diff options
Diffstat (limited to 'crypto/heimdal/lib/gssapi')
25 files changed, 438 insertions, 152 deletions
diff --git a/crypto/heimdal/lib/gssapi/ChangeLog b/crypto/heimdal/lib/gssapi/ChangeLog index e335d4db..99ab271 100644 --- a/crypto/heimdal/lib/gssapi/ChangeLog +++ b/crypto/heimdal/lib/gssapi/ChangeLog @@ -1,3 +1,43 @@ +2001-05-17 Assar Westerlund <assar@sics.se> + + * Makefile.am: bump version to 3:1:2 + +2001-05-14 Assar Westerlund <assar@sics.se> + + * address_to_krb5addr.c: adapt to new address functions + +2001-05-11 Assar Westerlund <assar@sics.se> + + * try to return the error string from libkrb5 where applicable + +2001-05-08 Assar Westerlund <assar@sics.se> + + * delete_sec_context.c (gss_delete_sec_context): remember to free + the memory used by the ticket itself. from <tmartin@mirapoint.com> + +2001-05-04 Assar Westerlund <assar@sics.se> + + * gssapi_locl.h: add config.h for completeness + * gssapi.h: remove config.h, this is an installed header file + sys/types.h is not needed either + +2001-03-12 Assar Westerlund <assar@sics.se> + + * acquire_cred.c (gss_acquire_cred): remove memory leaks. from + Jason R Thorpe <thorpej@zembu.com> + +2001-02-18 Assar Westerlund <assar@sics.se> + + * accept_sec_context.c (gss_accept_sec_context): either return + gss_name NULL-ed or set + + * import_name.c: set minor_status in some cases where it was not + done + +2001-02-15 Assar Westerlund <assar@sics.se> + + * wrap.c: use krb5_generate_random_block for the confounders + 2001-01-30 Assar Westerlund <assar@sics.se> * Makefile.am (libgssapi_la_LDFLAGS): bump version to 3:0:2 diff --git a/crypto/heimdal/lib/gssapi/Makefile.am b/crypto/heimdal/lib/gssapi/Makefile.am index a086e29..3132040 100644 --- a/crypto/heimdal/lib/gssapi/Makefile.am +++ b/crypto/heimdal/lib/gssapi/Makefile.am @@ -1,11 +1,11 @@ -# $Id: Makefile.am,v 1.30 2001/01/30 01:51:53 assar Exp $ +# $Id: Makefile.am,v 1.31 2001/05/16 23:52:27 assar Exp $ include $(top_srcdir)/Makefile.am.common INCLUDES += -I$(srcdir)/../krb5 $(INCLUDE_krb4) lib_LTLIBRARIES = libgssapi.la -libgssapi_la_LDFLAGS = -version-info 3:0:2 +libgssapi_la_LDFLAGS = -version-info 3:1:2 include_HEADERS = gssapi.h diff --git a/crypto/heimdal/lib/gssapi/Makefile.in b/crypto/heimdal/lib/gssapi/Makefile.in index 4173934..a71a183 100644 --- a/crypto/heimdal/lib/gssapi/Makefile.in +++ b/crypto/heimdal/lib/gssapi/Makefile.in @@ -1,6 +1,7 @@ -# Makefile.in generated automatically by automake 1.4a from Makefile.am +# Makefile.in generated automatically by automake 1.4b from Makefile.am -# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc. +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000 +# Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -113,13 +114,13 @@ dpagaix_CFLAGS = @dpagaix_CFLAGS@ dpagaix_LDADD = @dpagaix_LDADD@ install_sh = @install_sh@ -# $Id: Makefile.am,v 1.30 2001/01/30 01:51:53 assar Exp $ +# $Id: Makefile.am,v 1.31 2001/05/16 23:52:27 assar Exp $ # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ -# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $ +# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $ AUTOMAKE_OPTIONS = foreign no-dependencies @@ -185,10 +186,12 @@ NROFF_MAN = groff -mandoc -Tascii @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la +@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la + CHECK_LOCAL = $(PROGRAMS) lib_LTLIBRARIES = libgssapi.la -libgssapi_la_LDFLAGS = -version-info 3:0:2 +libgssapi_la_LDFLAGS = -version-info 3:1:2 include_HEADERS = gssapi.h @@ -278,7 +281,7 @@ OBJECTS = $(am_libgssapi_la_OBJECTS) all: all-redirect .SUFFIXES: -.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x +.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/gssapi/Makefile @@ -385,6 +388,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ || etags $(ETAGS_ARGS) $$tags $$unique $(LISP) +GTAGS: + here=`CDPATH=: && cd $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $$here + mostlyclean-tags: clean-tags: diff --git a/crypto/heimdal/lib/gssapi/accept_sec_context.c b/crypto/heimdal/lib/gssapi/accept_sec_context.c index a606c55..4cb2427 100644 --- a/crypto/heimdal/lib/gssapi/accept_sec_context.c +++ b/crypto/heimdal/lib/gssapi/accept_sec_context.