From 2f1a370cd37b9ebb0d46236133ae2da764ee3cfd Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 28 Aug 2009 18:12:03 +0200 Subject: [PATCH] hack for gss-wrap-iov to it work Signed-off-by: Love Hornquist Astrand --- lib/gssapi/krb5/cfx.c | 28 ++++++++++++++++++---------- lib/gssapi/test_context.c | 22 +++++++++++++++++++++- tests/gss/check-context.in | 29 +++++++++++++++++++---------- 3 files changed, 58 insertions(+), 21 deletions(-) diff --git a/lib/gssapi/krb5/cfx.c b/lib/gssapi/krb5/cfx.c index 0f300f3f5..1a6e97527 100755 --- a/lib/gssapi/krb5/cfx.c +++ b/lib/gssapi/krb5/cfx.c @@ -608,10 +608,13 @@ _gssapi_wrap_cfx_iov(OM_uint32 *minor_status, goto failure; } - if (trailer) { - token->EC[0] = (trailer->buffer.length >> 8) & 0xFF; - token->EC[1] = (trailer->buffer.length >> 0) & 0xFF; + if (rrc) { + token->RRC[0] = (rrc >> 8) & 0xFF; + token->RRC[1] = (rrc >> 0) & 0xFF; } + + token->EC[0] = (k5tsize >> 8) & 0xFF; + token->EC[1] = (k5tsize >> 0) & 0xFF; } if (conf_state != NULL) @@ -914,19 +917,24 @@ _gssapi_unwrap_cfx_iov(OM_uint32 *minor_status, size_t gsstsize = ec; size_t gsshsize = sizeof(*token); - /* Check RRC */ - if (rrc != 0) { - *minor_status = EINVAL; - major_status = GSS_S_FAILURE; - goto failure; - } - if (trailer == NULL) { + /* Check RRC */ + if (rrc != gsstsize) { + *minor_status = EINVAL; + major_status = GSS_S_FAILURE; + goto failure; + } + gsshsize += gsstsize; gsstsize = 0; } else if (trailer->buffer.length != gsstsize) { major_status = GSS_S_DEFECTIVE_TOKEN; goto failure; + } else if (rrc != 0) { + /* Check RRC */ + *minor_status = EINVAL; + major_status = GSS_S_FAILURE; + goto failure; } if (header->buffer.length != gsshsize) { diff --git a/lib/gssapi/test_context.c b/lib/gssapi/test_context.c index c9c2bfd4d..633c4bb48 100644 --- a/lib/gssapi/test_context.c +++ b/lib/gssapi/test_context.c @@ -750,6 +750,7 @@ main(int argc, char **argv) if (iov_flag) { wrapunwrap_iov(cctx, sctx, 0, actual_mech); + wrapunwrap_iov(cctx, sctx, USE_HEADER_ONLY|FORCE_IOV, actual_mech); wrapunwrap_iov(cctx, sctx, USE_HEADER_ONLY, actual_mech); wrapunwrap_iov(cctx, sctx, USE_CONF, actual_mech); wrapunwrap_iov(cctx, sctx, USE_CONF|USE_HEADER_ONLY, actual_mech); @@ -759,9 +760,28 @@ main(int argc, char **argv) wrapunwrap_iov(cctx, sctx, USE_HEADER_ONLY|FORCE_IOV, actual_mech); wrapunwrap_iov(cctx, sctx, USE_CONF|USE_HEADER_ONLY|FORCE_IOV, actual_mech); + wrapunwrap_iov(cctx, sctx, USE_SIGN_ONLY|FORCE_IOV, actual_mech); + wrapunwrap_iov(cctx, sctx, USE_CONF|USE_SIGN_ONLY|FORCE_IOV, actual_mech); + wrapunwrap_iov(cctx, sctx, USE_CONF|USE_HEADER_ONLY|USE_SIGN_ONLY|FORCE_IOV, actual_mech); + +/* works */ + wrapunwrap_iov(cctx, sctx, 