svn rev #22212: branches/krb5-1-7/src/ include/krb5/ lib/gssapi/krb5/ lib/krb5/ ...
tlyu@MIT.EDU
tlyu at MIT.EDU
Tue Apr 14 15:53:50 EDT 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=22212
Commit By: tlyu
Log Message:
ticket: 6400
version_fixed: 1.7
pull up r22056, r22057 from trunk
------------------------------------------------------------------------
r22057 | hartmans | 2009-02-26 15:32:35 -0500 (Thu, 26 Feb 2009) | 3 lines
Changed paths:
M /trunk/src/lib/krb5/krb/copy_auth.c
ticket: 6400
krb5_merge_authdata should initialize output on failure.
------------------------------------------------------------------------
r22056 | hartmans | 2009-02-26 15:07:05 -0500 (Thu, 26 Feb 2009) | 11 lines
Changed paths:
M /trunk/src/include/krb5/krb5.hin
M /trunk/src/lib/gssapi/krb5/accept_sec_context.c
M /trunk/src/lib/krb5/krb/copy_auth.c
M /trunk/src/lib/krb5/libkrb5.exports
Subject: Include authenticator and ticket authdata in gss-api
ticket: 6400
Target_version: 1.7
Tags: pullup
Currently, the GSS-API routines for handling authdata only extract the
authorization data from the ticket, not that from the authenticator.
This is incorrect. Introduce a new function krb5_merge_authadata to
merge two authdata arrays into a newly allocated result array. Use
this function in accept_sec_context.c to include both sets of
authdata.
------------------------------------------------------------------------
Changed Files:
U branches/krb5-1-7/src/include/krb5/krb5.hin
U branches/krb5-1-7/src/lib/gssapi/krb5/accept_sec_context.c
U branches/krb5-1-7/src/lib/krb5/krb/copy_auth.c
U branches/krb5-1-7/src/lib/krb5/libkrb5.exports
Modified: branches/krb5-1-7/src/include/krb5/krb5.hin
===================================================================
--- branches/krb5-1-7/src/include/krb5/krb5.hin 2009-04-14 18:33:27 UTC (rev 22211)
+++ branches/krb5-1-7/src/include/krb5/krb5.hin 2009-04-14 19:53:49 UTC (rev 22212)
@@ -1718,6 +1718,14 @@
(krb5_context,
krb5_authdata * const *,
krb5_authdata ***);
+krb5_error_code KRB5_CALLCONV krb5_merge_authdata
+ (krb5_context,
+ krb5_authdata * const *,
+ krb5_authdata *const *,
+ krb5_authdata ***);
+/* Merge two authdata arrays, such as the array from a ticket
+ * and authenticator */
+
krb5_error_code KRB5_CALLCONV krb5_copy_authenticator
(krb5_context,
const krb5_authenticator *,
Modified: branches/krb5-1-7/src/lib/gssapi/krb5/accept_sec_context.c
===================================================================
--- branches/krb5-1-7/src/lib/gssapi/krb5/accept_sec_context.c 2009-04-14 18:33:27 UTC (rev 22211)
+++ branches/krb5-1-7/src/lib/gssapi/krb5/accept_sec_context.c 2009-04-14 19:53:49 UTC (rev 22212)
@@ -811,9 +811,9 @@
}
/* XXX move this into gss_name_t */
- if (ticket->enc_part2->authorization_data != NULL &&
- (code = krb5_copy_authdata(context,
+ if ( (code = krb5_merge_authdata(context,
ticket->enc_part2->authorization_data,
+ authdat->authorization_data,
&ctx->authdata))) {
major_status = GSS_S_FAILURE;
goto fail;
Modified: branches/krb5-1-7/src/lib/krb5/krb/copy_auth.c
===================================================================
--- branches/krb5-1-7/src/lib/krb5/krb/copy_auth.c 2009-04-14 18:33:27 UTC (rev 22211)
+++ branches/krb5-1-7/src/lib/krb5/krb/copy_auth.c 2009-04-14 19:53:49 UTC (rev 22212)
@@ -77,38 +77,63 @@
* Copy an authdata array, with fresh allocation.
*/
krb5_error_code KRB5_CALLCONV
-krb5_copy_authdata(krb5_context context, krb5_authdata *const *inauthdat, krb5_authdata ***outauthdat)
+krb5_merge_authdata(krb5_context context, krb5_authdata *const *inauthdat1, krb5_authdata * const *inauthdat2,
+ krb5_authdata ***outauthdat)
{
krb5_error_code retval;
krb5_authdata ** tempauthdat;
- register unsigned int nelems = 0;
+ register unsigned int nelems = 0, nelems2 = 0;
- if (!inauthdat) {
+ *outauthdat = NULL;
+ if (!inauthdat1 && !inauthdat2) {
*outauthdat = 0;
return 0;
}
- while (inauthdat[nelems]) nelems++;
+ if (inauthdat1)
+ while (inauthdat1[nelems]) nelems++;
+ if (inauthdat2)
+ while (inauthdat2[nelems2]) nelems2++;
/* one more for a null terminated list */
- if (!(tempauthdat = (krb5_authdata **) calloc(nelems+1,
+ if (!(tempauthdat = (krb5_authdata **) calloc(nelems+nelems2+1,
sizeof(*tempauthdat))))
return ENOMEM;
- for (nelems = 0; inauthdat[nelems]; nelems++) {
- retval = krb5_copy_authdatum(context, inauthdat[nelems],
- &tempauthdat[nelems]);
- if (retval) {
- krb5_free_authdata(context, tempauthdat);
- return retval;
+ if (inauthdat1) {
+ for (nelems = 0; inauthdat1[nelems]; nelems++) {
+ retval = krb5_copy_authdatum(context, inauthdat1[nelems],
+ &tempauthdat[nelems]);
+ if (retval) {
+ krb5_free_authdata(context, tempauthdat);
+ return retval;
+ }
}
}
+ if (inauthdat2) {
+ for (nelems2 = 0; inauthdat2[nelems2]; nelems2++) {
+ retval = krb5_copy_authdatum(context, inauthdat2[nelems2],
+ &tempauthdat[nelems++]);
+ if (retval) {
+ krb5_free_authdata(context, tempauthdat);
+ return retval;
+ }
+ }
+ }
+
*outauthdat = tempauthdat;
return 0;
}
krb5_error_code KRB5_CALLCONV
+krb5_copy_authdata(krb5_context context,
+ krb5_authdata *const *in_authdat, krb5_authdata ***out)
+{
+ return krb5_merge_authdata(context, in_authdat, NULL, out);
+}
+
+krb5_error_code KRB5_CALLCONV
krb5_decode_authdata_container(krb5_context context,
krb5_authdatatype type,
const krb5_authdata *container,
Modified: branches/krb5-1-7/src/lib/krb5/libkrb5.exports
===================================================================
--- branches/krb5-1-7/src/lib/krb5/libkrb5.exports 2009-04-14 18:33:27 UTC (rev 22211)
+++ branches/krb5-1-7/src/lib/krb5/libkrb5.exports 2009-04-14 19:53:49 UTC (rev 22212)
@@ -354,6 +354,7 @@
krb5_max_dgram_size
krb5_max_skdc_timeout
krb5_mcc_ops
+krb5_merge_authdata
krb5_mk_1cred
krb5_mk_error
krb5_mk_ncred
More information about the cvs-krb5
mailing list