Print this page
6817447 libgss and various mechs are hiding both the real minor_status and the error token
6405422 Solaris acceptors fail in AD-KDC environments when using non-"host" services (e.g. "cifs")
6824434 Unable to accept context establishment initiated by Windows 2000 clients
6787343 kclient's site lookups fail in certain network environments
6692646 kclient should output errors to stderr
6525327 kinit failed when arcfour-hmac-md5-exp was used for the principal's key
6745582 SUNWkdcu missing package dependencies after kclientv2 integration
@@ -1,12 +1,11 @@
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License"). You may not use this file except in compliance
- * with the License.
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
@@ -17,17 +16,16 @@
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
+
/*
- * Copyright 2003 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
-#pragma ident "%Z%%M% %I% %E% SMI"
-
/*
* GSSAPI library stub module for gssd.
*/
#include <stdio.h>
@@ -161,11 +159,11 @@
* if the RPC call times out, null out all return arguments,
* set minor_status to its maximum value, and return GSS_S_FAILURE
*/
if (minor_status != NULL)
- *minor_status = 0xffffffff;
+ *minor_status = DEFAULT_MINOR_STAT;
if (output_cred_handle != NULL)
*output_cred_handle = NULL;
if (actual_mechs != NULL)
*actual_mechs = NULL;
if (time_rec != NULL)
@@ -509,11 +507,11 @@
* if the RPC call times out, null out all return arguments,
* set minor_status to its max value, and return GSS_S_FAILURE
*/
if (minor_status != NULL)
- *minor_status = 0xffffffff;
+ *minor_status = DEFAULT_MINOR_STAT;
if (cred_handle != NULL)
*cred_handle = NULL;
return (GSS_S_FAILURE);
}
@@ -684,11 +682,11 @@
arg.input_token.GSS_BUFFER_T_val = (char *)
(input_token != GSS_C_NO_BUFFER ? input_token->value : 0);
/* initialize the output parameters to empty values */
if (minor_status != NULL)
- *minor_status = 0xffffffff;
+ *minor_status = DEFAULT_MINOR_STAT;
if (actual_mech_type != NULL)
*actual_mech_type = NULL;
if (output_token != NULL)
output_token->length = 0;
if (ret_flags != NULL)
@@ -704,41 +702,41 @@
gss_release_buffer(&minor_status_temp, &external_name);
return (GSS_S_FAILURE);
}
+ /*
+ * We could return from a GSS error here and need to return both the
+ * minor_status and output_token, back to the caller if applicable.
+ */
+ if (minor_status != NULL)
+ *minor_status = res.minor_status;
+ if (output_token != NULL && res.output_token.GSS_BUFFER_T_val != NULL) {
+ output_token->length =
+ (size_t)res.output_token.GSS_BUFFER_T_len;
+ output_token->value =
+ (void *)res.output_token.GSS_BUFFER_T_val;
+ res.output_token.GSS_BUFFER_T_val = NULL;
+ res.output_token.GSS_BUFFER_T_len = 0;
+ }
+
/* free the allocated memory for the flattened name */
gss_release_buffer(&minor_status_temp, &external_name);
/* if the call was successful, copy out the results */
if (res.status == (OM_uint32) GSS_S_COMPLETE ||
res.status == (OM_uint32) GSS_S_CONTINUE_NEEDED) {
/*
- * copy the rpc results into the return arguments
- * on CONTINUE_NEEDED only the output token, minor
- * code and ctxt handle are ready.
+ * copy the rpc results into the return argument
+ * on CONTINUE_NEEDED only ctx handle is ready.
