From 9aa328f42e6f2ecf6820939f012125758f0af1c7 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Daniel=20Kou=C5=99il?= Date: Fri, 27 Jun 2008 12:58:19 +0000 Subject: [PATCH] - don't allow negative lifetime for non-globus gssapi (as per specs) - don't look for domain names (they're appended by gssapi when needed) --- org.glite.security.gss/src/glite_gss.c | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/org.glite.security.gss/src/glite_gss.c b/org.glite.security.gss/src/glite_gss.c index eab5fe3..af53cc7 100644 --- a/org.glite.security.gss/src/glite_gss.c +++ b/org.glite.security.gss/src/glite_gss.c @@ -651,9 +651,16 @@ edg_wll_gss_acquire_cred_gsi(const char *cert_file, const char *key_file, edg_wl goto end; } +#ifndef NO_GLOBUS + /* globus gssapi seems to return negative values, casting doesn't detect + the GSS_C_INDEFINITE value */ + /* Must cast to time_t since OM_uint32 is unsinged and hence we couldn't * detect negative values. */ if ((time_t) lifetime <= 0) { +#else + if (lifetime == 0) { +#endif major_status = GSS_S_CREDENTIALS_EXPIRED; minor_status = 0; /* XXX */ ret = EDG_WLL_GSS_ERROR_GSS; @@ -1563,19 +1570,28 @@ gethostname_globus(char *name, int len) static int gethostname_sys(char *name, int len) { - int ret; + int ret, l; - ret = gethostname(name, len); + ret = gethostname(name, len - 1); if (ret) return ret; + name[len] = '\0'; + + return ret; + +#if 0 /* Check if hostname is fqdn */ if (strchr(name, '.') != NULL) return ret; - ret = getdomainname(name + strlen(name), len - strlen(name)); + l = strlen(name); + *(name+l) = '.'; + + ret = getdomainname(name + l + 1, len - l - 2); return ret; +#endif } int -- 1.8.2.3