oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

support cfx, try to handle acceptor asserted subkey

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13523 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2004-03-14 16:38:46 +00:00
parent f3dbe53b49
commit 1e4a6015a7
4 changed files with 90 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
lib/gssapi/krb5/unwrap.c
View File

@@ -42,6 +42,16 @@ gss_krb5_get_remotekey(const gss_ctx_id_t context_handle,
krb5_keyblock *skey; krb5_keyblock *skey;
HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
if (context_handle->more_flags & ACCEPTOR_SUBKEY) {
if (context_handle->more_flags & LOCAL)
krb5_auth_con_getremotesubkey(gssapi_krb5_context,
context_handle->auth_context,
&skey);
else
krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
context_handle->auth_context,
&skey);
} else {
krb5_auth_con_getremotesubkey(gssapi_krb5_context, krb5_auth_con_getremotesubkey(gssapi_krb5_context,
context_handle->auth_context, context_handle->auth_context,
&skey); &skey);
@@ -56,6 +66,7 @@ gss_krb5_get_remotekey(const gss_ctx_id_t context_handle,
HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
if(skey == NULL) if(skey == NULL)
return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */ return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */
}
*key = skey; *key = skey;
return 0; return 0;
} }
@@ -427,14 +438,9 @@ OM_uint32 gss_unwrap
conf_state, qop_state, key); conf_state, qop_state, key);
break; break;
default : default :
#ifdef HAVE_GSSAPI_CFX
ret = _gssapi_unwrap_cfx (minor_status, context_handle, ret = _gssapi_unwrap_cfx (minor_status, context_handle,
input_message_buffer, output_message_buffer, input_message_buffer, output_message_buffer,
conf_state, qop_state, key); conf_state, qop_state, key);
#else
*minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP;
ret = GSS_S_FAILURE;
#endif
break; break;
} }
krb5_free_keyblock (gssapi_krb5_context, key); krb5_free_keyblock (gssapi_krb5_context, key);

21
lib/gssapi/krb5/wrap.c
View File

@@ -42,6 +42,16 @@ gss_krb5_get_localkey(const gss_ctx_id_t context_handle,
krb5_keyblock *skey; krb5_keyblock *skey;
HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
if (context_handle->more_flags & ACCEPTOR_SUBKEY) {
if (context_handle->more_flags & LOCAL)
krb5_auth_con_getremotesubkey(gssapi_krb5_context,
context_handle->auth_context,
&skey);
else
krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
context_handle->auth_context,
&skey);
} else {
krb5_auth_con_getlocalsubkey(gssapi_krb5_context, krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
context_handle->auth_context, context_handle->auth_context,
&skey); &skey);
@@ -53,6 +63,7 @@ gss_krb5_get_localkey(const gss_ctx_id_t context_handle,
krb5_auth_con_getkey(gssapi_krb5_context, krb5_auth_con_getkey(gssapi_krb5_context,
context_handle->auth_context, context_handle->auth_context,
&skey); &skey);
}
HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
if(skey == NULL) if(skey == NULL)
return GSS_S_FAILURE; return GSS_S_FAILURE;
@@ -115,14 +126,9 @@ gss_wrap_size_limit (
ret = sub_wrap_size(req_output_size, max_input_size, 8, 34); ret = sub_wrap_size(req_output_size, max_input_size, 8, 34);
break; break;
default : default :
#ifdef HAVE_GSSAPI_CFX
ret = _gssapi_wrap_size_cfx(minor_status, context_handle, ret = _gssapi_wrap_size_cfx(minor_status, context_handle,
conf_req_flag, qop_req, conf_req_flag, qop_req,
req_output_size, max_input_size, key); req_output_size, max_input_size, key);
#else
*minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP;
ret = GSS_S_FAILURE;
#endif
break; break;
} }
krb5_free_keyblock (gssapi_krb5_context, key); krb5_free_keyblock (gssapi_krb5_context, key);
@@ -467,14 +473,9 @@ OM_uint32 gss_wrap
output_message_buffer, key); output_message_buffer, key);
break; break;
default : default :
#ifdef HAVE_GSSAPI_CFX
ret = _gssapi_wrap_cfx (minor_status, context_handle, conf_req_flag, ret = _gssapi_wrap_cfx (minor_status, context_handle, conf_req_flag,
qop_req, input_message_buffer, conf_state, qop_req, input_message_buffer, conf_state,
output_message_buffer, key); output_message_buffer, key);
#else
*minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP;
ret = GSS_S_FAILURE;
#endif
break; break;
} }
krb5_free_keyblock (gssapi_krb5_context, key); krb5_free_keyblock (gssapi_krb5_context, key);

