diff options
| author | Luke Howard <lukeh@padl.com> | 2009-11-15 17:41:08 +0000 |
|---|---|---|
| committer | Luke Howard <lukeh@padl.com> | 2009-11-15 17:41:08 +0000 |
| commit | f9f1d9fb06ef2cd853a419c901edc4b8b79b7fde (patch) | |
| tree | 288c7e21c72feb52fba5274d47fc4161bf09a047 | |
| parent | d8a85689205496b730f76fd60e865499b80ef42e (diff) | |
| download | krb5-f9f1d9fb06ef2cd853a419c901edc4b8b79b7fde.zip krb5-f9f1d9fb06ef2cd853a419c901edc4b8b79b7fde.tar.gz krb5-f9f1d9fb06ef2cd853a419c901edc4b8b79b7fde.tar.bz2 | |
checkpoint
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/iakerb@23206 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | src/lib/gssapi/krb5/acquire_cred.c | 17 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/iakerb.c | 5 |
2 files changed, 14 insertions, 8 deletions
diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index 6e2da31..bc1e330 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -548,11 +548,13 @@ acquire_cred(minor_status, desired_name, password, time_req, krb5_free_context(context); return(GSS_S_BAD_MECH); } - if (iakerb && cred_usage != GSS_C_INITIATE) { - *minor_status = G_BAD_USAGE; - krb5_free_context(context); - return GSS_S_FAILURE; - } + } + + if (iakerb && + (cred_usage != GSS_C_INITIATE || desired_name == GSS_C_NO_NAME)) { + *minor_status = G_BAD_USAGE; + krb5_free_context(context); + return GSS_S_FAILURE; } /* create the gss cred structure */ @@ -569,6 +571,7 @@ acquire_cred(minor_status, desired_name, password, time_req, cred->name = NULL; cred->prerfc_mech = (req_old != 0); cred->rfc_mech = (req_new != 0); + cred->iakerb = iakerb; cred->default_identity = (desired_name == GSS_C_NO_NAME); #ifndef LEAN_CLIENT @@ -610,7 +613,7 @@ acquire_cred(minor_status, desired_name, password, time_req, /* this will fill in cred->name if it wasn't set above, and the desired_name is not specified */ - if ((iakerb == 0 && cred_usage == GSS_C_INITIATE) || + if ((cred->iakerb == 0 && cred_usage == GSS_C_INITIATE) || (cred_usage == GSS_C_BOTH)) { if ((ret = acquire_init_cred(context, minor_status, @@ -619,7 +622,7 @@ acquire_cred(minor_status, desired_name, password, time_req, != GSS_S_COMPLETE) { goto error_out; } - } else if (iakerb) { + } else if (cred->iakerb) { /* save the password for later. */ krb5_data data; diff --git a/src/lib/gssapi/krb5/iakerb.c b/src/lib/gssapi/krb5/iakerb.c index a7656ba..93b3345 100644 --- a/src/lib/gssapi/krb5/iakerb.c +++ b/src/lib/gssapi/krb5/iakerb.c @@ -252,10 +252,11 @@ iakerb_make_token(iakerb_ctx_id_t ctx, token->value = k5alloc(tokenSize, &code); if (code != 0) goto cleanup; + token->length = tokenSize; + q = token->value; g_make_token_header(gss_mech_iakerb, data->length, &q, -1); memcpy(q, data->data, data->length); - token->length = tokenSize + data->length; } else { token->value = data->data; token->length = data->length; @@ -463,6 +464,8 @@ iakerb_init_creds_ctx(iakerb_ctx_id_t ctx, goto cleanup; } + assert(cred->name != NULL); + code = krb5_init_creds_init(ctx->k5c, cred->name->princ, NULL, |