static int gs2_get_mech_attrs(const sasl_utils_t *utils,
const gss_OID mech,
unsigned int *security_flags,
- unsigned int *features);
+ unsigned int *features,
+ const unsigned long **prompts);
static int gs2_indicate_mechs(const sasl_utils_t *utils);
text->authzid = NULL;
}
- if (text->mechanism != NULL) {
- gss_release_oid(&min_stat, &text->mechanism);
- text->mechanism = GSS_C_NO_OID;
- }
-
gss_release_buffer(&min_stat, &text->gss_cbindings.application_data);
if (text->out_buf != NULL) {
gss_buffer_desc short_name_buf = GSS_C_EMPTY_BUFFER;
gss_name_t without = GSS_C_NO_NAME;
gss_OID_set_desc mechs;
- gss_OID actual_mech = GSS_C_NO_OID;
OM_uint32 out_flags = 0;
int ret = 0, equal = 0;
int initialContextToken = (text->gss_ctx == GSS_C_NO_CONTEXT);
&input_token,
&text->gss_cbindings,
&text->client_name,
- &actual_mech,
+ NULL,
&output_token,
&out_flags,
&text->lifetime,
assert(maj_stat == GSS_S_COMPLETE);
- if (!g_OID_equal(text->mechanism, actual_mech)) {
- ret = SASL_WRONGMECH;
- goto cleanup;
- }
if ((out_flags & GSS_C_SEQUENCE_FLAG) == 0) {
ret = SASL_BADAUTH;
goto cleanup;
gss_release_buffer(&min_stat, &short_name_buf);
gss_release_buffer(&min_stat, &output_token);
gss_release_name(&min_stat, &without);
- gss_release_oid(&min_stat, &actual_mech);
if (ret == SASL_OK && maj_stat != GSS_S_COMPLETE) {
sasl_gs2_seterror(text->utils, maj_stat, min_stat);
ret = gs2_get_mech_attrs(utils, mech,
&splug->security_flags,
- &splug->features);
+ &splug->features,
+ NULL);
if (ret != SASL_OK)
return ret;
gss_buffer_desc name_buf = GSS_C_EMPTY_BUFFER;
OM_uint32 maj_stat = GSS_S_FAILURE, min_stat = 0;
OM_uint32 req_flags, ret_flags;
- gss_OID actual_mech = GSS_C_NO_OID;
int ret = SASL_FAIL;
int initialContextToken;
&text->client_name,
NULL,
&text->lifetime,
- &actual_mech,
+ NULL,
&ret_flags, /* flags */
NULL,
NULL);
if (GSS_ERROR(maj_stat))
goto cleanup;
- if (!g_OID_equal(text->mechanism, actual_mech)) {
- ret = SASL_WRONGMECH;
- goto cleanup;
- }
if ((ret_flags & req_flags) != req_flags) {
maj_stat = SASL_BADAUTH;
goto cleanup;
cleanup:
gss_release_buffer(&min_stat, &output_token);
gss_release_buffer(&min_stat, &name_buf);
- gss_release_oid(&min_stat, &actual_mech);
if (ret == SASL_OK && maj_stat != GSS_S_COMPLETE) {
sasl_gs2_seterror(text->utils, maj_stat, min_stat);
return SASL_OK;
}
-static const unsigned long gs2_required_prompts[] = {
- SASL_CB_LIST_END
-};
-
static int
gs2_client_plug_alloc(const sasl_utils_t *utils,
void *plug,
ret = gs2_get_mech_attrs(utils, mech,
&cplug->security_flags,
- &cplug->features);
+ &cplug->features,
+ &cplug->required_prompts);
if (ret != SASL_OK)
return ret;
cplug->mech_step = gs2_client_mech_step;
cplug->mech_dispose = gs2_common_mech_dispose;
cplug->mech_free = gs2_common_mech_free;
- cplug->required_prompts = gs2_required_prompts;
return SASL_OK;
}
return SASL_OK;
}
+static const unsigned long gs2_required_prompts[] = {
+ SASL_CB_LIST_END
+};
+
/*
* Map GSS mechanism attributes to SASL ones
*/
gs2_get_mech_attrs(const sasl_utils_t *utils,
const gss_OID mech,
unsigned int *security_flags,
- unsigned int *features)
+ unsigned int *features,
+ const unsigned long **prompts)
{
OM_uint32 major, minor;
- int present, ret;
+ int present;
gss_OID_set attrs = GSS_C_NO_OID_SET;
major = gss_inquire_attrs_for_mech(&minor, mech, &attrs, NULL);
*security_flags = SASL_SEC_NOPLAINTEXT | SASL_SEC_NOACTIVE;
*features = SASL_FEAT_WANT_CLIENT_FIRST | SASL_FEAT_CHANNEL_BINDING;
+ if (prompts != NULL)
+ *prompts = gs2_required_prompts;
#define MA_PRESENT(a) (gss_test_oid_set_member(&minor, (gss_OID)(a), \
attrs, &present) == GSS_S_COMPLETE && \
present)
- ret = SASL_OK;
-
if (MA_PRESENT(GSS_C_MA_PFS))
*security_flags |= SASL_SEC_FORWARD_SECRECY;
if (!MA_PRESENT(GSS_C_MA_AUTH_INIT_ANON))
*security_flags |= SASL_SEC_PASS_CREDENTIALS;
if (MA_PRESENT(GSS_C_MA_AUTH_TARG))
*security_flags |= SASL_SEC_MUTUAL_AUTH;
+ if (MA_PRESENT(GSS_C_MA_AUTH_INIT_INIT) && prompts != NULL)
+ *prompts = NULL;
if (MA_PRESENT(GSS_C_MA_ITOK_FRAMED))
*features |= SASL_FEAT_GSS_FRAMING;
gss_release_oid_set(&minor, &attrs);
- return ret;
+
+ return SASL_OK;
}
/*