Question about the use of AcceptSecurityContext

Markus Moeller huaraz at moeller.plus.com
Wed Oct 31 17:56:40 EDT 2007


I am working on a GSS server  application on windows using the below calls. 
The problem I have is that the application crashes in AcceptSecurityContext. 
I noticed when I change context to being non NULL the application doesn't 
crash. I compared with the GSSserver sample and it also uses NULL to start 
with. Any idea what is wrong in the below ?

Thank you
Markus


CredHandle  server_creds;
SecBufferDesc  input_desc;
SecBufferDesc  output_desc;
SecBuffer  send_tok, recv_tok;
CtxtHandle  new_context;
PCtxtHandle  context = NULL;
ULONG      global_asc_flags = ASC_REQ_ALLOCATE_MEMORY | ASC_REQ_MUTUAL_AUTH;
ULONG     * ret_flags=0;
SECURITY_STATUS  maj_stat;
TimeStamp  expiry;


new_context.dwUpper = 0;
new_context.dwLower = 0;

input_desc.cBuffers = 1;
input_desc.ulVersion = SECBUFFER_VERSION;
input_desc.pBuffers = &recv_tok;

output_desc.cBuffers = 1;
output_desc.ulVersion = SECBUFFER_VERSION;
output_desc.pBuffers = &send_tok;

recv_tok.cbBuffer = (unsigned long)inputTokenLength;
recv_tok.BufferType = SECBUFFER_TOKEN;
recv_tok.pvBuffer = (char *)malloc(inputTokenLength);
memcpy(recv_tok.pvBuffer,inputToken,inputTokenLength);

ServiceName="test/hostname";

maj_stat = AcquireCredentialsHandle(ServiceName,
                      "Kerberos",
                     SECPKG_CRED_INBOUND,
                     NULL,                       // no logon id
                     NULL,                       // no auth data
                     NULL,                       // no get key fn
                     NULL,                       // no get key arg
                     &server_creds,
                     &expiry);

if (maj_stat != SEC_E_OK) {
   logSSPIError ("AcquireCredentialsHandle failed", maj_stat);
}

send_tok.cbBuffer = 0;
send_tok.pvBuffer = NULL;
send_tok.BufferType = SECBUFFER_TOKEN;
maj_stat = AcceptSecurityContext( &server_creds,
                                  context,
                                  &input_desc,
                                  global_asc_flags,
                                  SECURITY_NATIVE_DREP,
                                  &new_context,
                                  &output_desc,
                                  ret_flags,
                                  &expiry);







More information about the Kerberos mailing list