diff options
Diffstat (limited to 'source4/heimdal/lib/gssapi')
| -rw-r--r-- | source4/heimdal/lib/gssapi/acquire_cred.c | 20 | ||||
| -rw-r--r-- | source4/heimdal/lib/gssapi/display_status.c | 42 | ||||
| -rw-r--r-- | source4/heimdal/lib/gssapi/gssapi_locl.h | 8 | ||||
| -rw-r--r-- | source4/heimdal/lib/gssapi/init_sec_context.c | 19 |
4 files changed, 69 insertions, 20 deletions
diff --git a/source4/heimdal/lib/gssapi/acquire_cred.c b/source4/heimdal/lib/gssapi/acquire_cred.c index 6ded413626..23c2603352 100644 --- a/source4/heimdal/lib/gssapi/acquire_cred.c +++ b/source4/heimdal/lib/gssapi/acquire_cred.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: acquire_cred.c,v 1.22 2005/01/05 02:32:26 lukeh Exp $"); +RCSID("$Id: acquire_cred.c,v 1.23 2005/10/21 12:44:08 lha Exp $"); static krb5_error_code get_keytab(krb5_context context, krb5_keytab *keytab) @@ -83,9 +83,23 @@ static OM_uint32 acquire_initiator_cred ret = GSS_S_FAILURE; memset(&cred, 0, sizeof(cred)); + /* If we have a preferred principal, lets try to find it in all + * caches, otherwise, fall back to default cache. Ignore + * errors. */ + if (ccache == NULL && handle->principal) { + kret = krb5_cc_cache_match (gssapi_krb5_context, + handle->principal, + NULL, + &ccache); + if (kret) { + ccache = NULL; + } else { + made_ccache = TRUE; + } + } if (ccache == NULL) { - kret = krb5_cc_default(context, &ccache); - if (kret) + kret = krb5_cc_default(gssapi_krb5_context, &ccache); + if (kret) goto end; made_ccache = TRUE; } diff --git a/source4/heimdal/lib/gssapi/display_status.c b/source4/heimdal/lib/gssapi/display_status.c index 6e9456aa2e..0aa88bb57c 100644 --- a/source4/heimdal/lib/gssapi/display_status.c +++ b/source4/heimdal/lib/gssapi/display_status.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: display_status.c,v 1.13 2005/08/23 08:30:55 lha Exp $"); +RCSID("$Id: display_status.c,v 1.14 2005/10/12 07:23:03 lha Exp $"); static const char * calling_error(OM_uint32 v) @@ -112,25 +112,47 @@ supplementary_error(OM_uint32 v) } void -gssapi_krb5_set_error_string (void) +gssapi_krb5_clear_status (void) { struct gssapi_thr_context *ctx = gssapi_get_thread_context(1); - char *e; + if (ctx == NULL) + return; + HEIMDAL_MUTEX_lock(&ctx->mutex); + if (ctx->error_string) + free(ctx->error_string); + ctx->error_string = NULL; + HEIMDAL_MUTEX_unlock(&ctx->mutex); +} + +void +gssapi_krb5_set_status (const char *fmt, ...) +{ + struct gssapi_thr_context *ctx = gssapi_get_thread_context(1); + va_list args; if (ctx == NULL) return; HEIMDAL_MUTEX_lock(&ctx->mutex); + va_start(args, fmt); if (ctx->error_string) free(ctx->error_string); + /* ignore failures, will use status code instead */ + vasprintf(&ctx->error_string, fmt, args); + va_end(args); + HEIMDAL_MUTEX_unlock(&ctx->mutex); +} + +void +gssapi_krb5_set_error_string (void) +{ + char *e; + e = krb5_get_error_string(gssapi_krb5_context); - if (e == NULL) - ctx->error_string = NULL; - else { - /* ignore failures, will use status code instead */ - ctx->error_string = strdup(e); + if (e) { + gssapi_krb5_set_status("%s", e); krb5_free_error_string(gssapi_krb5_context, e); - } - HEIMDAL_MUTEX_unlock(&ctx->mutex); + } else + gssapi_krb5_clear_status(); } char * diff --git a/source4/heimdal/lib/gssapi/gssapi_locl.h b/source4/heimdal/lib/gssapi/gssapi_locl.h index 47a37e4657..a25e2fdcc9 100644 --- a/source4/heimdal/lib/gssapi/gssapi_locl.h +++ b/source4/heimdal/lib/gssapi/gssapi_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gssapi_locl.h,v 1.40 2005/06/16 20:34:03 lha Exp $ */ +/* $Id: gssapi_locl.h,v 1.41 2005/10/12 15:20:37 lha Exp $ */ #ifndef GSSAPI_LOCL_H #define GSSAPI_LOCL_H @@ -246,6 +246,12 @@ int gss_oid_equal(const gss_OID a, const gss_OID b); void +gssapi_krb5_clear_status (void); + +void +gssapi_krb5_set_status (const char *fmt, ...); + +void gssapi_krb5_set_error_string (void); char * diff --git a/source4/heimdal/lib/gssapi/init_sec_context.c b/source4/heimdal/lib/gssapi/init_sec_context.c index 5c6c6a0f8e..93e8d44c86 100644 --- a/source4/heimdal/lib/gssapi/init_sec_context.c +++ b/source4/heimdal/lib/gssapi/init_sec_context.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: init_sec_context.c,v 1.59 2005/08/11 10:47:25 lha Exp $"); +RCSID("$Id: init_sec_context.c,v 1.60 2005/10/12 07:25:18 lha Exp $"); /* * copy the addresses from `input_chan_bindings' (if any) to @@ -848,16 +848,23 @@ spnego_reply ret = der_match_tag_and_length((const char *)indata.data, indata.length, ASN1_C_CONTEXT, CONS, 1, &len, &taglen); - if (ret) - return ret; + if (ret) { + gssapi_krb5_set_status("Failed to decode NegToken choice"); + *minor_status = ret; + return GSS_S_FAILURE; + } - if(len > indata.length - taglen) - return ASN1_OVERRUN; + if(len > indata.length - taglen) { + gssapi_krb5_set_status("Buffer overrun in NegToken choice"); + *minor_status = ASN1_OVERRUN; + return GSS_S_FAILURE; + } ret = decode_NegTokenTarg((const char *)indata.data + taglen, len, &targ, NULL); if (ret) { - *minor_status = ENOMEM; + gssapi_krb5_set_status("Failed to decode NegTokenTarg"); + *minor_status = ret; return GSS_S_FAILURE; } |