Line 0
Link Here
|
|
|
1 |
diff --git a/src/kadmin/server/kadm_rpc_svc.c b/src/kadmin/server/kadm_rpc_svc.c |
2 |
index 3837931..f4d2a7c 100644 |
3 |
--- a/src/kadmin/server/kadm_rpc_svc.c |
4 |
+++ b/src/kadmin/server/kadm_rpc_svc.c |
5 |
@@ -4,7 +4,7 @@ |
6 |
* |
7 |
*/ |
8 |
|
9 |
-#include <k5-platform.h> |
10 |
+#include <k5-int.h> |
11 |
#include <gssrpc/rpc.h> |
12 |
#include <gssapi/gssapi_krb5.h> /* for gss_nt_krb5_name */ |
13 |
#include <syslog.h> |
14 |
@@ -296,14 +296,8 @@ check_rpcsec_auth(struct svc_req *rqstp) |
15 |
c1 = krb5_princ_component(kctx, princ, 0); |
16 |
c2 = krb5_princ_component(kctx, princ, 1); |
17 |
realm = krb5_princ_realm(kctx, princ); |
18 |
- if (strncmp(handle->params.realm, realm->data, realm->length) == 0 |
19 |
- && strncmp("kadmin", c1->data, c1->length) == 0) { |
20 |
- |
21 |
- if (strncmp("history", c2->data, c2->length) == 0) |
22 |
- goto fail_princ; |
23 |
- else |
24 |
- success = 1; |
25 |
- } |
26 |
+ success = data_eq_string(*realm, handle->params.realm) && |
27 |
+ data_eq_string(*c1, "kadmin") && !data_eq_string(*c2, "history"); |
28 |
|
29 |
fail_princ: |
30 |
if (!success) { |
31 |
diff --git a/src/lib/gssapi/krb5/context_time.c b/src/lib/gssapi/krb5/context_time.c |
32 |
index b3d1db0..a18cfb0 100644 |
33 |
--- a/src/lib/gssapi/krb5/context_time.c |
34 |
+++ b/src/lib/gssapi/krb5/context_time.c |
35 |
@@ -40,7 +40,7 @@ krb5_gss_context_time(minor_status, context_handle, time_rec) |
36 |
|
37 |
ctx = (krb5_gss_ctx_id_rec *) context_handle; |
38 |
|
39 |
- if (! ctx->established) { |
40 |
+ if (ctx->terminated || !ctx->established) { |
41 |
*minor_status = KG_CTX_INCOMPLETE; |
42 |
return(GSS_S_NO_CONTEXT); |
43 |
} |
44 |
diff --git a/src/lib/gssapi/krb5/export_sec_context.c b/src/lib/gssapi/krb5/export_sec_context.c |
45 |
index 18a3a34..1b3de68 100644 |
46 |
--- a/src/lib/gssapi/krb5/export_sec_context.c |
47 |
+++ b/src/lib/gssapi/krb5/export_sec_context.c |
48 |
@@ -45,6 +45,11 @@ krb5_gss_export_sec_context(minor_status, context_handle, interprocess_token) |
49 |
*minor_status = 0; |
50 |
|
51 |
ctx = (krb5_gss_ctx_id_t) *context_handle; |
52 |
+ if (ctx->terminated) { |
53 |
+ *minor_status = KG_CTX_INCOMPLETE; |
54 |
+ return (GSS_S_NO_CONTEXT); |
55 |
+ } |
56 |
+ |
57 |
context = ctx->k5_context; |
58 |
kret = krb5_gss_ser_init(context); |
59 |
if (kret) |
60 |
diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h |
61 |
index 7e807cc..a0e8625 100644 |
62 |
--- a/src/lib/gssapi/krb5/gssapiP_krb5.h |
63 |
+++ b/src/lib/gssapi/krb5/gssapiP_krb5.h |
64 |
@@ -206,6 +206,7 @@ typedef struct _krb5_gss_ctx_id_rec { |
65 |
unsigned int established : 1; |
66 |
unsigned int have_acceptor_subkey : 1; |
67 |
unsigned int seed_init : 1; /* XXX tested but never actually set */ |
68 |
+ unsigned int terminated : 1; |
69 |
