summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib/gssapi
diff options
context:
space:
mode:
Diffstat (limited to 'source4/heimdal/lib/gssapi')
-rw-r--r--source4/heimdal/lib/gssapi/acquire_cred.c20
-rw-r--r--source4/heimdal/lib/gssapi/display_status.c42
-rw-r--r--source4/heimdal/lib/gssapi/gssapi_locl.h8
-rw-r--r--source4/heimdal/lib/gssapi/init_sec_context.c19
4 files changed, 69 insertions, 20 deletions
diff --git a/source4/heimdal/lib/gssapi/acquire_cred.c b/source4/heimdal/lib/gssapi/acquire_cred.c
index 6ded413626..23c2603352 100644
--- a/source4/heimdal/lib/gssapi/acquire_cred.c
+++ b/source4/heimdal/lib/gssapi/acquire_cred.c
@@ -33,7 +33,7 @@
#include "gssapi_locl.h"
-RCSID("$Id: acquire_cred.c,v 1.22 2005/01/05 02:32:26 lukeh Exp $");
+RCSID("$Id: acquire_cred.c,v 1.23 2005/10/21 12:44:08 lha Exp $");
static krb5_error_code
get_keytab(krb5_context context, krb5_keytab *keytab)
@@ -83,9 +83,23 @@ static OM_uint32 acquire_initiator_cred
ret = GSS_S_FAILURE;
memset(&cred, 0, sizeof(cred));
+ /* If we have a preferred principal, lets try to find it in all
+ * caches, otherwise, fall back to default cache. Ignore
+ * errors. */
+ if (ccache == NULL && handle->principal) {
+ kret = krb5_cc_cache_match (gssapi_krb5_context,
+ handle->principal,
+ NULL,
+ &ccache);
+ if (kret) {
+ ccache = NULL;
+ } else {
+ made_ccache = TRUE;
+ }
+ }
if (ccache == NULL) {
- kret = krb5_cc_default(context, &ccache);
- if (kret)
+ kret = krb5_cc_default(gssapi_krb5_context, &ccache);
+ if (kret)
goto end;
made_ccache = TRUE;
}
diff --git a/source4/heimdal/lib/gssapi/display_status.c b/source4/heimdal/lib/gssapi/display_status.c
index 6e9456aa2e..0aa88bb57c 100644
--- a/source4/heimdal/lib/gssapi/display_status.c
+++ b/source4/heimdal/lib/gssapi/display_status.c
@@ -33,7 +33,7 @@
#include "gssapi_locl.h"
-RCSID("$Id: display_status.c,v 1.13 2005/08/23 08:30:55 lha Exp $");
+RCSID("$Id: display_status.c,v 1.14 2005/10/12 07:23:03 lha Exp $");
static const char *
calling_error(OM_uint32 v)
@@ -112,25 +112,47 @@ supplementary_error(OM_uint32 v)
}
void
-gssapi_krb5_set_error_string (void)
+gssapi_krb5_clear_status (void)
{
struct gssapi_thr_context *ctx = gssapi_get_thread_context(1);
- char *e;
+ if (ctx == NULL)
+ return;
+ HEIMDAL_MUTEX_lock(&ctx->mutex);
+ if (ctx->error_string)
+ free(ctx->error_string);
+ ctx->error_string = NULL;
+ HEIMDAL_MUTEX_unlock(&ctx->mutex);
+}
+
+void
+gssapi_krb5_set_status (const char *fmt, ...)
+{
+ struct gssapi_thr_context *ctx = gssapi_get_thread_context(1);
+ va_list args;
if (ctx == NULL)
return;
HEIMDAL_MUTEX_lock(&ctx->mutex);
+ va_start(args, fmt);
if (ctx->error_string)
free(ctx->error_string);
+ /* ignore failures, will use status code instead */
+ vasprintf(&ctx->error_string, fmt, args);
+ va_end(args);
+ HEIMDAL_MUTEX_unlock(&ctx->mutex);
+}
+
+void
+gssapi_krb5_set_error_string (void)
+{
+ char *e;
+
e = krb5_get_error_string(gssapi_krb5_context);
- if (e == NULL)
- ctx->error_string = NULL;
- else {
- /* ignore failures, will use status code instead */
- ctx->error_string = strdup(e);
+ if (e) {
+ gssapi_krb5_set_status("%s", e);
krb5_free_error_string(gssapi_krb5_context, e);
- }
- HEIMDAL_MUTEX_unlock(&ctx->mutex);
+ } else
+ gssapi_krb5_clear_status();
}
char *
diff --git a/source4/heimdal/lib/gssapi/gssapi_locl.h b/source4/heimdal/lib/gssapi/gssapi_locl.h
index 47a37e4657..a25e2fdcc9 100644
--- a/source4/heimdal/lib/gssapi/gssapi_locl.h
+++ b/source4/heimdal/lib/gssapi/gssapi_locl.h
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-/* $Id: gssapi_locl.h,v 1.40 2005/06/16 20:34:03 lha Exp $ */
+/* $Id: gssapi_locl.h,v 1.41 2005/10/12 15:20:37 lha Exp $ */
#ifndef GSSAPI_LOCL_H
#define GSSAPI_LOCL_H
@@ -246,6 +246,12 @@ int
gss_oid_equal(const gss_OID a, const gss_OID b);
void
+gssapi_krb5_clear_status (void);
+
+void
+gssapi_krb5_set_status (const char *fmt, ...);
+
+void
gssapi_krb5_set_error_string (void);
char *
diff --git a/source4/heimdal/lib/gssapi/init_sec_context.c b/source4/heimdal/lib/gssapi/init_sec_context.c
index 5c6c6a0f8e..93e8d44c86 100644
--- a/source4/heimdal/lib/gssapi/init_sec_context.c
+++ b/source4/heimdal/lib/gssapi/init_sec_context.c
@@ -33,7 +33,7 @@
#include "gssapi_locl.h"
-RCSID("$Id: init_sec_context.c,v 1.59 2005/08/11 10:47:25 lha Exp $");
+RCSID("$Id: init_sec_context.c,v 1.60 2005/10/12 07:25:18 lha Exp $");
/*
* copy the addresses from `input_chan_bindings' (if any) to
@@ -848,16 +848,23 @@ spnego_reply
ret = der_match_tag_and_length((const char *)indata.data,
indata.length,
ASN1_C_CONTEXT, CONS, 1, &len, &taglen);
- if (ret)
- return ret;
+ if (ret) {
+ gssapi_krb5_set_status("Failed to decode NegToken choice");
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
- if(len > indata.length - taglen)
- return ASN1_OVERRUN;
+ if(len > indata.length - taglen) {
+ gssapi_krb5_set_status("Buffer overrun in NegToken choice");
+ *minor_status = ASN1_OVERRUN;
+ return GSS_S_FAILURE;
+ }
ret = decode_NegTokenTarg((const char *)indata.data + taglen,
len, &targ, NULL);
if (ret) {
- *minor_status = ENOMEM;
+ gssapi_krb5_set_status("Failed to decode NegTokenTarg");
+ *minor_status = ret;
return GSS_S_FAILURE;
}