for_kernel(gss_ctx_id_t ctx, gss_buffer_desc *buf) +serialize_context_for_kernel(gss_ctx_id_t ctx, + gss_buffer_desc *buf, + gss_OID mech) { - gss_union_ctx_id_t uctx = (gss_union_ctx_id_t)ctx; - - if (g_OID_equal(&krb5oid, uctx->mech_type)) - return serialize_krb5_ctx(uctx->internal_ctx_id, buf); + if (g_OID_equal(&krb5oid, mech)) + return serialize_krb5_ctx(ctx, buf); #ifdef HAVE_SPKM3_H - else if (g_OID_equal(&spkm3oid, uctx->mech_type)) - return serialize_spkm3_ctx(uctx, buf); + else if (g_OID_equal(&spkm3oid, mech)) + return serialize_spkm3_ctx(ctx, buf); #endif else { printerr(0, "ERROR: attempting to serialize context with " - "unknown mechanism oid\n"); + "unknown/unsupported mechanism oid\n"); return -1; } } diff --git a/utils/gssd/context.h b/utils/gssd/context.h index b296539..2c9396a 100644 --- a/utils/gssd/context.h +++ b/utils/gssd/context.h @@ -33,7 +33,8 @@ #include <rpc/rpc.h> -int serialize_context_for_kernel(gss_ctx_id_t ctx, gss_buffer_desc *buf); +int serialize_context_for_kernel(gss_ctx_id_t ctx, gss_buffer_desc *buf, + gss_OID mech); int serialize_spkm3_ctx(gss_ctx_id_t ctx, gss_buffer_desc *buf); int serialize_krb5_ctx(gss_ctx_id_t ctx, gss_buffer_desc *buf); diff --git a/utils/gssd/context_mit.c b/utils/gssd/context_mit.c index 0af92a3..ba94fd8 100644 --- a/utils/gssd/context_mit.c +++ b/utils/gssd/context_mit.c @@ -232,10 +232,13 @@ serialize_krb5_ctx(gss_ctx_id_t ctx, gss_buffer_desc *buf) int retcode = 0; printerr(2, "DEBUG: serialize_krb5_ctx: lucid version!\n"); - maj_stat = gss_krb5_export_lucid_sec_context(&min_stat, &ctx, - 1, &return_ctx); - if (maj_stat != GSS_S_COMPLETE) + maj_stat = gss_export_lucid_sec_context(&min_stat, ctx, + 1, &return_ctx); + if (maj_stat != GSS_S_COMPLETE) { + pgsserr("gss_export_lucid_sec_context", + maj_stat, min_stat, &krb5oid); goto out_err; + } /* Check the version returned, we only support v1 right now */ vers = ((gss_krb5_lucid_context_version_t *)return_ctx)->version; @@ -256,12 +259,18 @@ serialize_krb5_ctx(gss_ctx_id_t ctx, gss_buffer_desc *buf) else retcode = prepare_krb5_rfc_cfx_buffer(lctx, buf); - maj_stat = gss_krb5_free_lucid_sec_context(&min_stat, - (void *)lctx); - if (maj_stat != GSS_S_COMPLETE) + maj_stat = gss_free_lucid_sec_context(&min_stat, ctx, return_ctx); + if (maj_stat != GSS_S_COMPLETE) { + pgsserr("gss_export_lucid_sec_context", + maj_stat, min_stat, &krb5oid); printerr(0, "WARN: failed to free lucid sec context\n"); - if (retcode) + } + + if (retcode) { + printerr(1, "serialize_krb5_ctx: prepare_krb5_*_buffer " + "failed (retcode = %d)\n", retcode); goto out_err; + } return 0; diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c index f2907c9..4c3d85d 100644 --- a/utils/gssd/gssd_proc.c +++ b/utils/gssd/gssd_proc.c @@ -688,7 +688,7 @@ handle_krb5_upcall(struct clnt_info *clp) goto out_return_error; } - if (serialize_context_for_kernel(pd.pd_ctx, &token)) { + if (serialize_context_for_kernel(pd.pd_ctx, &token, &krb5oid)) { printerr(0, "WARNING: Failed to serialize krb5 context for " "user with uid %d for server %s\n", uid, clp->servername); @@ -743,7 +743,7 @@ handle_spkm3_upcall(struct clnt_info *clp) goto out_return_error; } - if (serialize_context_for_kernel(pd.pd_ctx, &token)) { + if (serialize_context_for_kernel(pd.pd_ctx, &token, &spkm3oid)) { printerr(0, "WARNING: Failed to serialize spkm3 context for " "user with uid %d for server\n", uid, clp->servername); diff --git a/utils/gssd/svcgssd_proc.c b/utils/gssd/svcgssd_proc.c index b43a023..fd1076e 100644 --- a/utils/gssd/svcgssd_proc.c +++ b/utils/gssd/svcgssd_proc.c @@ -365,7 +365,7 @@ handle_nullreq(FILE *f) { /* kernel needs ctx to calculate verifier on null response, so * must give it context before doing null call: */ - if (serialize_context_for_kernel(ctx, &ctx_token)) { + if (serialize_context_for_kernel(ctx, &ctx_token, mech)) { printerr(0, "WARNING: handle_nullreq: " "serialize_context_for_kernel failed\n"); maj_stat = GSS_S_FAILURE; |