X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=plugins%2Fgs2.c;h=9667274d877146a2cdb6f43eb4aac14788c6aae4;hb=b72270ab693fee28eed84881aeb60540219962f7;hp=773322c47b0dc78c272771e572c29cb07924edd9;hpb=cc339205d9194dada96e2bab673e5cefd9cf6caf;p=cyrus-sasl.git diff --git a/plugins/gs2.c b/plugins/gs2.c index 773322c..9667274 100644 --- a/plugins/gs2.c +++ b/plugins/gs2.c @@ -192,7 +192,7 @@ sasl_gs2_new_context(const sasl_utils_t *utils) context_t *ret; ret = utils->malloc(sizeof(context_t)); - if (!ret) + if (ret == NULL) return NULL; memset(ret, 0, sizeof(context_t)); @@ -1561,38 +1561,55 @@ gs2_get_init_creds(context_t *text, } /* - * If the application has provided an authentication identity, parse it. + * Get the authorization identity. */ - if (text->client_name == GSS_C_NO_NAME) { - gss_buffer_desc name_buf; + if (oparams->user == NULL) { + user_result = _plug_get_userid(params->utils, &userid, prompt_need); + if (user_result != SASL_OK && user_result != SASL_INTERACT) { + result = user_result; + goto cleanup; + } + } - if (oparams->authid != NULL) { - name_buf.length = strlen(oparams->authid); - name_buf.value = (void *)oparams->authid; + /* + * Canonicalize the authentication and authorization identities before + * calling GSS_Import_name. + */ + if (auth_result == SASL_OK && user_result == SASL_OK && + oparams->authid == NULL) { + if (userid == NULL || userid[0] == '\0') { + result = params->canon_user(params->utils->conn, authid, 0, + SASL_CU_AUTHID | SASL_CU_AUTHZID, + oparams); } else { - name_buf.length = strlen(authid); - name_buf.value = (void *)authid; - } + result = params->canon_user(params->utils->conn, + authid, 0, SASL_CU_AUTHID, oparams); + if (result != SASL_OK) + goto cleanup; - if (name_buf.value != NULL) { - maj_stat = gss_import_name(&min_stat, - &name_buf, - GSS_C_NT_USER_NAME, - &text->client_name); - if (GSS_ERROR(maj_stat)) + result = params->canon_user(params->utils->conn, + userid, 0, SASL_CU_AUTHZID, oparams); + if (result != SASL_OK) goto cleanup; } } /* - * Get the authorization identity. + * If the application has provided an authentication identity, parse it. */ - if (oparams->user == NULL) { - user_result = _plug_get_userid(params->utils, &userid, prompt_need); - if (user_result != SASL_OK && user_result != SASL_INTERACT) { - result = user_result; + if (text->client_name == GSS_C_NO_NAME && + oparams->authid != NULL && oparams->authid[0] != '\0') { + gss_buffer_desc name_buf; + + name_buf.length = strlen(oparams->authid); + name_buf.value = (void *)oparams->authid; + + maj_stat = gss_import_name(&min_stat, + &name_buf, + GSS_C_NT_USER_NAME, + &text->client_name); + if (GSS_ERROR(maj_stat)) goto cleanup; - } } /* @@ -1672,22 +1689,6 @@ gs2_get_init_creds(context_t *text, NULL, NULL); if (result == SASL_OK) result = SASL_INTERACT; - } else if (oparams->authid == NULL) { - if (userid == NULL || userid[0] == '\0') { - result = params->canon_user(params->utils->conn, authid, 0, - SASL_CU_AUTHID | SASL_CU_AUTHZID, - oparams); - } else { - result = params->canon_user(params->utils->conn, - authid, 0, SASL_CU_AUTHID, oparams); - if (result != SASL_OK) - goto cleanup; - - result = params->canon_user(params->utils->conn, - userid, 0, SASL_CU_AUTHZID, oparams); - if (result != SASL_OK) - goto cleanup; - } } cleanup: @@ -1711,7 +1712,7 @@ sasl_gs2_seterror_(const sasl_utils_t *utils, OM_uint32 maj, OM_uint32 min, int ret; char *out = NULL; unsigned int len, curlen = 0; - const char prefix[] = "GSSAPI Error: "; + const char prefix[] = "GS2 Error: "; len = sizeof(prefix); ret = _plug_buf_alloc(utils, &out, &curlen, 256);