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: accept_sec_context.c,v 1.21 2001/01/09 18:47:11 assar Exp $"); +RCSID("$Id: accept_sec_context.c,v 1.24 2001/05/11 09:16:45 assar Exp $"); static krb5_keytab gss_keytab; @@ -76,6 +76,7 @@ gss_accept_sec_context krb5_ticket *ticket = NULL; krb5_keytab keytab = NULL; krb5_data fwd_data; + OM_uint32 minor; gssapi_krb5_init (); @@ -98,10 +99,15 @@ gss_accept_sec_context (*context_handle)->more_flags = 0; (*context_handle)->ticket = NULL; + if (src_name != NULL) + *src_name = NULL; + kret = krb5_auth_con_init (gssapi_krb5_context, &(*context_handle)->auth_context); if (kret) { ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); goto failure; } @@ -131,6 +137,7 @@ gss_accept_sec_context &acceptor_addr); if (kret) { *minor_status = kret; + gssapi_krb5_set_error_string (); ret = GSS_S_BAD_BINDINGS; goto failure; } @@ -142,6 +149,7 @@ gss_accept_sec_context if (kret) { krb5_free_address (gssapi_krb5_context, &acceptor_addr); *minor_status = kret; + gssapi_krb5_set_error_string (); ret = GSS_S_BAD_BINDINGS; goto failure; } @@ -162,6 +170,7 @@ gss_accept_sec_context if (kret) { *minor_status = kret; + gssapi_krb5_set_error_string (); ret = GSS_S_BAD_BINDINGS; goto failure; } @@ -207,6 +216,8 @@ gss_accept_sec_context &ticket); if (kret) { ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); goto failure; } @@ -215,6 +226,8 @@ gss_accept_sec_context &(*context_handle)->source); if (kret) { ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); goto failure; } @@ -223,15 +236,19 @@ gss_accept_sec_context &(*context_handle)->target); if (kret) { ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); goto failure; } - if (src_name) { + if (src_name != NULL) { kret = krb5_copy_principal (gssapi_krb5_context, ticket->client, src_name); if (kret) { ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); goto failure; } } @@ -244,6 +261,8 @@ gss_accept_sec_context &authenticator); if(kret) { ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); goto failure; } @@ -254,6 +273,8 @@ gss_accept_sec_context krb5_free_authenticator(gssapi_krb5_context, &authenticator); if (kret) { ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); goto failure; } } @@ -322,6 +343,8 @@ end_fwd: &outbuf); if (kret) { ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); goto failure; } ret = gssapi_krb5_encapsulate (&outbuf, @@ -359,6 +382,10 @@ failure: krb5_free_principal (gssapi_krb5_context, (*context_handle)->target); free (*context_handle); + if (src_name != NULL) { + gss_release_name (&minor, src_name); + *src_name = NULL; + } *context_handle = GSS_C_NO_CONTEXT; *minor_status = kret; return GSS_S_FAILURE; diff --git a/crypto/heimdal/lib/gssapi/acquire_cred.c b/crypto/heimdal/lib/gssapi/acquire_cred.c index 341d06d..acc60a2 100644 --- a/crypto/heimdal/lib/gssapi/acquire_cred.c +++ b/crypto/heimdal/lib/gssapi/acquire_cred.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: acquire_cred.c,v 1.4 2001/01/30 00:49:05 assar Exp $"); +RCSID("$Id: acquire_cred.c,v 1.6 2001/05/11 09:16:45 assar Exp $"); OM_uint32 gss_acquire_cred (OM_uint32 * minor_status, @@ -48,95 +48,115 @@ OM_uint32 gss_acquire_cred { gss_cred_id_t handle; OM_uint32 ret; - krb5_principal def_princ; + krb5_error_code kret = 0; krb5_ccache ccache; - krb5_error_code pret = -1, kret = 0; - krb5_keytab kt; - krb5_creds cred; - krb5_get_init_creds_opt opt; handle = (gss_cred_id_t)malloc(sizeof(*handle)); - if (handle == GSS_C_NO_CREDENTIAL) { + if (handle == GSS_C_NO_CREDENTIAL) return GSS_S_FAILURE; - } + memset(handle, 0, sizeof (*handle)); ret = gss_duplicate_name(minor_status, desired_name, &handle->principal); if (ret) { + free(handle); return ret; } - if (krb5_cc_default(gssapi_krb5_context, &ccache) == 0 && - (pret = krb5_cc_get_principal(gssapi_krb5_context, ccache, - &def_princ)) == 0 && - krb5_principal_compare(gssapi_krb5_context, handle->principal, - def_princ) == TRUE) { + if (krb5_cc_default(gssapi_krb5_context, &ccache) == 0) { + krb5_principal def_princ; + + if (krb5_cc_get_principal(gssapi_krb5_context, ccache, + &def_princ) != 0) { + krb5_cc_close(gssapi_krb5_context, ccache); + goto try_keytab; + } + if (krb5_principal_compare(gssapi_krb5_context, handle->principal, + def_princ) == FALSE) { + krb5_free_principal(gssapi_krb5_context, def_princ); + krb5_cc_close(gssapi_krb5_context, ccache); + goto try_keytab; + } handle->ccache = ccache; handle->keytab = NULL; + krb5_free_principal(gssapi_krb5_context, def_princ); } else { - kret = krb5_kt_default(gssapi_krb5_context, &kt); + krb5_creds cred; + krb5_get_init_creds_opt opt; + + try_keytab: + kret = krb5_kt_default(gssapi_krb5_context, &handle->keytab); if (kret != 0) - goto out; + goto krb5_bad; + krb5_get_init_creds_opt_init(&opt); memset(&cred, 0, sizeof(cred)); + kret = krb5_get_init_creds_keytab(gssapi_krb5_context, &cred, - handle->principal, kt, 0, NULL, &opt); + handle->principal, handle->keytab, + 0, NULL, &opt); + if (kret != 0) + goto krb5_bad; + + kret = krb5_cc_gen_new(gssapi_krb5_context, &krb5_mcc_ops, + &handle->ccache); if (kret != 0) { - krb5_kt_close(gssapi_krb5_context, kt); - goto out; + krb5_free_creds_contents(gssapi_krb5_context, &cred); + goto krb5_bad; } - kret = krb5_cc_gen_new(gssapi_krb5_context, &krb5_mcc_ops, &ccache); + + kret = krb5_cc_initialize(gssapi_krb5_context, handle->ccache, + cred.client); if (kret != 0) { - krb5_kt_close(gssapi_krb5_context, kt); - goto out; + krb5_free_creds_contents(gssapi_krb5_context, &cred); + goto krb5_bad; } - kret = krb5_cc_initialize(gssapi_krb5_context, ccache, cred.client); + + kret = krb5_cc_store_cred(gssapi_krb5_context, handle->ccache, &cred); if (kret != 0) { - krb5_kt_close(gssapi_krb5_context, kt); - krb5_cc_close(gssapi_krb5_context, ccache); - goto out; + krb5_free_creds_contents(gssapi_krb5_context, &cred); + goto krb5_bad; } - kret = krb5_cc_store_cred(gssapi_krb5_context, ccache, &cred); - if (kret != 0) { - krb5_kt_close(gssapi_krb5_context, kt); - krb5_cc_close(gssapi_krb5_context, ccache); - goto out; - } - handle->ccache = ccache; - handle->keytab = kt; - } + krb5_free_creds_contents(gssapi_krb5_context, &cred); + } /* XXX */ handle->lifetime = time_req; handle->usage = cred_usage; ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms); - if (ret) { - return ret; - } + if (ret) + goto gssapi_bad; + ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, &handle->mechanisms); - if (ret) { - return ret; - } + if (ret) + goto gssapi_bad; ret = gss_inquire_cred(minor_status, handle, NULL, time_rec, NULL, actual_mechs); - if (ret) { - return ret; - } + if (ret) + goto gssapi_bad; *output_cred_handle = handle; + return (GSS_S_COMPLETE); -out: - if (pret == 0) - krb5_free_principal(gssapi_krb5_context, def_princ); + krb5_bad: + ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); - if (kret != 0) { - *minor_status = kret; - return GSS_S_FAILURE; - } + gssapi_bad: + krb5_free_principal(gssapi_krb5_context, handle->principal); + if (handle->ccache != NULL) + krb5_cc_close(gssapi_krb5_context, handle->ccache); + if (handle->keytab != NULL) + krb5_kt_close(gssapi_krb5_context, handle->keytab); + if (handle->mechanisms != NULL) + gss_release_oid_set(NULL, &handle->mechanisms); + + free(handle); - return GSS_S_COMPLETE; + return (ret); } diff --git a/crypto/heimdal/lib/gssapi/add_oid_set_member.c b/crypto/heimdal/lib/gssapi/add_oid_set_member.c index b8144ff..baf70c5 100644 --- a/crypto/heimdal/lib/gssapi/add_oid_set_member.c +++ b/crypto/heimdal/lib/gssapi/add_oid_set_member.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: add_oid_set_member.c,v 1.6 2000/07/02 04:44:11 assar Exp $"); +RCSID("$Id: add_oid_set_member.c,v 1.7 2001/02/18 03:39:08 assar Exp $"); OM_uint32 gss_add_oid_set_member ( OM_uint32 * minor_status, @@ -55,8 +55,10 @@ OM_uint32 gss_add_oid_set_member ( n = (*oid_set)->count + 1; tmp = realloc ((*oid_set)->elements, n * sizeof(gss_OID_desc)); - if (tmp == NULL) + if (tmp == NULL) { + *minor_status = ENOMEM; return GSS_S_FAILURE; + } (*oid_set)->elements = tmp; (*oid_set)->count = n; (*oid_set)->elements[n-1] = *member_oid; diff --git a/crypto/heimdal/lib/gssapi/address_to_krb5addr.c b/crypto/heimdal/lib/gssapi/address_to_krb5addr.c index 1d8c1b6..c8041aa 100644 --- a/crypto/heimdal/lib/gssapi/address_to_krb5addr.c +++ b/crypto/heimdal/lib/gssapi/address_to_krb5addr.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 Kungliga Tekniska Högskolan + * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -61,7 +61,8 @@ gss_address_to_krb5addr(OM_uint32 gss_addr_type, return GSS_S_FAILURE; } - problem = krb5_h_addr2sockaddr (addr_type, + problem = krb5_h_addr2sockaddr (gssapi_krb5_context, + addr_type, gss_addr->value, &sa, &sa_size, @@ -69,7 +70,7 @@ gss_address_to_krb5addr(OM_uint32 gss_addr_type, if (problem) return GSS_S_FAILURE; - problem = krb5_sockaddr2address (&sa, address); + problem = krb5_sockaddr2address (gssapi_krb5_context, &sa, address); return problem; } diff --git a/crypto/heimdal/lib/gssapi/context_time.c b/crypto/heimdal/lib/gssapi/context_time.c index 1882eb3..f933f9e 100644 --- a/crypto/heimdal/lib/gssapi/context_time.c +++ b/crypto/heimdal/lib/gssapi/context_time.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: context_time.c,v 1.3 2000/02/06 08:14:16 assar Exp $"); +RCSID("$Id: context_time.c,v 1.5 2001/05/11 09:16:45 assar Exp $"); OM_uint32 gss_context_time (OM_uint32 * minor_status, @@ -56,6 +56,8 @@ OM_uint32 gss_context_time kret = krb5_timeofday(gssapi_krb5_context, &timeret); if (kret) { + *minor_status = kret; + gssapi_krb5_set_error_string (); return GSS_S_FAILURE; } diff --git a/crypto/heimdal/lib/gssapi/copy_ccache.c b/crypto/heimdal/lib/gssapi/copy_ccache.c index f91acab..a6f53df 100644 --- a/crypto/heimdal/lib/gssapi/copy_ccache.c +++ b/crypto/heimdal/lib/gssapi/copy_ccache.