OM_uint32 gss_flags; |
70 |
unsigned char seed[16]; |
71 |
krb5_gss_name_t here; |
72 |
diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c |
73 |
index 6456b23..77b7fff 100644 |
74 |
--- a/src/lib/gssapi/krb5/gssapi_krb5.c |
75 |
+++ b/src/lib/gssapi/krb5/gssapi_krb5.c |
76 |
@@ -369,7 +369,7 @@ krb5_gss_inquire_sec_context_by_oid (OM_uint32 *minor_status, |
77 |
|
78 |
ctx = (krb5_gss_ctx_id_rec *) context_handle; |
79 |
|
80 |
- if (!ctx->established) |
81 |
+ if (ctx->terminated || !ctx->established) |
82 |
return GSS_S_NO_CONTEXT; |
83 |
|
84 |
for (i = 0; i < sizeof(krb5_gss_inquire_sec_context_by_oid_ops)/ |
85 |
diff --git a/src/lib/gssapi/krb5/inq_context.c b/src/lib/gssapi/krb5/inq_context.c |
86 |
index eacb0fd..096df2a 100644 |
87 |
--- a/src/lib/gssapi/krb5/inq_context.c |
88 |
+++ b/src/lib/gssapi/krb5/inq_context.c |
89 |
@@ -105,7 +105,7 @@ krb5_gss_inquire_context(minor_status, context_handle, initiator_name, |
90 |
|
91 |
ctx = (krb5_gss_ctx_id_rec *) context_handle; |
92 |
|
93 |
- if (! ctx->established) { |
94 |
+ if (ctx->terminated || !ctx->established) { |
95 |
*minor_status = KG_CTX_INCOMPLETE; |
96 |
return(GSS_S_NO_CONTEXT); |
97 |
} |
98 |
diff --git a/src/lib/gssapi/krb5/k5seal.c b/src/lib/gssapi/krb5/k5seal.c |
99 |
index 7665cba..f1c74dd 100644 |
100 |
--- a/src/lib/gssapi/krb5/k5seal.c |
101 |
+++ b/src/lib/gssapi/krb5/k5seal.c |
102 |
@@ -342,7 +342,7 @@ kg_seal(minor_status, context_handle, conf_req_flag, qop_req, |
103 |
|
104 |
ctx = (krb5_gss_ctx_id_rec *) context_handle; |
105 |
|
106 |
- if (! ctx->established) { |
107 |
+ if (ctx->terminated || !ctx->established) { |
108 |
*minor_status = KG_CTX_INCOMPLETE; |
109 |
return(GSS_S_NO_CONTEXT); |
110 |
} |
111 |
diff --git a/src/lib/gssapi/krb5/k5sealiov.c b/src/lib/gssapi/krb5/k5sealiov.c |
112 |
index a129670..b53e348 100644 |
113 |
--- a/src/lib/gssapi/krb5/k5sealiov.c |
114 |
+++ b/src/lib/gssapi/krb5/k5sealiov.c |
115 |
@@ -281,7 +281,7 @@ kg_seal_iov(OM_uint32 *minor_status, |
116 |
} |
117 |
|
118 |
ctx = (krb5_gss_ctx_id_rec *)context_handle; |
119 |
- if (!ctx->established) { |
120 |
+ if (ctx->terminated || !ctx->established) { |
121 |
*minor_status = KG_CTX_INCOMPLETE; |
122 |
return GSS_S_NO_CONTEXT; |
123 |
} |
124 |
diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c |
125 |
index 0573958..673c883 100644 |
126 |
--- a/src/lib/gssapi/krb5/k5unseal.c |
127 |
+++ b/src/lib/gssapi/krb5/k5unseal.c |
128 |
@@ -492,7 +492,7 @@ kg_unseal(minor_status, context_handle, input_token_buffer, |
129 |
|
130 |
ctx = (krb5_gss_ctx_id_rec *) context_handle; |
131 |
|
132 |
- if (! ctx->established) { |
133 |
+ if (ctx->terminated || !ctx->established) { |
134 |
*minor_status = KG_CTX_INCOMPLETE; |
135 |
return(GSS_S_NO_CONTEXT); |
136 |
} |
137 |
diff --git a/src/lib/gssapi/krb5/k5unsealiov.c b/src/lib/gssapi/krb5/k5unsealiov.c |