*/
- if (minor_status != NULL)
- *minor_status = res.minor_status;
/*LINTED*/
*context_handle = *((OM_uint32 *)
res.context_handle.GSS_CTX_ID_T_val);
-
- /*LINTED*/
- *context_handle = *((OM_uint32 *)
- res.context_handle.GSS_CTX_ID_T_val);
*gssd_context_verifier = res.gssd_context_verifier;
- if (output_token != NULL) {
- output_token->length =
- (size_t)res.output_token.GSS_BUFFER_T_len;
- output_token->value =
- (void *)res.output_token.GSS_BUFFER_T_val;
- res.output_token.GSS_BUFFER_T_val = NULL;
- res.output_token.GSS_BUFFER_T_len = 0;
- }
/* the rest of the parameters is only ready on COMPLETE */
if (res.status == GSS_S_COMPLETE) {
if (actual_mech_type != NULL) {
*actual_mech_type = (gss_OID)
@@ -923,11 +921,11 @@
arg.input_chan_bindings.application_data.GSS_BUFFER_T_val = 0;
}
/* set the output parameters to empty values.... */
if (minor_status != NULL)
- *minor_status = 0xffffffff;
+ *minor_status = DEFAULT_MINOR_STAT;
if (src_name != NULL) {
src_name->length = 0;
src_name->value = NULL;
}
if (mech_type != NULL)
@@ -945,39 +943,40 @@
memset(&res, 0, sizeof (res));
if (gss_accept_sec_context_1(&arg, &res, clnt) != RPC_SUCCESS) {
return (GSS_S_FAILURE);
}
-
- if (res.status == (OM_uint32) GSS_S_COMPLETE ||
- res.status == (OM_uint32) GSS_S_CONTINUE_NEEDED) {
/*
- * when gss returns CONTINUE_NEEDED we can only
- * use the context, minor, and output token
- * parameters.
+ * We could return from a GSS error here and need to return both the
+ * minor_status and output_token, back to the caller if applicable.
*/
- /*LINTED*/
- *context_handle = *((gssd_ctx_id_t *)
- res.context_handle.GSS_CTX_ID_T_val);
- *gssd_context_verifier = res.gssd_context_verifier;
+ if (minor_status != NULL)
+ *minor_status = res.minor_status;
- if (output_token != NULL) {
+ if (output_token != NULL && res.output_token.GSS_BUFFER_T_val != NULL) {
output_token->length =
res.output_token.GSS_BUFFER_T_len;
output_token->value =
(void *) res.output_token.GSS_BUFFER_T_val;
res.output_token.GSS_BUFFER_T_val = 0;
res.output_token.GSS_BUFFER_T_len = 0;
}
- if (minor_status != NULL)
- *minor_status = res.minor_status;
+ if (res.status == (OM_uint32) GSS_S_COMPLETE ||
+ res.status == (OM_uint32) GSS_S_CONTINUE_NEEDED) {
+ /*
+ * when gss returns CONTINUE_NEEDED we can only
+ * use the context parameter.
+ */
+ /*LINTED*/
+ *context_handle = *((gssd_ctx_id_t *)
+ res.context_handle.GSS_CTX_ID_T_val);
+ *gssd_context_verifier = res.gssd_context_verifier;
/* the other parameters are ready on for COMPLETE */
if (res.status == GSS_S_COMPLETE)
{
-
/*
* The src_name is in external format.
*/
if (src_name != NULL) {
src_name->length = res.src_name.GSS_BUFFER_T_len;
@@ -1125,11 +1124,11 @@
* if the RPC call times out, null out all return arguments,
* set minor_status to its maximum value, and return GSS_S_FAILURE
*/
if (minor_status != NULL)
- *minor_status = 0xffffffff;
+ *minor_status = DEFAULT_MINOR_STAT;
return (GSS_S_FAILURE);
}
/* copy the rpc results into the return arguments */
@@ -1180,11 +1179,11 @@
* if the RPC call times out, null out all return arguments,
* set minor_status to its max value, and return GSS_S_FAILURE
*/
if (minor_status != NULL)
- *minor_status = 0xffffffff;
+ *minor_status = DEFAULT_MINOR_STAT;
if (context_handle != NULL)
*context_handle = NULL;
if (output_token != NULL)
output_token->length = 0;
@@ -1201,11 +1200,11 @@
else
/*LINTED*/
*context_handle = *((gssd_ctx_id_t *)
res.context_handle.GSS_CTX_ID_T_val);
- if (output_token != NULL) {
+ if (output_token != NULL && res.output_token.GSS_BUFFER_T_val != NULL) {
output_token->length = res.output_token.GSS_BUFFER_T_len;