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: copy_ccache.c,v 1.1 2001/01/30 00:35:47 assar Exp $"); +RCSID("$Id: copy_ccache.c,v 1.2 2001/05/11 09:16:45 assar Exp $"); OM_uint32 gss_krb5_copy_ccache(OM_uint32 *minor, @@ -50,6 +50,7 @@ gss_krb5_copy_ccache(OM_uint32 *minor, kret = krb5_cc_copy_cache(gssapi_krb5_context, cred->ccache, out); if (kret) { *minor = kret; + gssapi_krb5_set_error_string (); return GSS_S_FAILURE; } return GSS_S_COMPLETE; diff --git a/crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c b/crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c index acec30e..de71749 100644 --- a/crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c +++ b/crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: create_emtpy_oid_set.c,v 1.3 1999/12/02 17:05:03 joda Exp $"); +RCSID("$Id: create_emtpy_oid_set.c,v 1.4 2001/02/18 03:39:08 assar Exp $"); OM_uint32 gss_create_empty_oid_set ( OM_uint32 * minor_status, @@ -42,6 +42,7 @@ OM_uint32 gss_create_empty_oid_set ( { *oid_set = malloc(sizeof(**oid_set)); if (*oid_set == NULL) { + *minor_status = ENOMEM; return GSS_S_FAILURE; } (*oid_set)->count = 0; diff --git a/crypto/heimdal/lib/gssapi/delete_sec_context.c b/crypto/heimdal/lib/gssapi/delete_sec_context.c index 15e3cfa..06f44e3 100644 --- a/crypto/heimdal/lib/gssapi/delete_sec_context.c +++ b/crypto/heimdal/lib/gssapi/delete_sec_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: delete_sec_context.c,v 1.7 2000/02/11 23:00:48 assar Exp $"); +RCSID("$Id: delete_sec_context.c,v 1.9 2001/05/10 15:23:04 assar Exp $"); OM_uint32 gss_delete_sec_context (OM_uint32 * minor_status, @@ -56,9 +56,12 @@ OM_uint32 gss_delete_sec_context if((*context_handle)->target) krb5_free_principal (gssapi_krb5_context, (*context_handle)->target); - if ((*context_handle)->ticket) + if ((*context_handle)->ticket) { krb5_free_ticket (gssapi_krb5_context, (*context_handle)->ticket); + free((*context_handle)->ticket); + } + free (*context_handle); *context_handle = GSS_C_NO_CONTEXT; return GSS_S_COMPLETE; diff --git a/crypto/heimdal/lib/gssapi/display_name.c b/crypto/heimdal/lib/gssapi/display_name.c index 4efed14..1c25e67 100644 --- a/crypto/heimdal/lib/gssapi/display_name.c +++ b/crypto/heimdal/lib/gssapi/display_name.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: display_name.c,v 1.5 1999/12/02 17:05:03 joda Exp $"); +RCSID("$Id: display_name.c,v 1.7 2001/05/11 09:16:46 assar Exp $"); OM_uint32 gss_display_name (OM_uint32 * minor_status, @@ -50,13 +50,17 @@ OM_uint32 gss_display_name kret = krb5_unparse_name (gssapi_krb5_context, input_name, &buf); - if (kret) + if (kret) { + *minor_status = kret; + gssapi_krb5_set_error_string (); return GSS_S_FAILURE; + } len = strlen (buf); output_name_buffer->length = len; output_name_buffer->value = malloc(len + 1); if (output_name_buffer->value == NULL) { free (buf); + *minor_status = ENOMEM; return GSS_S_FAILURE; } memcpy (output_name_buffer->value, buf, len); diff --git a/crypto/heimdal/lib/gssapi/display_status.c b/crypto/heimdal/lib/gssapi/display_status.c index f08c47e..1fa0531 100644 --- a/crypto/heimdal/lib/gssapi/display_status.c +++ b/crypto/heimdal/lib/gssapi/display_status.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,9 @@ #include "gssapi_locl.h" -RCSID("$Id: display_status.c,v 1.5 1999/12/02 17:05:03 joda Exp $"); +RCSID("$Id: display_status.c,v 1.6 2001/05/11 09:16:46 assar Exp $"); + +static char *krb5_error_string; static char * calling_error(OM_uint32 v) @@ -91,6 +93,20 @@ routine_error(OM_uint32 v) return msgs[v]; } +void +gssapi_krb5_set_error_string (void) +{ + krb5_error_string = krb5_get_error_string(gssapi_krb5_context); +} + +char * +gssapi_krb5_get_error_string (void) +{ + char *ret = krb5_error_string; + krb5_error_string = NULL; + return ret; +} + OM_uint32 gss_display_status (OM_uint32 *minor_status, OM_uint32 status_value, @@ -118,7 +134,9 @@ OM_uint32 gss_display_status return GSS_S_FAILURE; } } else if (status_type == GSS_C_MECH_CODE) { - buf = strdup(krb5_get_err_text (gssapi_krb5_context, status_value)); + buf = gssapi_krb5_get_error_string (); + if (buf == NULL) + buf = strdup(krb5_get_err_text (gssapi_krb5_context, status_value)); if (buf == NULL) { *minor_status = ENOMEM; return GSS_S_FAILURE; diff --git a/crypto/heimdal/lib/gssapi/duplicate_name.c b/crypto/heimdal/lib/gssapi/duplicate_name.c index a3118d3..b0ecdf2 100644 --- a/crypto/heimdal/lib/gssapi/duplicate_name.c +++ b/crypto/heimdal/lib/gssapi/duplicate_name.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: duplicate_name.c,v 1.3 1999/12/02 17:05:03 joda Exp $"); +RCSID("$Id: duplicate_name.c,v 1.5 2001/05/11 09:16:46 assar Exp $"); OM_uint32 gss_duplicate_name ( OM_uint32 * minor_status, @@ -48,8 +48,11 @@ OM_uint32 gss_duplicate_name ( kret = krb5_copy_principal (gssapi_krb5_context, src_name, dest_name); - if (kret) + if (kret) { + *minor_status = kret; + gssapi_krb5_set_error_string (); return GSS_S_FAILURE; - else + } else { return GSS_S_COMPLETE; + } } diff --git a/crypto/heimdal/lib/gssapi/export_sec_context.c b/crypto/heimdal/lib/gssapi/export_sec_context.c index 7116f95..30c5a11 100644 --- a/crypto/heimdal/lib/gssapi/export_sec_context.c +++ b/crypto/heimdal/lib/gssapi/export_sec_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: export_sec_context.c,v 1.3 2000/07/08 11:42:22 assar Exp $"); +RCSID("$Id: export_sec_context.c,v 1.4 2001/02/18 03:39:09 assar Exp $"); OM_uint32 gss_export_sec_context ( @@ -44,10 +44,12 @@ gss_export_sec_context ( { krb5_storage *sp; krb5_auth_context ac; - int ret; + OM_uint32 ret = GSS_S_COMPLETE; krb5_data data; gss_buffer_desc buffer; int flags; + OM_uint32 minor; + krb5_error_code kret; gssapi_krb5_init (); if (!