0, actual_mech); + wrapunwrap_iov(cctx, sctx, FORCE_IOV, actual_mech); + + wrapunwrap_iov(cctx, sctx, USE_CONF, actual_mech); + wrapunwrap_iov(cctx, sctx, USE_CONF|FORCE_IOV, actual_mech); + wrapunwrap_iov(cctx, sctx, USE_SIGN_ONLY, actual_mech); + wrapunwrap_iov(cctx, sctx, USE_SIGN_ONLY|FORCE_IOV, actual_mech); + wrapunwrap_iov(cctx, sctx, USE_CONF|USE_SIGN_ONLY, actual_mech); - wrapunwrap_iov(cctx, sctx, USE_CONF|USE_HEADER_ONLY|USE_SIGN_ONLY, actual_mech); + wrapunwrap_iov(cctx, sctx, USE_CONF|USE_SIGN_ONLY|FORCE_IOV, actual_mech); + + wrapunwrap_iov(cctx, sctx, USE_HEADER_ONLY, actual_mech); + wrapunwrap_iov(cctx, sctx, USE_HEADER_ONLY|FORCE_IOV, actual_mech); + + wrapunwrap_iov(cctx, sctx, USE_CONF|USE_HEADER_ONLY, actual_mech); + wrapunwrap_iov(cctx, sctx, USE_CONF|USE_HEADER_ONLY|FORCE_IOV, actual_mech); } if (getverifymic_flag) { diff --git a/tests/gss/check-context.in b/tests/gss/check-context.in index 6632ce4ba..82628f826 100644 --- a/tests/gss/check-context.in +++ b/tests/gss/check-context.in @@ -174,33 +174,38 @@ ${context} --no-dns-canon --name-type=krb5-principal-name host/lucid || \ { exitcode=1 ; echo "test failed"; } echo "======test context building" -for mech in krb5 spnego ; do +for mech in krb5 krb5iov spnego; do iov="" - if [ "$mech" == "krb5" ] ; then + if [ "$mech" == "krb5iov" ] ; then + mech="krb5" + iov="--iov" + fi + if [ "$mech" == "spnegoiov" ] ; then + mech="spnego" iov="--iov" fi - echo "${mech} no-mutual" + echo "${mech} no-mutual ${iov}" ${context} --mech-type=${mech} \ --wrapunwrap ${iov} \ --name-type=hostbased-service host@lucid.test.h5l.se || \ { exitcode=1 ; echo "test failed"; } - echo "${mech} mutual" + echo "${mech} mutual ${iov}" ${context} --mech-type=${mech} \ --mutual \ --wrapunwrap ${iov} \ --name-type=hostbased-service host@lucid.test.h5l.se || \ { exitcode=1 ; echo "test failed"; } - echo "${mech} delegate" + echo "${mech} delegate ${iov}" ${context} --mech-type=${mech} \ --delegate \ --wrapunwrap ${iov} \ --name-type=hostbased-service host@lucid.test.h5l.se || \ { exitcode=1 ; echo "test failed"; } - echo "${mech} mutual delegate" + echo "${mech} mutual delegate ${iov}" ${context} --mech-type=${mech} \ --mutual --delegate \ --wrapunwrap ${iov} \ @@ -208,15 +213,19 @@ for mech in krb5 spnego ; do { exitcode=1 ; echo "test failed"; } done -#add spnego ! echo "======dce-style" -for mech in krb5 ; do +for mech in krb5 krb5iov spnego; do iov="" - if [ "$mech" == "krb5" ] ; then + if [ "$mech" == "krb5iov" ] ; then + mech="krb5" + iov="--iov" + fi + if [ "$mech" == "spnegoiov" ] ; then + mech="spnego" iov="--iov" fi - echo "${mech}: dce-style" + echo "${mech}: dce-style ${iov}" ${context} \ --mech-type=${mech} \ --mutual \