output_token->value = res.output_token.GSS_BUFFER_T_val;
res.output_token.GSS_BUFFER_T_len = 0;
res.output_token.GSS_BUFFER_T_val = NULL;
}
@@ -1307,11 +1306,11 @@
* if the RPC call times out, null out all return arguments,
* set minor_status to its maximum value, and return GSS_S_FAILURE
*/
if (minor_status != NULL)
- *minor_status = 0xffffffff;
+ *minor_status = DEFAULT_MINOR_STAT;
if (msg_token != NULL)
msg_token->length = 0;
return (GSS_S_FAILURE);
}
@@ -1400,11 +1399,11 @@
* if the RPC call times out, null out all return arguments,
* set minor_status to its maximum value, and return GSS_S_FAILURE
*/
if (minor_status != NULL)
- *minor_status = 0xffffffff;
+ *minor_status = DEFAULT_MINOR_STAT;
if (qop_state != NULL)
*qop_state = 0;
return (GSS_S_FAILURE);
}
@@ -1496,11 +1495,11 @@
* if the RPC call times out, null out all return arguments,
* set minor_status to its maximum value, and return GSS_S_FAILURE
*/
if (minor_status != NULL)
- *minor_status = 0xffffffff;
+ *minor_status = DEFAULT_MINOR_STAT;
if (conf_state != NULL)
*conf_state = 0;
if (output_message_buffer != NULL)
output_message_buffer->length = 0;
@@ -1602,11 +1601,11 @@
* if the RPC call times out, null out all return arguments,
* set minor_status to its maximum value, and return GSS_S_FAILURE
*/
if (minor_status != NULL)
- *minor_status = 0xffffffff;
+ *minor_status = DEFAULT_MINOR_STAT;
if (output_message_buffer != NULL)
output_message_buffer->length = 0;
if (conf_state != NULL)
*conf_state = 0;
if (qop_state != NULL)
@@ -1721,21 +1720,21 @@
* if the RPC call times out, null out all return arguments,
* set minor_status to its maximum value, and return GSS_S_FAILURE
*/
if (minor_status != NULL)
- *minor_status = 0xffffffff;
+ *minor_status = DEFAULT_MINOR_STAT;
return (GSS_S_FAILURE);
}
+ if (minor_status != NULL)
+ *minor_status = res.minor_status;
/* now process the results and pass them back to the caller */
if (res.status == GSS_S_COMPLETE) {
- if (minor_status != NULL)
- *minor_status = res.minor_status;
if (message_context != NULL)
*message_context = res.message_context;
if (status_string != NULL) {
status_string->length =
(size_t)res.status_string.GSS_BUFFER_T_len;
@@ -1778,11 +1777,11 @@
* if the RPC call times out, null out all return arguments,
* set minor_status to its maximum value, and return GSS_S_FAILURE
*/
if (minor_status != NULL)
- *minor_status = 0xffffffff;
+ *minor_status = DEFAULT_MINOR_STAT;
if (mech_set != NULL)
*mech_set = NULL;
return (GSS_S_FAILURE);
}
@@ -1871,11 +1870,11 @@
* if the RPC call times out, null out all return arguments,
* set minor_status to its maximum value, and return GSS_S_FAILURE
*/
if (minor_status != NULL)
- *minor_status = 0xffffffff;
+ *minor_status = DEFAULT_MINOR_STAT;
if (name != NULL)
*name = NULL;
if (lifetime != NULL)
*lifetime = 0;
if (cred_usage != NULL)
@@ -2040,11 +2039,11 @@
* if the RPC call times out, null out all return arguments,
* set minor_status to its maximum value, and return GSS_S_FAILURE
*/
if (minor_status != NULL)
- *minor_status = 0xffffffff;
+ *minor_status = DEFAULT_MINOR_STAT;
return (GSS_S_FAILURE);
}
/* copy the rpc results into the return arguments */
@@ -2346,11 +2345,11 @@
*context_handle = NULL;
else
*context_handle =
*((gssd_ctx_id_t *)res.context_handle.GSS_CTX_ID_T_val);
- if (output_token != NULL) {
+ if (output_token != NULL && res.output_token.GSS_BUFFER_T_val != NULL) {
output_token->length = res.output_token.GSS_BUFFER_T_len;
output_token->value =
(void *) MALLOC(output_token->length);
memcpy(output_token->value,
res.output_token.GSS_BUFFER_T_val,