krb5_principal principal,
krb5_authdata_context ad_context,
krb5_flags flags,
- krb5_gss_name_t *name)
+ krb5_gss_name_t *ret_name)
{
krb5_error_code code;
+ krb5_gss_name_t name;
+
+ *ret_name = NULL;
assert(principal != NULL);
if (principal == NULL)
return EINVAL;
- *name = xmalloc(sizeof(krb5_gss_name_rec));
- if (*name == NULL) {
+ name = xmalloc(sizeof(krb5_gss_name_rec));
+ if (name == NULL)
return ENOMEM;
- }
- memset(*name, 0, sizeof(krb5_gss_name_rec));
- code = k5_mutex_init(&(*name)->lock);
+ memset(name, 0, sizeof(krb5_gss_name_rec));
+
+ code = k5_mutex_init(&name->lock);
if (code != 0)
goto cleanup;
if ((flags & KG_INIT_NAME_NO_COPY) == 0) {
- code = krb5_copy_principal(context, principal, &(*name)->princ);
+ code = krb5_copy_principal(context, principal, &name->princ);
if (code != 0)
goto cleanup;
if (ad_context != NULL) {
code = krb5_authdata_context_copy(context,
ad_context,
- &(*name)->ad_context);
+ &name->ad_context);
if (code != 0)
goto cleanup;
}
} else {
- (*name)->princ = principal;
- (*name)->ad_context = ad_context;
+ name->princ = principal;
+ name->ad_context = ad_context;
}
if ((flags & KG_INIT_NAME_INTERN) &&
- !kg_save_name((gss_name_t)*name)) {
+ !kg_save_name((gss_name_t)name)) {
code = G_VALIDATE_FAILED;
goto cleanup;
}
- code = 0;
+ *ret_name = name;
cleanup:
if (code != 0)
- kg_release_name(context, 0, name);
+ kg_release_name(context, 0, &name);
return code;
}
return EINVAL;
if (GSS_ERROR(gss_create_empty_buffer_set(&minor_status,
- &set)))
+ &set))) {
+ assert(minor_status != 0);
return minor_status;
+ }
for (i = 0; data[i].data != NULL; i++)
;
gss_OID *MN_mech,
gss_buffer_set_t *authenticated,
gss_buffer_set_t *asserted,
- gss_buffer_set_t *complete)
+ gss_buffer_set_t *all_attrs)
{
krb5_context context;
krb5_error_code code;
krb5_gss_name_t kname;
krb5_data *kauthenticated = NULL;
krb5_data *kasserted = NULL;
-#if 0
- krb5_data *kcomplete = NULL;
-#endif
+ krb5_data *kall_attrs = NULL;
if (minor_status != NULL)
*minor_status = 0;
*authenticated = GSS_C_NO_BUFFER_SET;
if (asserted != NULL)
*asserted = GSS_C_NO_BUFFER_SET;
-#if 0
- *complete = GSS_C_NO_BUFFER_SET;
-#endif
+ if (all_attrs != NULL)
+ *all_attrs = GSS_C_NO_BUFFER_SET;
code = krb5_gss_init_context(&context);
if (code != 0) {
code = krb5_authdata_get_attribute_types(context,
kname->ad_context,
+ &kauthenticated,
&kasserted,
- &kauthenticated);
+ &kall_attrs);
+ if (code != 0)
+ goto cleanup;
+
+ code = kg_data_list_to_buffer_set_nocopy(&kauthenticated,
+ authenticated);
if (code != 0)
goto cleanup;
if (code != 0)
goto cleanup;
- code = kg_data_list_to_buffer_set_nocopy(&kauthenticated,
- authenticated);
+ code = kg_data_list_to_buffer_set_nocopy(&kall_attrs,
+ all_attrs);
if (code != 0)
goto cleanup;
cleanup:
k5_mutex_unlock(&kname->lock);
- krb5int_free_data_list(context, kasserted);
krb5int_free_data_list(context, kauthenticated);
+ krb5int_free_data_list(context, kasserted);
+ krb5int_free_data_list(context, kall_attrs);
krb5_free_context(context);
#include "authdata.h"
#include "auth_con.h"
-#define DEBUG 1
-
-/* Based on preauth2.c */
+/* Loosely based on preauth2.c */
+static const char *objdirs[] = {
#if TARGET_OS_MAC
