summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib/gssapi/spnego
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2011-07-15 09:10:30 +0200
committerStefan Metzmacher <metze@samba.org>2011-07-15 11:15:05 +0200
commit255e3e18e00f717d99f3bc57c8a8895ff624f3c3 (patch)
treea2933c88f38e8dd7fe612be8dd458d05918b1f15 /source4/heimdal/lib/gssapi/spnego
parent70da27838bb3f6ed9c36add06ce0ccdf467ab1c3 (diff)
downloadsamba-255e3e18e00f717d99f3bc57c8a8895ff624f3c3.tar.gz
samba-255e3e18e00f717d99f3bc57c8a8895ff624f3c3.tar.bz2
samba-255e3e18e00f717d99f3bc57c8a8895ff624f3c3.zip
s4:heimdal: import lorikeet-heimdal-201107150856 (commit 48936803fae4a2fb362c79365d31f420c917b85b)
Diffstat (limited to 'source4/heimdal/lib/gssapi/spnego')
-rw-r--r--source4/heimdal/lib/gssapi/spnego/accept_sec_context.c44
-rw-r--r--source4/heimdal/lib/gssapi/spnego/compat.c6
-rw-r--r--source4/heimdal/lib/gssapi/spnego/context_stubs.c4
-rw-r--r--source4/heimdal/lib/gssapi/spnego/cred_stubs.c2
-rw-r--r--source4/heimdal/lib/gssapi/spnego/external.c17
-rw-r--r--source4/heimdal/lib/gssapi/spnego/init_sec_context.c6
-rw-r--r--source4/heimdal/lib/gssapi/spnego/spnego_locl.h2
7 files changed, 42 insertions, 39 deletions
diff --git a/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c
index 35bc56fbb7..3a51dd3a0a 100644
--- a/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c
+++ b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c
@@ -90,7 +90,7 @@ send_supported_mechs (OM_uint32 *minor_status,
gss_buffer_t output_token)
{
NegotiationTokenWin nt;
- size_t buf_len;
+ size_t buf_len = 0;
gss_buffer_desc data;
OM_uint32 ret;
@@ -132,8 +132,10 @@ send_supported_mechs (OM_uint32 *minor_status,
*minor_status = ret;
return GSS_S_FAILURE;
}
- if (data.length != buf_len)
+ if (data.length != buf_len) {
abort();
+ UNREACHABLE(return GSS_S_FAILURE);
+ }
ret = gss_encapsulate_token(&data, GSS_SPNEGO_MECHANISM, output_token);
@@ -316,7 +318,7 @@ select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p,
gss_OID_desc oid;
gss_OID oidp;
gss_OID_set mechs;
- int i;
+ size_t i;
OM_uint32 ret, junk;
ret = der_put_oid ((unsigned char *)mechbuf + sizeof(mechbuf) - 1,
@@ -368,12 +370,13 @@ select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p,
host = getenv("GSSAPI_SPNEGO_NAME");
if (host == NULL || issuid()) {
+ int rv;
if (gethostname(hostname, sizeof(hostname)) != 0) {
*minor_status = errno;
return GSS_S_FAILURE;
}
- i = asprintf(&str, "host@%s", hostname);
- if (i < 0 || str == NULL) {
+ rv = asprintf(&str, "host@%s", hostname);
+ if (rv < 0 || str == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
@@ -410,10 +413,6 @@ acceptor_complete(OM_uint32 * minor_status,
{
OM_uint32 ret;
int require_mic, verify_mic;
- gss_buffer_desc buf;
-
- buf.length = 0;
- buf.value = NULL;
ret = _gss_spnego_require_mechlist_mic(minor_status, ctx, &require_mic);
if (ret)
@@ -435,11 +434,11 @@ acceptor_complete(OM_uint32 * minor_status,
verify_mic = 0;
*get_mic = 1;
}
-
+
if (verify_mic || *get_mic) {
int eret;
- size_t buf_len;
-
+ size_t buf_len = 0;
+
ASN1_MALLOC_ENCODE(MechTypeList,
mech_buf->value, mech_buf->length,
&ctx->initiator_mech_types, &buf_len, eret);
@@ -447,24 +446,19 @@ acceptor_complete(OM_uint32 * minor_status,
*minor_status = eret;
return GSS_S_FAILURE;
}
- if (buf.length != buf_len)
- abort();
+ heim_assert(mech_buf->length == buf_len, "Internal ASN.1 error");
+ UNREACHABLE(return GSS_S_FAILURE);
}
-
+
if (verify_mic) {
ret = verify_mechlist_mic(minor_status, ctx, mech_buf, mic);
if (ret) {
if (*get_mic)
send_reject (minor_status, output_token);
- if (buf.value)