138 |
index f34d802..8b67042 100644 |
139 |
--- a/src/lib/gssapi/krb5/k5unsealiov.c |
140 |
+++ b/src/lib/gssapi/krb5/k5unsealiov.c |
141 |
@@ -625,7 +625,7 @@ kg_unseal_iov(OM_uint32 *minor_status, |
142 |
OM_uint32 code; |
143 |
|
144 |
ctx = (krb5_gss_ctx_id_rec *)context_handle; |
145 |
- if (!ctx->established) { |
146 |
+ if (ctx->terminated || !ctx->established) { |
147 |
*minor_status = KG_CTX_INCOMPLETE; |
148 |
return GSS_S_NO_CONTEXT; |
149 |
} |
150 |
diff --git a/src/lib/gssapi/krb5/lucid_context.c b/src/lib/gssapi/krb5/lucid_context.c |
151 |
index 85df7fd..449e71f 100644 |
152 |
--- a/src/lib/gssapi/krb5/lucid_context.c |
153 |
+++ b/src/lib/gssapi/krb5/lucid_context.c |
154 |
@@ -75,6 +75,11 @@ gss_krb5int_export_lucid_sec_context( |
155 |
*minor_status = 0; |
156 |
*data_set = GSS_C_NO_BUFFER_SET; |
157 |
|
158 |
+ if (ctx->terminated || !ctx->established) { |
159 |
+ *minor_status = KG_CTX_INCOMPLETE; |
160 |
+ return GSS_S_NO_CONTEXT; |
161 |
+ } |
162 |
+ |
163 |
retval = generic_gss_oid_decompose(minor_status, |
164 |
GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID, |
165 |
GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH, |
166 |
diff --git a/src/lib/gssapi/krb5/prf.c b/src/lib/gssapi/krb5/prf.c |
167 |
index e19291f..e897074 100644 |
168 |
--- a/src/lib/gssapi/krb5/prf.c |
169 |
+++ b/src/lib/gssapi/krb5/prf.c |
170 |
@@ -58,6 +58,10 @@ krb5_gss_pseudo_random(OM_uint32 *minor_status, |
171 |
ns.data = NULL; |
172 |
|
173 |
ctx = (krb5_gss_ctx_id_t)context; |
174 |
+ if (ctx->terminated || !ctx->established) { |
175 |
+ *minor_status = KG_CTX_INCOMPLETE; |
176 |
+ return GSS_S_NO_CONTEXT; |
177 |
+ } |
178 |
|
179 |
switch (prf_key) { |
180 |
case GSS_C_PRF_KEY_FULL: |
181 |
diff --git a/src/lib/gssapi/krb5/process_context_token.c b/src/lib/gssapi/krb5/process_context_token.c |
182 |
index ae33180..a672f48 100644 |
183 |
--- a/src/lib/gssapi/krb5/process_context_token.c |
184 |
+++ b/src/lib/gssapi/krb5/process_context_token.c |
185 |
@@ -39,11 +39,18 @@ krb5_gss_process_context_token(minor_status, context_handle, |
186 |
|
187 |
ctx = (krb5_gss_ctx_id_t) context_handle; |
188 |
|
189 |
- if (! ctx->established) { |
190 |
+ if (ctx->terminated || !ctx->established) { |
191 |
*minor_status = KG_CTX_INCOMPLETE; |
192 |
return(GSS_S_NO_CONTEXT); |
193 |
} |
194 |
|
195 |
+ /* We only support context deletion tokens for now, and RFC 4121 does not |
196 |
+ * define a context deletion token. */ |
197 |
+ if (ctx->proto) { |
198 |
+ *minor_status = 0; |
199 |
+ return(GSS_S_DEFECTIVE_TOKEN); |
200 |
+ } |
201 |
+ |
202 |
/* "unseal" the token */ |
203 |
|
204 |
if (GSS_ERROR(majerr = kg_unseal(minor_status, context_handle, |
205 |
@@ -52,8 +59,8 @@ krb5_gss_process_context_token(minor_status, context_handle, |
