hack for gss-wrap-iov to it work
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
This commit is contained in:
Stefan Metzmacher
committed by
Love Hornquist Astrand
Love Hornquist Astrand
parent
33019cc597
commit
2f1a370cd3
@@ -608,10 +608,13 @@ _gssapi_wrap_cfx_iov(OM_uint32 *minor_status,
|
||||
goto failure;
|
||||
}
|
||||
|
||||
if (trailer) {
|
||||
token->EC[0] = (trailer->buffer.length >> 8) & 0xFF;
|
||||
token->EC[1] = (trailer->buffer.length >> 0) & 0xFF;
|
||||
if (rrc) {
|
||||
token->RRC[0] = (rrc >> 8) & 0xFF;
|
||||
token->RRC[1] = (rrc >> 0) & 0xFF;
|
||||
}
|
||||
|
||||
token->EC[0] = (k5tsize >> 8) & 0xFF;
|
||||
token->EC[1] = (k5tsize >> 0) & 0xFF;
|
||||
}
|
||||
|
||||
if (conf_state != NULL)
|
||||
@@ -914,19 +917,24 @@ _gssapi_unwrap_cfx_iov(OM_uint32 *minor_status,
|
||||
size_t gsstsize = ec;
|
||||
size_t gsshsize = sizeof(*token);
|
||||
|
||||
/* Check RRC */
|
||||
if (rrc != 0) {
|
||||
*minor_status = EINVAL;
|
||||
major_status = GSS_S_FAILURE;
|
||||
goto failure;
|
||||
}
|
||||
|
||||
if (trailer == NULL) {
|
||||
/* Check RRC */
|
||||
if (rrc != gsstsize) {
|
||||
*minor_status = EINVAL;
|
||||
major_status = GSS_S_FAILURE;
|
||||
goto failure;
|
||||
}
|
||||
|
||||
gsshsize += gsstsize;
|
||||
gsstsize = 0;
|
||||
} else if (trailer->buffer.length != gsstsize) {
|
||||
major_status = GSS_S_DEFECTIVE_TOKEN;
|
||||
goto failure;
|
||||
} else if (rrc != 0) {
|
||||
/* Check RRC */
|
||||
*minor_status = EINVAL;
|
||||
major_status = GSS_S_FAILURE;
|
||||
goto failure;
|
||||
}
|
||||
|
||||
if (header->buffer.length != gsshsize) {
|
||||
|
||||
@@ -750,6 +750,7 @@ main(int argc, char **argv)
|
||||
|
||||
if (iov_flag) {
|
||||
wrapunwrap_iov(cctx, sctx, 0, actual_mech);
|
||||
wrapunwrap_iov(cctx, sctx, USE_HEADER_ONLY|FORCE_IOV, actual_mech);
|
||||
wrapunwrap_iov(cctx, sctx, USE_HEADER_ONLY, actual_mech);
|
||||
wrapunwrap_iov(cctx, sctx, USE_CONF, actual_mech);
|
||||
wrapunwrap_iov(cctx, sctx, USE_CONF|USE_HEADER_ONLY, actual_mech);
|
||||
@@ -759,9 +760,28 @@ main(int argc, char **argv)
|
||||
wrapunwrap_iov(cctx, sctx, USE_HEADER_ONLY|FORCE_IOV, actual_mech);
|
||||
wrapunwrap_iov(cctx, sctx, USE_CONF|USE_HEADER_ONLY|FORCE_IOV, actual_mech);
|
||||
|
||||
wrapunwrap_iov(cctx, sctx, USE_SIGN_ONLY|FORCE_IOV, actual_mech);
|
||||
wrapunwrap_iov(cctx, sctx, USE_CONF|USE_SIGN_ONLY|FORCE_IOV, actual_mech);
|
||||
wrapunwrap_iov(cctx, sctx, USE_CONF|USE_HEADER_ONLY|USE_SIGN_ONLY|FORCE_IOV, actual_mech);
|
||||
|
||||
/* works */
|
||||
wrapunwrap_iov(cctx, sctx, 0, actual_mech);
|
||||
wrapunwrap_iov(cctx, sctx, FORCE_IOV, actual_mech);
|
||||
|
||||
wrapunwrap_iov(cctx, sctx, USE_CONF, actual_mech);
|
||||
wrapunwrap_iov(cctx, sctx, USE_CONF|FORCE_IOV, actual_mech);
|
||||
|
||||
wrapunwrap_iov(cctx, sctx, USE_SIGN_ONLY, actual_mech);
|
||||