((*context_handle)->flags & GSS_C_TRANS_FLAG)) @@ -74,25 +76,74 @@ gss_export_sec_context ( if (ac->remote_subkey) flags |= SC_REMOTE_SUBKEY; - krb5_store_int32 (sp, flags); + kret = krb5_store_int32 (sp, flags); + if (kret) { + *minor_status = kret; + goto failure; + } /* marshall auth context */ - krb5_store_int32 (sp, ac->flags); - if (ac->local_address) - krb5_store_address (sp, *ac->local_address); - if (ac->remote_address) - krb5_store_address (sp, *ac->remote_address); - krb5_store_int16 (sp, ac->local_port); - krb5_store_int16 (sp, ac->remote_port); - if (ac->keyblock) - krb5_store_keyblock (sp, *ac->keyblock); - if (ac->local_subkey) - krb5_store_keyblock (sp, *ac->local_subkey); - if (ac->remote_subkey) - krb5_store_keyblock (sp, *ac->remote_subkey); - krb5_store_int32 (sp, ac->local_seqnumber); - krb5_store_int32 (sp, ac->remote_seqnumber); + kret = krb5_store_int32 (sp, ac->flags); + if (kret) { + *minor_status = kret; + goto failure; + } + if (ac->local_address) { + kret = krb5_store_address (sp, *ac->local_address); + if (kret) { + *minor_status = kret; + goto failure; + } + } + if (ac->remote_address) { + kret = krb5_store_address (sp, *ac->remote_address); + if (kret) { + *minor_status = kret; + goto failure; + } + } + kret = krb5_store_int16 (sp, ac->local_port); + if (kret) { + *minor_status = kret; + goto failure; + } + kret = krb5_store_int16 (sp, ac->remote_port); + if (kret) { + *minor_status = kret; + goto failure; + } + if (ac->keyblock) { + kret = krb5_store_keyblock (sp, *ac->keyblock); + if (kret) { + *minor_status = kret; + goto failure; + } + } + if (ac->local_subkey) { + kret = krb5_store_keyblock (sp, *ac->local_subkey); + if (kret) { + *minor_status = kret; + goto failure; + } + } + if (ac->remote_subkey) { + kret = krb5_store_keyblock (sp, *ac->remote_subkey); + if (kret) { + *minor_status = kret; + goto failure; + } + } + kret = krb5_store_int32 (sp, ac->local_seqnumber); + if (kret) { + *minor_status = kret; + goto failure; + } + kret = krb5_store_int32 (sp, ac->remote_seqnumber); + if (kret) { + *minor_status = kret; + goto failure; + } #if 0 { @@ -108,31 +159,65 @@ gss_export_sec_context ( } data.data = auth_buf; data.length = sz; - krb5_store_data (sp, data); + kret = krb5_store_data (sp, data); + if (kret) { + *minor_status = kret; + goto failure; + } } #endif - krb5_store_int32 (sp, ac->keytype); - krb5_store_int32 (sp, ac->cksumtype); + kret = krb5_store_int32 (sp, ac->keytype); + if (kret) { + *minor_status = kret; + goto failure; + } + kret = krb5_store_int32 (sp, ac->cksumtype); + if (kret) { + *minor_status = kret; + goto failure; + } /* names */ - gss_export_name (minor_status, (*context_handle)->source, &buffer); + ret = gss_export_name (minor_status, (*context_handle)->source, &buffer); + if (ret) + goto failure; data.data = buffer.value; data.length = buffer.length; - krb5_store_data (sp, data); + kret = krb5_store_data (sp, data); + gss_release_buffer (&minor, &buffer); + if (kret) { + *minor_status = kret; + goto failure; + } - gss_export_name (minor_status, (*context_handle)->target, &buffer); + ret = gss_export_name (minor_status, (*context_handle)->target, &buffer); + if (ret) + goto failure; data.data = buffer.value; data.length = buffer.length; - krb5_store_data (sp, data); + kret = krb5_store_data (sp, data); + gss_release_buffer (&minor, &buffer); + if (kret) { + *minor_status = kret; + goto failure; + } - krb5_store_int32 (sp, (*context_handle)->flags); - krb5_store_int32 (sp, (*context_handle)->more_flags); + kret = krb5_store_int32 (sp, (*context_handle)->flags); + if (kret) { + *minor_status = kret; + goto failure; + } + kret = krb5_store_int32 (sp, (*context_handle)->more_flags); + if (kret) { + *minor_status = kret; + goto failure; + } - ret = krb5_storage_to_data (sp, &data); + kret = krb5_storage_to_data (sp, &data); krb5_storage_free (sp); - if (ret) { - *minor_status = ret; + if (kret) { + *minor_status = kret; return GSS_S_FAILURE; } interprocess_token->length = data.length; @@ -142,4 +227,7 @@ gss_export_sec_context ( if (ret != GSS_S_COMPLETE) gss_release_buffer (NULL, interprocess_token); return ret; + failure: + krb5_storage_free (sp); + return ret; } diff --git a/crypto/heimdal/lib/gssapi/get_mic.c b/crypto/heimdal/lib/gssapi/get_mic.c index a211004..751f56c 100644 --- a/crypto/heimdal/lib/gssapi/get_mic.c +++ b/crypto/heimdal/lib/gssapi/get_mic.