diff options
Diffstat (limited to 'source4/heimdal/lib/gssapi/mech')
9 files changed, 67 insertions, 38 deletions
diff --git a/source4/heimdal/lib/gssapi/mech/context.c b/source4/heimdal/lib/gssapi/mech/context.c index 1691fd9401..e4517bee44 100644 --- a/source4/heimdal/lib/gssapi/mech/context.c +++ b/source4/heimdal/lib/gssapi/mech/context.c @@ -1,7 +1,7 @@ #include "mech/mech_locl.h" #include "heim_threads.h" -RCSID("$Id: context.c 19924 2007-01-16 10:17:01Z lha $"); +RCSID("$Id: context.c 21248 2007-06-21 00:45:13Z lha $"); struct mg_thread_ctx { gss_OID mech; @@ -79,7 +79,7 @@ _gss_mg_get_error(const gss_OID mech, OM_uint32 type, switch (type) { case GSS_C_GSS_CODE: { - if (value != mg->maj_stat) + if (value != mg->maj_stat || mg->maj_error.length == 0) break; string->value = malloc(mg->maj_error.length); string->length = mg->maj_error.length; @@ -87,7 +87,7 @@ _gss_mg_get_error(const gss_OID mech, OM_uint32 type, return GSS_S_COMPLETE; } case GSS_C_MECH_CODE: { - if (value != mg->min_stat) + if (value != mg->min_stat || mg->min_error.length == 0) break; string->value = malloc(mg->min_error.length); string->length = mg->min_error.length; diff --git a/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c index 8c5f4d0b08..d1e243d8b8 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_accept_sec_context.c 20626 2007-05-08 13:56:49Z lha $"); +RCSID("$Id: gss_accept_sec_context.c 21237 2007-06-20 11:21:09Z lha $"); static OM_uint32 parse_header(const gss_buffer_t input_token, gss_OID mech_oid) @@ -237,9 +237,7 @@ OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status, return (major_status); } - if (!src_name) { - m->gm_release_name(minor_status, &src_mn); - } else { + if (src_name && src_mn) { /* * Make a new name and mark it as an MN. */ @@ -250,13 +248,15 @@ OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status, return (GSS_S_FAILURE); } *src_name = (gss_name_t) name; + } else if (src_mn) { + m->gm_release_name(minor_status, &src_mn); } if (mech_ret_flags & GSS_C_DELEG_FLAG) { if (!delegated_cred_handle) { m->gm_release_cred(minor_status, &delegated_mc); *ret_flags &= ~GSS_C_DELEG_FLAG; - } else { + } else if (delegated_mc) { struct _gss_cred *dcred; struct _gss_mechanism_cred *dmc; diff --git a/source4/heimdal/lib/gssapi/mech/gss_display_name.c b/source4/heimdal/lib/gssapi/mech/gss_display_name.c index e57e5dd795..fc10933692 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_display_name.c +++ b/source4/heimdal/lib/gssapi/mech/gss_display_name.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_display_name.c 19952 2007-01-17 10:16:15Z lha $"); +RCSID("$Id: gss_display_name.c 21246 2007-06-20 15:25:19Z lha $"); OM_uint32 gss_display_name(OM_uint32 *minor_status, @@ -43,6 +43,11 @@ gss_display_name(OM_uint32 *minor_status, if (output_name_type) *output_name_type = GSS_C_NO_OID; + if (name == NULL) { + *minor_status = 0; + return (GSS_S_BAD_NAME); + } + /* * If we know it, copy the buffer used to import the name in * the first place. Otherwise, ask all the MNs in turn if diff --git a/source4/heimdal/lib/gssapi/mech/gss_display_status.c b/source4/heimdal/lib/gssapi/mech/gss_display_status.c index c316c26fd7..37ded26db6 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_display_status.c +++ b/source4/heimdal/lib/gssapi/mech/gss_display_status.c @@ -59,7 +59,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_display_status.c 20084 2007-01-31 12:12:08Z lha $"); +RCSID("$Id: gss_display_status.c 21247 2007-06-21 00:37:27Z lha $"); static const char * calling_error(OM_uint32 v) @@ -85,7 +85,7 @@ static const char * routine_error(OM_uint32 v) { static const char *msgs[] = { - NULL, /* 0 */ + "Function completed successfully", /* 0 */ "An unsupported mechanism was requested", "An invalid name was supplied", "A supplied name was of an unsupported type", @@ -109,9 +109,7 @@ routine_error(OM_uint32 v) v >>= GSS_C_ROUTINE_ERROR_OFFSET; - if (v == 0) - return ""; - else if (v >= sizeof(msgs)/sizeof(*msgs)) + if (v >= sizeof(msgs)/sizeof(*msgs)) return "unknown routine error"; else return msgs[v]; diff --git a/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c b/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c index 3aab0b9bbc..4ff81fdf2d 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c +++ b/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_duplicate_name.c 19953 2007-01-17 11:16:35Z lha $"); +RCSID("$Id: gss_duplicate_name.c 21219 2007-06-20 08:27:11Z lha $"); OM_uint32 gss_duplicate_name(OM_uint32 *minor_status, const gss_name_t src_name, @@ -44,7 +44,7 @@ OM_uint32 gss_duplicate_name(OM_uint32 *minor_status, /* * If this name has a value (i.e. it didn't come from * gss_canonicalize_name(), we re-import the thing. Otherwise, - * we make an empty name to hold the MN copy. + * we make copy of each mech names. */ if (name->gn_value.value) { major_status = gss_import_name(minor_status, @@ -52,6 +52,10 @@ OM_uint32 gss_duplicate_name(OM_uint32 *minor_status, if (major_status != GSS_S_COMPLETE) return (major_status); new_name = (struct _gss_name *) *dest_name; + + SLIST_FOREACH(mn, &name->gn_mn, gmn_link) { + _gss_find_mn(new_name, mn->gmn_mech_oid); + } } else { new_name = malloc(sizeof(struct _gss_name)); if (!new_name) { @@ -59,17 +63,30 @@ OM_uint32 gss_duplicate_name(OM_uint32 *minor_status, return (GSS_S_FAILURE); } memset(new_name, 0, sizeof(struct _gss_name)); - SLIST_INIT(&name->gn_mn); + SLIST_INIT(&new_name->gn_mn); *dest_name = (gss_name_t) new_name; - } + + SLIST_FOREACH(mn, &name->gn_mn, gmn_link) { + struct _gss_mechanism_name *new_mn; + + new_mn = malloc(sizeof(*new_mn)); + if (!new_mn) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + new_mn->gmn_mech = mn->gmn_mech; + new_mn->gmn_mech_oid = mn->gmn_mech_oid; + + major_status = + mn->gmn_mech->gm_duplicate_name(minor_status, + mn->gmn_name, &new_mn->gmn_name); + if (major_status != GSS_S_COMPLETE) { + free(new_mn); + continue; + } + SLIST_INSERT_HEAD(&new_name->gn_mn, new_mn, gmn_link); + } - /* - * Import the new name into any mechanisms listed in the - * original name. We could probably get away with only doing - * this if the original was canonical. - */ - SLIST_FOREACH(mn, &name->gn_mn, gmn_link) { - _gss_find_mn(new_name, mn->gmn_mech_oid); } return (GSS_S_COMPLETE); diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c index 5cce30c6bd..d45baac602 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c +++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_inquire_context.c 19958 2007-01-17 13:56:18Z lha $"); +RCSID("$Id: gss_inquire_context.c 21125 2007-06-18 20:11:07Z lha $"); OM_uint32 gss_inquire_context(OM_uint32 *minor_status, @@ -79,7 +79,8 @@ gss_inquire_context(OM_uint32 *minor_status, if (src_name) { name = _gss_make_name(m, src_mn); if (!name) { - *mech_type = GSS_C_NO_OID; + if (mech_type) + *mech_type = GSS_C_NO_OID; m->gm_release_name(minor_status, &src_mn); *minor_status = 0; return (GSS_S_FAILURE); @@ -90,8 +91,10 @@ gss_inquire_context(OM_uint32 *minor_status, if (targ_name) { name = _gss_make_name(m, targ_mn); if (!name) { - *mech_type = GSS_C_NO_OID; - gss_release_name(minor_status, src_name); + if (mech_type) + *mech_type = GSS_C_NO_OID; + if (src_name) + gss_release_name(minor_status, src_name); m->gm_release_name(minor_status, &targ_mn); *minor_status = 0; return (GSS_S_FAILURE); diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c index a4ace9e9e9..aa83efb0c2 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c +++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_inquire_cred_by_mech.c 19960 2007-01-17 15:09:24Z lha $"); +RCSID("$Id: gss_inquire_cred_by_mech.c 21124 2007-06-18 20:08:24Z lha $"); OM_uint32 gss_inquire_cred_by_mech(OM_uint32 *minor_status, @@ -78,12 +78,16 @@ gss_inquire_cred_by_mech(OM_uint32 *minor_status, return (major_status); } - name = _gss_make_name(m, mn); - if (!name) { + if (cred_name) { + name = _gss_make_name(m, mn); + if (!name) { m->gm_release_name(minor_status, &mn); return (GSS_S_NO_CRED); - } + } + *cred_name = (gss_name_t) name; + } else + m->gm_release_name(minor_status, &mn); + - *cred_name = (gss_name_t) name; return (GSS_S_COMPLETE); } diff --git a/source4/heimdal/lib/gssapi/mech/gss_krb5.c b/source4/heimdal/lib/gssapi/mech/gss_krb5.c index 2500928baf..9e77f42982 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_krb5.c +++ b/source4/heimdal/lib/gssapi/mech/gss_krb5.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_krb5.c 20383 2007-04-18 08:49:53Z lha $"); +RCSID("$Id: gss_krb5.c 21123 2007-06-18 20:05:26Z lha $"); #include <krb5.h> #include <roken.h> @@ -650,7 +650,7 @@ gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status, if (der_put_oid((unsigned char *)oid_flat.elements + oid_flat.length - 1, oid_flat.length, &oid, &size) != 0) { free(oid.components); - + free(oid_flat.elements); *minor_status = EINVAL; return GSS_S_FAILURE; } diff --git a/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c b/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c index 78c8cc79c1..c32291396f 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c +++ b/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c @@ -31,7 +31,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_set_cred_option.c 20626 2007-05-08 13:56:49Z lha $"); +RCSID("$Id: gss_set_cred_option.c 21126 2007-06-18 20:19:59Z lha $"); OM_uint32 gss_set_cred_option (OM_uint32 *minor_status, @@ -64,7 +64,9 @@ gss_set_cred_option (OM_uint32 *minor_status, mc = malloc(sizeof(*mc)); if (mc == NULL) { - /* XXX free the other mc's */ + *cred_handle = (gss_cred_id_t)cred; + gss_release_cred(minor_status, cred_handle); + *minor_status = ENOMEM; return GSS_S_FAILURE; } |