- free(buf.value);
return ret;
}
ctx->verified_mic = 1;
}
- if (buf.value)
- free(buf.value);
-
} else
*get_mic = 0;
@@ -491,7 +485,6 @@ acceptor_start
NegotiationToken nt;
size_t nt_len;
NegTokenInit *ni;
- int i;
gss_buffer_desc data;
gss_buffer_t mech_input_token = GSS_C_NO_BUFFER;
gss_buffer_desc mech_output_token;
@@ -507,7 +500,7 @@ acceptor_start
if (input_token_buffer->length == 0)
return send_supported_mechs (minor_status, output_token);
-
+
ret = _gss_spnego_alloc_sec_context(minor_status, context_handle);
if (ret != GSS_S_COMPLETE)
return ret;
@@ -573,7 +566,7 @@ acceptor_start
if (ctx->mech_src_name != GSS_C_NO_NAME)
gss_release_name(&junk, &ctx->mech_src_name);
-
+
ret = gss_accept_sec_context(minor_status,
&ctx->negotiated_ctx_id,
acceptor_cred_handle,
@@ -613,13 +606,14 @@ acceptor_start
*/
if (!first_ok && ni->mechToken != NULL) {
+ size_t j;
preferred_mech_type = GSS_C_NO_OID;
/* Call glue layer to find first mech we support */
- for (i = 1; i < ni->mechTypes.len; ++i) {
+ for (j = 1; j < ni->mechTypes.len; ++j) {
ret = select_mech(minor_status,
- &ni->mechTypes.val[i],
+ &ni->mechTypes.val[j],
1,
&preferred_mech_type);
if (ret == 0)
diff --git a/source4/heimdal/lib/gssapi/spnego/compat.c b/source4/heimdal/lib/gssapi/spnego/compat.c
index b23658cfd1..cf5ee30a84 100644
--- a/source4/heimdal/lib/gssapi/spnego/compat.c
+++ b/source4/heimdal/lib/gssapi/spnego/compat.c
@@ -41,10 +41,10 @@
* Kerberos mechanism.
*/
gss_OID_desc _gss_spnego_mskrb_mechanism_oid_desc =
- {9, (void *)"\x2a\x86\x48\x82\xf7\x12\x01\x02\x02"};
+ {9, rk_UNCONST("\x2a\x86\x48\x82\xf7\x12\x01\x02\x02")};
gss_OID_desc _gss_spnego_krb5_mechanism_oid_desc =
- {9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"};
+ {9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02")};
/*
* Allocate a SPNEGO context handle
@@ -241,7 +241,7 @@ _gss_spnego_indicate_mechtypelist (OM_uint32 *minor_status,
gss_OID_set supported_mechs = GSS_C_NO_OID_SET;
gss_OID first_mech = GSS_C_NO_OID;
OM_uint32 ret;
- int i;
+ size_t i;
mechtypelist->len = 0;
mechtypelist->val = NULL;
diff --git a/source4/heimdal/lib/gssapi/spnego/context_stubs.c b/source4/heimdal/lib/gssapi/spnego/context_stubs.c
index 18c13fe299..60b348ec46 100644
--- a/source4/heimdal/lib/gssapi/spnego/context_stubs.c
+++ b/source4/heimdal/lib/gssapi/spnego/context_stubs.c
@@ -37,7 +37,7 @@ spnego_supported_mechs(OM_uint32 *minor_status, gss_OID_set *mechs)
{
OM_uint32 ret, junk;
gss_OID_set m;
- int i;
+ size_t i;
ret = gss_indicate_mechs(minor_status, &m);
if (ret != GSS_S_COMPLETE)
@@ -565,7 +565,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_names_for_mech (
{
gss_OID_set mechs, names, n;
OM_uint32 ret, junk;
- int i, j;
+ size_t i, j;
*name_types = NULL;
diff --git a/source4/heimdal/lib/gssapi/spnego/cred_stubs.c b/source4/heimdal/lib/gssapi/spnego/cred_stubs.c
index 2920f3d9b5..fc43d6a4a6 100644
--- a/source4/heimdal/lib/gssapi/spnego/cred_stubs.c
+++ b/source4/heimdal/lib/gssapi/spnego/cred_stubs.c
@@ -70,7 +70,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_acquire_cred
OM_uint32 ret, tmp;
gss_OID_set_desc actual_desired_mechs;
gss_OID_set mechs;
- int i, j;
+ size_t i, j;
*output_cred_handle = GSS_C_NO_CREDENTIAL;
diff --git a/source4/heimdal/lib/gssapi/spnego/external.c b/source4/heimdal/lib/gssapi/spnego/external.c
index 5054754150..ca06d46e82 100644
--- a/source4/heimdal/lib/gssapi/spnego/external.c
+++ b/source4/heimdal/lib/gssapi/spnego/external.c
@@ -39,13 +39,12 @@
* negotiation token is identified by the Object Identifier
* iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2).
