summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib/gssapi
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2007-08-22 06:46:34 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 15:02:25 -0500
commitb39330c4873d4c3923a577e89690fc0e43b0c61a (patch)
tree882a09a9e2ef446d3662ac542d1bf60fb8e7dfb2 /source4/heimdal/lib/gssapi
parentdb24e606f10902de49891e32600403274ece16da (diff)
downloadsamba-b39330c4873d4c3923a577e89690fc0e43b0c61a.tar.gz
samba-b39330c4873d4c3923a577e89690fc0e43b0c61a.tar.bz2
samba-b39330c4873d4c3923a577e89690fc0e43b0c61a.zip
r24614: Merge with current lorikeet-heimdal. This brings us one step closer
to an alpha release. Andrew Bartlett (This used to be commit 30e02747d511630659c59eafec8d28f58605943b)
Diffstat (limited to 'source4/heimdal/lib/gssapi')
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c9
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_add_cred.c12
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c9
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_compare_name.c9
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c6
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c8
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_mech_switch.c5
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_names.c27
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c5
-rw-r--r--source4/heimdal/lib/gssapi/mech/name.h7
-rw-r--r--source4/heimdal/lib/gssapi/spnego/accept_sec_context.c21
-rw-r--r--source4/heimdal/lib/gssapi/spnego/spnego.asn145
12 files changed, 87 insertions, 76 deletions
diff --git a/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c b/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c
index d6e448a223..cb1b62308c 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c
@@ -27,7 +27,7 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_acquire_cred.c 20626 2007-05-08 13:56:49Z lha $");
+RCSID("$Id: gss_acquire_cred.c 21478 2007-07-10 16:32:01Z lha $");
OM_uint32
gss_acquire_cred(OM_uint32 *minor_status,
@@ -50,7 +50,7 @@ gss_acquire_cred(OM_uint32 *minor_status,
int i;
*minor_status = 0;
- if (actual_mechs)
+ if (output_cred_handle)
*output_cred_handle = GSS_C_NO_CREDENTIAL;
if (actual_mechs)
*actual_mechs = GSS_C_NO_OID_SET;
@@ -106,8 +106,9 @@ gss_acquire_cred(OM_uint32 *minor_status,
continue;
if (desired_name != GSS_C_NO_NAME) {
- mn = _gss_find_mn(name, &mechs->elements[i]);
- if (!mn)
+ major_status = _gss_find_mn(minor_status, name,
+ &mechs->elements[i], &mn);
+ if (major_status != GSS_S_COMPLETE)
continue;
}
diff --git a/source4/heimdal/lib/gssapi/mech/gss_add_cred.c b/source4/heimdal/lib/gssapi/mech/gss_add_cred.c
index 4947c5c30e..09b592b5da 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_add_cred.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_add_cred.c
@@ -27,7 +27,7 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_add_cred.c 20626 2007-05-08 13:56:49Z lha $");
+RCSID("$Id: gss_add_cred.c 21474 2007-07-10 16:30:23Z lha $");
static struct _gss_mechanism_cred *
_gss_copy_cred(struct _gss_mechanism_cred *mc)
@@ -136,11 +136,13 @@ gss_add_cred(OM_uint32 *minor_status,
* Figure out a suitable mn, if any.