206 |
KG_TOK_DEL_CTX))) |
207 |
return(majerr); |
208 |
|
209 |
- /* that's it. delete the context */ |
210 |
- |
211 |
- return(krb5_gss_delete_sec_context(minor_status, &context_handle, |
212 |
- GSS_C_NO_BUFFER)); |
213 |
+ /* Mark the context as terminated, but do not delete it (as that would |
214 |
+ * leave the caller with a dangling context handle). */ |
215 |
+ ctx->terminated = 1; |
216 |
+ return(GSS_S_COMPLETE); |
217 |
} |
218 |
diff --git a/src/lib/gssapi/krb5/wrap_size_limit.c b/src/lib/gssapi/krb5/wrap_size_limit.c |
219 |
index 7bc4221..ed5c599 100644 |
220 |
--- a/src/lib/gssapi/krb5/wrap_size_limit.c |
221 |
+++ b/src/lib/gssapi/krb5/wrap_size_limit.c |
222 |
@@ -95,7 +95,7 @@ krb5_gss_wrap_size_limit(minor_status, context_handle, conf_req_flag, |
223 |
} |
224 |
|
225 |
ctx = (krb5_gss_ctx_id_rec *) context_handle; |
226 |
- if (! ctx->established) { |
227 |
+ if (ctx->terminated || !ctx->established) { |
228 |
*minor_status = KG_CTX_INCOMPLETE; |
229 |
return(GSS_S_NO_CONTEXT); |
230 |
} |
231 |
diff --git a/src/lib/gssapi/mechglue/mglueP.h b/src/lib/gssapi/mechglue/mglueP.h |
232 |
index e56b9c1..2b5145e 100644 |
233 |
--- a/src/lib/gssapi/mechglue/mglueP.h |
234 |
+++ b/src/lib/gssapi/mechglue/mglueP.h |
235 |
@@ -25,7 +25,6 @@ do { \ |
236 |
*/ |
237 |
typedef struct gss_union_ctx_id_struct { |
238 |
struct gss_union_ctx_id_struct *loopback; |
239 |
- struct gss_union_ctx_id_struct *interposer; |
240 |
gss_OID mech_type; |
241 |
gss_ctx_id_t internal_ctx_id; |
242 |
} gss_union_ctx_id_desc, *gss_union_ctx_id_t; |
243 |
diff --git a/src/lib/kadm5/kadm_rpc_xdr.c b/src/lib/kadm5/kadm_rpc_xdr.c |
244 |
index 42ac783..975f94c 100644 |
245 |
--- a/src/lib/kadm5/kadm_rpc_xdr.c |
246 |
+++ b/src/lib/kadm5/kadm_rpc_xdr.c |
247 |
@@ -320,6 +320,7 @@ bool_t xdr_krb5_tl_data(XDR *xdrs, krb5_tl_data **tl_data_head) |
248 |
free(tl); |
249 |
tl = tl2; |
250 |
} |
251 |
+ *tl_data_head = NULL; |
252 |
break; |
253 |
|
254 |
case XDR_ENCODE: |
255 |
@@ -1096,6 +1097,7 @@ xdr_krb5_principal(XDR *xdrs, krb5_principal *objp) |
256 |
case XDR_FREE: |
257 |
if(*objp != NULL) |
258 |
krb5_free_principal(context, *objp); |
259 |
+ *objp = NULL; |
260 |
break; |
261 |
} |
262 |
return TRUE; |
263 |
diff --git a/src/lib/rpc/auth_gssapi_misc.c b/src/lib/rpc/auth_gssapi_misc.c |
264 |
index 53bdb98..a05ea19 100644 |
265 |
--- a/src/lib/rpc/auth_gssapi_misc.c |
266 |
+++ b/src/lib/rpc/auth_gssapi_misc.c |
267 |
@@ -322,7 +322,6 @@ bool_t auth_gssapi_unwrap_data( |
268 |
if (! (*xdr_func)(&temp_xdrs, xdr_ptr)) { |
269 |
PRINTF(("gssapi_unwrap_data: deserializing arguments failed\n")); |
270 |
gss_release_buffer(minor, &out_buf); |
271 |
- xdr_free(xdr_func, xdr_ptr); |
272 |
XDR_DESTROY(&temp_xdrs); |
273 |
return FALSE; |
274 |
} |
275 |
diff --git a/src/lib/rpc/svc_auth_gss.c b/src/lib/rpc/svc_auth_gss.c |