*/
-
static gss_mo_desc spnego_mo[] = {
{
GSS_C_MA_SASL_MECH_NAME,
GSS_MO_MA,
"SASL mech name",
- "SPNEGO",
+ rk_UNCONST("SPNEGO"),
_gss_mo_get_ctx_as_string,
NULL
},
@@ -53,7 +52,7 @@ static gss_mo_desc spnego_mo[] = {
GSS_C_MA_MECH_NAME,
GSS_MO_MA,
"Mechanism name",
- "SPNEGO",
+ rk_UNCONST("SPNEGO"),
_gss_mo_get_ctx_as_string,
NULL
},
@@ -61,7 +60,7 @@ static gss_mo_desc spnego_mo[] = {
GSS_C_MA_MECH_DESCRIPTION,
GSS_MO_MA,
"Mechanism description",
- "Heimdal SPNEGO Mechanism",
+ rk_UNCONST("Heimdal SPNEGO Mechanism"),
_gss_mo_get_ctx_as_string,
NULL
},
@@ -78,7 +77,7 @@ static gss_mo_desc spnego_mo[] = {
static gssapi_mech_interface_desc spnego_mech = {
GMI_VERSION,
"spnego",
- {6, (void *)"\x2b\x06\x01\x05\x05\x02"},
+ {6, rk_UNCONST("\x2b\x06\x01\x05\x05\x02") },
0,
_gss_spnego_acquire_cred,
_gss_spnego_release_cred,
@@ -128,7 +127,13 @@ static gssapi_mech_interface_desc spnego_mech = {
NULL,
NULL,
spnego_mo,
- sizeof(spnego_mo) / sizeof(spnego_mo[0])
+ sizeof(spnego_mo) / sizeof(spnego_mo[0]),
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
};
gssapi_mech_interface
diff --git a/source4/heimdal/lib/gssapi/spnego/init_sec_context.c b/source4/heimdal/lib/gssapi/spnego/init_sec_context.c
index c9e182129d..b4b1bcefc5 100644
--- a/source4/heimdal/lib/gssapi/spnego/init_sec_context.c
+++ b/source4/heimdal/lib/gssapi/spnego/init_sec_context.c
@@ -392,7 +392,7 @@ spnego_reply
NegotiationToken resp;
gss_OID_desc mech;
int require_mic;
- size_t buf_len;
+ size_t buf_len = 0;
gss_buffer_desc mic_buf, mech_buf;
gss_buffer_desc mech_output_token;
gssspnego_ctx ctx;
@@ -557,8 +557,10 @@ spnego_reply
*minor_status = ret;
return GSS_S_FAILURE;
}
- if (mech_buf.length != buf_len)
+ if (mech_buf.length != buf_len) {
abort();
+ UNREACHABLE(return GSS_S_FAILURE);
+ }
if (resp.u.negTokenResp.mechListMIC == NULL) {
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
diff --git a/source4/heimdal/lib/gssapi/spnego/spnego_locl.h b/source4/heimdal/lib/gssapi/spnego/spnego_locl.h
index dacaa3310e..3e151c7c2a 100644
--- a/source4/heimdal/lib/gssapi/spnego/spnego_locl.h
+++ b/source4/heimdal/lib/gssapi/spnego/spnego_locl.h
@@ -71,6 +71,8 @@
#include "utils.h"
#include <der.h>
+#include <heimbase.h>
+
#define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
typedef struct {