*/
if (desired_name) {
- mn = _gss_find_mn((struct _gss_name *) desired_name,
- desired_mech);
- if (!mn) {
+ major_status = _gss_find_mn(minor_status,
+ (struct _gss_name *) desired_name,
+ desired_mech,
+ &mn);
+ if (major_status != GSS_S_COMPLETE) {
free(new_cred);
- return (GSS_S_BAD_NAME);
+ return major_status;
}
} else {
mn = 0;
diff --git a/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c b/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c
index 1437a9bc7b..c950c03166 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c
@@ -27,7 +27,7 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_canonicalize_name.c 19928 2007-01-16 10:37:54Z lha $");
+RCSID("$Id: gss_canonicalize_name.c 21476 2007-07-10 16:31:27Z lha $");
OM_uint32
gss_canonicalize_name(OM_uint32 *minor_status,
@@ -44,10 +44,9 @@ gss_canonicalize_name(OM_uint32 *minor_status,
*minor_status = 0;
*output_name = 0;
- mn = _gss_find_mn(name, mech_type);
- if (!mn) {
- return (GSS_S_BAD_MECH);
- }
+ major_status = _gss_find_mn(minor_status, name, mech_type, &mn);
+ if (major_status)
+ return major_status;
m = mn->gmn_mech;
major_status = m->gm_canonicalize_name(minor_status,
diff --git a/source4/heimdal/lib/gssapi/mech/gss_compare_name.c b/source4/heimdal/lib/gssapi/mech/gss_compare_name.c
index 147ad60c94..617ff13d98 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_compare_name.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_compare_name.c
@@ -27,7 +27,7 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_compare_name.c 17700 2006-06-28 09:00:26Z lha $");
+RCSID("$Id: gss_compare_name.c 21475 2007-07-10 16:31:03Z lha $");
OM_uint32
gss_compare_name(OM_uint32 *minor_status,
@@ -57,8 +57,11 @@ gss_compare_name(OM_uint32 *minor_status,
struct _gss_mechanism_name *mn2;
SLIST_FOREACH(mn1, &name1->gn_mn, gmn_link) {
- mn2 = _gss_find_mn(name2, mn1->gmn_mech_oid);
- if (mn2) {
+ OM_uint32 major_status;
+
+ major_status = _gss_find_mn(minor_status, name2,
+ mn1->gmn_mech_oid, &mn2);
+ if (major_status == GSS_S_COMPLETE) {
return (mn1->gmn_mech->gm_compare_name(
minor_status,
mn1->gmn_name,
diff --git a/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c b/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c
index 4ff81fdf2d..f38c840b31 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c
@@ -27,7 +27,7 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_duplicate_name.c 21219 2007-06-20 08:27:11Z lha $");
+RCSID("$Id: gss_duplicate_name.c 21480 2007-07-10 16:32:32Z lha $");
OM_uint32 gss_duplicate_name(OM_uint32 *minor_status,
const gss_name_t src_name,
@@ -54,7 +54,9 @@ OM_uint32 gss_duplicate_name(OM_uint32 *minor_status,
new_name = (struct _gss_name *) *dest_name;
SLIST_FOREACH(mn, &name->gn_mn, gmn_link) {
- _gss_find_mn(new_name, mn->gmn_mech_oid);
+ struct _gss_mechanism_name *mn2;
+ _gss_find_mn(minor_status, new_name,
+ mn->gmn_mech_oid, &mn2);
}
} else {
new_name = malloc(sizeof(struct _gss_name));
diff --git a/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c
index c1c058d146..b9a1680dcb 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c
@@ -27,7 +27,7 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_init_sec_context.c 19957 2007-01-17 13:48:11Z lha $");
+RCSID("$Id: gss_init_sec_context.c 21479 2007-07-10 16:32:19Z lha $");
static gss_cred_id_t
_gss_mech_cred_find(gss_cred_id_t cred_handle, gss_OID mech_type)
@@ -109,11 +109,11 @@ gss_init_sec_context(OM_uint32 * minor_status,
/*
* Find the MN for this mechanism.
*/
- mn = _gss_find_mn(name, mech_type);
- if (mn == NULL) {
+ major_status = _gss_find_mn(minor_status, name, mech_type, &mn);
+ if (major_status != GSS_S_COMPLETE) {
if (allocated_ctx)
free(ctx);
- return GSS_S_BAD_NAME;
+ return major_status;
}
/*
diff --git a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c
index 604027490e..f1a18afb13 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c
@@ -28,7 +28,7 @@
#include "mech_locl.h"
#include <heim_threads.h>
-RCSID("$Id: gss_mech_switch.c 20625 2007-05-08 13:55:03Z lha $");
+RCSID("$Id: gss_mech_switch.c 21700 2007-07-26 19:08:34Z lha $");
#ifndef _PATH_GSS_MECH
#define _PATH_GSS_MECH "/etc/gss/mech"
@@ -223,9 +223,9 @@ _gss_load_mech(void)
add_builtin(__gss_spnego_initialize());
add_builtin(__gss_ntlm_initialize());
+#ifdef HAVE_DLOPEN
fp = fopen(_PATH_GSS_MECH, "r");
if (!fp) {
-/* perror(_PATH_GSS_MECH); */
HEIMDAL_MUTEX_unlock(&_gss_mech_mutex);
return;
}
@@ -316,6 +316,7 @@ _gss_load_mech(void)
continue;
}
fclose(fp);
+#endif
HEIMDAL_MUTEX_unlock(&_gss_mech_mutex);
}
diff --git a/source4/heimdal/lib/gssapi/mech/gss_names.c b/source4/heimdal/lib/gssapi/mech/gss_names.c
index 3ab609c192..f78672d837 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_names.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_names.c
@@ -27,15 +27,18 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_names.c 19928 2007-01-16 10:37:54Z lha $");
+RCSID("$Id: gss_names.c 21473 2007-07-10 16:29:53Z lha $");
-struct _gss_mechanism_name *
-_gss_find_mn(struct _gss_name *name, gss_OID mech)
+OM_uint32
+_gss_find_mn(OM_uint32 *minor_status, struct _gss_name *name, gss_OID mech,
+ struct _gss_mechanism_name **output_mn)
{
- OM_uint32 major_status, minor_status;
+ OM_uint32 major_status;
gssapi_mech_interface m;
struct _gss_mechanism_name *mn;
+ *output_mn = NULL;
+
SLIST_FOREACH(mn, &name->gn_mn, gmn_link) {
if (gss_oid_equal(mech, mn->gmn_mech_oid))
break;
@@ -47,34 +50,36 @@ _gss_find_mn(struct _gss_name *name, gss_OID mech)
* MN but it is from a different mech), give up now.
