cifs Sdiff usr/src/lib/gss_mechs/mech_krb5/mech/accept_sec

Print this page

6817447 libgss and various mechs are hiding both the real minor_status and the error token
6405422 Solaris acceptors fail in AD-KDC environments when using non-"host" services (e.g. "cifs")
6824434 Unable to accept context establishment initiated by Windows 2000 clients
6787343 kclient's site lookups fail in certain network environments
6692646 kclient should output errors to stderr
6525327 kinit failed when arcfour-hmac-md5-exp was used for the principal's key
6745582 SUNWkdcu missing package dependencies after kclientv2 integration

   1 /*
   2  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
   3  * Use is subject to license terms.
   4  */
   5 
   6 
   7 /*
   8  * Copyright 2000, 2004  by the Massachusetts Institute of Technology.
   9  * All Rights Reserved.
  10  *
  11  * Export of this software from the United States of America may
  12  *   require a specific license from the United States Government.
  13  *   It is the responsibility of any person or organization contemplating
  14  *   export to obtain such a license before exporting.
  15  * 
  16  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  17  * distribute this software and its documentation for any purpose and
  18  * without fee is hereby granted, provided that the above copyright
  19  * notice appear in all copies and that both that copyright notice and
  20  * this permission notice appear in supporting documentation, and that
  21  * the name of M.I.T. not be used in advertising or publicity pertaining
  22  * to distribution of the software without specific, written prior
  23  * permission.  Furthermore if you modify this software you must label
  24  * your software as modified software and not distribute it in such a
  25  * fashion that it might be confused with the original M.I.T. software.
  26  * M.I.T. makes no representations about the suitability of

 299    krb5_authenticator *authdat = 0;
 300    krb5_checksum reqcksum;
 301    krb5_principal name = NULL;
 302    krb5_ui_4 gss_flags = 0;
 303    krb5_gss_ctx_id_rec *ctx = 0;
 304    krb5_timestamp now;
 305    gss_buffer_desc token;
 306    krb5_auth_context auth_context = NULL;
 307    krb5_ticket * ticket = NULL;
 308    int option_id;
 309    krb5_data option;
 310    const gss_OID_desc *mech_used = NULL;
 311    OM_uint32 major_status = GSS_S_FAILURE;
 312    krb5_error krb_error_data;
 313    krb5_data scratch;
 314    gss_cred_id_t cred_handle = NULL;
 315    krb5_gss_cred_id_t deleg_cred = NULL;
 316    OM_uint32 saved_ap_options = 0;
 317    krb5int_access kaccess;
 318    int cred_rcache = 0;

 319 
 320    KRB5_LOG0(KRB5_INFO,"krb5_gss_accept_sec_context() start");
 321 
 322    code = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION);
 323    if (code) {
 324        *minor_status = code;
 325        return(GSS_S_FAILURE);
 326    }
 327 
 328    code = krb5_gss_init_context(&context);
 329    if (code) {
 330        *minor_status = code;
 331        return GSS_S_FAILURE;
 332    }
 333 
 334    /* set up returns to be freeable */
 335 
 336    if (src_name)
 337       *src_name = (gss_name_t) NULL;
 338    output_token->length = 0;

1163 
1164        tmsglen = scratch.length;
1165        toktype = KG_TOK_CTX_ERROR;
1166 
1167        token.length = g_token_size(mech_used, tmsglen);
1168        token.value = (unsigned char *) xmalloc(token.length);
1169        if (!token.value)
1170           goto cleanup;
1171 
1172        ptr = token.value;
1173        g_make_token_header(mech_used, tmsglen, &ptr, toktype);
1174 
1175        TWRITE_STR(ptr, scratch.data, scratch.length);
1176        xfree(scratch.data);
1177 
1178        *output_token = token;
1179    }
1180 
1181 cleanup:
1182    if (!verifier_cred_handle && cred_handle) {
1183            krb5_gss_release_cred(minor_status, &cred_handle);
1184    }
1185    krb5_free_context(context);
1186 
1187    /* Solaris Kerberos */
1188    KRB5_LOG(KRB5_ERR,"krb5_gss_accept_sec_context() end, "
1189               "major_status = %d", major_status);
1190    return (major_status);
1191 }

