diff options
author | Andrew Bartlett <abartlet@samba.org> | 2007-08-22 06:46:34 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 15:02:25 -0500 |
commit | b39330c4873d4c3923a577e89690fc0e43b0c61a (patch) | |
tree | 882a09a9e2ef446d3662ac542d1bf60fb8e7dfb2 /source4/heimdal/lib/gssapi | |
parent | db24e606f10902de49891e32600403274ece16da (diff) | |
download | samba-b39330c4873d4c3923a577e89690fc0e43b0c61a.tar.gz samba-b39330c4873d4c3923a577e89690fc0e43b0c61a.tar.bz2 samba-b39330c4873d4c3923a577e89690fc0e43b0c61a.zip |
r24614: Merge with current lorikeet-heimdal. This brings us one step closer
to an alpha release.
Andrew Bartlett
(This used to be commit 30e02747d511630659c59eafec8d28f58605943b)
Diffstat (limited to 'source4/heimdal/lib/gssapi')
-rw-r--r-- | source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c | 9 | ||||
-rw-r--r-- | source4/heimdal/lib/gssapi/mech/gss_add_cred.c | 12 | ||||
-rw-r--r-- | source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c | 9 | ||||
-rw-r--r-- | source4/heimdal/lib/gssapi/mech/gss_compare_name.c | 9 | ||||
-rw-r--r-- | source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c | 6 | ||||
-rw-r--r-- | source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c | 8 | ||||
-rw-r--r-- | source4/heimdal/lib/gssapi/mech/gss_mech_switch.c | 5 | ||||
-rw-r--r-- | source4/heimdal/lib/gssapi/mech/gss_names.c | 27 | ||||
-rw-r--r-- | source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c | 5 | ||||
-rw-r--r-- | source4/heimdal/lib/gssapi/mech/name.h | 7 | ||||
-rw-r--r-- | source4/heimdal/lib/gssapi/spnego/accept_sec_context.c | 21 | ||||
-rw-r--r-- | source4/heimdal/lib/gssapi/spnego/spnego.asn1 | 45 |
12 files changed, 87 insertions, 76 deletions
diff --git a/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c b/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c index d6e448a223..cb1b62308c 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c +++ b/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_acquire_cred.c 20626 2007-05-08 13:56:49Z lha $"); +RCSID("$Id: gss_acquire_cred.c 21478 2007-07-10 16:32:01Z lha $"); OM_uint32 gss_acquire_cred(OM_uint32 *minor_status, @@ -50,7 +50,7 @@ gss_acquire_cred(OM_uint32 *minor_status, int i; *minor_status = 0; - if (actual_mechs) + if (output_cred_handle) *output_cred_handle = GSS_C_NO_CREDENTIAL; if (actual_mechs) *actual_mechs = GSS_C_NO_OID_SET; @@ -106,8 +106,9 @@ gss_acquire_cred(OM_uint32 *minor_status, continue; if (desired_name != GSS_C_NO_NAME) { - mn = _gss_find_mn(name, &mechs->elements[i]); - if (!mn) + major_status = _gss_find_mn(minor_status, name, + &mechs->elements[i], &mn); + if (major_status != GSS_S_COMPLETE) continue; } diff --git a/source4/heimdal/lib/gssapi/mech/gss_add_cred.c b/source4/heimdal/lib/gssapi/mech/gss_add_cred.c index 4947c5c30e..09b592b5da 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_add_cred.c +++ b/source4/heimdal/lib/gssapi/mech/gss_add_cred.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_add_cred.c 20626 2007-05-08 13:56:49Z lha $"); +RCSID("$Id: gss_add_cred.c 21474 2007-07-10 16:30:23Z lha $"); static struct _gss_mechanism_cred * _gss_copy_cred(struct _gss_mechanism_cred *mc) @@ -136,11 +136,13 @@ gss_add_cred(OM_uint32 *minor_status, * Figure out a suitable mn, if any. */ if (desired_name) { - mn = _gss_find_mn((struct _gss_name *) desired_name, - desired_mech); - if (!mn) { + major_status = _gss_find_mn(minor_status, + (struct _gss_name *) desired_name, + desired_mech, + &mn); + if (major_status != GSS_S_COMPLETE) { free(new_cred); - return (GSS_S_BAD_NAME); + return