svn rev #22056: trunk/src/ include/krb5/ lib/gssapi/krb5/ lib/krb5/ lib/krb5/krb/

Thu Feb 26 15:07:06 EST 2009

http://src.mit.edu/fisheye/changelog/krb5/?cs=22056
Commit By: hartmans
Log Message:
Subject: Include authenticator and ticket authdata in gss-api
ticket: 6400
Target_version: 1.7
Tags: pullup

Currently, the GSS-API routines for handling authdata only extract the
authorization data from the ticket, not that from the authenticator.
This is incorrect.  Introduce a new function krb5_merge_authadata to
merge two authdata arrays into a newly allocated result array.  Use
this function in accept_sec_context.c to include both sets of
authdata.


Changed Files:
U   trunk/src/include/krb5/krb5.hin
U   trunk/src/lib/gssapi/krb5/accept_sec_context.c
U   trunk/src/lib/krb5/krb/copy_auth.c
U   trunk/src/lib/krb5/libkrb5.exports
Modified: trunk/src/include/krb5/krb5.hin
===================================================================

--- trunk/src/include/krb5/krb5.hin	2009-02-25 19:33:17 UTC (rev 22055)
+++ trunk/src/include/krb5/krb5.hin	2009-02-26 20:07:05 UTC (rev 22056)
@@ -1718,6 +1718,14 @@
 	(krb5_context,
 		krb5_authdata * const *,
 		krb5_authdata ***);
+krb5_error_code KRB5_CALLCONV krb5_merge_authdata
+	(krb5_context,
+		krb5_authdata * const *,
+	 krb5_authdata *const *,
+		krb5_authdata ***);
+/* Merge two authdata arrays, such as the array from a ticket
+ * and authenticator */
+
 krb5_error_code KRB5_CALLCONV krb5_copy_authenticator
 	(krb5_context,
 		const krb5_authenticator *,

Modified: trunk/src/lib/gssapi/krb5/accept_sec_context.c
===================================================================
--- trunk/src/lib/gssapi/krb5/accept_sec_context.c	2009-02-25 19:33:17 UTC (rev 22055)
+++ trunk/src/lib/gssapi/krb5/accept_sec_context.c	2009-02-26 20:07:05 UTC (rev 22056)
@@ -811,9 +811,9 @@
     }
 
     /* XXX move this into gss_name_t */
-    if (ticket->enc_part2->authorization_data != NULL &&
-        (code = krb5_copy_authdata(context,
+    if (        (code = krb5_merge_authdata(context,
                                    ticket->enc_part2->authorization_data,
+                                            authdat->authorization_data,
                                    &ctx->authdata))) {
         major_status = GSS_S_FAILURE;
         goto fail;

Modified: trunk/src/lib/krb5/krb/copy_auth.c
===================================================================
--- trunk/src/lib/krb5/krb/copy_auth.c	2009-02-25 19:33:17 UTC (rev 22055)
+++ trunk/src/lib/krb5/krb/copy_auth.c	2009-02-26 20:07:05 UTC (rev 22056)
@@ -77,38 +77,62 @@
  * Copy an authdata array, with fresh allocation.
  */
 krb5_error_code KRB5_CALLCONV
-krb5_copy_authdata(krb5_context context, krb5_authdata *const *inauthdat, krb5_authdata ***outauthdat)
+krb5_merge_authdata(krb5_context context, krb5_authdata *const *inauthdat1, krb5_authdata * const *inauthdat2,
+		    krb5_authdata ***outauthdat)
 {
     krb5_error_code retval;
     krb5_authdata ** tempauthdat;
-    register unsigned int nelems = 0;
+    register unsigned int nelems = 0, nelems2 = 0;
 
-    if (!inauthdat) {
+    if (!inauthdat1 && !inauthdat2) {
 	    *outauthdat = 0;
 	    return 0;
     }
 
-    while (inauthdat[nelems]) nelems++;
+    if (inauthdat1) 
+	while (inauthdat1[nelems]) nelems++;
+    if (inauthdat2) 
+	while (inauthdat2[nelems2]) nelems2++;
 
     /* one more for a null terminated list */
-    if (!(tempauthdat = (krb5_authdata **) calloc(nelems+1,
+    if (!(tempauthdat = (krb5_authdata **) calloc(nelems+nelems2+1,
 						  sizeof(*tempauthdat))))
 	return ENOMEM;
 
-    for (nelems = 0; inauthdat[nelems]; nelems++) {
-	retval = krb5_copy_authdatum(context, inauthdat[nelems],
-				     &tempauthdat[nelems]);
-	if (retval) {
-	    krb5_free_authdata(context, tempauthdat);
-	    return retval;
+    if (inauthdat1) {
+	for (nelems = 0; inauthdat1[nelems]; nelems++) {
+	    retval = krb5_copy_authdatum(context, inauthdat1[nelems],
+					 &tempauthdat[nelems]);
+	    if (retval) {
+		krb5_free_authdata(context, tempauthdat);
+		return retval;
+	    }
 	}
     }
 
+    if (inauthdat2) {
+	for (nelems2 = 0; inauthdat2[nelems2]; nelems2++) {
+	    retval = krb5_copy_authdatum(context, inauthdat2[nelems2],
+					 &tempauthdat[nelems++]);
+	    if (retval) {
+		krb5_free_authdata(context, tempauthdat);
+		return retval;
+	    }
+	}
+    }
+
     *outauthdat = tempauthdat;
     return 0;
 }
 
 krb5_error_code KRB5_CALLCONV
+krb5_copy_authdata(krb5_context context,
+		   krb5_authdata *const *in_authdat, krb5_authdata ***out)
+{
+    return krb5_merge_authdata(context, in_authdat, NULL, out);
+}
+
+krb5_error_code KRB5_CALLCONV
 krb5_decode_authdata_container(krb5_context context,
 			       krb5_authdatatype type,
 			       const krb5_authdata *container,

Modified: trunk/src/lib/krb5/libkrb5.exports
===================================================================
--- trunk/src/lib/krb5/libkrb5.exports	2009-02-25 19:33:17 UTC (rev 22055)
+++ trunk/src/lib/krb5/libkrb5.exports	2009-02-26 20:07:05 UTC (rev 22056)
@@ -354,6 +354,7 @@
 krb5_max_dgram_size
 krb5_max_skdc_timeout
 krb5_mcc_ops
+krb5_merge_authdata
 krb5_mk_1cred
 krb5_mk_error
 krb5_mk_ncred