16
lib/gssapi/unwrap.c
View File

@@ -42,6 +42,16 @@ gss_krb5_get_remotekey(const gss_ctx_id_t context_handle,
krb5_keyblock *skey; krb5_keyblock *skey;
HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
if (context_handle->more_flags & ACCEPTOR_SUBKEY) {
if (context_handle->more_flags & LOCAL)
krb5_auth_con_getremotesubkey(gssapi_krb5_context,
context_handle->auth_context,
&skey);
else
krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
context_handle->auth_context,
&skey);
} else {
krb5_auth_con_getremotesubkey(gssapi_krb5_context, krb5_auth_con_getremotesubkey(gssapi_krb5_context,
context_handle->auth_context, context_handle->auth_context,
&skey); &skey);
@@ -56,6 +66,7 @@ gss_krb5_get_remotekey(const gss_ctx_id_t context_handle,
HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
if(skey == NULL) if(skey == NULL)
return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */ return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */
}
*key = skey; *key = skey;
return 0; return 0;
} }
@@ -427,14 +438,9 @@ OM_uint32 gss_unwrap
conf_state, qop_state, key); conf_state, qop_state, key);
break; break;
default : default :
#ifdef HAVE_GSSAPI_CFX
ret = _gssapi_unwrap_cfx (minor_status, context_handle, ret = _gssapi_unwrap_cfx (minor_status, context_handle,
input_message_buffer, output_message_buffer, input_message_buffer, output_message_buffer,
conf_state, qop_state, key); conf_state, qop_state, key);
#else
*minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP;
ret = GSS_S_FAILURE;
#endif
break; break;
} }
krb5_free_keyblock (gssapi_krb5_context, key); krb5_free_keyblock (gssapi_krb5_context, key);

21
lib/gssapi/wrap.c
View File

@@ -42,6 +42,16 @@ gss_krb5_get_localkey(const gss_ctx_id_t context_handle,
krb5_keyblock *skey; krb5_keyblock *skey;
HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
if (context_handle->more_flags & ACCEPTOR_SUBKEY) {
if (context_handle->more_flags & LOCAL)
krb5_auth_con_getremotesubkey(gssapi_krb5_context,
context_handle->auth_context,
&skey);
else
krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
context_handle->auth_context,
&skey);
} else {
krb5_auth_con_getlocalsubkey(gssapi_krb5_context, krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
context_handle->auth_context, context_handle->auth_context,
&skey); &skey);
@@ -53,6 +63,7 @@ gss_krb5_get_localkey(const gss_ctx_id_t context_handle,
krb5_auth_con_getkey(gssapi_krb5_context, krb5_auth_con_getkey(gssapi_krb5_context,
context_handle->auth_context, context_handle->auth_context,
&skey); &skey);
}
HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
if(skey == NULL) if(skey == NULL)
return GSS_S_FAILURE; return GSS_S_FAILURE;
@@ -115,14 +126,9 @@ gss_wrap_size_limit (
ret = sub_wrap_size(req_output_size, max_input_size, 8, 34); ret = sub_wrap_size(req_output_size, max_input_size, 8, 34);
break; break;
default : default :
#ifdef HAVE_GSSAPI_CFX
ret = _gssapi_wrap_size_cfx(minor_status, context_handle, ret = _gssapi_wrap_size_cfx(minor_status, context_handle,
conf_req_flag, qop_req, conf_req_flag, qop_req,
req_output_size, max_input_size, key); req_output_size, max_input_size, key);
#else
*minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP;
ret = GSS_S_FAILURE;
#endif
break; break;
} }
krb5_free_keyblock (gssapi_krb5_context, key); krb5_free_keyblock (gssapi_krb5_context, key);
@@ -467,14 +473,9 @@ OM_uint32 gss_wrap
output_message_buffer, key); output_message_buffer, key);
break; break;
default : default :
#ifdef HAVE_GSSAPI_CFX
ret = _gssapi_wrap_cfx (minor_status, context_handle, conf_req_flag, ret = _gssapi_wrap_cfx (minor_status, context_handle, conf_req_flag,
qop_req, input_message_buffer, conf_state, qop_req, input_message_buffer, conf_state,
output_message_buffer, key); output_message_buffer, key);
#else
*minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP;
ret = GSS_S_FAILURE;
#endif
break; break;
} }
krb5_free_keyblock (gssapi_krb5_context, key); krb5_free_keyblock (gssapi_krb5_context, key);