X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=blobdiff_plain;f=utils%2Fgssd%2Fcontext_heimdal.c;h=6f3b8fd03f37e12a048337eed1d0d80e3bdb3224;hp=27c44a32c50b758f73a38943228f8e7344e2ff78;hb=05f93b531d59df6e976d9b40c97b51546524040a;hpb=f1bfe0916c04d93de7a4fae5315fff6e4ccac23f

diff --git a/utils/gssd/context_heimdal.c b/utils/gssd/context_heimdal.c
index 27c44a3..6f3b8fd 100644
--- a/utils/gssd/context_heimdal.c
+++ b/utils/gssd/context_heimdal.c
@@ -1,5 +1,5 @@
 /*
-  Copyright (c) 2004 The Regents of the University of Michigan.
+  Copyright (c) 2004-2006 The Regents of the University of Michigan.
   All rights reserved.
 
   Redistribution and use in source and binary forms, with or without
@@ -28,8 +28,11 @@
   SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 
-#include "config.h"
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif	/* HAVE_CONFIG_H */
 
+#ifndef HAVE_LUCID_CONTEXT_SUPPORT
 #ifdef HAVE_HEIMDAL
 
 #include <stdio.h>
@@ -37,15 +40,15 @@
 #include <syslog.h>
 #include <string.h>
 #include <errno.h>
-#include <gssapi.h>
 #include <krb5.h>
+#include <gssapi.h>	/* Must use the heimdal copy! */
+#ifdef HAVE_COM_ERR_H
 #include <com_err.h>
+#endif
 #include "err_util.h"
 #include "gss_oids.h"
 #include "write_bytes.h"
 
-#define MAX_CTX_LEN 4096
-
 int write_heimdal_keyblock(char **p, char *end, krb5_keyblock *key)
 {
 	gss_buffer_desc tmp;
@@ -66,32 +69,37 @@ int write_heimdal_enc_key(char **p, char *end, gss_ctx_id_t ctx)
 	krb5_context context;
 	krb5_error_code ret;
 	int i;
-	char *skd, *dkd;
+	char *skd, *dkd, *k5err = NULL;
 	int code = -1;
 
 	if ((ret = krb5_init_context(&context))) {
-		printerr(0, "ERROR: initializing krb5_context: %s\n",
-			error_message(ret));
+		k5err = gssd_k5_err_msg(NULL, ret);
+		printerr(0, "ERROR: initializing krb5_context: %s\n", k5err);
 		goto out_err;
 	}
 
 	if ((ret = krb5_auth_con_getlocalsubkey(context,
 						ctx->auth_context, &key))){
-		printerr(0, "ERROR: getting auth_context key: %s\n",
-			error_message(ret));
+		k5err = gssd_k5_err_msg(context, ret);
+		printerr(0, "ERROR: getting auth_context key: %s\n", k5err);
 		goto out_err_free_context;
 	}
 
 	memset(&enc_key, 0, sizeof(enc_key));
-	printerr(1, "WARN: write_heimdal_enc_key: "
-		    "overriding heimdal keytype\n");
-	enc_key.keytype = 4 /* XXX XXX XXX XXX key->keytype */;
+	enc_key.keytype = key->keytype;
+	/* XXX current kernel code only handles des-cbc-raw  (4) */
+	if (enc_key.keytype != 4) {
+		printerr(1, "WARN: write_heimdal_enc_key: "
+			    "overriding heimdal keytype (%d => %d)\n",
+			 enc_key.keytype, 4);
+		enc_key.keytype = 4;
+	}
 	enc_key.keyvalue.length = key->keyvalue.length;
 	if ((enc_key.keyvalue.data =
 				calloc(1, enc_key.keyvalue.length)) == NULL) {
-
+		k5err = gssd_k5_err_msg(context, ENOMEM);
 		printerr(0, "ERROR: allocating memory for enc key: %s\n",
-			error_message(ENOMEM));
+			 k5err);
 		goto out_err_free_key;
 	}
 	skd = (char *) key->keyvalue.data;
@@ -111,6 +119,7 @@ int write_heimdal_enc_key(char **p, char *end, gss_ctx_id_t ctx)
     out_err_free_context:
 	krb5_free_context(context);
     out_err:
+	free(k5err);
 	printerr(2, "write_heimdal_enc_key: %s\n", code ? "FAILED" : "SUCCESS");
 	return(code);
 }
@@ -120,24 +129,29 @@ int write_heimdal_seq_key(char **p, char *end, gss_ctx_id_t ctx)
 	krb5_keyblock *key;
 	krb5_context context;
 	krb5_error_code ret;
+	char *k5err = NULL;
 	int code = -1;
 
 	if ((ret = krb5_init_context(&context))) {
-		printerr(0, "ERROR: initializing krb5_context: %s\n",
-			error_message(ret));
+		k5err = gssd_k5_err_msg(NULL, ret);
+		printerr(0, "ERROR: initializing krb5_context: %s\n", k5err);
 		goto out_err;
 	}
 
 	if ((ret = krb5_auth_con_getlocalsubkey(context,
 						ctx->auth_context, &key))){
-		printerr(0, "ERROR: getting auth_context key: %s\n",
-			error_message(ret));
+		k5err = gssd_k5_err_msg(context, ret);
+		printerr(0, "ERROR: getting auth_context key: %s\n", k5err);
 		goto out_err_free_context;
 	}
 
-	printerr(1, "WARN: write_heimdal_seq_key: "
-		    "overriding heimdal keytype\n");
-	key->keytype = 4;	/* XXX XXX XXX XXX XXX */
+	/* XXX current kernel code only handles des-cbc-raw  (4) */
+	if (key->keytype != 4) {
+		printerr(1, "WARN: write_heimdal_seq_key: "
+			    "overriding heimdal keytype (%d => %d)\n",
+			 key->keytype, 4);
+		key->keytype = 4;
+	}
 
 	if (write_heimdal_keyblock(p, end, key)) {
 		goto out_err_free_key;
@@ -150,6 +164,7 @@ int write_heimdal_seq_key(char **p, char *end, gss_ctx_id_t ctx)
     out_err_free_context:
 	krb5_free_context(context);
     out_err:
+	free(k5err);
 	printerr(2, "write_heimdal_seq_key: %s\n", code ? "FAILED" : "SUCCESS");
 	return(code);
 }
@@ -188,7 +203,7 @@ int write_heimdal_seq_key(char **p, char *end, gss_ctx_id_t ctx)
  */
 
 int
-serialize_krb5_ctx(gss_ctx_id_t ctx, gss_buffer_desc *buf)
+serialize_krb5_ctx(gss_ctx_id_t ctx, gss_buffer_desc *buf, int32_t *endtime)
 {
 
 	char *p, *end;
@@ -229,6 +244,9 @@ serialize_krb5_ctx(gss_ctx_id_t ctx, gss_buffer_desc *buf)
 	/* endtime */
 	if (WRITE_BYTES(&p, end, ctx->lifetime)) goto out_err;
 
+	if (endtime)
+		*endtime = ctx->lifetime;
+
 	/* seq_send */
 	if (WRITE_BYTES(&p, end, ctx->auth_context->local_seqnumber))
 		goto out_err;
@@ -254,3 +272,4 @@ out_err:
 }
 
 #endif	/* HAVE_HEIMDAL */
+#endif	/* HAVE_LUCID_CONTEXT_SUPPORT */