*/
if (!name->gn_value.value)
- return (0);
+ return GSS_S_BAD_NAME;
m = __gss_get_mechanism(mech);
if (!m)
- return (0);
+ return (GSS_S_BAD_MECH);
mn = malloc(sizeof(struct _gss_mechanism_name));
if (!mn)
- return (0);
+ return GSS_S_FAILURE;
- major_status = m->gm_import_name(&minor_status,
+ major_status = m->gm_import_name(minor_status,
&name->gn_value,
(name->gn_type.elements
? &name->gn_type : GSS_C_NO_OID),
&mn->gmn_name);
if (major_status != GSS_S_COMPLETE) {
- _gss_mg_error(m, major_status, minor_status);
+ _gss_mg_error(m, major_status, *minor_status);
free(mn);
- return (0);
+ return major_status;
}
mn->gmn_mech = m;
mn->gmn_mech_oid = &m->gm_mech_oid;
SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link);
}
- return (mn);
+ *output_mn = mn;
+ return 0;
}
+
/*
* Make a name from an MN.
*/
diff --git a/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c b/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c
index 3195370b77..e2cecaf6b4 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c
@@ -32,7 +32,7 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_oid_to_str.c 19963 2007-01-17 16:01:22Z lha $");
+RCSID("$Id: gss_oid_to_str.c 21409 2007-07-04 14:19:11Z lha $");
OM_uint32
gss_oid_to_str(OM_uint32 *minor_status, gss_OID oid, gss_buffer_t oid_str)
@@ -44,6 +44,9 @@ gss_oid_to_str(OM_uint32 *minor_status, gss_OID oid, gss_buffer_t oid_str)
_mg_buffer_zero(oid_str);
+ if (oid == GSS_C_NULL_OID)
+ return GSS_S_FAILURE;
+
ret = der_get_oid (oid->elements, oid->length, &o, &size);
if (ret) {
*minor_status = ret;
diff --git a/source4/heimdal/lib/gssapi/mech/name.h b/source4/heimdal/lib/gssapi/mech/name.h
index 2252150a06..7c9ba33d85 100644
--- a/source4/heimdal/lib/gssapi/mech/name.h
+++ b/source4/heimdal/lib/gssapi/mech/name.h
@@ -24,7 +24,7 @@
* SUCH DAMAGE.
