*/
#include "includes.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
#ifdef HAVE_KRB5
#include "auth/kerberos/pac_utils.h"
gss_OID_desc gse_sesskey_inq_oid = {
GSS_KRB5_INQ_SSPI_SESSION_KEY_OID_LENGTH,
- (void *)GSS_KRB5_INQ_SSPI_SESSION_KEY_OID
+ discard_const(GSS_KRB5_INQ_SSPI_SESSION_KEY_OID)
};
#ifndef GSS_KRB5_SESSION_KEY_ENCTYPE_OID
gss_OID_desc gse_sesskeytype_oid = {
GSS_KRB5_SESSION_KEY_ENCTYPE_OID_LENGTH,
- (void *)GSS_KRB5_SESSION_KEY_ENCTYPE_OID
+ discard_const(GSS_KRB5_SESSION_KEY_ENCTYPE_OID)
};
/* The Heimdal OID for getting the PAC */
&pac_buffer, &pac_display_buffer, &more);
if (gss_maj != 0) {
- DEBUG(0, ("obtaining PAC via GSSAPI gss_get_name_attribute failed: %s\n",
- gssapi_error_string(mem_ctx, gss_maj, gss_min, gss_mech_krb5)));
+ gss_OID oid = discard_const(gss_mech_krb5);
+ DBG_NOTICE("obtaining PAC via GSSAPI gss_get_name_attribute "
+ "failed: %s\n", gssapi_error_string(mem_ctx,
+ gss_maj, gss_min,
+ oid));
return NT_STATUS_ACCESS_DENIED;
} else if (authenticated && complete) {
/* The PAC blob is returned directly */
DEBUG(1, ("unable to obtain a PAC against this GSSAPI library. "
"GSSAPI secured connections are available only with Heimdal or MIT Kerberos >= 1.8\n"));
} else if (gss_maj != 0) {
- DEBUG(2, ("obtaining PAC via GSSAPI gss_inqiure_sec_context_by_oid (Heimdal OID) failed: %s\n",
+ DEBUG(2, ("obtaining PAC via GSSAPI gss_inquire_sec_context_by_oid (Heimdal OID) failed: %s\n",
gssapi_error_string(mem_ctx, gss_maj, gss_min, gss_mech_krb5)));
} else {
if (set == GSS_C_NO_BUFFER_SET) {
&gse_sesskey_inq_oid, &set);
if (gss_maj) {
DEBUG(0, ("gss_inquire_sec_context_by_oid failed [%s]\n",
- gssapi_error_string(mem_ctx, gss_maj, gss_min, gss_mech_krb5)));
+ gssapi_error_string(mem_ctx,
+ gss_maj,
+ gss_min,
+ discard_const_p(struct gss_OID_desc_struct,
+ gss_mech_krb5))));
return NT_STATUS_NO_USER_SESSION_KEY;
}
if (keytype) {
int diflen, i;
- const char *p;
+ const uint8_t *p;
+ *keytype = 0;
if (set->count < 2) {
#ifdef HAVE_GSSKRB5_GET_SUBKEY
if (gss_maj == 0) {
*keytype = KRB5_KEY_TYPE(subkey);
krb5_free_keyblock(NULL /* should be krb5_context */, subkey);
- } else
-#else
- {
- *keytype = 0;
}
#endif
gss_maj = gss_release_buffer_set(&gss_min, &set);
gse_sesskeytype_oid.elements,
gse_sesskeytype_oid.length) != 0) {
/* Perhaps a non-krb5 session key */
- *keytype = 0;
gss_maj = gss_release_buffer_set(&gss_min, &set);
return NT_STATUS_OK;
}
- p = set->elements[1].value + gse_sesskeytype_oid.length;
+ p = (const uint8_t *)set->elements[1].value + gse_sesskeytype_oid.length;
diflen = set->elements[1].length - gse_sesskeytype_oid.length;
if (diflen <= 0) {
gss_maj = gss_release_buffer_set(&gss_min, &set);
return NT_STATUS_INVALID_PARAMETER;
}
- *keytype = 0;
for (i = 0; i < diflen; i++) {
*keytype = (*keytype << 7) | (p[i] & 0x7f);
if (i + 1 != diflen && (p[i] & 0x80) == 0) {
disp_maj_stat = gss_display_status(&disp_min_stat, maj_stat,
GSS_C_GSS_CODE, mech,
&msg_ctx, &maj_error_message);
+ if (disp_maj_stat != 0) {
+ maj_error_message.value = NULL;
+ maj_error_message.length = 0;
+ }
disp_maj_stat = gss_display_status(&disp_min_stat, min_stat,
GSS_C_MECH_CODE, mech,
&msg_ctx, &min_error_message);
+ if (disp_maj_stat != 0) {
+ min_error_message.value = NULL;
+ min_error_message.length = 0;
+ }
maj_error_string = talloc_strndup(mem_ctx,
(char *)maj_error_message.value,
git.samba.org / samba.git / blobdiff