-static const char *objdirs[] = { KRB5_AUTHDATA_PLUGIN_BUNDLE_DIR, LIBDIR "/krb5/plugins/authdata", NULL }; /* should be a list */
-#else
-static const char *objdirs[] = { LIBDIR "/krb5/plugins/authdata", NULL };
+ KRB5_AUTHDATA_PLUGIN_BUNDLE_DIR,
#endif
+ LIBDIR "/krb5/plugins/authdata",
+ NULL
+ }; /* should be a list */
/* Internal authdata systems */
static krb5plugin_authdata_client_ftable_v0 *authdata_systems[] = {
for (i = 0; i < context->n_modules; i++) {
struct _krb5_authdata_context_module *module = &context->modules[i];
- if (module->client_req_fini != NULL && module->request_context != NULL)
+ if (module->client_req_fini != NULL &&
+ module->request_context != NULL)
(*module->client_req_fini)(kcontext,
module->plugin_context,
module->request_context);
krb5_error_code KRB5_CALLCONV
krb5_authdata_get_attribute_types(krb5_context kcontext,
krb5_authdata_context context,
+ krb5_data **verified_attrs,
krb5_data **asserted_attrs,
- krb5_data **verified_attrs)
+ krb5_data **all_attrs)
{
int i;
- krb5_error_code code;
- krb5_data *asserted = NULL;
+ krb5_error_code code = ENOENT;
krb5_data *verified = NULL;
- unsigned int asserted_len = 0;
+ krb5_data *asserted = NULL;
+ krb5_data *all = NULL;
unsigned int verified_len = 0;
+ unsigned int asserted_len = 0;
+ unsigned int all_len = 0;
for (i = 0; i < context->n_modules; i++) {
struct _krb5_authdata_context_module *module = &context->modules[i];
- krb5_data *asserted2 = NULL;
krb5_data *verified2 = NULL;
+ krb5_data *asserted2 = NULL;
+ krb5_data *all2 = NULL;
if (module->ftable->get_attribute_types == NULL)
continue;
if ((*module->ftable->get_attribute_types)(kcontext,
module->plugin_context,
*(module->request_context_pp),
+ verified_attrs ?
+ &verified2 : NULL,
asserted_attrs ?
&asserted2 : NULL,
- verified_attrs ?
- &verified2 : NULL) != 0)
+ all_attrs ?
+ &all2 : NULL))
continue;
+ if (verified_attrs != NULL) {
+ code = k5_merge_data_list(&verified, verified2, &verified_len);
+ if (code != 0) {
+ krb5int_free_data_list(kcontext, verified2);
+ break;
+ }
+ if (verified2 != NULL)
+ free(verified2);
+ }
+
if (asserted_attrs != NULL) {
code = k5_merge_data_list(&asserted, asserted2, &asserted_len);
if (code != 0) {
free(asserted2);
}
- if (verified_attrs != NULL) {
- code = k5_merge_data_list(&verified, verified2, &verified_len);
+ if (all_attrs != NULL) {
+ code = k5_merge_data_list(&all, all2, &all_len);
if (code != 0) {
- krb5int_free_data_list(kcontext, verified2);
+ krb5int_free_data_list(kcontext, all2);
break;
}
- if (verified2 != NULL)
- free(verified2);
+ if (all2 != NULL)
+ free(all2);
}
}
- if (code == 0) {
- if (asserted_attrs != NULL)
- *asserted_attrs = asserted;
- if (verified_attrs != NULL)
- *verified_attrs = verified;
+ if (code != 0) {
+ krb5int_free_data_list(kcontext, verified);
+ verified = NULL;
+
+ krb5int_free_data_list(kcontext, asserted);
+ asserted = NULL;
+
+ krb5int_free_data_list(kcontext, all);
+ all = NULL;
}
+ if (verified_attrs != NULL)
+ *verified_attrs = verified;
+ if (asserted_attrs != NULL)
+ *asserted_attrs = asserted;
+ if (all_attrs != NULL)
+ *all_attrs = all;
+
return code;
}
projects / thirdparty / krb5.git / commitdiff
