report(stderr, GT_("GSSAPI error in gss_display_status called from <%s>\n"), m);
break;
}
- report(stderr, GT_("GSSAPI error %s: %s\n"), m,
- msg.value ? (char *)msg.value : GT_("(null)"));
- if (msg.length)
- (void)gss_release_buffer(&min, &msg);
+ report(stderr, GT_("GSSAPI error %s: %.*s\n"), m,
+ (int)msg.length, (char *)msg.value);
+ (void)gss_release_buffer(&min, &msg);
} while(context);
}
OM_uint32 maj_stat, min_stat;
gss_cred_usage_t cu;
gss_name_t target_name;
- int result;
- result = import_name(service, hostname, &target_name, FALSE);
+ (void)import_name(service, hostname, &target_name, FALSE);
(void)gss_release_name(&min_stat, &target_name);
maj_stat = gss_inquire_cred(&min_stat, GSS_C_NO_CREDENTIAL,
gen_send(sock, "%s GSSAPI", command);
/* upon receipt of the GSSAPI authentication request, server returns
- * null data ready response. */
+ * a null data ready challenge to us. */
result = gen_recv(sock, buf1, sizeof buf1);
if (result)
return result;
+ if (buf1[0] != '+' || strspn(buf1 + 1, " \t") < strlen(buf1 + 1)) {
+ if (outlevel >= O_VERBOSE) {
+ report(stdout, GT_("Received malformed challenge to \"%s GSSAPI\"!\n"), command);
+ }
+ goto cancelfail;
+ }
+
+
/* now start the security context initialisation loop... */
sec_token = GSS_C_NO_BUFFER;
context = GSS_C_NO_CONTEXT;
if (outlevel >= O_VERBOSE)
report(stdout, GT_("Sending credentials\n"));
do {
- send_token.length = 0;
+ send_token.length = 0;
send_token.value = NULL;
- maj_stat = gss_init_sec_context(&min_stat,
- GSS_C_NO_CREDENTIAL,
- &context,
- target_name,
- GSS_C_NO_OID,
- GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG,
- 0,
- GSS_C_NO_CHANNEL_BINDINGS,
- sec_token,
- NULL,
- &send_token,
- NULL,
+ maj_stat = gss_init_sec_context(&min_stat,
+ GSS_C_NO_CREDENTIAL,
+ &context,
+ target_name,
+ GSS_C_NO_OID,
+ GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG,
+ 0,
+ GSS_C_NO_CHANNEL_BINDINGS,
+ sec_token,
+ NULL,
+ &send_token,
+ NULL,
NULL);
+
if (maj_stat!=GSS_S_COMPLETE && maj_stat!=GSS_S_CONTINUE_NEEDED) {
- decode_status("gss_init_sec_context", maj_stat, min_stat);
+ if (outlevel >= O_VERBOSE)
+ decode_status("gss_init_sec_context", maj_stat, min_stat);
(void)gss_release_name(&min_stat, &target_name);
- report(stderr, GT_("Error exchanging credentials\n"));
- /* wake up server and await NO response */
- SockWrite(sock, "\r\n", 2);
+cancelfail:
+ /* wake up server and cancel authentication */
+ suppress_tags = TRUE;
+ gen_send(sock, "*");
+ suppress_tags = FALSE;
+
result = gen_recv(sock, buf1, sizeof buf1);
+ if (outlevel >= O_VERBOSE)
+ report(stderr, GT_("Error exchanging credentials\n"));
if (result)
return result;
return PS_AUTHFAIL;
request_buf.length = 0;
request_buf.value = buf2;
- maj_stat = gss_unwrap(&min_stat, context,
+ maj_stat = gss_unwrap(&min_stat, context,
&request_buf, &send_token, &cflags, &quality);
if (maj_stat != GSS_S_COMPLETE) {
decode_status("gss_unwrap", maj_stat, min_stat);