The gssd code should not know about the glue layer's context structure.
A previous patch added gss_export_lucid_sec_context() and
gss_free_lucid_sec_context() functions to the gssapi glue layer.
Use these functions rather than calling directly to the Kerberos
gssapi code (which requires the Kerberos context handle rather
than the glue's context handle).
(really this time)
+2006-03-28 kwc@citi.umich.edu
+ Update krb5 code to use glue routine lucid context functions
+
+
+
+ The gssd code should not know about the glue layer's context structure.
+ A previous patch added gss_export_lucid_sec_context() and
+ gss_free_lucid_sec_context() functions to the gssapi glue layer.
+ Use these functions rather than calling directly to the Kerberos
+ gssapi code (which requires the Kerberos context handle rather
+ than the glue's context handle).
+
+ (really this time)
+
2006-03-28 kwc@citi.umich.edu
Separate out context handling code for MIT Kerberos and SPKM3
#include "context.h"
int
-serialize_context_for_kernel(gss_ctx_id_t ctx, gss_buffer_desc *buf)
+serialize_context_for_kernel(gss_ctx_id_t ctx,
+ gss_buffer_desc *buf,
+ gss_OID mech)
{
- gss_union_ctx_id_t uctx = (gss_union_ctx_id_t)ctx;
-
- if (g_OID_equal(&krb5oid, uctx->mech_type))
- return serialize_krb5_ctx(uctx->internal_ctx_id, buf);
+ if (g_OID_equal(&krb5oid, mech))
+ return serialize_krb5_ctx(ctx, buf);
#ifdef HAVE_SPKM3_H
- else if (g_OID_equal(&spkm3oid, uctx->mech_type))
- return serialize_spkm3_ctx(uctx, buf);
+ else if (g_OID_equal(&spkm3oid, mech))
+ return serialize_spkm3_ctx(ctx, buf);
#endif
else {
printerr(0, "ERROR: attempting to serialize context with "
- "unknown mechanism oid\n");
+ "unknown/unsupported mechanism oid\n");
return -1;
}
}
#include <rpc/rpc.h>
-int serialize_context_for_kernel(gss_ctx_id_t ctx, gss_buffer_desc *buf);
+int serialize_context_for_kernel(gss_ctx_id_t ctx, gss_buffer_desc *buf,
+ gss_OID mech);
int serialize_spkm3_ctx(gss_ctx_id_t ctx, gss_buffer_desc *buf);
int serialize_krb5_ctx(gss_ctx_id_t ctx, gss_buffer_desc *buf);
int retcode = 0;
printerr(2, "DEBUG: serialize_krb5_ctx: lucid version!\n");
- maj_stat = gss_krb5_export_lucid_sec_context(&min_stat, &ctx,
- 1, &return_ctx);
- if (maj_stat != GSS_S_COMPLETE)
+ maj_stat = gss_export_lucid_sec_context(&min_stat, ctx,
+ 1, &return_ctx);
+ if (maj_stat != GSS_S_COMPLETE) {
+ pgsserr("gss_export_lucid_sec_context",
+ maj_stat, min_stat, &krb5oid);
goto out_err;
+ }
/* Check the version returned, we only support v1 right now */
vers = ((gss_krb5_lucid_context_version_t *)return_ctx)->version;
else
retcode = prepare_krb5_rfc_cfx_buffer(lctx, buf);
- maj_stat = gss_krb5_free_lucid_sec_context(&min_stat,
- (void *)lctx);
- if (maj_stat != GSS_S_COMPLETE)
+ maj_stat = gss_free_lucid_sec_context(&min_stat, ctx, return_ctx);
+ if (maj_stat != GSS_S_COMPLETE) {
+ pgsserr("gss_export_lucid_sec_context",
+ maj_stat, min_stat, &krb5oid);
printerr(0, "WARN: failed to free lucid sec context\n");
- if (retcode)
+ }
+
+ if (retcode) {
+ printerr(1, "serialize_krb5_ctx: prepare_krb5_*_buffer "
+ "failed (retcode = %d)\n", retcode);
goto out_err;
+ }
return 0;
goto out_return_error;
}
- if (serialize_context_for_kernel(pd.pd_ctx, &token)) {
+ if (serialize_context_for_kernel(pd.pd_ctx, &token, &krb5oid)) {
printerr(0, "WARNING: Failed to serialize krb5 context for "
"user with uid %d for server %s\n",
uid, clp->servername);
goto out_return_error;
}
- if (serialize_context_for_kernel(pd.pd_ctx, &token)) {
+ if (serialize_context_for_kernel(pd.pd_ctx, &token, &spkm3oid)) {
printerr(0, "WARNING: Failed to serialize spkm3 context for "
"user with uid %d for server\n",
uid, clp->servername);
/* kernel needs ctx to calculate verifier on null response, so
* must give it context before doing null call: */
- if (serialize_context_for_kernel(ctx, &ctx_token)) {
+ if (serialize_context_for_kernel(ctx, &ctx_token, mech)) {
printerr(0, "WARNING: handle_nullreq: "
"serialize_context_for_kernel failed\n");
maj_stat = GSS_S_FAILURE;
projects / nfs-utils.git / commitdiff