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: get_mic.c,v 1.15 2001/01/29 02:08:58 assar Exp $"); +RCSID("$Id: get_mic.c,v 1.17 2001/05/11 09:16:46 assar Exp $"); static OM_uint32 mic_des @@ -174,6 +174,7 @@ mic_des3 if (kret) { free (message_token->value); free (tmp); + gssapi_krb5_set_error_string (); *minor_status = kret; return GSS_S_FAILURE; } @@ -181,6 +182,7 @@ mic_des3 kret = krb5_create_checksum (gssapi_krb5_context, crypto, KRB5_KU_USAGE_SIGN, + 0, tmp, message_buffer->length + 8, &cksum); @@ -188,6 +190,7 @@ mic_des3 krb5_crypto_destroy (gssapi_krb5_context, crypto); if (kret) { free (message_token->value); + gssapi_krb5_set_error_string (); *minor_status = kret; return GSS_S_FAILURE; } @@ -211,6 +214,7 @@ mic_des3 ETYPE_DES3_CBC_NONE, &crypto); if (kret) { free (message_token->value); + gssapi_krb5_set_error_string (); *minor_status = kret; return GSS_S_FAILURE; } @@ -222,6 +226,7 @@ mic_des3 krb5_crypto_destroy (gssapi_krb5_context, crypto); if (kret) { free (message_token->value); + gssapi_krb5_set_error_string (); *minor_status = kret; return GSS_S_FAILURE; } @@ -257,6 +262,7 @@ OM_uint32 gss_get_mic ret = gss_krb5_getsomekey(context_handle, &key); if (ret) { + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } diff --git a/crypto/heimdal/lib/gssapi/gssapi.h b/crypto/heimdal/lib/gssapi/gssapi.h index 156a511..82d4056 100644 --- a/crypto/heimdal/lib/gssapi/gssapi.h +++ b/crypto/heimdal/lib/gssapi/gssapi.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gssapi.h,v 1.20 2001/01/30 00:35:48 assar Exp $ */ +/* $Id: gssapi.h,v 1.21 2001/05/04 13:52:02 assar Exp $ */ #ifndef GSSAPI_H_ #define GSSAPI_H_ @@ -41,12 +41,6 @@ */ #include <stddef.h> -#ifdef HAVE_CONFIG_H -#include <config.h> -#endif - -#include <sys/types.h> - #include <krb5-types.h> /* diff --git a/crypto/heimdal/lib/gssapi/gssapi_locl.h b/crypto/heimdal/lib/gssapi/gssapi_locl.h index d8d0624..e7450d4 100644 --- a/crypto/heimdal/lib/gssapi/gssapi_locl.h +++ b/crypto/heimdal/lib/gssapi/gssapi_locl.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,11 +31,15 @@ * SUCH DAMAGE. */ -/* $Id: gssapi_locl.h,v 1.14 2000/08/27 04:19:00 assar Exp $ */ +/* $Id: gssapi_locl.h,v 1.16 2001/05/11 09:16:46 assar Exp $ */ #ifndef GSSAPI_LOCL_H #define GSSAPI_LOCL_H +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + #include <krb5_locl.h> #include <gssapi.h> #include <assert.h> @@ -103,4 +107,10 @@ gss_address_to_krb5addr(OM_uint32 gss_addr_type, #define SC_LOCAL_SUBKEY 0x08 #define SC_REMOTE_SUBKEY 0x10 +void +gssapi_krb5_set_error_string (void); + +char * +gssapi_krb5_get_error_string (void); + #endif diff --git a/crypto/heimdal/lib/gssapi/import_name.c b/crypto/heimdal/lib/gssapi/import_name.c index 6cb94c4..8ed55f1 100644 --- a/crypto/heimdal/lib/gssapi/import_name.c +++ b/crypto/heimdal/lib/gssapi/import_name.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: import_name.c,v 1.8 1999/12/02 17:05:03 joda Exp $"); +RCSID("$Id: import_name.c,v 1.10 2001/05/11 09:16:46 assar Exp $"); static OM_uint32 import_krb5_name (OM_uint32 *minor_status, @@ -44,8 +44,10 @@ import_krb5_name (OM_uint32 *minor_status, char *tmp; tmp = malloc (input_name_buffer->length + 1); - if (tmp == NULL) + if (tmp == NULL) { + *minor_status = ENOMEM; return GSS_S_FAILURE; + } memcpy (tmp, input_name_buffer->value, input_name_buffer->length); @@ -57,10 +59,15 @@ import_krb5_name (OM_uint32 *minor_status, free (tmp); if (kerr == 0) return GSS_S_COMPLETE; - else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) + else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) { + gssapi_krb5_set_error_string (); + *minor_status = kerr; return GSS_S_BAD_NAME; - else + } else { + gssapi_krb5_set_error_string (); + *minor_status = kerr; return GSS_S_FAILURE; + } } static OM_uint32 @@ -106,10 +113,15 @@ import_hostbased_name (OM_uint32 *minor_status, *minor_status = kerr; if (kerr == 0) return GSS_S_COMPLETE; - else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) + else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) { + gssapi_krb5_set_error_string (); + *minor_status = kerr; return GSS_S_BAD_NAME; - else + } else { + gssapi_krb5_set_error_string (); + *minor_status = kerr; return GSS_S_FAILURE; + } } OM_uint32 gss_import_name @@ -132,6 +144,8 @@ OM_uint32 gss_import_name return import_krb5_name (minor_status, input_name_buffer, output_name); - else + else { + *minor_status = 0; return GSS_S_BAD_NAMETYPE; + } } diff --git a/crypto/heimdal/lib/gssapi/import_sec_context.c b/crypto/heimdal/lib/gssapi/import_sec_context.c index 7d177a8..c84f3b6 100644 --- a/crypto/heimdal/lib/gssapi/import_sec_context.c +++ b/crypto/heimdal/lib/gssapi/import_sec_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: import_sec_context.c,v 1.3 2000/07/08 11:56:03 assar Exp $"); +RCSID("$Id: import_sec_context.c,v 1.5 2001/05/11 09:16:46 assar Exp $"); OM_uint32 gss_import_sec_context ( @@ -53,6 +53,7 @@ gss_import_sec_context ( krb5_keyblock keyblock; int32_t tmp; int32_t flags; + OM_uint32 minor; gssapi_krb5_init (); @@ -69,10 +70,12 @@ gss_import_sec_context ( krb5_storage_free (sp); return GSS_S_FAILURE; } + memset (*context_handle, 0, sizeof(**context_handle)); kret = krb5_auth_con_init (gssapi_krb5_context, &(*context_handle)->auth_context); if (kret) { + gssapi_krb5_set_error_string (); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; @@ -153,30 +156,36 @@ gss_import_sec_context ( buffer.value = data.data; buffer.length = data.length; - gss_import_name (minor_status, &buffer, GSS_C_NO_OID, - &(*context_handle)->source); + ret = gss_import_name (minor_status, &buffer, GSS_C_NO_OID, + &(*context_handle)->source); krb5_data_free (&data); + if (ret) + goto failure; krb5_ret_data (sp, &data); buffer.value = data.data; buffer.length = data.length; - gss_import_name (minor_status, &buffer, GSS_C_NO_OID, - &(*context_handle)->target); + ret = gss_import_name (minor_status, &buffer, GSS_C_NO_OID, + &(*context_handle)->target); krb5_data_free (&data); + if (ret) + goto failure; krb5_ret_int32 (sp, &tmp); (*context_handle)->flags = tmp; krb5_ret_int32 (sp, &tmp); (*context_handle)->more_flags = tmp; - (*context_handle)->ticket = NULL; - return GSS_S_COMPLETE; failure: krb5_auth_con_free (gssapi_krb5_context, (*context_handle)->auth_context); + if ((*context_handle)->source != NULL) + gss_release_name(&minor, &(*context_handle)->source); + if ((*context_handle)->target != NULL) + gss_release_name(&minor, &(*context_handle)->target); free (*context_handle); *context_handle = GSS_C_NO_CONTEXT; return ret; diff --git a/crypto/heimdal/lib/gssapi/indicate_mechs.c b/crypto/heimdal/lib/gssapi/indicate_mechs.c index 26e018e..c77d177 100644 --- a/crypto/heimdal/lib/gssapi/indicate_mechs.c +++ b/crypto/heimdal/lib/gssapi/indicate_mechs.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: indicate_mechs.c,v 1.3 1999/12/02 17:05:04 joda Exp $"); +RCSID("$Id: indicate_mechs.c,v 1.4 2001/02/18 03:39:09 assar Exp $"); OM_uint32 gss_indicate_mechs (OM_uint32 * minor_status, @@ -42,12 +42,14 @@ OM_uint32 gss_indicate_mechs { *mech_set = malloc(sizeof(**mech_set)); if (*mech_set == NULL) { + *minor_status = ENOMEM; return GSS_S_FAILURE; } (*mech_set)->count = 1; (*mech_set)->elements = malloc((*mech_set)->count * sizeof(gss_OID_desc)); if ((*mech_set)->elements == NULL) { free (*mech_set); + *minor_status = ENOMEM; return GSS_S_FAILURE; } (*mech_set)->elements[0] = *GSS_KRB5_MECHANISM; diff --git a/crypto/heimdal/lib/gssapi/init_sec_context.c b/crypto/heimdal/lib/gssapi/init_sec_context.c index 7b05d91..3928143 100644 --- a/crypto/heimdal/lib/gssapi/init_sec_context.c +++ b/crypto/heimdal/lib/gssapi/init_sec_context.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: init_sec_context.c,v 1.25 2001/01/30 22:49:56 assar Exp $"); +RCSID("$Id: init_sec_context.c,v 1.27 2001/05/11 09:16:46 assar Exp $"); /* * copy the addresses from `input_chan_bindings' (if any) to @@ -228,6 +228,7 @@ init_auth kret = krb5_auth_con_init (gssapi_krb5_context, &(*context_handle)->auth_context); if (kret) { + gssapi_krb5_set_error_string (); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; @@ -259,6 +260,7 @@ init_auth if (initiator_cred_handle == GSS_C_NO_CREDENTIAL) { kret = krb5_cc_default (gssapi_krb5_context, &ccache); if (kret) { + gssapi_krb5_set_error_string (); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; @@ -270,6 +272,7 @@ init_auth ccache, &(*context_handle)->source); if (kret) { + gssapi_krb5_set_error_string (); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; @@ -279,6 +282,7 @@ init_auth target_name, &(*context_handle)->target); if (kret) { + gssapi_krb5_set_error_string (); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; @@ -303,6 +307,7 @@ init_auth &cred); if (kret) { + gssapi_krb5_set_error_string (); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; @@ -345,6 +350,7 @@ init_auth &cksum); krb5_data_free (&fwd_data); if (kret) { + gssapi_krb5_set_error_string (); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; @@ -374,6 +380,7 @@ init_auth KRB5_KU_AP_REQ_AUTH); if (kret) { + gssapi_krb5_set_error_string (); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; @@ -387,6 +394,7 @@ init_auth &outbuf); if (kret) { + gssapi_krb5_set_error_string (); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; @@ -447,6 +455,7 @@ repl_mutual ret = gssapi_krb5_decapsulate (input_token, &indata, "\x02\x00"); if (ret) { /* XXX - Handle AP_ERROR */ + *minor_status = 0; return GSS_S_FAILURE; } @@ -454,8 +463,11 @@ repl_mutual (*context_handle)->auth_context, &indata, &repl); - if (kret) + if (kret) { + gssapi_krb5_set_error_string (); + *minor_status = kret; return GSS_S_FAILURE; + } krb5_free_ap_rep_enc_part (gssapi_krb5_context, repl); diff --git a/crypto/heimdal/lib/gssapi/unwrap.c b/crypto/heimdal/lib/gssapi/unwrap.c index 588517e..95f8e21 100644 --- a/crypto/heimdal/lib/gssapi/unwrap.c +++ b/crypto/heimdal/lib/gssapi/unwrap.