pool/cyrus-sasl
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 93622 from home:rhafer:branches:network

Browse Source 
Updated cyrus-sasl-gs2-not-overwrite-minor-error-code.dif with latest upstream improvements

OBS-URL: https://build.opensuse.org/request/show/93622
OBS-URL: https://build.opensuse.org/package/show/network/cyrus-sasl?expand=0&rev=24
This commit is contained in:
Ralf Haferkamp 2011-11-25 12:21:46 +00:00 committed by Git OBS Bridge
parent a45425e35e
commit 848490e7c0
4 changed files with 181 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

185
cyrus-sasl-gs2-not-overwrite-minor-error-code.dif
View File

@ -1,30 +1,69 @@
From df039a4aba685990e47e5edb7bc9e09ff7daf56a Mon Sep 17 00:00:00 2001
From: Ralf Haferkamp <rhafer@suse.de>
Date: Fri, 18 Nov 2011 10:06:22 +0100
Subject: [PATCH] Don't overwrite minor error code before retrieving the error
message
---
plugins/gs2.c | 16 +++++++++-------
1 files changed, 9 insertions(+), 7 deletions(-)
Index: cyrus-sasl-2.1.25/plugins/gs2.c
===================================================================
--- cyrus-sasl-2.1.25.orig/plugins/gs2.c
+++ cyrus-sasl-2.1.25/plugins/gs2.c
@@ -531,6 +531,11 @@ fprintf(stderr,"gss_acquire_cred over an
@@ -336,7 +336,7 @@ gs2_server_mech_step(void *conn_context,
gss_name_t without = GSS_C_NO_NAME;
gss_OID_set_desc mechs;
OM_uint32 out_flags = 0;
- int ret = 0, equal = 0;
+ int ret = SASL_OK, equal = 0;
int initialContextToken = (text->gss_ctx == GSS_C_NO_CONTEXT);
char *p;
@@ -463,14 +463,12 @@ gs2_server_mech_step(void *conn_context,
GSS_C_NT_USER_NAME,
&without);
if (GSS_ERROR(maj_stat)) {
- ret = SASL_FAIL;
goto cleanup;
}
maj_stat = gss_compare_name(&min_stat, text->client_name,
without, &equal);
if (GSS_ERROR(maj_stat)) {
- ret = SASL_FAIL;
goto cleanup;
}
@@ -486,8 +484,9 @@ gs2_server_mech_step(void *conn_context,
ret = params->canon_user(params->utils->conn,
text->authzid, 0,
SASL_CU_AUTHZID, oparams);
- if (ret != SASL_OK)
+ if (ret != SASL_OK) {
goto cleanup;
+ }
}
ret = params->canon_user(params->utils->conn,
@@ -496,8 +495,9 @@ gs2_server_mech_step(void *conn_context,
? (SASL_CU_AUTHZID | SASL_CU_AUTHID)
: SASL_CU_AUTHID,
oparams);
- if (ret != SASL_OK)
+ if (ret != SASL_OK) {
goto cleanup;
+ }
switch (text->gs2_flags & GS2_CB_FLAG_MASK) {
case GS2_CB_FLAG_N:
@@ -528,19 +528,23 @@ gs2_server_mech_step(void *conn_context,
ret = SASL_OK;
cleanup:
- if (initialContextToken)
+ if (ret == SASL_OK && maj_stat != GSS_S_COMPLETE) {
+ sasl_gs2_seterror(text->utils, maj_stat, min_stat);
+ ret = SASL_FAIL;
+ }
+
if (initialContextToken)
+////Can set maj_stat to gss_release_buffer return value and check
+ if (initialContextToken) {
gss_release_buffer(&min_stat, &input_token);
+ }
gss_release_buffer(&min_stat, &name_buf);
@@ -538,10 +543,6 @@ cleanup:
gss_release_buffer(&min_stat, &short_name_buf);
gss_release_buffer(&min_stat, &output_token);
gss_release_name(&min_stat, &without);
@ -32,24 +71,134 @@ Index: cyrus-sasl-2.1.25/plugins/gs2.c
- sasl_gs2_seterror(text->utils, maj_stat, min_stat);
- ret = SASL_FAIL;
- }
if (ret < SASL_OK)
- if (ret < SASL_OK)
+ if (ret < SASL_OK) {
sasl_gs2_free_context_contents(text);
+ }
@@ -838,13 +839,14 @@ static int gs2_client_mech_step(void *co
return ret;
}
@@ -698,12 +702,14 @@ static int gs2_client_mech_step(void *co
if (text->gss_ctx == GSS_C_NO_CONTEXT) {
ret = gs2_get_init_creds(text, params, prompt_need, oparams);
- if (ret != SASL_OK)
+ if (ret != SASL_OK) {
goto cleanup;
+ }
initialContextToken = 1;
- } else
+ } else {
initialContextToken = 0;
+ }
if (text->server_name == GSS_C_NO_NAME) { /* only once */
name_buf.length = strlen(params->service) + 1 + strlen(params->serverFQDN);
@@ -729,8 +735,10 @@ static int gs2_client_mech_step(void *co
params->utils->free(name_buf.value);
name_buf.value = NULL;
- if (GSS_ERROR(maj_stat))
+ if (GSS_ERROR(maj_stat)) {
+ ret = SASL_OK;
goto cleanup;
+ }
}
/* From GSSAPI plugin: apparently this is for some IMAP bug workaround */
@@ -762,8 +770,9 @@ static int gs2_client_mech_step(void *co
strcmp(oparams->user, oparams->authid) ?
(char *) oparams->user : NULL,
&text->out_buf, &text->out_buf_len);
- if (ret != 0)
+ if (ret != 0) {
goto cleanup;
+ }
}
req_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
@@ -783,13 +792,16 @@ static int gs2_client_mech_step(void *co
&output_token,
&ret_flags,
&text->lifetime);
- if (GSS_ERROR(maj_stat))
+ if (GSS_ERROR(maj_stat)) {
+ ret = SASL_OK;
goto cleanup;
+ }
ret = gs2_make_message(text, params, initialContextToken, &output_token,
&text->out_buf, &text->out_buf_len);
- if (ret != 0)
+ if (ret != 0) {
goto cleanup;
+ }
*clientout = text->out_buf;
*clientoutlen = text->out_buf_len;
@@ -799,9 +811,9 @@ static int gs2_client_mech_step(void *co
goto cleanup;
}
- if (text->client_name != GSS_C_NO_NAME)
+ if (text->client_name != GSS_C_NO_NAME) {
gss_release_name(&min_stat, &text->client_name);
-
+ }
maj_stat = gss_inquire_context(&min_stat,
text->gss_ctx,
&text->client_name,
@@ -811,11 +823,13 @@ static int gs2_client_mech_step(void *co
&ret_flags, /* flags */
NULL,
NULL);
- if (GSS_ERROR(maj_stat))
+ if (GSS_ERROR(maj_stat)) {
+ ret = SASL_OK;
goto cleanup;
+ }
if ((ret_flags & req_flags) != req_flags) {
- maj_stat = SASL_BADAUTH;
+ ret = SASL_BADAUTH;
goto cleanup;
}
@@ -823,8 +837,10 @@ static int gs2_client_mech_step(void *co
text->client_name,
&name_buf,
NULL);
- if (GSS_ERROR(maj_stat))
+ if (GSS_ERROR(maj_stat)) {
+ ret = SASL_OK;
goto cleanup;
+ }
oparams->gss_peer_name = text->server_name;
oparams->gss_local_name = text->client_name;
@@ -834,16 +850,20 @@ static int gs2_client_mech_step(void *co
oparams->maxoutbuf = 0xFFFFFF;
oparams->doneflag = 1;
cleanup:
-cleanup:
- gss_release_buffer(&min_stat, &output_token);
- gss_release_buffer(&min_stat, &name_buf);
-
+ ret = SASL_OK;
+cleanup:
if (ret == SASL_OK && maj_stat != GSS_S_COMPLETE) {
sasl_gs2_seterror(text->utils, maj_stat, min_stat);
ret = SASL_FAIL;
}
- if (ret < SASL_OK)
+
+ gss_release_buffer(&min_stat, &output_token);
+ gss_release_buffer(&min_stat, &name_buf);
+
if (ret < SASL_OK)
+ if (ret < SASL_OK) {
sasl_gs2_free_context_contents(text);
+ }
return ret;
}

