From: Markus Moeller Date: Mon, 14 Mar 2011 06:15:51 +0000 (-0600) Subject: negotiate_kerberos_auth update to version 3.0.4sq X-Git-Tag: take06~27^2~91 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=08885c7f794154344d4c3a221cb2f5d58065915c;p=thirdparty%2Fsquid.git negotiate_kerberos_auth update to version 3.0.4sq Fixes a minor error in printing gss errors --- diff --git a/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8 b/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8 index 69913b9130..66de16374e 100644 --- a/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8 +++ b/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8 @@ -5,7 +5,7 @@ .if !'po4a'hide' \- Squid kerberos based authentication helper .PP -Version 3.0.3sq +Version 3.0.4sq . .SH SYNOPSIS .if !'po4a'hide' .B negotiate_kerberos_auth @@ -37,7 +37,7 @@ Provide Service Principal Name. .PP See FAQ wiki page for examples of how to write configuration snippets. (TBD) .PP This helper is intended to be used as an -.B external_acl_type +.B authentication helper in .B squid.conf. .if !'po4a'hide' .P diff --git a/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc b/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc index 9631d5f841..c57734924f 100644 --- a/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc +++ b/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc @@ -82,7 +82,7 @@ #define MAX_AUTHTOKEN_LEN 65535 #endif #ifndef SQUID_KERB_AUTH_VERSION -#define SQUID_KERB_AUTH_VERSION "3.0.3sq" +#define SQUID_KERB_AUTH_VERSION "3.0.4sq" #endif int check_gss_err(OM_uint32 major_status, OM_uint32 minor_status, @@ -165,39 +165,37 @@ check_gss_err(OM_uint32 major_status, OM_uint32 minor_status, len = 0; msg_ctx = 0; - while (!msg_ctx) { + do { /* convert major status code (GSS-API error) to text */ maj_stat = gss_display_status(&min_stat, major_status, GSS_C_GSS_CODE, GSS_C_NULL_OID, &msg_ctx, &status_string); - if (maj_stat == GSS_S_COMPLETE) { + if (maj_stat == GSS_S_COMPLETE && status_string.length > 0) { if (sizeof(buf) > len + status_string.length + 1) { snprintf(buf + len, (sizeof(buf) - len), "%s", (char *) status_string.value); len += status_string.length; } - gss_release_buffer(&min_stat, &status_string); - break; - } + } else + msg_ctx = 0; gss_release_buffer(&min_stat, &status_string); - } + } while (msg_ctx); if (sizeof(buf) > len + 2) { snprintf(buf + len, (sizeof(buf) - len), "%s", ". "); len += 2; } msg_ctx = 0; - while (!msg_ctx) { + do { /* convert minor status code (underlying routine error) to text */ maj_stat = gss_display_status(&min_stat, minor_status, GSS_C_MECH_CODE, GSS_C_NULL_OID, &msg_ctx, &status_string); - if (maj_stat == GSS_S_COMPLETE) { + if (maj_stat == GSS_S_COMPLETE && status_string.length > 0) { if (sizeof(buf) > len + status_string.length) { snprintf(buf + len, (sizeof(buf) - len), "%s", (char *) status_string.value); len += status_string.length; } - gss_release_buffer(&min_stat, &status_string); - break; - } + } else + msg_ctx = 0; gss_release_buffer(&min_stat, &status_string); - } + } while (msg_ctx); debug((char *) "%s| %s: ERROR: %s failed: %s\n", LogTime(), PROGRAM, function, buf); fprintf(stdout, "BH %s failed: %s\n", function, buf); if (log) diff --git a/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth_test.cc b/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth_test.cc index afa2712e69..0c13ec7eed 100644 --- a/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth_test.cc +++ b/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth_test.cc @@ -117,39 +117,37 @@ check_gss_err(OM_uint32 major_status, OM_uint32 minor_status, len = 0; msg_ctx = 0; - while (!msg_ctx) { + do { /* convert major status code (GSS-API error) to text */ maj_stat = gss_display_status(&min_stat, major_status, GSS_C_GSS_CODE, GSS_C_NULL_OID, &msg_ctx, &status_string); - if (maj_stat == GSS_S_COMPLETE) { + if (maj_stat == GSS_S_COMPLETE && status_string.length > 0) { if (sizeof(buf) > len + status_string.length + 1) { snprintf(buf + len, (sizeof(buf) - len), "%s", (char *) status_string.value); len += status_string.length; } - gss_release_buffer(&min_stat, &status_string); - break; - } + } else + msg_ctx = 0; gss_release_buffer(&min_stat, &status_string); - } + } while (msg_ctx); if (sizeof(buf) > len + 2) { snprintf(buf + len, (sizeof(buf) - len), "%s", ". "); len += 2; } msg_ctx = 0; - while (!msg_ctx) { + do { /* convert minor status code (underlying routine error) to text */ maj_stat = gss_display_status(&min_stat, minor_status, GSS_C_MECH_CODE, GSS_C_NULL_OID, &msg_ctx, &status_string); - if (maj_stat == GSS_S_COMPLETE) { + if (maj_stat == GSS_S_COMPLETE && status_string.length > 0) { if (sizeof(buf) > len + status_string.length) { snprintf(buf + len, (sizeof(buf) - len), "%s", (char *) status_string.value); len += status_string.length; } - gss_release_buffer(&min_stat, &status_string); - break; - } + } else + msg_ctx = 0; gss_release_buffer(&min_stat, &status_string); - } + } while (msg_ctx); fprintf(stderr, "%s| %s: %s failed: %s\n", LogTime(), PROGRAM, function, buf); return (1);