   1 /*
   2  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
   3  * Use is subject to license terms.
   4  */
   5 

   6 /*
   7  * Copyright 2000, 2004  by the Massachusetts Institute of Technology.
   8  * All Rights Reserved.
   9  *
  10  * Export of this software from the United States of America may
  11  *   require a specific license from the United States Government.
  12  *   It is the responsibility of any person or organization contemplating
  13  *   export to obtain such a license before exporting.
  14  * 
  15  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  16  * distribute this software and its documentation for any purpose and
  17  * without fee is hereby granted, provided that the above copyright
  18  * notice appear in all copies and that both that copyright notice and
  19  * this permission notice appear in supporting documentation, and that
  20  * the name of M.I.T. not be used in advertising or publicity pertaining
  21  * to distribution of the software without specific, written prior
  22  * permission.  Furthermore if you modify this software you must label
  23  * your software as modified software and not distribute it in such a
  24  * fashion that it might be confused with the original M.I.T. software.
  25  * M.I.T. makes no representations about the suitability of

 298    krb5_authenticator *authdat = 0;
 299    krb5_checksum reqcksum;
 300    krb5_principal name = NULL;
 301    krb5_ui_4 gss_flags = 0;
 302    krb5_gss_ctx_id_rec *ctx = 0;
 303    krb5_timestamp now;
 304    gss_buffer_desc token;
 305    krb5_auth_context auth_context = NULL;
 306    krb5_ticket * ticket = NULL;
 307    int option_id;
 308    krb5_data option;
 309    const gss_OID_desc *mech_used = NULL;
 310    OM_uint32 major_status = GSS_S_FAILURE;
 311    krb5_error krb_error_data;
 312    krb5_data scratch;
 313    gss_cred_id_t cred_handle = NULL;
 314    krb5_gss_cred_id_t deleg_cred = NULL;
 315    OM_uint32 saved_ap_options = 0;
 316    krb5int_access kaccess;
 317    int cred_rcache = 0;
 318    OM_uint32 t_minor_status = 0;
 319 
 320    KRB5_LOG0(KRB5_INFO,"krb5_gss_accept_sec_context() start");
 321 
 322    code = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION);
 323    if (code) {
 324        *minor_status = code;
 325        return(GSS_S_FAILURE);
 326    }
 327 
 328    code = krb5_gss_init_context(&context);
 329    if (code) {
 330        *minor_status = code;
 331        return GSS_S_FAILURE;
 332    }
 333 
 334    /* set up returns to be freeable */
 335 
 336    if (src_name)
 337       *src_name = (gss_name_t) NULL;
 338    output_token->length = 0;

1163 
1164        tmsglen = scratch.length;
1165        toktype = KG_TOK_CTX_ERROR;
1166 
1167        token.length = g_token_size(mech_used, tmsglen);
1168        token.value = (unsigned char *) xmalloc(token.length);
1169        if (!token.value)
1170           goto cleanup;
1171 
1172        ptr = token.value;
1173        g_make_token_header(mech_used, tmsglen, &ptr, toktype);
1174 
1175        TWRITE_STR(ptr, scratch.data, scratch.length);
1176        xfree(scratch.data);
1177 
1178        *output_token = token;
1179    }
1180 
1181 cleanup:
1182    if (!verifier_cred_handle && cred_handle) {
1183            krb5_gss_release_cred(&t_minor_status, &cred_handle);
1184    }
1185    krb5_free_context(context);
1186 
1187    /* Solaris Kerberos */
1188    KRB5_LOG(KRB5_ERR,"krb5_gss_accept_sec_context() end, "
1189               "major_status = %d", major_status);
1190    return (major_status);
1191 }