oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

verify verf header

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24244 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2009-01-11 21:42:42 +00:00
parent 8f80188c3f
commit 3223c11aab
1 changed files with 25 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
kadmin/rpc.c
View File

@@ -654,6 +654,22 @@ struct proc {
{ "setkey principal v3", NULL } { "setkey principal v3", NULL }
}; };
static krb5_error_code
copyheader(krb5_storage *sp, krb5_data *data)
{
off_t off;
ssize_t sret;
off = krb5_storage_seek(sp, 0, SEEK_CUR);
CHECK(krb5_data_alloc(data, off));
INSIST(off == data->length);
krb5_storage_seek(sp, 0, SEEK_SET);
sret = krb5_storage_read(sp, data->data, data->length);
INSIST(sret == off);
INSIST(off == krb5_storage_seek(sp, 0, SEEK_CUR));
}
struct gctx { struct gctx {
krb5_data handle; krb5_data handle;
gss_ctx_id_t ctx; gss_ctx_id_t ctx;
@@ -690,11 +706,14 @@ process_stream(krb5_context context,
struct call_header chdr; struct call_header chdr;
struct gcred gcred; struct gcred gcred;
uint32_t mtype; uint32_t mtype;
krb5_data headercopy;
krb5_storage_truncate(dreply, 0); krb5_storage_truncate(dreply, 0);
krb5_storage_truncate(reply, 0); krb5_storage_truncate(reply, 0);
krb5_storage_truncate(msg, 0); krb5_storage_truncate(msg, 0);
krb5_data_zero(&headercopy);
/* /*
* This is very icky to handle the the auto-detection between * This is very icky to handle the the auto-detection between
* the Heimdal protocol and the MIT ONC-RPC based protocol. * the Heimdal protocol and the MIT ONC-RPC based protocol.
@@ -768,6 +787,7 @@ process_stream(krb5_context context,
CHECK(krb5_ret_uint32(msg, &chdr.vers)); CHECK(krb5_ret_uint32(msg, &chdr.vers));
CHECK(krb5_ret_uint32(msg, &chdr.proc)); CHECK(krb5_ret_uint32(msg, &chdr.proc));
CHECK(ret_auth_opaque(msg, &chdr.cred)); CHECK(ret_auth_opaque(msg, &chdr.cred));
CHECK(copyheader(msg, &headercopy));
CHECK(ret_auth_opaque(msg, &chdr.verf)); CHECK(ret_auth_opaque(msg, &chdr.verf));
INSIST(chdr.rpcvers == RPC_VERSION); INSIST(chdr.rpcvers == RPC_VERSION);
@@ -781,15 +801,15 @@ process_stream(krb5_context context,
if (gctx.done) { if (gctx.done) {
INSIST(chdr.verf.flavor == FLAVOR_GSS); INSIST(chdr.verf.flavor == FLAVOR_GSS);
#if 0
gin.value = chdr.cred.data.data; /* from first byte to last of credential */
gin.length = chdr.cred.data.length; gin.value = headercopy.data;
gin.length = headercopy.length;
gout.value = chdr.verf.data.data; gout.value = chdr.verf.data.data;
gout.length = chdr.verf.data.length; gout.length = chdr.verf.data.length;
maj_stat = gss_verify_mic(&min_stat, gctx.ctx, &gin, &gout, NULL); maj_stat = gss_verify_mic(&min_stat, gctx.ctx, &gin, &gout, NULL);
INSIST(maj_stat == GSS_S_COMPLETE); INSIST(maj_stat == GSS_S_COMPLETE);
#endif
} }
switch(gcred.proc) { switch(gcred.proc) {
@@ -922,6 +942,7 @@ process_stream(krb5_context context,
krb5_data_free(&gcred.handle); krb5_data_free(&gcred.handle);
krb5_data_free(&chdr.cred.data); krb5_data_free(&chdr.cred.data);
krb5_data_free(&chdr.verf.data); krb5_data_free(&chdr.verf.data);
krb5_data_free(&headercopy);
CHECK(krb5_store_uint32(reply, chdr.xid)); CHECK(krb5_store_uint32(reply, chdr.xid));
CHECK(krb5_store_uint32(reply, 1)); /* REPLY */ CHECK(krb5_store_uint32(reply, 1)); /* REPLY */