diff options
| author | Theodore Tso <tytso@mit.edu> | 1997-06-11 20:45:39 +0000 |
|---|---|---|
| committer | Theodore Tso <tytso@mit.edu> | 1997-06-11 20:45:39 +0000 |
| commit | eac86677d66fe140f7ca54205773c95687e4abe5 (patch) | |
| tree | a367f00a5f8c642940f9ced4843d9897d9f0aff0 /src/appl/gss-sample/gss-server.c | |
| parent | 9c36f64ce36f44f806005366ccccf06cdf8e9c4a (diff) | |
| download | krb5-eac86677d66fe140f7ca54205773c95687e4abe5.zip krb5-eac86677d66fe140f7ca54205773c95687e4abe5.tar.gz krb5-eac86677d66fe140f7ca54205773c95687e4abe5.tar.bz2 | |
gss-server.c (server_establish_context): Rearrange server establish
context loop to match with the draft-ietf-gssv2-cbind-04.txt
suggestion --- always send the output token even in the case of an
error, and call gss_delete_sec_context() if needed.
gss-client.c (client_establish_context): Check for error condition
after sending the output token, if present. In case of error, call
delete_sec_context if necessary.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10096 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/appl/gss-sample/gss-server.c')
| -rw-r--r-- | src/appl/gss-sample/gss-server.c | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/src/appl/gss-sample/gss-server.c b/src/appl/gss-sample/gss-server.c index c2549e4..f195b45 100644 --- a/src/appl/gss-sample/gss-server.c +++ b/src/appl/gss-sample/gss-server.c @@ -137,7 +137,7 @@ int server_establish_context(s, server_creds, context, client_name, ret_flags) gss_buffer_desc send_tok, recv_tok; gss_name_t client; gss_OID doid; - OM_uint32 maj_stat, min_stat; + OM_uint32 maj_stat, min_stat, acc_sec_min_stat; gss_buffer_desc oid_name; *context = GSS_C_NO_CONTEXT; @@ -152,7 +152,7 @@ int server_establish_context(s, server_creds, context, client_name, ret_flags) } maj_stat = - gss_accept_sec_context(&min_stat, + gss_accept_sec_context(&acc_sec_min_stat, context, server_creds, &recv_tok, @@ -164,12 +164,6 @@ int server_establish_context(s, server_creds, context, client_name, ret_flags) NULL, /* ignore time_rec */ NULL); /* ignore del_cred_handle */ - if (maj_stat!=GSS_S_COMPLETE && maj_stat!=GSS_S_CONTINUE_NEEDED) { - display_status("accepting context", maj_stat, min_stat); - (void) gss_release_buffer(&min_stat, &recv_tok); - return -1; - } - (void) gss_release_buffer(&min_stat, &recv_tok); if (send_tok.length != 0) { @@ -186,6 +180,15 @@ int server_establish_context(s, server_creds, context, client_name, ret_flags) (void) gss_release_buffer(&min_stat, &send_tok); } + if (maj_stat!=GSS_S_COMPLETE && maj_stat!=GSS_S_CONTINUE_NEEDED) { + display_status("accepting context", maj_stat, + acc_sec_min_stat); + if (*context == GSS_C_NO_CONTEXT) + gss_delete_sec_context(&min_stat, context, + GSS_C_NO_BUFFER); + return -1; + } + if (verbose && log) { if (maj_stat == GSS_S_CONTINUE_NEEDED) fprintf(log, "continue needed...\n"); |