summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib/gssapi/krb5/init_sec_context.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/heimdal/lib/gssapi/krb5/init_sec_context.c')
-rw-r--r--source4/heimdal/lib/gssapi/krb5/init_sec_context.c36
1 files changed, 18 insertions, 18 deletions
diff --git a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c
index 53855ca0453..5f8b01b7270 100644
--- a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c
+++ b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c
@@ -41,7 +41,7 @@
static OM_uint32
set_addresses (krb5_context context,
krb5_auth_context ac,
- const gss_channel_bindings_t input_chan_bindings)
+ const gss_channel_bindings_t input_chan_bindings)
{
/* Port numbers are expected to be in application_data.value,
* initator's port first */
@@ -422,11 +422,6 @@ init_auth
goto failure;
}
- ret = _gss_DES3_get_mic_compat(minor_status, ctx, context);
- if (ret)
- goto failure;
-
-
/*
* This is hideous glue for (NFS) clients that wants to limit the
* available enctypes to what it can support (encryption in
@@ -458,17 +453,21 @@ init_auth
* DNS canonicalizion.
*/
ret = gsskrb5_get_creds(minor_status, context, ctx->ccache,
- ctx, name, 0, time_req,
+ ctx, name, 0, time_req,
time_rec);
if (ret && allow_dns)
ret = gsskrb5_get_creds(minor_status, context, ctx->ccache,
- ctx, name, 1, time_req,
+ ctx, name, 1, time_req,
time_rec);
if (ret)
goto failure;
ctx->lifetime = ctx->kcred->times.endtime;
+ ret = _gss_DES3_get_mic_compat(minor_status, ctx, context);
+ if (ret)
+ goto failure;
+
ret = _gsskrb5_lifetime_left(minor_status,
context,
ctx->lifetime,
@@ -530,7 +529,7 @@ init_auth_restart
Checksum cksum;
krb5_enctype enctype;
krb5_data fwd_data, timedata;
- int32_t offset = 0, oldoffset;
+ int32_t offset = 0, oldoffset = 0;
uint32_t flagmask;
krb5_data_zero(&outbuf);
@@ -544,7 +543,7 @@ init_auth_restart
*/
if (!ctx->kcred->flags.b.ok_as_delegate) {
krb5_data data;
-
+
ret = krb5_cc_get_config(context, ctx->ccache, NULL,
"realm-config", &data);
if (ret == 0) {
@@ -676,7 +675,8 @@ init_auth_restart
output_token->length = outbuf.length;
} else {
ret = _gsskrb5_encapsulate (minor_status, &outbuf, output_token,
- (u_char *)"\x01\x00", GSS_KRB5_MECHANISM);
+ (u_char *)(intptr_t)"\x01\x00",
+ GSS_KRB5_MECHANISM);
krb5_data_free (&outbuf);
if (ret)
goto failure;
@@ -848,9 +848,9 @@ repl_mutual
*minor_status = kret;
return GSS_S_FAILURE;
}
-
+
/* reset local seq number */
- krb5_auth_con_setlocalseqnumber(context, ctx->auth_context, local_seq);
+ krb5_auth_con_setlocalseqnumber(context, ctx->auth_context, local_seq);
output_token->length = outbuf.length;
output_token->value = outbuf.data;
@@ -911,20 +911,20 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_init_sec_context
return GSS_S_BAD_MECH;
if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) {
- OM_uint32 ret;
+ OM_uint32 ret1;
if (*context_handle != GSS_C_NO_CONTEXT) {
*minor_status = 0;
return GSS_S_FAILURE | GSS_S_CALL_BAD_STRUCTURE;
}
- ret = _gsskrb5_create_ctx(minor_status,
+ ret1 = _gsskrb5_create_ctx(minor_status,
context_handle,
context,
input_chan_bindings,
INITIATOR_START);
- if (ret)
- return ret;
+ if (ret1)
+ return ret1;
}
if (*context_handle == GSS_C_NO_CONTEXT) {
@@ -953,7 +953,7 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_init_sec_context
ret_flags,
time_rec);
if (ret != GSS_S_COMPLETE)
- break;
+ break;
/* FALL THOUGH */
case INITIATOR_RESTART:
ret = init_auth_restart(minor_status,
View Lorry Controller Status