276 |
index 09a3534..b81c4a3 100644 |
277 |
--- a/src/lib/rpc/svc_auth_gss.c |
278 |
+++ b/src/lib/rpc/svc_auth_gss.c |
279 |
@@ -65,16 +65,6 @@ extern const gss_OID_desc * const gss_mech_spkm3; |
280 |
|
281 |
extern SVCAUTH svc_auth_none; |
282 |
|
283 |
-/* |
284 |
- * from mit-krb5-1.2.1 mechglue/mglueP.h: |
285 |
- * Array of context IDs typed by mechanism OID |
286 |
- */ |
287 |
-typedef struct gss_union_ctx_id_t { |
288 |
- gss_OID mech_type; |
289 |
- gss_ctx_id_t internal_ctx_id; |
290 |
-} gss_union_ctx_id_desc, *gss_union_ctx_id_t; |
291 |
- |
292 |
- |
293 |
static auth_gssapi_log_badauth_func log_badauth = NULL; |
294 |
static caddr_t log_badauth_data = NULL; |
295 |
static auth_gssapi_log_badauth2_func log_badauth2 = NULL; |
296 |
@@ -239,16 +229,8 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst, |
297 |
gd->ctx = GSS_C_NO_CONTEXT; |
298 |
goto errout; |
299 |
} |
300 |
- /* |
301 |
- * ANDROS: krb5 mechglue returns ctx of size 8 - two pointers, |
302 |
- * one to the mechanism oid, one to the internal_ctx_id |
303 |
- */ |
304 |
- if ((gr->gr_ctx.value = mem_alloc(sizeof(gss_union_ctx_id_desc))) == NULL) { |
305 |
- fprintf(stderr, "svcauth_gss_accept_context: out of memory\n"); |
306 |
- goto errout; |
307 |
- } |
308 |
- memcpy(gr->gr_ctx.value, gd->ctx, sizeof(gss_union_ctx_id_desc)); |
309 |
- gr->gr_ctx.length = sizeof(gss_union_ctx_id_desc); |
310 |
+ gr->gr_ctx.value = "xxxx"; |
311 |
+ gr->gr_ctx.length = 4; |
312 |
|
313 |
/* gr->gr_win = 0x00000005; ANDROS: for debugging linux kernel version... */ |
314 |
gr->gr_win = sizeof(gd->seqmask) * 8; |
315 |
@@ -520,8 +502,6 @@ gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, |
316 |
|
317 |
if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win))) { |
318 |
gss_release_buffer(&min_stat, &gr.gr_token); |
319 |
- mem_free(gr.gr_ctx.value, |
320 |
- sizeof(gss_union_ctx_id_desc)); |
321 |
ret_freegc (AUTH_FAILED); |
322 |
} |
323 |
*no_dispatch = TRUE; |
324 |
@@ -531,7 +511,6 @@ gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, |
325 |
|
326 |
gss_release_buffer(&min_stat, &gr.gr_token); |
327 |
gss_release_buffer(&min_stat, &gd->checksum); |
328 |
- mem_free(gr.gr_ctx.value, sizeof(gss_union_ctx_id_desc)); |
329 |
if (!call_stat) |
330 |
ret_freegc (AUTH_FAILED); |
331 |
|
332 |
diff --git a/src/tests/gssapi/t_prf.c b/src/tests/gssapi/t_prf.c |
333 |
index 254f8fb..7f04899 100644 |
334 |
--- a/src/tests/gssapi/t_prf.c |
335 |
+++ b/src/tests/gssapi/t_prf.c |
336 |
@@ -127,6 +127,7 @@ main(int argc, char *argv[]) |
337 |
uctx.mech_type = &mech_krb5; |
338 |
uctx.internal_ctx_id = (gss_ctx_id_t)&kgctx; |
339 |
kgctx.k5_context = NULL; |
340 |
+ kgctx.established = 1; |
341 |
kgctx.have_acceptor_subkey = 1; |
342 |
kb1.contents = k1buf; |
343 |
kb2.contents = k2buf; |