summaryrefslogtreecommitdiffstats
path: root/lib/libgssapi/gss_init_sec_context.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libgssapi/gss_init_sec_context.c')
-rw-r--r--lib/libgssapi/gss_init_sec_context.c63
1 files changed, 41 insertions, 22 deletions
diff --git a/lib/libgssapi/gss_init_sec_context.c b/lib/libgssapi/gss_init_sec_context.c
index 8b596f3..d8f06ab 100644
--- a/lib/libgssapi/gss_init_sec_context.c
+++ b/lib/libgssapi/gss_init_sec_context.c
@@ -35,13 +35,30 @@
#include "name.h"
#include "cred.h"
#include "context.h"
+#include "utils.h"
+
+static gss_cred_id_t
+_gss_mech_cred_find(gss_cred_id_t cred_handle, gss_OID mech_type)
+{
+ struct _gss_cred *cred = (struct _gss_cred *)cred_handle;
+ struct _gss_mechanism_cred *mc;
+
+ if (cred == NULL)
+ return GSS_C_NO_CREDENTIAL;
+
+ SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) {
+ if (gss_oid_equal(mech_type, mc->gmc_mech_oid))
+ return mc->gmc_cred;
+ }
+ return GSS_C_NO_CREDENTIAL;
+}
OM_uint32
gss_init_sec_context(OM_uint32 * minor_status,
const gss_cred_id_t initiator_cred_handle,
gss_ctx_id_t * context_handle,
const gss_name_t target_name,
- const gss_OID imech_type,
+ const gss_OID input_mech_type,
OM_uint32 req_flags,
OM_uint32 time_req,
const gss_channel_bindings_t input_chan_bindings,
@@ -52,24 +69,23 @@ gss_init_sec_context(OM_uint32 * minor_status,
OM_uint32 * time_rec)
{
OM_uint32 major_status;
- gss_OID mech_type;
struct _gss_mech_switch *m;
struct _gss_name *name = (struct _gss_name *) target_name;
struct _gss_mechanism_name *mn;
struct _gss_context *ctx = (struct _gss_context *) *context_handle;
- struct _gss_cred *cred = (struct _gss_cred *) initiator_cred_handle;
- struct _gss_mechanism_cred *mc;
gss_cred_id_t cred_handle;
int allocated_ctx;
+ gss_OID mech_type = input_mech_type;
*minor_status = 0;
- if ((mech_type = imech_type) == GSS_C_NO_OID) {
- _gss_load_mech();
- mech_type = &SLIST_FIRST(&_gss_mechs)->gm_mech_oid;
- if (mech_type == NULL)
- return (GSS_S_BAD_MECH);
- }
+ _gss_buffer_zero(output_token);
+ if (actual_mech_type)
+ *actual_mech_type = GSS_C_NO_OID;
+ if (ret_flags)
+ *ret_flags = 0;
+ if (time_rec)
+ *time_rec = 0;
/*
* If we haven't allocated a context yet, do so now and lookup
@@ -77,6 +93,14 @@ gss_init_sec_context(OM_uint32 * minor_status,
* sure we use the same mechanism switch as before.
*/
if (!ctx) {
+ if (mech_type == GSS_C_NO_OID) {
+ _gss_load_mech();
+ if (_gss_mech_oids == GSS_C_NO_OID_SET
+ || _gss_mech_oids->count == 0)
+ return (GSS_S_BAD_MECH);
+ mech_type = &_gss_mech_oids->elements[0];
+ }
+
ctx = malloc(sizeof(struct _gss_context));
if (!ctx) {
*minor_status = ENOMEM;
@@ -91,31 +115,24 @@ gss_init_sec_context(OM_uint32 * minor_status,
allocated_ctx = 1;
} else {
m = ctx->gc_mech;
+ mech_type = &ctx->gc_mech->gm_mech_oid;
allocated_ctx = 0;
}
/*
* Find the MN for this mechanism.
*/
- mn = _gss_find_mn(name, mech_type);
- if (mn == NULL) {
+ major_status = _gss_find_mn(minor_status, name, mech_type, &mn);
+ if (major_status != GSS_S_COMPLETE) {
if (allocated_ctx)
free(ctx);
- return GSS_S_BAD_NAME;
+ return (major_status);
}
/*
* If we have a cred, find the cred for this mechanism.
*/
- cred_handle = GSS_C_NO_CREDENTIAL;
- if (cred) {
- SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) {
- if (_gss_oid_equal(mech_type, mc->gmc_mech_oid)) {
- cred_handle = mc->gmc_cred;
- break;
- }
- }
- }
+ cred_handle = _gss_mech_cred_find(initiator_cred_handle, mech_type);
major_status = m->gm_init_sec_context(minor_status,
cred_handle,
@@ -135,6 +152,8 @@ gss_init_sec_context(OM_uint32 * minor_status,
&& major_status != GSS_S_CONTINUE_NEEDED) {
if (allocated_ctx)
free(ctx);
+ _gss_buffer_zero(output_token);
+ _gss_mg_error(m, major_status, *minor_status);
} else {
*context_handle = (gss_ctx_id_t) ctx;
}
OpenPOWER on IntegriCloud