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: unwrap.c,v 1.15 2001/01/29 02:08:58 assar Exp $"); +RCSID("$Id: unwrap.c,v 1.17 2001/05/11 09:16:47 assar Exp $"); OM_uint32 gss_krb5_getsomekey(const gss_ctx_id_t context_handle, @@ -86,8 +86,10 @@ unwrap_des ret = gssapi_krb5_verify_header (&p, input_message_buffer->length, "\x02\x01"); - if (ret) + if (ret) { + *minor_status = 0; return ret; + } if (memcmp (p, "\x00\x00", 2) != 0) return GSS_S_BAD_SIG; @@ -249,6 +251,7 @@ unwrap_des3 ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE, &crypto); if (ret) { + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } @@ -256,6 +259,7 @@ unwrap_des3 p, input_message_buffer->length - len, &tmp); krb5_crypto_destroy(gssapi_krb5_context, crypto); if (ret) { + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } @@ -292,6 +296,7 @@ unwrap_des3 ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE_IVEC, &crypto); if (ret) { + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } @@ -307,6 +312,7 @@ unwrap_des3 } krb5_crypto_destroy (gssapi_krb5_context, crypto); if (ret) { + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } @@ -337,6 +343,7 @@ unwrap_des3 ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); if (ret) { + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } @@ -348,6 +355,7 @@ unwrap_des3 &csum); krb5_crypto_destroy (gssapi_krb5_context, crypto); if (ret) { + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } @@ -380,6 +388,7 @@ OM_uint32 gss_unwrap ret = gss_krb5_getsomekey(context_handle, &key); if (ret) { + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } diff --git a/crypto/heimdal/lib/gssapi/verify_mic.c b/crypto/heimdal/lib/gssapi/verify_mic.c index 608de67..b39ae73 100644 --- a/crypto/heimdal/lib/gssapi/verify_mic.c +++ b/crypto/heimdal/lib/gssapi/verify_mic.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: verify_mic.c,v 1.12 2001/01/29 02:08:59 assar Exp $"); +RCSID("$Id: verify_mic.c,v 1.13 2001/05/11 09:16:47 assar Exp $"); static OM_uint32 verify_mic_des @@ -157,6 +157,7 @@ verify_mic_des3 ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE, &crypto); if (ret){ + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } @@ -168,6 +169,7 @@ verify_mic_des3 KRB5_KU_USAGE_SEQ, p, 8, &seq_data); if (ret) { + gssapi_krb5_set_error_string (); krb5_crypto_destroy (gssapi_krb5_context, crypto); *minor_status = ret; return GSS_S_FAILURE; @@ -218,6 +220,7 @@ verify_mic_des3 &csum); free (tmp); if (ret) { + gssapi_krb5_set_error_string (); krb5_crypto_destroy (gssapi_krb5_context, crypto); *minor_status = ret; return GSS_S_BAD_MIC; @@ -248,6 +251,7 @@ gss_verify_mic context_handle->auth_context, &key); if (ret) { + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } diff --git a/crypto/heimdal/lib/gssapi/wrap.c b/crypto/heimdal/lib/gssapi/wrap.c index 1d9f51d..3d282fd 100644 --- a/crypto/heimdal/lib/gssapi/wrap.c +++ b/crypto/heimdal/lib/gssapi/wrap.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: wrap.c,v 1.15 2001/01/29 02:08:59 assar Exp $"); +RCSID("$Id: wrap.c,v 1.18 2001/05/11 09:16:47 assar Exp $"); static OM_uint32 sub_wrap_size ( @@ -67,6 +67,7 @@ gss_wrap_size_limit ( ret = gss_krb5_getsomekey(context_handle, &key); if (ret) { + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } @@ -142,7 +143,7 @@ wrap_des p += 16; /* confounder + data + pad */ - des_new_random_key((des_cblock*)p); + krb5_generate_random_block(p, 8); memcpy (p + 8, input_message_buffer->value, input_message_buffer->length); memset (p + 8 + input_message_buffer->length, padlength, padlength); @@ -258,13 +259,14 @@ wrap_des3 /* calculate checksum (the above + confounder + data + pad) */ memcpy (p + 20, p - 8, 8); - des_new_random_key((des_cblock*)(p + 28)); + krb5_generate_random_block(p + 28, 8); memcpy (p + 28 + 8, input_message_buffer->value, input_message_buffer->length); memset (p + 28 + 8 + input_message_buffer->length, padlength, padlength); ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); if (ret) { + gssapi_krb5_set_error_string (); free (output_message_buffer->value); *minor_status = ret; return GSS_S_FAILURE; @@ -273,11 +275,13 @@ wrap_des3 ret = krb5_create_checksum (gssapi_krb5_context, crypto, KRB5_KU_USAGE_SIGN, + 0, p + 20, datalen + 8, &cksum); krb5_crypto_destroy (gssapi_krb5_context, crypto); if (ret) { + gssapi_krb5_set_error_string (); free (output_message_buffer->value); *minor_status = ret; return GSS_S_FAILURE; @@ -323,6 +327,7 @@ wrap_des3 } krb5_crypto_destroy (gssapi_krb5_context, crypto); if (ret) { + gssapi_krb5_set_error_string (); free (output_message_buffer->value); *minor_status = ret; return GSS_S_FAILURE; @@ -346,6 +351,7 @@ wrap_des3 ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE, &crypto); if (ret) { + gssapi_krb5_set_error_string (); free (output_message_buffer->value); *minor_status = ret; return GSS_S_FAILURE; @@ -354,6 +360,7 @@ wrap_des3 p, datalen, &tmp); krb5_crypto_destroy(gssapi_krb5_context, crypto); if (ret) { + gssapi_krb5_set_error_string (); free (output_message_buffer->value); *minor_status = ret; return GSS_S_FAILURE; @@ -384,6 +391,7 @@ OM_uint32 gss_wrap ret = gss_krb5_getsomekey(context_handle, &key); if (ret) { + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } |
