← Back to branch summary

~ubuntu-branches/ubuntu/maverick/krb5/maverick

« back to all changes in this revision

Viewing changes to src/lib/rpc/svc_auth_gssapi.c

  • Committer: Bazaar Package Importer
  • Author(s): Sam Hartman
  • Date: 2009-05-07 16:16:34 UTC
  • mfrom: (13.1.7 sid)
  • Revision ID: james.westby@ubuntu.com-20090507161634-xqyk0s9na0le4flj
Tags: 1.7dfsg~beta1-4
http://bugs.debian.org/527353
When  decrypting the TGS response fails with the subkey, try with the
session key to work around Heimdal bug, Closes: #527353 

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/lib/rpc/svc_auth_gssapi.c
1
1
/*
2
2
 * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
3
3
 *
4
 
 * $Id: svc_auth_gssapi.c 19638 2007-06-26 18:29:40Z tlyu $
 
4
 * $Id: svc_auth_gssapi.c 21632 2008-12-29 17:39:29Z epeisach $
5
5
 *
6
6
 */
7
7
 
24
24
#include <gssapi/gssapi_krb5.h>
25
25
#endif
26
26
 
 
27
#include "gssrpcint.h"
 
28
 
27
29
#ifdef GSSAPI_KRB5
28
30
/* This is here for the krb5_error_code typedef and the
29
31
   KRB5KRB_AP_WRONG_PRINC #define.*/
45
47
 
46
48
#ifdef DEBUG_GSSAPI
47
49
int svc_debug_gssapi = DEBUG_GSSAPI;
48
 
#define L_PRINTF(l,args) if (svc_debug_gssapi >= l) printf args
 
50
void gssrpcint_printf(const char *format, ...)
 
51
{
 
52
    va_list ap;
 
53
    va_start(ap, format);
 
54
#if 1
 
55
    vprintf(format, ap);
 
56
#else
 
57
    {
 
58
        static FILE *f;
 
59
        if (f == NULL)
 
60
            f = fopen("/dev/pts/4", "a");
 
61
        if (f) {
 
62
            vfprintf(f, format, ap);
 
63
            fflush(f);
 
64
        }
 
65
    }
 
66
#endif
 
67
    va_end(ap);
 
68
}
 
69
#define L_PRINTF(l,args) if (svc_debug_gssapi >= l) gssrpcint_printf args
49
70
#define PRINTF(args) L_PRINTF(99, args)
50
71
#define AUTH_GSSAPI_DISPLAY_STATUS(args) \
51
72
        if (svc_debug_gssapi) auth_gssapi_display_status args
383
404
               if (server_creds == client_data->server_creds)
384
405
                    break;
385
406
 
 
407
               PRINTF(("accept_sec_context returned 0x%x 0x%x wrong-princ=%#x\n",
 
408
                       call_res.gss_major, call_res.gss_minor, (int) KRB5KRB_AP_WRONG_PRINC));
386
409
               if (call_res.gss_major == GSS_S_COMPLETE ||
387
410
                   call_res.gss_major == GSS_S_CONTINUE_NEEDED) {
388
411
                    /* server_creds was right, set it! */
412
435
          /* done with call args */
413
436
          xdr_free(xdr_authgssapi_init_arg, &call_arg);
414
437
 
415
 
          PRINTF(("svcauth_gssapi: accept_sec_context returned %#x\n",
416
 
                  call_res.gss_major));
 
438
          PRINTF(("svcauth_gssapi: accept_sec_context returned %#x %#x\n",
 
439
                  call_res.gss_major, call_res.gss_minor));
417
440
          if (call_res.gss_major != GSS_S_COMPLETE &&
418
441
              call_res.gss_major != GSS_S_CONTINUE_NEEDED) {
419
442
               AUTH_GSSAPI_DISPLAY_STATUS(("accepting context",
929
952
          in_buf.value = names[i].name;
930
953
          in_buf.length = strlen(in_buf.value) + 1;
931
954
 
932
 
          PRINTF(("svcauth_gssapi_set_names: importing %s\n", in_buf.value));
 
955
          PRINTF(("svcauth_gssapi_set_names: importing %s\n", names[i].name));
933
956
 
934
957
          gssstat = gss_import_name(&minor_stat, &in_buf, names[i].type,
935
958
                                    &server_name_list[i]);