diff options
| author | Glenn Barry <Glenn.Barry@oracle.com> | 2010-08-16 17:01:32 -0700 |
|---|---|---|
| committer | Glenn Barry <Glenn.Barry@oracle.com> | 2010-08-16 17:01:32 -0700 |
| commit | 5e01956f3000408c2a2c5a08c8d0acf2c2a9d8ee (patch) | |
| tree | 90bd2cd6b1b331d8cb4c67b04d90d921baf654fc /usr/src/lib/libgss | |
| parent | 8393544efeffe8042bf5273c148010b32fa827e2 (diff) | |
| download | illumos-joyent-5e01956f3000408c2a2c5a08c8d0acf2c2a9d8ee.tar.gz | |
PSARC 2010/135 Kerberos Diagnostic Enhancements (umbrella case)
6835328 Error messages generated by applications using RPCSEC_GSS are too vague
Diffstat (limited to 'usr/src/lib/libgss')
28 files changed, 559 insertions, 237 deletions
diff --git a/usr/src/lib/libgss/Makefile.com b/usr/src/lib/libgss/Makefile.com index 46fbd4c810..ee197cbb7b 100644 --- a/usr/src/lib/libgss/Makefile.com +++ b/usr/src/lib/libgss/Makefile.com @@ -19,8 +19,7 @@ # CDDL HEADER END # # -# Copyright 2009 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. +# Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. # LIBRARY = libgss.a @@ -70,19 +69,28 @@ GSSCRED_DIR = $(SRC)/cmd/gss/gsscred GSSCREDOBJ = gsscred_utils.o gsscred_file.o # defines the duplicate sources we share with krb5 mech KRB5DIR= $(SRC)/lib/gss_mechs/mech_krb5/mech -KRB5OBJ= rel_buffer.o util_buffer_set.o +KRB5OBJ= rel_buffer.o util_buffer_set.o disp_com_err_status.o \ + util_buffer.o util_errmap.o +# defines the duplicate sources we share with krb5 mech error table +KRB5ETDIR= $(SRC)/lib/gss_mechs/mech_krb5/et +KRB5ETOBJ= error_message.o adb_err.o adm_err.o asn1_err.o \ + chpass_util_strings.o \ + gssapi_err_krb5.o gssapi_err_generic.o \ + import_err.o \ + kadm_err.o kdb5_err.o kdc5_err.o kpasswd_strings.o krb5_err.o \ + kv5m_err.o prof_err.o pty_err.o ss_err.o # defines the duplicate sources we share with kernel module UTSGSSDIR = $(SRC)/uts/common/gssapi UTSGSSOBJ = gen_oids.o SRCS += $(GSSCREDOBJ:%.o=$(GSSCRED_DIR)/%.c) \ $(KRB5OBJ:%.o=$(KRB5DIR)/%.c) \ + $(KRB5ETOBJ:%.o=$(KRB5ETDIR)/%.c) \ $(UTSGSSOBJ:%.o=$(UTSGSSDIR)/%.c) GSSLINTSRC = $(GSSOBJECTS:%.o=$(SRCDIR)/%.c) \ $(GSSCREDOBJ:%.o=$(GSSCRED_DIR)/%.c) \ - $(KRB5OBJ:%.o=$(KRB5DIR)/%.c) \ $(UTSGSSOBJ:%.o=$(UTSGSSDIR)/%.c) -OBJECTS = $(GSSOBJECTS) $(GSSCREDOBJ) $(KRB5OBJ) $(UTSGSSOBJ) +OBJECTS = $(GSSOBJECTS) $(GSSCREDOBJ) $(KRB5OBJ) $(UTSGSSOBJ) $(KRB5ETOBJ) # include library definitions include ../../Makefile.lib @@ -113,13 +121,113 @@ $(GSSCREDOBJ:%.o=pics/%.o): $(POST_PROCESS_O) # we need this in libgss so we don't have to link against mech_krb5 -pics/rel_buffer.o: $(SRC)/lib/gss_mechs/mech_krb5/mech/rel_buffer.c - $(COMPILE.c) -o $@ $(SRC)/lib/gss_mechs/mech_krb5/mech/rel_buffer.c +pics/rel_buffer.o: $(KRB5DIR)/rel_buffer.c + $(COMPILE.c) -o $@ $(KRB5DIR)/rel_buffer.c $(POST_PROCESS_O) # we need this in libgss so we don't have to link against mech_krb5 -pics/util_buffer_set.o: $(SRC)/lib/gss_mechs/mech_krb5/mech/util_buffer_set.c - $(COMPILE.c) -o $@ $(SRC)/lib/gss_mechs/mech_krb5/mech/util_buffer_set.c +pics/util_buffer_set.o: $(KRB5DIR)/util_buffer_set.c + $(COMPILE.c) -o $@ $(KRB5DIR)/util_buffer_set.c + $(POST_PROCESS_O) + +# we need this in libgss so we don't have to link against mech_krb5 +pics/disp_com_err_status.o: $(KRB5DIR)/disp_com_err_status.c + $(COMPILE.c) -o $@ $(KRB5DIR)/disp_com_err_status.c + $(POST_PROCESS_O) + +# we need this in libgss so we don't have to link against mech_krb5 +pics/util_buffer.o: $(KRB5DIR)/util_buffer.c + $(COMPILE.c) -o $@ $(KRB5DIR)/util_buffer.c + $(POST_PROCESS_O) + +# we need this in libgss so we don't have to link against mech_krb5 +pics/util_errmap.o: $(KRB5DIR)/util_errmap.c + $(COMPILE.c) -o $@ $(KRB5DIR)/util_errmap.c + $(POST_PROCESS_O) + +# we need this in libgss so we don't have to link against mech_krb5 +pics/error_message.o: $(KRB5ETDIR)/error_message.c + $(COMPILE.c) -o $@ $(KRB5ETDIR)/error_message.c + $(POST_PROCESS_O) + +# we need this in libgss so we don't have to link against mech_krb5 +pics/adb_err.o: $(KRB5ETDIR)/adb_err.c + $(COMPILE.c) -o $@ $(KRB5ETDIR)/adb_err.c + $(POST_PROCESS_O) + +pics/adm_err.o: $(KRB5ETDIR)/adm_err.c + $(COMPILE.c) -o $@ $(KRB5ETDIR)/adm_err.c + $(POST_PROCESS_O) + +# we need this in libgss so we don't have to link against mech_krb5 +pics/asn1_err.o: $(KRB5ETDIR)/asn1_err.c + $(COMPILE.c) -o $@ $(KRB5ETDIR)/asn1_err.c + $(POST_PROCESS_O) + +# we need this in libgss so we don't have to link against mech_krb5 +pics/chpass_util_strings.o: $(KRB5ETDIR)/chpass_util_strings.c + $(COMPILE.c) -o $@ $(KRB5ETDIR)/chpass_util_strings.c + $(POST_PROCESS_O) + +# we need this in libgss so we don't have to link against mech_krb5 +pics/gssapi_err_generic.o: $(KRB5ETDIR)/gssapi_err_generic.c + $(COMPILE.c) -o $@ $(KRB5ETDIR)/gssapi_err_generic.c + $(POST_PROCESS_O) + +# we need this in libgss so we don't have to link against mech_krb5 +pics/gssapi_err_krb5.o: $(KRB5ETDIR)/gssapi_err_krb5.c + $(COMPILE.c) -o $@ $(KRB5ETDIR)/gssapi_err_krb5.c + $(POST_PROCESS_O) + + +# we need this in libgss so we don't have to link against mech_krb5 +pics/import_err.o: $(KRB5ETDIR)/import_err.c + $(COMPILE.c) -o $@ $(KRB5ETDIR)/import_err.c + $(POST_PROCESS_O) + +# we need this in libgss so we don't have to link against mech_krb5 +pics/kadm_err.o: $(KRB5ETDIR)/kadm_err.c + $(COMPILE.c) -o $@ $(KRB5ETDIR)/kadm_err.c + $(POST_PROCESS_O) + +# we need this in libgss so we don't have to link against mech_krb5 +pics/kdb5_err.o: $(KRB5ETDIR)/kdb5_err.c + $(COMPILE.c) -o $@ $(KRB5ETDIR)/kdb5_err.c + $(POST_PROCESS_O) + +# we need this in libgss so we don't have to link against mech_krb5 +pics/kdc5_err.o: $(KRB5ETDIR)/kdc5_err.c + $(COMPILE.c) -o $@ $(KRB5ETDIR)/kdc5_err.c + $(POST_PROCESS_O) + +# we need this in libgss so we don't have to link against mech_krb5 +pics/kpasswd_strings.o: $(KRB5ETDIR)/kpasswd_strings.c + $(COMPILE.c) -o $@ $(KRB5ETDIR)/kpasswd_strings.c + $(POST_PROCESS_O) + +# we need this in libgss so we don't have to link against mech_krb5 +pics/krb5_err.o: $(KRB5ETDIR)/krb5_err.c + $(COMPILE.c) -o $@ $(KRB5ETDIR)/krb5_err.c + $(POST_PROCESS_O) + +# we need this in libgss so we don't have to link against mech_krb5 +pics/kv5m_err.o: $(KRB5ETDIR)/kv5m_err.c + $(COMPILE.c) -o $@ $(KRB5ETDIR)/kv5m_err.c + $(POST_PROCESS_O) + +# we need this in libgss so we don't have to link against mech_krb5 +pics/prof_err.o: $(KRB5ETDIR)/prof_err.c + $(COMPILE.c) -o $@ $(KRB5ETDIR)/prof_err.c + $(POST_PROCESS_O) + +# we need this in libgss so we don't have to link against mech_krb5 +pics/pty_err.o: $(KRB5ETDIR)/pty_err.c + $(COMPILE.c) -o $@ $(KRB5ETDIR)/pty_err.c + $(POST_PROCESS_O) + +# we need this in libgss so we don't have to link against mech_krb5 +pics/ss_err.o: $(KRB5ETDIR)/ss_err.c + $(COMPILE.c) -o $@ $(KRB5ETDIR)/ss_err.c $(POST_PROCESS_O) # gen_oids.c is kept in the kernel since the OIDs declared in them are diff --git a/usr/src/lib/libgss/g_accept_sec_context.c b/usr/src/lib/libgss/g_accept_sec_context.c index 2acb9c7172..00da05bb1c 100644 --- a/usr/src/lib/libgss/g_accept_sec_context.c +++ b/usr/src/lib/libgss/g_accept_sec_context.c @@ -19,8 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. */ /* @@ -28,12 +27,15 @@ */ #include <mechglueP.h> +#include "gssapiP_generic.h" #ifdef HAVE_STDLIB_H #include <stdlib.h> #endif #include <string.h> #include <errno.h> +#include <syslog.h> +#ifndef LEAN_CLIENT static OM_uint32 val_acc_sec_ctx_args( OM_uint32 *minor_status, @@ -116,7 +118,6 @@ gss_cred_id_t *d_cred; /* delegated cred handle */ gss_name_t tmp_src_name = GSS_C_NO_NAME; gss_OID_desc token_mech_type_desc; gss_OID token_mech_type = &token_mech_type_desc; - gss_OID actual_mech = GSS_C_NO_OID; OM_uint32 flags; gss_mechanism mech; @@ -195,7 +196,7 @@ gss_cred_id_t *d_cred; /* delegated cred handle */ input_token_buffer, input_chan_bindings, &internal_name, - &actual_mech, + mech_type, output_token, &flags, time_rec, @@ -206,11 +207,15 @@ gss_cred_id_t *d_cred; /* delegated cred handle */ return (GSS_S_CONTINUE_NEEDED); /* if the call failed, return with failure */ - if (status != GSS_S_COMPLETE) + if (status != GSS_S_COMPLETE) { + if (mech_type && (*mech_type != GSS_C_NULL_OID)) + map_error_oid(minor_status, *mech_type); + else { + map_error(minor_status, mech); + } goto error_out; + } - if (mech_type != NULL) - *mech_type = actual_mech; /* * if src_name is non-NULL, @@ -225,6 +230,7 @@ gss_cred_id_t *d_cred; /* delegated cred handle */ internal_name, &tmp_src_name); if (temp_status != GSS_S_COMPLETE) { *minor_status = t_minstat; + map_error(minor_status, mech); if (output_token->length) (void) gss_release_buffer( &t_minstat, @@ -253,9 +259,9 @@ gss_cred_id_t *d_cred; /* delegated cred handle */ * try to re-wrap it. This is for SPNEGO or other * pseudo-mechanisms. */ - if (actual_mech != GSS_C_NO_OID && + if (*mech_type != GSS_C_NO_OID && token_mech_type != GSS_C_NO_OID && - !g_OID_equal(actual_mech, token_mech_type)) { + !g_OID_equal(*mech_type, token_mech_type)) { *d_cred = tmp_d_cred; } else { gss_union_cred_t d_u_cred = NULL; @@ -272,7 +278,7 @@ gss_cred_id_t *d_cred; /* delegated cred handle */ status = generic_gss_copy_oid( &t_minstat, - actual_mech, + *mech_type, &d_u_cred->mechs_array); if (status != GSS_S_COMPLETE) { @@ -312,6 +318,9 @@ gss_cred_id_t *d_cred; /* delegated cred handle */ NULL); } + if (status != GSS_S_COMPLETE) + map_error(minor_status, mech); + if (internal_name != NULL) { temp_status = __gss_convert_name_to_union_name( @@ -319,6 +328,7 @@ gss_cred_id_t *d_cred; /* delegated cred handle */ internal_name, &tmp_src_name); if (temp_status != GSS_S_COMPLETE) { *minor_status = t_minstat; + map_error(minor_status, mech); if (output_token->length) (void) gss_release_buffer( &t_minstat, @@ -382,3 +392,4 @@ error_out: return (status); } +#endif /* LEAN_CLIENT */ diff --git a/usr/src/lib/libgss/g_acquire_cred.c b/usr/src/lib/libgss/g_acquire_cred.c index 767ba79a7c..c84d3a6ef7 100644 --- a/usr/src/lib/libgss/g_acquire_cred.c +++ b/usr/src/lib/libgss/g_acquire_cred.c @@ -19,14 +19,14 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. */ /* * glue routine for gss_acquire_cred */ #include <mechglueP.h> +#include "gssapiP_generic.h" #include <stdio.h> #ifdef HAVE_STDLIB_H #include <stdlib.h> @@ -76,35 +76,52 @@ create_actual_mechs(mechs_array, count) static OM_uint32 val_acq_cred_args( - OM_uint32 *minor_status, - gss_cred_id_t *output_cred_handle, - gss_OID_set *actual_mechs, - OM_uint32 *time_rec) + OM_uint32 *minor_status, + /*LINTED*/ + gss_name_t desired_name, + /*LINTED*/ + OM_uint32 time_req, + /*LINTED*/ + gss_OID_set desired_mechs, + int cred_usage, + gss_cred_id_t *output_cred_handle, + gss_OID_set *actual_mechs, + OM_uint32 *time_rec) { - /* Initialize outputs. */ + /* Initialize outputs. */ - if (minor_status != NULL) - *minor_status = 0; + if (minor_status != NULL) + *minor_status = 0; - if (output_cred_handle != NULL) - *output_cred_handle = GSS_C_NO_CREDENTIAL; + if (output_cred_handle != NULL) + *output_cred_handle = GSS_C_NO_CREDENTIAL; - if (actual_mechs != NULL) - *actual_mechs = GSS_C_NULL_OID_SET; + if (actual_mechs != NULL) + *actual_mechs = GSS_C_NULL_OID_SET; - if (time_rec != NULL) - *time_rec = 0; + if (time_rec != NULL) + *time_rec = 0; - /* Validate arguments. */ + /* Validate arguments. */ - if (minor_status == NULL) - return (GSS_S_CALL_INACCESSIBLE_WRITE); + if (minor_status == NULL) + return (GSS_S_CALL_INACCESSIBLE_WRITE); - if (output_cred_handle == NULL) - return (GSS_S_CALL_INACCESSIBLE_WRITE); + if (output_cred_handle == NULL) + return (GSS_S_CALL_INACCESSIBLE_WRITE); - return (GSS_S_COMPLETE); + if (cred_usage != GSS_C_ACCEPT + && cred_usage != GSS_C_INITIATE + && cred_usage != GSS_C_BOTH) { + if (minor_status) { + *minor_status = EINVAL; + map_errcode(minor_status); + } + return GSS_S_FAILURE; + } + + return (GSS_S_COMPLETE); } OM_uint32 @@ -133,10 +150,14 @@ OM_uint32 * time_rec; gss_OID_set mechs; gss_OID_desc default_OID; gss_mechanism mech; - int i; + unsigned int i; gss_union_cred_t creds; major = val_acq_cred_args(minor_status, + desired_name, + time_req, + desired_mechs, + cred_usage, output_cred_handle, actual_mechs, time_rec); @@ -238,6 +259,15 @@ static OM_uint32 val_add_cred_args( OM_uint32 *minor_status, gss_cred_id_t input_cred_handle, + /*LINTED*/ + gss_name_t desired_name, + /*LINTED*/ + gss_OID desired_mech, + gss_cred_usage_t cred_usage, + /*LINTED*/ + OM_uint32 initiator_time_req, + /*LINTED*/ + OM_uint32 acceptor_time_req, gss_cred_id_t *output_cred_handle, gss_OID_set *actual_mechs, OM_uint32 *initiator_time_rec, @@ -260,17 +290,25 @@ val_add_cred_args( if (initiator_time_rec != NULL) *initiator_time_rec = 0; - /* Validate arguments. */ if (minor_status == NULL) return (GSS_S_CALL_INACCESSIBLE_WRITE); if (input_cred_handle == GSS_C_NO_CREDENTIAL && - output_cred_handle == NULL) - + output_cred_handle == NULL) return (GSS_S_CALL_INACCESSIBLE_WRITE | GSS_S_NO_CRED); + if (cred_usage != GSS_C_ACCEPT + && cred_usage != GSS_C_INITIATE + && cred_usage != GSS_C_BOTH) { + if (minor_status) { + *minor_status = EINVAL; + map_errcode(minor_status); + } + return GSS_S_FAILURE; + } + return (GSS_S_COMPLETE); } @@ -305,6 +343,11 @@ gss_add_cred(minor_status, input_cred_handle, status = val_add_cred_args(minor_status, input_cred_handle, + desired_name, + desired_mech, + cred_usage, + initiator_time_req, + acceptor_time_req, output_cred_handle, actual_mechs, initiator_time_rec, @@ -377,14 +420,18 @@ gss_add_cred(minor_status, input_cred_handle, else if (cred_usage == GSS_C_BOTH) time_req = (acceptor_time_req > initiator_time_req) ? acceptor_time_req : initiator_time_req; + else + time_req = 0; status = mech->gss_acquire_cred(mech->context, minor_status, internal_name, time_req, GSS_C_NULL_OID_SET, cred_usage, &cred, NULL, &time_rec); - if (status != GSS_S_COMPLETE) + if (status != GSS_S_COMPLETE) { + map_error(minor_status, mech); goto errout; + } /* may need to set credential auxinfo structure */ if (union_cred->auxinfo.creation_time == 0) { diff --git a/usr/src/lib/libgss/g_canon_name.c b/usr/src/lib/libgss/g_canon_name.c index e97fc0a5cc..d01e6ffef6 100644 --- a/usr/src/lib/libgss/g_canon_name.c +++ b/usr/src/lib/libgss/g_canon_name.c @@ -19,8 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. */ /* @@ -37,11 +36,13 @@ */ #include <mechglueP.h> +#include "gssapiP_generic.h" #ifdef HAVE_STDLIB_H #include <stdlib.h> #endif #include <string.h> #include <errno.h> +#include <syslog.h> static OM_uint32 val_canon_name_args( OM_uint32 *minor_status, @@ -81,6 +82,8 @@ gss_name_t *output_name; { gss_union_name_t in_union, out_union = NULL, dest_union = NULL; OM_uint32 major_status = GSS_S_FAILURE; + /* Solaris Kerberos - need to preserve more important minor_status */ + OM_uint32 tmp_status = 0; major_status = val_canon_name_args(minor_status, input_name, @@ -119,11 +122,14 @@ gss_name_t *output_name; goto allocation_failure; if (in_union->name_type != GSS_C_NULL_OID) { - if ((major_status = generic_gss_copy_oid(minor_status, - in_union->name_type, &out_union->name_type))) - goto allocation_failure; + major_status = generic_gss_copy_oid(minor_status, + in_union->name_type, + &out_union->name_type); + if (major_status) { + map_errcode(minor_status); + goto allocation_failure; + } } - } /* @@ -145,13 +151,15 @@ gss_name_t *output_name; /* now let's create the new mech name */ if (major_status = generic_gss_copy_oid(minor_status, mech_type, - &dest_union->mech_type)) + &dest_union->mech_type)) { + map_errcode(minor_status); goto allocation_failure; + } if (major_status = __gss_import_internal_name(minor_status, mech_type, dest_union, - &dest_union->mech_name)) + &dest_union->mech_name)) goto allocation_failure; if (output_name) @@ -159,6 +167,7 @@ gss_name_t *output_name; return (GSS_S_COMPLETE); +/* Solaris Kerberos - note some fails are not "allocation fails". Sigh. */ allocation_failure: /* do not delete the src name external name format */ if (output_name) { @@ -168,7 +177,7 @@ allocation_failure: free(out_union->external_name); } if (out_union->name_type) - (void) gss_release_oid(minor_status, + (void) gss_release_oid(&tmp_status, &out_union->name_type); dest_union = out_union; @@ -181,13 +190,13 @@ allocation_failure: */ if (dest_union->mech_name) { - (void) __gss_release_internal_name(minor_status, + (void) __gss_release_internal_name(&tmp_status, dest_union->mech_type, &dest_union->mech_name); } if (dest_union->mech_type) - (void) gss_release_oid(minor_status, &dest_union->mech_type); + (void) gss_release_oid(&tmp_status, &dest_union->mech_type); if (output_name) diff --git a/usr/src/lib/libgss/g_compare_name.c b/usr/src/lib/libgss/g_compare_name.c index 0a04ba4ec2..f4789fc50f 100644 --- a/usr/src/lib/libgss/g_compare_name.c +++ b/usr/src/lib/libgss/g_compare_name.c @@ -19,8 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. */ /* @@ -29,6 +28,7 @@ */ #include <mechglueP.h> +#include "gssapiP_generic.h" #ifdef HAVE_STDLIB_H #include <stdlib.h> #endif @@ -72,7 +72,7 @@ int *name_equal; { OM_uint32 major_status, temp_minor; gss_union_name_t union_name1, union_name2; - gss_mechanism mech; + gss_mechanism mech = NULL; gss_name_t internal_name; major_status = val_comp_name_args(minor_status, @@ -116,10 +116,18 @@ int *name_equal; (union_name2->mech_name == 0)) /* should never happen */ return (GSS_S_BAD_NAME); - return (mech->gss_compare_name(mech->context, minor_status, - union_name1->mech_name, - union_name2->mech_name, - name_equal)); + if (!mech) + return (GSS_S_BAD_MECH); + if (!mech->gss_compare_name) + return (GSS_S_UNAVAILABLE); + major_status = mech->gss_compare_name(mech->context, + minor_status, + union_name1->mech_name, + union_name2->mech_name, + name_equal); + if (major_status != GSS_S_COMPLETE) + map_error(minor_status, mech); + return major_status; } /* @@ -189,10 +197,16 @@ int *name_equal; if (major_status != GSS_S_COMPLETE) return (GSS_S_COMPLETE); /* return complete, but not equal */ + if (!mech) + return (GSS_S_BAD_MECH); + if (!mech->gss_compare_name) + return (GSS_S_UNAVAILABLE); major_status = mech->gss_compare_name(mech->context, minor_status, union_name1->mech_name, internal_name, name_equal); + if (major_status != GSS_S_COMPLETE) + map_error(minor_status, mech); (void) __gss_release_internal_name(&temp_minor, union_name1->mech_type, &internal_name); return (major_status); diff --git a/usr/src/lib/libgss/g_context_time.c b/usr/src/lib/libgss/g_context_time.c index 07ae0860c1..599c8246a6 100644 --- a/usr/src/lib/libgss/g_context_time.c +++ b/usr/src/lib/libgss/g_context_time.c @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,17 +19,15 @@ * CDDL HEADER END */ /* - * Copyright (c) 1996,1997, by Sun Microsystems, Inc. - * All rights reserved. + * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. */ -#pragma ident "%Z%%M% %I% %E% SMI" - /* * glue routines for gss_context_time */ #include <mechglueP.h> +#include "gssapiP_generic.h" OM_uint32 gss_context_time(minor_status, @@ -65,13 +62,15 @@ OM_uint32 * time_rec; if (mech) { - if (mech->gss_context_time) + if (mech->gss_context_time) { status = mech->gss_context_time( mech->context, minor_status, ctx->internal_ctx_id, time_rec); - else + if (status != GSS_S_COMPLETE) + map_error(minor_status, mech); + } else status = GSS_S_UNAVAILABLE; return (status); diff --git a/usr/src/lib/libgss/g_delete_sec_context.c b/usr/src/lib/libgss/g_delete_sec_context.c index 149062a941..e0b41bca70 100644 --- a/usr/src/lib/libgss/g_delete_sec_context.c +++ b/usr/src/lib/libgss/g_delete_sec_context.c @@ -19,8 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. */ /* @@ -28,6 +27,7 @@ */ #include <mechglueP.h> +#include "gssapiP_generic.h" #include <stdio.h> #ifdef HAVE_STDLIB_H #include <stdlib.h> @@ -73,7 +73,6 @@ gss_buffer_t output_token; { OM_uint32 status; gss_union_ctx_id_t ctx; - gss_mechanism mech; status = val_del_sec_ctx_args(minor_status, context_handle, @@ -87,26 +86,21 @@ gss_buffer_t output_token; */ ctx = (gss_union_ctx_id_t) *context_handle; - mech = __gss_get_mechanism(ctx->mech_type); + if (GSSINT_CHK_LOOP(ctx)) + return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT); + + status = gssint_delete_internal_sec_context(minor_status, + ctx->mech_type, + &ctx->internal_ctx_id, + output_token); + if (status) + return status; + + /* now free up the space for the union context structure */ + free(ctx->mech_type->elements); + free(ctx->mech_type); + free(*context_handle); + *context_handle = GSS_C_NO_CONTEXT; - if (mech) { - - if (mech->gss_delete_sec_context) - status = mech->gss_delete_sec_context(mech->context, - minor_status, - &ctx->internal_ctx_id, - output_token); - else - status = GSS_S_UNAVAILABLE; - - /* now free up the space for the union context structure */ - free(ctx->mech_type->elements); - free(ctx->mech_type); - free(*context_handle); - *context_handle = NULL; - - return (status); - } - - return (GSS_S_BAD_MECH); + return (GSS_S_COMPLETE); } diff --git a/usr/src/lib/libgss/g_dsp_name.c b/usr/src/lib/libgss/g_dsp_name.c index 471bf38e24..3646bbb967 100644 --- a/usr/src/lib/libgss/g_dsp_name.c +++ b/usr/src/lib/libgss/g_dsp_name.c @@ -19,8 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. */ /* @@ -29,6 +28,7 @@ */ #include <mechglueP.h> +#include "gssapiP_generic.h" #include <stdio.h> #ifdef HAVE_STDLIB_H #include <stdlib.h> @@ -113,8 +113,10 @@ gss_OID * output_name_type; major_status = generic_gss_copy_oid(minor_status, union_name->name_type, output_name_type); - if (major_status != GSS_S_COMPLETE) + if (major_status != GSS_S_COMPLETE) { + map_errcode(minor_status); return (major_status); + } } if ((output_name_buffer->value = diff --git a/usr/src/lib/libgss/g_dsp_status.c b/usr/src/lib/libgss/g_dsp_status.c index 0d1da795de..5eacd6a8c0 100644 --- a/usr/src/lib/libgss/g_dsp_status.c +++ b/usr/src/lib/libgss/g_dsp_status.c @@ -19,8 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. */ /* @@ -29,6 +28,7 @@ */ #include <mechglueP.h> +#include "gssapiP_generic.h" #include <stdio.h> #ifdef HAVE_STDLIB_H #include <stdlib.h> @@ -36,7 +36,7 @@ #include <string.h> #include <libintl.h> #include <errno.h> - +#include <syslog.h> #ifndef TEXT_DOMAIN #error TEXT_DOMAIN not defined #endif @@ -60,8 +60,9 @@ const gss_OID req_mech_type; OM_uint32 *message_context; gss_buffer_t status_string; { - gss_OID mech_type = (gss_OID) req_mech_type; - gss_mechanism mech; + gss_OID mech_type = (gss_OID) req_mech_type; + gss_mechanism mech; + gss_OID_desc m_oid = { 0, 0 }; if (minor_status != NULL) *minor_status = 0; @@ -75,7 +76,7 @@ gss_buffer_t status_string; message_context == NULL || status_string == GSS_C_NO_BUFFER) return (GSS_S_CALL_INACCESSIBLE_WRITE); - + /* we handle major status codes, and the mechs do the minor */ if (status_type == GSS_C_GSS_CODE) return (displayMajor(status_value, message_context, @@ -86,15 +87,63 @@ gss_buffer_t status_string; * select the appropriate underlying mechanism routine and * call it. */ + + /* In this version, we only handle status codes that have been + mapped to a flat numbering space. Look up the value we got + passed. If it's not found, complain. */ + if (status_value == 0) { + status_string->value = strdup("Unknown error"); + if (status_string->value == NULL) { + *minor_status = ENOMEM; + map_errcode(minor_status); + return GSS_S_FAILURE; + } + status_string->length = strlen(status_string->value); + *message_context = 0; + *minor_status = 0; + return GSS_S_COMPLETE; + } + { + int err; + OM_uint32 m_status = 0, status; + + err = gssint_mecherrmap_get(status_value, &m_oid, &m_status); + if (err) { + *minor_status = err; + map_errcode(minor_status); + return GSS_S_BAD_STATUS; + } + + if (m_oid.length == 0) { + /* Magic flag for com_err values. */ + status = gssint_g_display_com_err_status(minor_status, + m_status, + status_string); + if (status != GSS_S_COMPLETE) + map_errcode(minor_status); + return status; + } + mech_type = &m_oid; + status_value = m_status; + } + mech = __gss_get_mechanism(mech_type); if (mech && mech->gss_display_status) { + OM_uint32 r; + if (mech_type == GSS_C_NULL_OID) mech_type = &mech->mech_type; - return (mech->gss_display_status(mech->context, minor_status, + r = mech->gss_display_status(mech->context, minor_status, status_value, status_type, mech_type, - message_context, status_string)); + message_context, status_string); + /* How's this for weird? If we get an error returning the + mechanism-specific error code, we save away the + mechanism-specific error code describing the error. */ + if (r != GSS_S_COMPLETE) + map_error(minor_status, mech); + return r; } if (!mech) @@ -354,12 +403,11 @@ gss_buffer_t outStr; /* now copy the status code and return to caller */ outStr->length = strlen(errStr); - outStr->value = malloc((size_t)outStr->length+1); + outStr->value = strdup(errStr); if (outStr->value == NULL) { outStr->length = 0; return (GSS_S_FAILURE); } - (void) strcpy((char *)outStr->value, errStr); return (GSS_S_COMPLETE); } /* displayMajor */ diff --git a/usr/src/lib/libgss/g_dup_name.c b/usr/src/lib/libgss/g_dup_name.c index 0ea8ea53aa..00c0a7da75 100644 --- a/usr/src/lib/libgss/g_dup_name.c +++ b/usr/src/lib/libgss/g_dup_name.c @@ -19,8 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. */ /* @@ -31,6 +30,7 @@ */ #include <mechglueP.h> +#include "gssapiP_generic.h" #ifdef HAVE_STDLIB_H #include <stdlib.h> #endif @@ -108,8 +108,10 @@ gss_name_t *dest_name; major_status = generic_gss_copy_oid(minor_status, src_union->name_type, &dest_union->name_type); - if (major_status != GSS_S_COMPLETE) + if (major_status != GSS_S_COMPLETE) { + map_errcode(minor_status); goto allocation_failure; + } } /* @@ -119,8 +121,10 @@ gss_name_t *dest_name; major_status = generic_gss_copy_oid(minor_status, src_union->mech_type, &dest_union->mech_type); - if (major_status != GSS_S_COMPLETE) + if (major_status != GSS_S_COMPLETE) { + map_errcode(minor_status); goto allocation_failure; + } major_status = __gss_import_internal_name(minor_status, dest_union->mech_type, diff --git a/usr/src/lib/libgss/g_exp_sec_context.c b/usr/src/lib/libgss/g_exp_sec_context.c index d0e054a9fd..83d0edcdad 100644 --- a/usr/src/lib/libgss/g_exp_sec_context.c +++ b/usr/src/lib/libgss/g_exp_sec_context.c @@ -19,15 +19,16 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. */ /* * glue routine for gss_export_sec_context */ +#ifndef LEAN_CLIENT #include <mechglueP.h> +#include "gssapiP_generic.h" #include <stdio.h> #include <errno.h> #ifdef HAVE_STDLIB_H @@ -101,8 +102,10 @@ gss_buffer_t interprocess_token; status = mech->gss_export_sec_context(mech->context, minor_status, &ctx->internal_ctx_id, &token); - if (status != GSS_S_COMPLETE) + if (status != GSS_S_COMPLETE) { + map_error(minor_status, mech); return (status); + } length = token.length + 4 + ctx->mech_type->length; interprocess_token->length = length; @@ -133,3 +136,4 @@ gss_buffer_t interprocess_token; return (GSS_S_COMPLETE); } +#endif /*LEAN_CLIENT */ diff --git a/usr/src/lib/libgss/g_glue.c b/usr/src/lib/libgss/g_glue.c index 5826b11db2..33f33b36c8 100644 --- a/usr/src/lib/libgss/g_glue.c +++ b/usr/src/lib/libgss/g_glue.c @@ -3,7 +3,7 @@ */ #include "mglueP.h" - +#include "gssapiP_generic.h" #include <stdio.h> #ifdef HAVE_STDLIB_H #include <stdlib.h> diff --git a/usr/src/lib/libgss/g_imp_name.c b/usr/src/lib/libgss/g_imp_name.c index 43177c95ce..59868a6ed0 100644 --- a/usr/src/lib/libgss/g_imp_name.c +++ b/usr/src/lib/libgss/g_imp_name.c @@ -19,8 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. */ /* @@ -29,6 +28,7 @@ */ #include <mechglueP.h> +#include "gssapiP_generic.h" #include <stdio.h> #ifdef HAVE_STDLIB_H #include <stdlib.h> @@ -125,8 +125,10 @@ gss_name_t *output_name; major_status = generic_gss_copy_oid(minor_status, input_name_type, &union_name->name_type); - if (major_status != GSS_S_COMPLETE) + if (major_status != GSS_S_COMPLETE) { + map_errcode(minor_status); goto allocation_failure; + } } /* @@ -250,13 +252,17 @@ gss_union_name_t unionName; * have created it. */ if (mech->gss_export_name) { - if ((major = mech->gss_import_name(mech->context, minor, - &expName, (gss_OID)GSS_C_NT_EXPORT_NAME, - &unionName->mech_name)) != GSS_S_COMPLETE || - (major = generic_gss_copy_oid(minor, &mechOid, - &unionName->mech_type)) != - GSS_S_COMPLETE) { - return (major); + major = mech->gss_import_name(mech->context, minor, + &expName, + (gss_OID)GSS_C_NT_EXPORT_NAME, + &unionName->mech_name); + if (major != GSS_S_COMPLETE) + map_error(minor, mech); + else { + major = generic_gss_copy_oid(minor, &mechOid, + &unionName->mech_type); + if (major != GSS_S_COMPLETE) + map_errcode(minor); } return (major); } @@ -349,8 +355,14 @@ gss_union_name_t unionName; expName.value = nameLen ? (void *)buf : NULL; major = mech->gss_import_name(mech->context, minor, &expName, GSS_C_NULL_OID, &unionName->mech_name); - if (major != GSS_S_COMPLETE) + if (major != GSS_S_COMPLETE) { + map_error(minor, mech); return (major); + } - return (generic_gss_copy_oid(minor, &mechOid, &unionName->mech_type)); + major = generic_gss_copy_oid(minor, &mechOid, &unionName->mech_type); + if (major != GSS_S_COMPLETE) { + map_errcode(minor); + } + return (major); } /* importExportName */ diff --git a/usr/src/lib/libgss/g_imp_sec_context.c b/usr/src/lib/libgss/g_imp_sec_context.c index db3544653c..e7ac27fc56 100644 --- a/usr/src/lib/libgss/g_imp_sec_context.c +++ b/usr/src/lib/libgss/g_imp_sec_context.c @@ -19,15 +19,17 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. */ /* * glue routine gss_export_sec_context */ +#ifndef LEAN_CLIENT + #include <mechglueP.h> +#include "gssapiP_generic.h" #include <stdio.h> #include <errno.h> #include <stdlib.h> @@ -146,6 +148,7 @@ gss_ctx_id_t *context_handle; *context_handle = (gss_ctx_id_t)ctx; return (GSS_S_COMPLETE); } + map_error(minor_status, mech); error_out: if (ctx) { @@ -158,3 +161,4 @@ error_out: } return (status); } +#endif /* LEAN_CLIENT */ diff --git a/usr/src/lib/libgss/g_init_sec_context.c b/usr/src/lib/libgss/g_init_sec_context.c index 814b28a784..34560d59d3 100644 --- a/usr/src/lib/libgss/g_init_sec_context.c +++ b/usr/src/lib/libgss/g_init_sec_context.c @@ -19,14 +19,14 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. */ /* * glue routine for gss_init_sec_context */ #include <mechglueP.h> +#include "gssapiP_generic.h" #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -211,6 +211,7 @@ OM_uint32 * time_rec; * subsequent calls make the caller responsible for * calling gss_delete_sec_context */ + map_error(minor_status, mech); if (*context_handle == GSS_C_NO_CONTEXT) { free(union_ctx_id->mech_type->elements); free(union_ctx_id->mech_type); diff --git a/usr/src/lib/libgss/g_initialize.c b/usr/src/lib/libgss/g_initialize.c index 3c6dbd5d5f..9415b39bb1 100644 --- a/usr/src/lib/libgss/g_initialize.c +++ b/usr/src/lib/libgss/g_initialize.c @@ -19,8 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. */ /* @@ -42,6 +41,7 @@ */ #include <mechglueP.h> +#include "gssapiP_generic.h" #include <stdio.h> #include <syslog.h> #include <stdlib.h> @@ -154,6 +154,7 @@ gss_OID *oid; minor_status, oid); if (major == GSS_S_COMPLETE) return (GSS_S_COMPLETE); + map_error(minor_status, aMech->mech); } aMech = aMech->next; } /* while */ diff --git a/usr/src/lib/libgss/g_inq_context_oid.c b/usr/src/lib/libgss/g_inq_context_oid.c index c7cebe86a9..9cbf944efd 100644 --- a/usr/src/lib/libgss/g_inq_context_oid.c +++ b/usr/src/lib/libgss/g_inq_context_oid.c @@ -23,8 +23,7 @@ * */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. */ /* @@ -32,6 +31,8 @@ */ #include "mglueP.h" +#include "gssapiP_generic.h" + #define gssint_get_mechanism __gss_get_mechanism /* SUNW17PACresync */ OM_uint32 diff --git a/usr/src/lib/libgss/g_inquire_context.c b/usr/src/lib/libgss/g_inquire_context.c index b4044aa99c..a2188c94ed 100644 --- a/usr/src/lib/libgss/g_inquire_context.c +++ b/usr/src/lib/libgss/g_inquire_context.c @@ -19,8 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. */ /* @@ -28,6 +27,7 @@ */ #include <mechglueP.h> +#include "gssapiP_generic.h" #include <stdlib.h> static OM_uint32 @@ -67,26 +67,15 @@ val_inq_ctx_args( /* Last argument new for V2 */ OM_uint32 gss_inquire_context( - minor_status, - context_handle, - src_name, - targ_name, - lifetime_rec, - mech_type, - ctx_flags, - locally_initiated, - open) - -OM_uint32 *minor_status; -const gss_ctx_id_t context_handle; -gss_name_t *src_name; -gss_name_t *targ_name; -OM_uint32 *lifetime_rec; -gss_OID *mech_type; -OM_uint32 *ctx_flags; -int *locally_initiated; -int *open; - + OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + gss_name_t *src_name, + gss_name_t *targ_name, + OM_uint32 *lifetime_rec, + gss_OID *mech_type, + OM_uint32 *ctx_flags, + int *locally_initiated, + int *opened) { gss_union_ctx_id_t ctx; gss_mechanism mech; @@ -124,9 +113,10 @@ int *open; NULL, ctx_flags, locally_initiated, - open); + opened); if (status != GSS_S_COMPLETE) { + map_error(minor_status, mech); return (status); } diff --git a/usr/src/lib/libgss/g_inquire_cred.c b/usr/src/lib/libgss/g_inquire_cred.c index 4f185f8499..f5711edfe7 100644 --- a/usr/src/lib/libgss/g_inquire_cred.c +++ b/usr/src/lib/libgss/g_inquire_cred.c @@ -19,8 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. */ /* @@ -28,6 +27,7 @@ */ #include <mechglueP.h> +#include "gssapiP_generic.h" #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -91,8 +91,10 @@ gss_OID_set *mechanisms; lifetime, cred_usage, mechanisms); - if (status != GSS_S_COMPLETE) + if (status != GSS_S_COMPLETE) { + map_error(minor_status, mech); return (status); + } if (name) { /* @@ -103,6 +105,7 @@ gss_OID_set *mechanisms; internal_name, name); if (status != GSS_S_COMPLETE) { *minor_status = temp_minor_status; + map_error(minor_status, mech); if (mechanisms && *mechanisms) { (void) gss_release_oid_set( &temp_minor_status, @@ -144,7 +147,9 @@ gss_OID_set *mechanisms; */ if (name != NULL) { - if ((gss_import_name(minor_status, + if (union_cred->auxinfo.name.length == 0) { + *name = GSS_C_NO_NAME; + } else if ((gss_import_name(minor_status, &union_cred->auxinfo.name, union_cred->auxinfo.name_type, name) != GSS_S_COMPLETE) || @@ -251,8 +256,10 @@ gss_inquire_cred_by_mech(minor_status, cred_handle, mech_type, name, initiator_lifetime, acceptor_lifetime, cred_usage); - if (status != GSS_S_COMPLETE) + if (status != GSS_S_COMPLETE) { + map_error(minor_status, mech); return (status); + } if (name) { /* @@ -263,6 +270,7 @@ gss_inquire_cred_by_mech(minor_status, cred_handle, mech_type, name, internal_name, name); if (status != GSS_S_COMPLETE) { *minor_status = temp_minor_status; + map_error(minor_status, mech); return (status); } } diff --git a/usr/src/lib/libgss/g_inquire_names.c b/usr/src/lib/libgss/g_inquire_names.c index 9ee1567b33..8f8a658341 100644 --- a/usr/src/lib/libgss/g_inquire_names.c +++ b/usr/src/lib/libgss/g_inquire_names.c @@ -19,8 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. */ /* @@ -28,6 +27,7 @@ */ #include <mechglueP.h> +#include "gssapiP_generic.h" #define MAX_MECH_OID_PAIRS 32 @@ -68,13 +68,15 @@ gss_OID_set * name_types; if (mech) { - if (mech->gss_inquire_names_for_mech) + if (mech->gss_inquire_names_for_mech) { status = mech->gss_inquire_names_for_mech( mech->context, minor_status, mechanism, name_types); - else + if (status != GSS_S_COMPLETE) + map_error(minor_status, mech); + } else status = GSS_S_UNAVAILABLE; return (status); diff --git a/usr/src/lib/libgss/g_oid_ops.c b/usr/src/lib/libgss/g_oid_ops.c index 7694b7e445..544dda904f 100644 --- a/usr/src/lib/libgss/g_oid_ops.c +++ b/usr/src/lib/libgss/g_oid_ops.c @@ -1,8 +1,6 @@ /* - * Copyright (c) 1996,1997, by Sun Microsystems, Inc. - * All rights reserved. + * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. */ -#pragma ident "%Z%%M% %I% %E% SMI" /* * lib/gssapi/mechglue/g_oid_ops.c * @@ -32,6 +30,7 @@ */ #include <mechglueP.h> +#include "gssapiP_generic.h" /* * gss_release_oid has been moved to g_initialize, becasue it requires access @@ -44,8 +43,11 @@ gss_create_empty_oid_set(minor_status, oid_set) OM_uint32 *minor_status; gss_OID_set *oid_set; { - return (generic_gss_create_empty_oid_set(minor_status, - oid_set)); + OM_uint32 status; + status = generic_gss_create_empty_oid_set(minor_status, oid_set); + if (status != GSS_S_COMPLETE) + map_errcode(minor_status); + return status; } OM_uint32 @@ -54,8 +56,12 @@ gss_add_oid_set_member(minor_status, member_oid, oid_set) const gss_OID member_oid; gss_OID_set *oid_set; { - return (generic_gss_add_oid_set_member(minor_status, member_oid, - oid_set)); + OM_uint32 status; + status = generic_gss_add_oid_set_member(minor_status, member_oid, + oid_set); + if (status != GSS_S_COMPLETE) + map_errcode(minor_status); + return status; } OM_uint32 @@ -75,7 +81,10 @@ gss_oid_to_str(minor_status, oid, oid_str) const gss_OID oid; gss_buffer_t oid_str; { - return (generic_gss_oid_to_str(minor_status, oid, oid_str)); + OM_uint32 status = generic_gss_oid_to_str(minor_status, oid, oid_str); + if (status != GSS_S_COMPLETE) + map_errcode(minor_status); + return status; } OM_uint32 @@ -84,5 +93,8 @@ gss_str_to_oid(minor_status, oid_str, oid) const gss_buffer_t oid_str; gss_OID *oid; { - return (generic_gss_str_to_oid(minor_status, oid_str, oid)); + OM_uint32 status = generic_gss_str_to_oid(minor_status, oid_str, oid); + if (status != GSS_S_COMPLETE) + map_errcode(minor_status); + return status; } diff --git a/usr/src/lib/libgss/g_process_context.c b/usr/src/lib/libgss/g_process_context.c index 5753dc8441..c2383761a3 100644 --- a/usr/src/lib/libgss/g_process_context.c +++ b/usr/src/lib/libgss/g_process_context.c @@ -19,8 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. */ /* @@ -28,6 +27,7 @@ */ #include <mechglueP.h> +#include "gssapiP_generic.h" OM_uint32 gss_process_context_token(minor_status, @@ -66,13 +66,15 @@ gss_buffer_t token_buffer; if (mech) { - if (mech->gss_process_context_token) + if (mech->gss_process_context_token) { status = mech->gss_process_context_token( mech->context, minor_status, ctx->internal_ctx_id, token_buffer); - else + if (status != GSS_S_COMPLETE) + map_error(minor_status, mech); + } else status = GSS_S_UNAVAILABLE; return (status); diff --git a/usr/src/lib/libgss/g_rel_cred.c b/usr/src/lib/libgss/g_rel_cred.c index b694bceaaa..9a5d79ac89 100644 --- a/usr/src/lib/libgss/g_rel_cred.c +++ b/usr/src/lib/libgss/g_rel_cred.c @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,17 +19,15 @@ * CDDL HEADER END */ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. */ -#pragma ident "%Z%%M% %I% %E% SMI" - /* * glue routine for gss_release_cred */ #include <mechglueP.h> +#include "gssapiP_generic.h" #include <stdio.h> #ifdef HAVE_STDLIB_H #include <stdlib.h> @@ -64,11 +61,14 @@ gss_cred_id_t *cred_handle; */ union_cred = (gss_union_cred_t)*cred_handle; - *cred_handle = NULL; - if (union_cred == (gss_union_cred_t)GSS_C_NO_CREDENTIAL) return (GSS_S_COMPLETE); + if (GSSINT_CHK_LOOP(union_cred)) + return (GSS_S_NO_CRED | GSS_S_CALL_INACCESSIBLE_READ); + + *cred_handle = NULL; + status = GSS_S_COMPLETE; for (j = 0; j < union_cred->count; j++) { @@ -83,8 +83,10 @@ gss_cred_id_t *cred_handle; (mech->context, minor_status, &union_cred->cred_array[j]); - if (temp_status != GSS_S_COMPLETE) + if (temp_status != GSS_S_COMPLETE) { + map_error(minor_status, mech); status = GSS_S_NO_CRED; + } } else status = GSS_S_UNAVAILABLE; } else diff --git a/usr/src/lib/libgss/g_seal.c b/usr/src/lib/libgss/g_seal.c index 19725d9f51..2f51651755 100644 --- a/usr/src/lib/libgss/g_seal.c +++ b/usr/src/lib/libgss/g_seal.c @@ -19,8 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. */ /* @@ -28,6 +27,8 @@ */ #include <mechglueP.h> +#include "gssapiP_generic.h" + static OM_uint32 val_seal_args( @@ -104,7 +105,7 @@ gss_buffer_t output_message_buffer; mech = __gss_get_mechanism(ctx->mech_type); if (mech) { - if (mech->gss_seal) + if (mech->gss_seal) { status = mech->gss_seal( mech->context, minor_status, @@ -114,7 +115,9 @@ gss_buffer_t output_message_buffer; input_message_buffer, conf_state, output_message_buffer); - else + if (status != GSS_S_COMPLETE) + map_error(minor_status, mech); + } else status = GSS_S_UNAVAILABLE; return (status); @@ -163,6 +166,7 @@ gss_wrap_size_limit(minor_status, context_handle, conf_req_flag, { gss_union_ctx_id_t ctx; gss_mechanism mech; + OM_uint32 major_status; if (minor_status == NULL) return (GSS_S_CALL_INACCESSIBLE_WRITE); @@ -185,10 +189,16 @@ gss_wrap_size_limit(minor_status, context_handle, conf_req_flag, if (!mech) return (GSS_S_BAD_MECH); - if (!mech->gss_wrap_size_limit) - return (GSS_S_UNAVAILABLE); - - return (mech->gss_wrap_size_limit(mech->context, minor_status, - ctx->internal_ctx_id, conf_req_flag, qop_req, - req_output_size, max_input_size)); + if (mech->gss_wrap_size_limit) + major_status = mech->gss_wrap_size_limit(mech->context, + minor_status, + ctx->internal_ctx_id, + conf_req_flag, qop_req, + req_output_size, + max_input_size); + else + major_status = GSS_S_UNAVAILABLE; + if (major_status != GSS_S_COMPLETE) + map_error(minor_status, mech); + return major_status; } diff --git a/usr/src/lib/libgss/g_sign.c b/usr/src/lib/libgss/g_sign.c index 809c894929..9d137395da 100644 --- a/usr/src/lib/libgss/g_sign.c +++ b/usr/src/lib/libgss/g_sign.c @@ -19,8 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. */ /* @@ -28,6 +27,7 @@ */ #include <mechglueP.h> +#include "gssapiP_generic.h" static OM_uint32 val_sign_args( @@ -96,7 +96,7 @@ gss_buffer_t msg_token; mech = __gss_get_mechanism(ctx->mech_type); if (mech) { - if (mech->gss_sign) + if (mech->gss_sign) { status = mech->gss_sign( mech->context, minor_status, @@ -104,7 +104,9 @@ gss_buffer_t msg_token; qop_req, message_buffer, msg_token); - else + if (status != GSS_S_COMPLETE) + map_error(minor_status, mech); + } else status = GSS_S_UNAVAILABLE; return (status); diff --git a/usr/src/lib/libgss/g_store_cred.c b/usr/src/lib/libgss/g_store_cred.c index 26b118e264..9464fa7292 100644 --- a/usr/src/lib/libgss/g_store_cred.c +++ b/usr/src/lib/libgss/g_store_cred.c @@ -19,8 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. */ /* @@ -28,28 +27,50 @@ */ #include <mechglueP.h> - -static OM_uint32 val_store_cred_args( - OM_uint32 *minor_status, - const gss_cred_id_t input_cred_handle, - gss_OID_set *elements_stored) +#include "gssapiP_generic.h" +#include <errno.h> + +static OM_uint32 +val_store_cred_args( + OM_uint32 *minor_status, + const gss_cred_id_t input_cred_handle, + gss_cred_usage_t cred_usage, + /*LINTED*/ + const gss_OID desired_mech, + /*LINTED*/ + OM_uint32 overwrite_cred, + /*LINTED*/ + OM_uint32 default_cred, + gss_OID_set *elements_stored, + /*LINTED*/ + gss_cred_usage_t *cred_usage_stored) { - /* Initialize outputs. */ + /* Initialize outputs. */ + + if (minor_status != NULL) + *minor_status = 0; - if (minor_status != NULL) - *minor_status = 0; + if (elements_stored != NULL) + *elements_stored = GSS_C_NULL_OID_SET; - if (elements_stored != NULL) - *elements_stored = GSS_C_NULL_OID_SET; + /* Validate arguments. */ - /* Validate arguments. */ + if (minor_status == NULL) + return (GSS_S_CALL_INACCESSIBLE_WRITE); - if (minor_status == NULL) - return (GSS_S_CALL_INACCESSIBLE_WRITE); + if (input_cred_handle == GSS_C_NO_CREDENTIAL) + return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CRED); - if (input_cred_handle == GSS_C_NO_CREDENTIAL) - return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CRED); + if (cred_usage != GSS_C_ACCEPT + && cred_usage != GSS_C_INITIATE + && cred_usage != GSS_C_BOTH) { + if (minor_status) { + *minor_status = EINVAL; + map_errcode(minor_status); + } + return GSS_S_FAILURE; + } return (GSS_S_COMPLETE); } @@ -80,9 +101,14 @@ gss_cred_usage_t *cred_usage_stored; gss_OID dmech; int i; - major_status = val_store_cred_args(minor_status, - input_cred_handle, - elements_stored); + major_status = val_store_cred_args(minor_status, + input_cred_handle, + cred_usage, + desired_mech, + overwrite_cred, + default_cred, + elements_stored, + cred_usage_stored); if (major_status != GSS_S_COMPLETE) return (major_status); @@ -107,7 +133,7 @@ gss_cred_usage_t *cred_usage_stored; if (mech_cred == GSS_C_NO_CREDENTIAL) return (GSS_S_NO_CRED); - return (mech->gss_store_cred(mech->context, + major_status = mech->gss_store_cred(mech->context, minor_status, (gss_cred_id_t)mech_cred, cred_usage, @@ -115,7 +141,10 @@ gss_cred_usage_t *cred_usage_stored; overwrite_cred, default_cred, elements_stored, - cred_usage_stored)); + cred_usage_stored); + if (major_status != GSS_S_COMPLETE) + map_error(minor_status, mech); + return major_status; } /* desired_mech == GSS_C_NULL_OID -> store all elements */ @@ -145,8 +174,10 @@ gss_cred_usage_t *cred_usage_stored; default_cred, NULL, cred_usage_stored); - if (major_status != GSS_S_COMPLETE) + if (major_status != GSS_S_COMPLETE) { + map_error(minor_status, mech); continue; + } /* Succeeded for at least one mech */ diff --git a/usr/src/lib/libgss/g_unseal.c b/usr/src/lib/libgss/g_unseal.c index 9dd7243032..37eae7972f 100644 --- a/usr/src/lib/libgss/g_unseal.c +++ b/usr/src/lib/libgss/g_unseal.c @@ -19,8 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. */ /* @@ -28,6 +27,7 @@ */ #include <mechglueP.h> +#include "gssapiP_generic.h" OM_uint32 gss_unseal(minor_status, @@ -80,7 +80,7 @@ int * qop_state; mech = __gss_get_mechanism(ctx->mech_type); if (mech) { - if (mech->gss_unseal) + if (mech->gss_unseal) { status = mech->gss_unseal( mech->context, minor_status, @@ -89,7 +89,9 @@ int * qop_state; output_message_buffer, conf_state, qop_state); - else + if (status != GSS_S_COMPLETE) + map_error(minor_status, mech); + } else status = GSS_S_UNAVAILABLE; return (status); diff --git a/usr/src/lib/libgss/g_verify.c b/usr/src/lib/libgss/g_verify.c index 774ba13583..bd277104b6 100644 --- a/usr/src/lib/libgss/g_verify.c +++ b/usr/src/lib/libgss/g_verify.c @@ -19,8 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. */ /* @@ -28,6 +27,7 @@ */ #include <mechglueP.h> +#include "gssapiP_generic.h" OM_uint32 gss_verify(minor_status, @@ -66,7 +66,7 @@ int * qop_state; mech = __gss_get_mechanism(ctx->mech_type); if (mech) { - if (mech->gss_verify) + if (mech->gss_verify) { status = mech->gss_verify( mech->context, minor_status, @@ -74,7 +74,9 @@ int * qop_state; message_buffer, token_buffer, qop_state); - else + if (status != GSS_S_COMPLETE) + map_error(minor_status, mech); + } else status = GSS_S_UNAVAILABLE; return (status); |