major_status; } } else { mn = 0; diff --git a/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c b/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c index 1437a9bc7b..c950c03166 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c +++ b/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_canonicalize_name.c 19928 2007-01-16 10:37:54Z lha $"); +RCSID("$Id: gss_canonicalize_name.c 21476 2007-07-10 16:31:27Z lha $"); OM_uint32 gss_canonicalize_name(OM_uint32 *minor_status, @@ -44,10 +44,9 @@ gss_canonicalize_name(OM_uint32 *minor_status, *minor_status = 0; *output_name = 0; - mn = _gss_find_mn(name, mech_type); - if (!mn) { - return (GSS_S_BAD_MECH); - } + major_status = _gss_find_mn(minor_status, name, mech_type, &mn); + if (major_status) + return major_status; m = mn->gmn_mech; major_status = m->gm_canonicalize_name(minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_compare_name.c b/source4/heimdal/lib/gssapi/mech/gss_compare_name.c index 147ad60c94..617ff13d98 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_compare_name.c +++ b/source4/heimdal/lib/gssapi/mech/gss_compare_name.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_compare_name.c 17700 2006-06-28 09:00:26Z lha $"); +RCSID("$Id: gss_compare_name.c 21475 2007-07-10 16:31:03Z lha $"); OM_uint32 gss_compare_name(OM_uint32 *minor_status, @@ -57,8 +57,11 @@ gss_compare_name(OM_uint32 *minor_status, struct _gss_mechanism_name *mn2; SLIST_FOREACH(mn1, &name1->gn_mn, gmn_link) { - mn2 = _gss_find_mn(name2, mn1->gmn_mech_oid); - if (mn2) { + OM_uint32 major_status; + + major_status = _gss_find_mn(minor_status, name2, + mn1->gmn_mech_oid, &mn2); + if (major_status == GSS_S_COMPLETE) { return (mn1->gmn_mech->gm_compare_name( minor_status, mn1->gmn_name, diff --git a/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c b/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c index 4ff81fdf2d..f38c840b31 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c +++ b/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_duplicate_name.c 21219 2007-06-20 08:27:11Z lha $"); +RCSID("$Id: gss_duplicate_name.c 21480 2007-07-10 16:32:32Z lha $"); OM_uint32 gss_duplicate_name(OM_uint32 *minor_status, const gss_name_t src_name, @@ -54,7 +54,9 @@ OM_uint32 gss_duplicate_name(OM_uint32 *minor_status, new_name = (struct _gss_name *) *dest_name; SLIST_FOREACH(mn, &name->gn_mn, gmn_link) { - _gss_find_mn(new_name, mn->gmn_mech_oid); + struct _gss_mechanism_name *mn2; + _gss_find_mn(minor_status, new_name, + mn->gmn_mech_oid, &mn2); } } else { new_name = malloc(sizeof(struct _gss_name)); diff --git a/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c index c1c058d146..b9a1680dcb 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c +++ b/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_init_sec_context.c 19957 2007-01-17 13:48:11Z lha $"); +RCSID("$Id: gss_init_sec_context.c 21479 2007-07-10 16:32:19Z lha $"); static gss_cred_id_t _gss_mech_cred_find(gss_cred_id_t cred_handle, gss_OID mech_type) @@ -109,11 +109,11 @@ gss_init_sec_context(OM_uint32 * minor_status, /* * Find the MN for this mechanism. */ - mn = _gss_find_mn(name, mech_type); - if (mn == NULL) { + major_status = _gss_find_mn(minor_status, name, mech_type, &mn); + if (major_status != GSS_S_COMPLETE) { if (allocated_ctx) free(ctx); - return GSS_S_BAD_NAME; + return major_status; } /* diff --git a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c index 604027490e..f1a18afb13 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c +++ b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c @@ -28,7 +28,7 @@ #include "mech_locl.h" #include <heim_threads.h> -RCSID("$Id: gss_mech_switch.c 20625 2007-05-08 13:55:03Z lha $"); +RCSID("$Id: gss_mech_switch.c 21700 2007-07-26 19:08:34Z lha $"); #ifndef _PATH_GSS_MECH #define _PATH_GSS_MECH "/etc/gss/mech" @@ -223,9 +223,9 @@ _gss_load_mech(void) add_builtin(__gss_spnego_initialize()); add_builtin(__gss_ntlm_initialize()); +#ifdef HAVE_DLOPEN fp = fopen(_PATH_GSS_MECH, "r"); if (!fp) { -/* perror(_PATH_GSS_MECH); */ HEIMDAL_MUTEX_unlock(&_gss_mech_mutex); return; } @@ -316,6 +316,7 @@ _gss_load_mech(void) continue; } fclose(fp); +#endif HEIMDAL_MUTEX_unlock(&_gss_mech_mutex); } diff --git a/source4/heimdal/lib/gssapi/mech/gss_names.c b/source4/heimdal/lib/gssapi/mech/gss_names.c index 3ab609c192..f78672d837 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_names.c +++ b/source4/heimdal/lib/gssapi/mech/gss_names.c @@ -27,15 +27,18 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_names.c 19928 2007-01-16 10:37:54Z lha $"); +RCSID("$Id: gss_names.c 21473 2007-07-10 16:29:53Z lha $"); -struct _gss_mechanism_name * -_gss_find_mn(struct _gss_name *name, gss_OID mech) +OM_uint32 +_gss_find_mn(OM_uint32 *minor_status, struct _gss_name *name, gss_OID mech, + struct _gss_mechanism_name **output_mn) { - OM_uint32 major_status, minor_status; + OM_uint32 major_status; gssapi_mech_interface m; struct _gss_mechanism_name *mn; + *output_mn = NULL; + SLIST_FOREACH(mn, &name->gn_mn, gmn_link) { if (gss_oid_equal(mech, mn->gmn_mech_oid)) break; @@ -47,34 +50,36 @@ _gss_find_mn(struct _gss_name *name, gss_OID mech) * MN but it is from a different mech), give up now. */ if (!name->gn_value.value) - return (0); + return GSS_S_BAD_NAME; m = __gss_get_mechanism(mech); if (!m) - return (0); + return (GSS_S_BAD_MECH); mn = malloc(sizeof(struct _gss_mechanism_name)); if (!mn) - return (0); + return GSS_S_FAILURE; - major_status = m->gm_import_name(&minor_status, + major_status = m->gm_import_name(minor_status, &name->gn_value, (name->gn_type.elements ? &name->gn_type : GSS_C_NO_OID), &mn->gmn_name); if (major_status != GSS_S_COMPLETE) { - _gss_mg_error(m, major_status, minor_status); + _gss_mg_error(m, major_status, *minor_status); free(mn); - return (0); + return major_status; } mn->gmn_mech = m; mn->gmn_mech_oid = &m->gm_mech_oid; SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link); } - return (mn); + *output_mn = mn; + return 0; } + /* * Make a name from an MN. */ diff --git a/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c b/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c index 3195370b77..e2cecaf6b4 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c +++ b/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c @@ -32,7 +32,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_oid_to_str.c 19963 2007-01-17 16:01:22Z lha $"); +RCSID("$Id: gss_oid_to_str.c 21409 2007-07-04 14:19:11Z lha $"); OM_uint32 gss_oid_to_str(OM_uint32 *minor_status, gss_OID oid, gss_buffer_t oid_str) @@ -44,6 +44,9 @@ gss_oid_to_str(OM_uint32 *minor_status, gss_OID oid, gss_buffer_t oid_str) _mg_buffer_zero(oid_str); + if (oid == GSS_C_NULL_OID) + return GSS_S_FAILURE; + ret = der_get_oid (oid->elements, oid->length, &o, &size); if (ret) { *minor_status = ret; diff --git a/source4/heimdal/lib/gssapi/mech/name.h b/source4/heimdal/lib/gssapi/mech/name.h index 2252150a06..7c9ba33d85 100644 --- a/source4/heimdal/lib/gssapi/mech/name.h +++ b/source4/heimdal/lib/gssapi/mech/name.h @@ -24,7 +24,7 @@ * SUCH DAMAGE. * * $FreeBSD: src/lib/libgssapi/name.h,v 1.1 2005/12/29 14:40:20 dfr Exp $ - * $Id: name.h 18246 2006-10-05 18:36:07Z lha $ + * $Id: name.h 21477 2007-07-10 16:31:44Z lha $ */ struct _gss_mechanism_name { @@ -41,7 +41,8 @@ struct _gss_name { struct _gss_mechanism_name_list gn_mn; /* list of MNs */ }; -struct _gss_mechanism_name * - _gss_find_mn(struct _gss_name *name, gss_OID mech); +OM_uint32 + _gss_find_mn(OM_uint32 *, struct _gss_name *, gss_OID, + struct _gss_mechanism_name **); struct _gss_name * _gss_make_name(gssapi_mech_interface m, gss_name_t new_mn); diff --git a/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c index d20c913bf0..1afe26f1e3 100644 --- a/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c @@ -33,7 +33,7 @@ #include "spnego/spnego_locl.h" -RCSID("$Id: accept_sec_context.c 21243 2007-06-20 15:16:22Z lha $"); +RCSID("$Id: accept_sec_context.c 21461 2007-07-10 14:01:13Z lha $"); static OM_uint32 send_reject (OM_uint32 *minor_status, @@ -555,23 +555,16 @@ acceptor_start int get_mic = 0; int first_ok = 0; - if (src_name) - *src_name = GSS_C_NO_NAME; - mech_output_token.value = NULL; mech_output_token.length = 0; mech_buf.value = NULL; - if (*context_handle == GSS_C_NO_CONTEXT) { - ret = _gss_spnego_alloc_sec_context(minor_status, - context_handle); - if (ret != GSS_S_COMPLETE) - return ret; - - if (input_token_buffer->length == 0) { - return send_supported_mechs (minor_status, output_token); - } - } + if (input_token_buffer->length == 0) + return send_supported_mechs (minor_status, output_token); + + ret = _gss_spnego_alloc_sec_context(minor_status, context_handle); + if (ret != GSS_S_COMPLETE) + return ret; ctx = (gssspnego_ctx)*context_handle; diff --git a/source4/heimdal/lib/gssapi/spnego/spnego.asn1 b/source4/heimdal/lib/gssapi/spnego/spnego.asn1 index aed67dc4ae..058f10ba3a 100644 --- a/source4/heimdal/lib/gssapi/spnego/spnego.asn1 +++ b/source4/heimdal/lib/gssapi/spnego/spnego.asn1 @@ -1,4 +1,4 @@ --- $Id: spnego.asn1 19420 2006-12-18 18:28:49Z lha $ +-- $Id: spnego.asn1 21403 2007-07-04 08:13:12Z lha $ SPNEGO DEFINITIONS ::= BEGIN @@ -8,34 +8,34 @@ MechType::= OBJECT IDENTIFIER MechTypeList ::= SEQUENCE OF MechType ContextFlags ::= BIT STRING { - delegFlag (0), - mutualFlag (1), - replayFlag (2), - sequenceFlag (3), - anonFlag (4), - confFlag (5), - integFlag (6) + delegFlag (0), + mutualFlag (1), + replayFlag (2), + sequenceFlag (3), + anonFlag (4), + confFlag (5), + integFlag (6) } NegHints ::= SEQUENCE { - hintName [0] GeneralString OPTIONAL, - hintAddress [1] OCTET STRING OPTIONAL + hintName [0] GeneralString OPTIONAL, + hintAddress [1] OCTET STRING OPTIONAL } NegTokenInitWin ::= SEQUENCE { - mechTypes [0] MechTypeList, - reqFlags [1] ContextFlags OPTIONAL, - mechToken [2] OCTET STRING OPTIONAL, - negHints [3] NegHints OPTIONAL - } + mechTypes [0] MechTypeList, + reqFlags [1] ContextFlags OPTIONAL, + mechToken [2] OCTET STRING OPTIONAL, + negHints [3] NegHints OPTIONAL +} NegTokenInit ::= SEQUENCE { - mechTypes [0] MechTypeList, - reqFlags [1] ContextFlags OPTIONAL, - mechToken [2] OCTET STRING OPTIONAL, - mechListMIC [3] OCTET STRING OPTIONAL - } - + mechTypes [0] MechTypeList, + reqFlags [1] ContextFlags OPTIONAL, + mechToken [2] OCTET STRING OPTIONAL, + mechListMIC [3] OCTET STRING OPTIONAL, + ... +} -- NB: negResult is not OPTIONAL in the new SPNEGO spec but -- Windows clients do not always send it @@ -47,7 +47,8 @@ NegTokenResp ::= SEQUENCE { request-mic (3) } OPTIONAL, supportedMech [1] MechType OPTIONAL, responseToken [2] OCTET STRING OPTIONAL, - mechListMIC [3] OCTET STRING OPTIONAL + mechListMIC [3] OCTET STRING OPTIONAL, + ... } NegotiationToken ::= CHOICE { |