diff --git a/lib/gssapi/krb5/unwrap.c b/lib/gssapi/krb5/unwrap.c index 48b108504..876122043 100644 --- a/lib/gssapi/krb5/unwrap.c +++ b/lib/gssapi/krb5/unwrap.c @@ -42,20 +42,31 @@ gss_krb5_get_remotekey(const gss_ctx_id_t context_handle, krb5_keyblock *skey; HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - krb5_auth_con_getremotesubkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); - if(skey == NULL) - krb5_auth_con_getlocalsubkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); - if(skey == NULL) - krb5_auth_con_getkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - if(skey == NULL) - return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */ + if (context_handle->more_flags & ACCEPTOR_SUBKEY) { + if (context_handle->more_flags & LOCAL) + krb5_auth_con_getremotesubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + else + krb5_auth_con_getlocalsubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + } else { + krb5_auth_con_getremotesubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + if(skey == NULL) + krb5_auth_con_getlocalsubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + if(skey == NULL) + krb5_auth_con_getkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + if(skey == NULL) + return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */ + } *key = skey; return 0; } @@ -427,14 +438,9 @@ OM_uint32 gss_unwrap conf_state, qop_state, key); break; default : -#ifdef HAVE_GSSAPI_CFX ret = _gssapi_unwrap_cfx (minor_status, context_handle, input_message_buffer, output_message_buffer, conf_state, qop_state, key); -#else - *minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP; - ret = GSS_S_FAILURE; -#endif break; } krb5_free_keyblock (gssapi_krb5_context, key); diff --git a/lib/gssapi/krb5/wrap.c b/lib/gssapi/krb5/wrap.c index 46939fc99..01a9f3e88 100644 --- a/lib/gssapi/krb5/wrap.c +++ b/lib/gssapi/krb5/wrap.c @@ -42,17 +42,28 @@ gss_krb5_get_localkey(const gss_ctx_id_t context_handle, krb5_keyblock *skey; HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - krb5_auth_con_getlocalsubkey(gssapi_krb5_context, + if (context_handle->more_flags & ACCEPTOR_SUBKEY) { + if (context_handle->more_flags & LOCAL) + krb5_auth_con_getremotesubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + else + krb5_auth_con_getlocalsubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + } else { + krb5_auth_con_getlocalsubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + if(skey == NULL) + krb5_auth_con_getremotesubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + if(skey == NULL) + krb5_auth_con_getkey(gssapi_krb5_context, context_handle->auth_context, &skey); - if(skey == NULL) - krb5_auth_con_getremotesubkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); - if(skey == NULL) - krb5_auth_con_getkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); + } HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); if(skey == NULL) return GSS_S_FAILURE; @@ -115,14 +126,9 @@ gss_wrap_size_limit ( ret = sub_wrap_size(req_output_size, max_input_size, 8, 34); break; default : -#ifdef HAVE_GSSAPI_CFX ret = _gssapi_wrap_size_cfx(minor_status, context_handle, conf_req_flag, qop_req, req_output_size, max_input_size, key); -#else - *minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP; - ret = GSS_S_FAILURE; -#endif break; } krb5_free_keyblock (gssapi_krb5_context, key); @@ -467,14 +473,9 @@ OM_uint32 gss_wrap output_message_buffer, key); break; default : -#ifdef HAVE_GSSAPI_CFX ret = _gssapi_wrap_cfx (minor_status, context_handle, conf_req_flag, qop_req, input_message_buffer, conf_state, output_message_buffer, key); -#else - *minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP; - ret = GSS_S_FAILURE; -#endif break; } krb5_free_keyblock (gssapi_krb5_context, key); diff --git a/lib/gssapi/unwrap.c b/lib/gssapi/unwrap.c index 48b108504..876122043 100644 --- a/lib/gssapi/unwrap.c +++ b/lib/gssapi/unwrap.c @@ -42,20 +42,31 @@ gss_krb5_get_remotekey(const gss_ctx_id_t context_handle, krb5_keyblock *skey; HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - krb5_auth_con_getremotesubkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); - if(skey == NULL) - krb5_auth_con_getlocalsubkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); - if(skey == NULL) - krb5_auth_con_getkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - if(skey == NULL) - return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */ + if (context_handle->more_flags & ACCEPTOR_SUBKEY) { + if (context_handle->more_flags & LOCAL) + krb5_auth_con_getremotesubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + else + krb5_auth_con_getlocalsubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + } else { + krb5_auth_con_getremotesubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + if(skey == NULL) + krb5_auth_con_getlocalsubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + if(skey == NULL) + krb5_auth_con_getkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + if(skey == NULL) + return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */ + } *key = skey; return 0; } @@ -427,14 +438,9 @@ OM_uint32 gss_unwrap conf_state, qop_state, key); break; default : -#ifdef HAVE_GSSAPI_CFX ret = _gssapi_unwrap_cfx (minor_status, context_handle, input_message_buffer, output_message_buffer, conf_state, qop_state, key); -#else - *minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP; - ret = GSS_S_FAILURE; -#endif break; } krb5_free_keyblock (gssapi_krb5_context, key); diff --git a/lib/gssapi/wrap.c b/lib/gssapi/wrap.c index 46939fc99..01a9f3e88 100644 --- a/lib/gssapi/wrap.c +++ b/lib/gssapi/wrap.c @@ -42,17 +42,28 @@ gss_krb5_get_localkey(const gss_ctx_id_t context_handle, krb5_keyblock *skey; HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - krb5_auth_con_getlocalsubkey(gssapi_krb5_context, + if (context_handle->more_flags & ACCEPTOR_SUBKEY) { + if (context_handle->more_flags & LOCAL) + krb5_auth_con_getremotesubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + else + krb5_auth_con_getlocalsubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + } else { + krb5_auth_con_getlocalsubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + if(skey == NULL) + krb5_auth_con_getremotesubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + if(skey == NULL) + krb5_auth_con_getkey(gssapi_krb5_context, context_handle->auth_context, &skey); - if(skey == NULL) - krb5_auth_con_getremotesubkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); - if(skey == NULL) - krb5_auth_con_getkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); + } HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); if(skey == NULL) return GSS_S_FAILURE; @@ -115,14 +126,9 @@ gss_wrap_size_limit ( ret = sub_wrap_size(req_output_size, max_input_size, 8, 34); break; default : -#ifdef HAVE_GSSAPI_CFX ret = _gssapi_wrap_size_cfx(minor_status, context_handle, conf_req_flag, qop_req, req_output_size, max_input_size, key); -#else - *minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP; - ret = GSS_S_FAILURE; -#endif break; } krb5_free_keyblock (gssapi_krb5_context, key); @@ -467,14 +473,9 @@ OM_uint32 gss_wrap output_message_buffer, key); break; default : -#ifdef HAVE_GSSAPI_CFX ret = _gssapi_wrap_cfx (minor_status, context_handle, conf_req_flag, qop_req, input_message_buffer, conf_state, output_message_buffer, key); -#else - *minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP; - ret = GSS_S_FAILURE; -#endif break; } krb5_free_keyblock (gssapi_krb5_context, key);