support cfx, try to handle acceptor asserted subkey

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13523 ec53bebd-3082-4978-b11e-865c3cabbd6b
2004-03-14 16:38:46 +00:00
parent f3dbe53b49
commit 1e4a6015a7
4 changed files with 90 additions and 76 deletions
--- a/lib/gssapi/krb5/wrap.c
+++ b/lib/gssapi/krb5/wrap.c
@@ -42,17 +42,28 @@ gss_krb5_get_localkey(const gss_ctx_id_t context_handle,
    krb5_keyblock *skey;

    HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-    krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
+    if (context_handle->more_flags & ACCEPTOR_SUBKEY) {
+	if (context_handle->more_flags & LOCAL)
+	    krb5_auth_con_getremotesubkey(gssapi_krb5_context,
+					  context_handle->auth_context, 
+					  &skey);
+	else
+	    krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
+					 context_handle->auth_context, 
+					 &skey);
+    } else {
+	krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
+				     context_handle->auth_context, 
+				     &skey);
+	if(skey == NULL)
+	    krb5_auth_con_getremotesubkey(gssapi_krb5_context,
+					  context_handle->auth_context, 
+					  &skey);
+	if(skey == NULL)
+	    krb5_auth_con_getkey(gssapi_krb5_context,
 				 context_handle->auth_context, 
 				 &skey);
-    if(skey == NULL)
-	krb5_auth_con_getremotesubkey(gssapi_krb5_context,
-				      context_handle->auth_context, 
-				      &skey);
-    if(skey == NULL)
-	krb5_auth_con_getkey(gssapi_krb5_context,
-			     context_handle->auth_context, 
-			     &skey);
+    }
    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
    if(skey == NULL)
 	return GSS_S_FAILURE;
@@ -115,14 +126,9 @@ gss_wrap_size_limit (
      ret = sub_wrap_size(req_output_size, max_input_size, 8, 34);
      break;
  default :
-#ifdef HAVE_GSSAPI_CFX
      ret = _gssapi_wrap_size_cfx(minor_status, context_handle, 
 				  conf_req_flag, qop_req, 
 				  req_output_size, max_input_size, key);
-#else
-      *minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP;
-      ret = GSS_S_FAILURE;
-#endif
      break;
  }
  krb5_free_keyblock (gssapi_krb5_context, key);
@@ -467,14 +473,9 @@ OM_uint32 gss_wrap
 				  output_message_buffer, key);
      break;
  default :
-#ifdef HAVE_GSSAPI_CFX
      ret = _gssapi_wrap_cfx (minor_status, context_handle, conf_req_flag,
 			      qop_req, input_message_buffer, conf_state,
 			      output_message_buffer, key);
-#else
-      *minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP;
-      ret = GSS_S_FAILURE;
-#endif
      break;
  }
  krb5_free_keyblock (gssapi_krb5_context, key);