7
cyrus-sasl-saslauthd.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Fri Nov 25 10:05:58 UTC 2011 - rhafer@suse.de
- Removed debug printfs from cyrus-sasl.dif, added by accident
- Updated cyrus-sasl-gs2-not-overwrite-minor-error-code.dif with
latest upstream improvements
-------------------------------------------------------------------
Wed Nov 16 09:22:32 UTC 2011 - rhafer@suse.de

7
cyrus-sasl.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Fri Nov 25 10:05:58 UTC 2011 - rhafer@suse.de
- Removed debug printfs from cyrus-sasl.dif, added by accident
- Updated cyrus-sasl-gs2-not-overwrite-minor-error-code.dif with
latest upstream improvements
-------------------------------------------------------------------
Wed Nov 16 09:22:32 UTC 2011 - rhafer@suse.de

22
cyrus-sasl.dif
View File

@ -54,25 +54,3 @@ Index: saslauthd/Makefile.am
sbin_PROGRAMS = saslauthd testsaslauthd
EXTRA_PROGRAMS = saslcache
Index: plugins/gs2.c
===================================================================
--- plugins/gs2.c.orig
+++ plugins/gs2.c
@@ -374,6 +374,7 @@ gs2_server_mech_step(void *conn_context,
mechs.elements = (gss_OID)text->mechanism;
if (params->gss_creds == GSS_C_NO_CREDENTIAL) {
+fprintf(stderr,"calling gss_acquire_cred\n");
maj_stat = gss_acquire_cred(&min_stat,
text->server_name,
GSS_C_INDEFINITE,
@@ -382,7 +383,9 @@ gs2_server_mech_step(void *conn_context,
&text->server_creds,
NULL,
&text->lifetime);
+fprintf(stderr,"gss_acquire_cred returned: %d\n", maj_stat);
if (GSS_ERROR(maj_stat))
+fprintf(stderr,"gss_acquire_cred over and out: %d\n", maj_stat);
goto cleanup;
}