context_t *ret;
ret = utils->malloc(sizeof(context_t));
- if (!ret)
+ if (ret == NULL)
return NULL;
memset(ret, 0, sizeof(context_t));
return SASL_NOMECH;
}
- plugs = utils->malloc(2 * gs2_mechs->count * plugsize);
+ plugs = utils->malloc(gs2_mechs->count * plugsize);
if (plugs == NULL) {
MEMERROR(utils);
return SASL_NOMEM;
}
- memset(plugs, 0, 2 * gs2_mechs->count * plugsize);
+ memset(plugs, 0, gs2_mechs->count * plugsize);
for (i = 0; i < gs2_mechs->count; i++) {
gss_buffer_desc sasl_mech_name = GSS_C_EMPTY_BUFFER;
snprintf(name_buf.value, name_buf.length + 1,
"%s@%s", params->service, params->serverFQDN);
- maj_stat = gss_import_name (&min_stat,
- &name_buf,
- GSS_C_NT_HOSTBASED_SERVICE,
- &text->server_name);
+ maj_stat = gss_import_name(&min_stat,
+ &name_buf,
+ GSS_C_NT_HOSTBASED_SERVICE,
+ &text->server_name);
params->utils->free(name_buf.value);
name_buf.value = NULL;
}
/*
- * If the application has provided an authentication identity, parse it.
+ * Get the authorization identity.
*/
- if (text->client_name == GSS_C_NO_NAME) {
- gss_buffer_desc name_buf;
+ if (oparams->user == NULL) {
+ user_result = _plug_get_userid(params->utils, &userid, prompt_need);
+ if (user_result != SASL_OK && user_result != SASL_INTERACT) {
+ result = user_result;
+ goto cleanup;
+ }
+ }
- if (oparams->authid != NULL) {
- name_buf.length = strlen(oparams->authid);
- name_buf.value = (void *)oparams->authid;
+ /*
+ * Canonicalize the authentication and authorization identities before
+ * calling GSS_Import_name.
+ */
+ if (auth_result == SASL_OK && user_result == SASL_OK &&
+ oparams->authid == NULL) {
+ if (userid == NULL || userid[0] == '\0') {
+ result = params->canon_user(params->utils->conn, authid, 0,
+ SASL_CU_AUTHID | SASL_CU_AUTHZID,
+ oparams);
} else {
- name_buf.length = strlen(authid);
- name_buf.value = (void *)authid;
- }
+ result = params->canon_user(params->utils->conn,
+ authid, 0, SASL_CU_AUTHID, oparams);
+ if (result != SASL_OK)
+ goto cleanup;
- if (name_buf.value != NULL) {
- maj_stat = gss_import_name(&min_stat,
- &name_buf,
- GSS_C_NT_USER_NAME,
- &text->client_name);
- if (GSS_ERROR(maj_stat))
+ result = params->canon_user(params->utils->conn,
+ userid, 0, SASL_CU_AUTHZID, oparams);
+ if (result != SASL_OK)
goto cleanup;
}
}
/*
- * Get the authorization identity.
+ * If the application has provided an authentication identity, parse it.
*/
- if (oparams->user == NULL) {
- user_result = _plug_get_userid(params->utils, &userid, prompt_need);
- if (user_result != SASL_OK && user_result != SASL_INTERACT) {
- result = user_result;
+ if (text->client_name == GSS_C_NO_NAME &&
+ oparams->authid != NULL && oparams->authid[0] != '\0') {
+ gss_buffer_desc name_buf;
+
+ name_buf.length = strlen(oparams->authid);
+ name_buf.value = (void *)oparams->authid;
+
+ maj_stat = gss_import_name(&min_stat,
+ &name_buf,
+ GSS_C_NT_USER_NAME,
+ &text->client_name);
+ if (GSS_ERROR(maj_stat))
goto cleanup;
- }
}
/*
NULL, NULL);
if (result == SASL_OK)
result = SASL_INTERACT;
- } else if (oparams->authid == NULL) {
- if (userid == NULL || userid[0] == '\0') {
- result = params->canon_user(params->utils->conn, authid, 0,
- SASL_CU_AUTHID | SASL_CU_AUTHZID,
- oparams);
- } else {
- result = params->canon_user(params->utils->conn,
- authid, 0, SASL_CU_AUTHID, oparams);
- if (result != SASL_OK)
- goto cleanup;
-
- result = params->canon_user(params->utils->conn,
- userid, 0, SASL_CU_AUTHZID, oparams);
- if (result != SASL_OK)
- goto cleanup;
- }
}
cleanup:
int ret;
char *out = NULL;
unsigned int len, curlen = 0;
- const char prefix[] = "GSSAPI Error: ";
+ const char prefix[] = "GS2 Error: ";
len = sizeof(prefix);
ret = _plug_buf_alloc(utils, &out, &curlen, 256);