*
* $FreeBSD: src/lib/libgssapi/name.h,v 1.1 2005/12/29 14:40:20 dfr Exp $
- * $Id: name.h 18246 2006-10-05 18:36:07Z lha $
+ * $Id: name.h 21477 2007-07-10 16:31:44Z lha $
*/
struct _gss_mechanism_name {
@@ -41,7 +41,8 @@ struct _gss_name {
struct _gss_mechanism_name_list gn_mn; /* list of MNs */
};
-struct _gss_mechanism_name *
- _gss_find_mn(struct _gss_name *name, gss_OID mech);
+OM_uint32
+ _gss_find_mn(OM_uint32 *, struct _gss_name *, gss_OID,
+ struct _gss_mechanism_name **);
struct _gss_name *
_gss_make_name(gssapi_mech_interface m, gss_name_t new_mn);
diff --git a/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c
index d20c913bf0..1afe26f1e3 100644
--- a/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c
+++ b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c
@@ -33,7 +33,7 @@
#include "spnego/spnego_locl.h"
-RCSID("$Id: accept_sec_context.c 21243 2007-06-20 15:16:22Z lha $");
+RCSID("$Id: accept_sec_context.c 21461 2007-07-10 14:01:13Z lha $");
static OM_uint32
send_reject (OM_uint32 *minor_status,
@@ -555,23 +555,16 @@ acceptor_start
int get_mic = 0;
int first_ok = 0;
- if (src_name)
- *src_name = GSS_C_NO_NAME;
-
mech_output_token.value = NULL;
mech_output_token.length = 0;
mech_buf.value = NULL;
- if (*context_handle == GSS_C_NO_CONTEXT) {
- ret = _gss_spnego_alloc_sec_context(minor_status,
- context_handle);
- if (ret != GSS_S_COMPLETE)
- return ret;
-
- if (input_token_buffer->length == 0) {
- return send_supported_mechs (minor_status, output_token);
- }
- }
+ if (input_token_buffer->length == 0)
+ return send_supported_mechs (minor_status, output_token);
+
+ ret = _gss_spnego_alloc_sec_context(minor_status, context_handle);
+ if (ret != GSS_S_COMPLETE)
+ return ret;
ctx = (gssspnego_ctx)*context_handle;
diff --git a/source4/heimdal/lib/gssapi/spnego/spnego.asn1 b/source4/heimdal/lib/gssapi/spnego/spnego.asn1
index aed67dc4ae..058f10ba3a 100644
--- a/source4/heimdal/lib/gssapi/spnego/spnego.asn1
+++ b/source4/heimdal/lib/gssapi/spnego/spnego.asn1
@@ -1,4 +1,4 @@
--- $Id: spnego.asn1 19420 2006-12-18 18:28:49Z lha $
+-- $Id: spnego.asn1 21403 2007-07-04 08:13:12Z lha $
SPNEGO DEFINITIONS ::=
BEGIN
@@ -8,34 +8,34 @@ MechType::= OBJECT IDENTIFIER
MechTypeList ::= SEQUENCE OF MechType
ContextFlags ::= BIT STRING {
- delegFlag (0),
- mutualFlag (1),
- replayFlag (2),
- sequenceFlag (3),
- anonFlag (4),
- confFlag (5),
- integFlag (6)
+ delegFlag (0),
+ mutualFlag (1),
+ replayFlag (2),
+ sequenceFlag (3),
+ anonFlag (4),
+ confFlag (5),
+ integFlag (6)
}
NegHints ::= SEQUENCE {
- hintName [0] GeneralString OPTIONAL,
- hintAddress [1] OCTET STRING OPTIONAL
+ hintName [0] GeneralString OPTIONAL,
+ hintAddress [1] OCTET STRING OPTIONAL
}
NegTokenInitWin ::= SEQUENCE {
- mechTypes [0] MechTypeList,
- reqFlags [1] ContextFlags OPTIONAL,
- mechToken [2] OCTET STRING OPTIONAL,
- negHints [3] NegHints OPTIONAL
- }
+ mechTypes [0] MechTypeList,
+ reqFlags [1] ContextFlags OPTIONAL,
+ mechToken [2] OCTET STRING OPTIONAL,
+ negHints [3] NegHints OPTIONAL
+}
NegTokenInit ::= SEQUENCE {
- mechTypes [0] MechTypeList,
- reqFlags [1] ContextFlags OPTIONAL,
- mechToken [2] OCTET STRING OPTIONAL,
- mechListMIC [3] OCTET STRING OPTIONAL
- }
-
+ mechTypes [0] MechTypeList,
+ reqFlags [1] ContextFlags OPTIONAL,
+ mechToken [2] OCTET STRING OPTIONAL,
+ mechListMIC [3] OCTET STRING OPTIONAL,
+ ...
+}
-- NB: negResult is not OPTIONAL in the new SPNEGO spec but
-- Windows clients do not always send it
@@ -47,7 +47,8 @@ NegTokenResp ::= SEQUENCE {
request-mic (3) } OPTIONAL,
supportedMech [1] MechType OPTIONAL,
responseToken [2] OCTET STRING OPTIONAL,
- mechListMIC [3] OCTET STRING OPTIONAL
+ mechListMIC [3] OCTET STRING OPTIONAL,
+ ...
}
NegotiationToken ::= CHOICE {