wrapunwrap_iov(cctx, sctx, USE_SIGN_ONLY|FORCE_IOV, actual_mech);
|
||||
|
||||
wrapunwrap_iov(cctx, sctx, USE_CONF|USE_SIGN_ONLY, actual_mech);
|
||||
wrapunwrap_iov(cctx, sctx, USE_CONF|USE_HEADER_ONLY|USE_SIGN_ONLY, actual_mech);
|
||||
wrapunwrap_iov(cctx, sctx, USE_CONF|USE_SIGN_ONLY|FORCE_IOV, actual_mech);
|
||||
|
||||
wrapunwrap_iov(cctx, sctx, USE_HEADER_ONLY, actual_mech);
|
||||
wrapunwrap_iov(cctx, sctx, USE_HEADER_ONLY|FORCE_IOV, actual_mech);
|
||||
|
||||
wrapunwrap_iov(cctx, sctx, USE_CONF|USE_HEADER_ONLY, actual_mech);
|
||||
wrapunwrap_iov(cctx, sctx, USE_CONF|USE_HEADER_ONLY|FORCE_IOV, actual_mech);
|
||||
}
|
||||
|
||||
if (getverifymic_flag) {
|
||||
|
||||
@@ -174,33 +174,38 @@ ${context} --no-dns-canon --name-type=krb5-principal-name host/lucid || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
|
||||
echo "======test context building"
|
||||
for mech in krb5 spnego ; do
|
||||
for mech in krb5 krb5iov spnego; do
|
||||
iov=""
|
||||
if [ "$mech" == "krb5" ] ; then
|
||||
if [ "$mech" == "krb5iov" ] ; then
|
||||
mech="krb5"
|
||||
iov="--iov"
|
||||
fi
|
||||
if [ "$mech" == "spnegoiov" ] ; then
|
||||
mech="spnego"
|
||||
iov="--iov"
|
||||
fi
|
||||
|
||||
echo "${mech} no-mutual"
|
||||
echo "${mech} no-mutual ${iov}"
|
||||
${context} --mech-type=${mech} \
|
||||
--wrapunwrap ${iov} \
|
||||
--name-type=hostbased-service host@lucid.test.h5l.se || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
|
||||
echo "${mech} mutual"
|
||||
echo "${mech} mutual ${iov}"
|
||||
${context} --mech-type=${mech} \
|
||||
--mutual \
|
||||
--wrapunwrap ${iov} \
|
||||
--name-type=hostbased-service host@lucid.test.h5l.se || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
|
||||
echo "${mech} delegate"
|
||||
echo "${mech} delegate ${iov}"
|
||||
${context} --mech-type=${mech} \
|
||||
--delegate \
|
||||
--wrapunwrap ${iov} \
|
||||
--name-type=hostbased-service host@lucid.test.h5l.se || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
|
||||
echo "${mech} mutual delegate"
|
||||
echo "${mech} mutual delegate ${iov}"
|
||||
${context} --mech-type=${mech} \
|
||||
--mutual --delegate \
|
||||
--wrapunwrap ${iov} \
|
||||
@@ -208,15 +213,19 @@ for mech in krb5 spnego ; do
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
done
|
||||
|
||||
#add spnego !
|
||||
echo "======dce-style"
|
||||
for mech in krb5 ; do
|
||||
for mech in krb5 krb5iov spnego; do
|
||||
iov=""
|
||||
if [ "$mech" == "krb5" ] ; then
|
||||
if [ "$mech" == "krb5iov" ] ; then
|
||||
mech="krb5"
|
||||
iov="--iov"
|
||||
fi
|
||||
if [ "$mech" == "spnegoiov" ] ; then
|
||||
mech="spnego"
|
||||
iov="--iov"
|
||||
fi
|
||||
|
||||
echo "${mech}: dce-style"
|
||||
echo "${mech}: dce-style ${iov}"
|
||||
${context} \
|
||||
--mech-type=${mech} \
|
||||
--mutual \
|
||||
|
||||
Reference in New Issue
Block a user