From 4449713b87702f9e5a8021cc165b771fbe1a3335 Mon Sep 17 00:00:00 2001 From: Assar Westerlund Date: Mon, 18 Jun 2001 02:53:52 +0000 Subject: [PATCH] replace gss_krb5_getsomekey with gss_krb5_get_localkey and gss_krb5_get_remotekey git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10100 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/gssapi/krb5/unwrap.c | 24 ++++++++++++------------ lib/gssapi/krb5/wrap.c | 35 +++++++++++++++++++++++++++++------ lib/gssapi/unwrap.c | 24 ++++++++++++------------ lib/gssapi/wrap.c | 35 +++++++++++++++++++++++++++++------ 4 files changed, 82 insertions(+), 36 deletions(-) diff --git a/lib/gssapi/krb5/unwrap.c b/lib/gssapi/krb5/unwrap.c index 4b146ce32..1b282acd6 100644 --- a/lib/gssapi/krb5/unwrap.c +++ b/lib/gssapi/krb5/unwrap.c @@ -36,18 +36,18 @@ RCSID("$Id$"); OM_uint32 -gss_krb5_getsomekey(const gss_ctx_id_t context_handle, - krb5_keyblock **key) +gss_krb5_get_remotekey(const gss_ctx_id_t context_handle, + krb5_keyblock **key) { - /* XXX this is ugly, and probably incorrect... */ krb5_keyblock *skey; - krb5_auth_con_getlocalsubkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); + + krb5_auth_con_getremotesubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); if(skey == NULL) - krb5_auth_con_getremotesubkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); + krb5_auth_con_getlocalsubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); if(skey == NULL) krb5_auth_con_getkey(gssapi_krb5_context, context_handle->auth_context, @@ -176,7 +176,7 @@ unwrap_des return GSS_S_BAD_MIC; } - krb5_auth_setremoteseqnumber (gssapi_krb5_context, + krb5_auth_con_setremoteseqnumber (gssapi_krb5_context, context_handle->auth_context, ++seq_number); @@ -327,7 +327,7 @@ unwrap_des3 return GSS_S_BAD_MIC; } - krb5_auth_setremoteseqnumber (gssapi_krb5_context, + krb5_auth_con_setremoteseqnumber (gssapi_krb5_context, context_handle->auth_context, ++seq_number); @@ -386,7 +386,7 @@ OM_uint32 gss_unwrap OM_uint32 ret; krb5_keytype keytype; - ret = gss_krb5_getsomekey(context_handle, &key); + ret = gss_krb5_get_remotekey(context_handle, &key); if (ret) { gssapi_krb5_set_error_string (); *minor_status = ret; diff --git a/lib/gssapi/krb5/wrap.c b/lib/gssapi/krb5/wrap.c index 1061a727b..38bd6dcc8 100644 --- a/lib/gssapi/krb5/wrap.c +++ b/lib/gssapi/krb5/wrap.c @@ -35,6 +35,29 @@ RCSID("$Id$"); +OM_uint32 +gss_krb5_get_localkey(const gss_ctx_id_t context_handle, + krb5_keyblock **key) +{ + krb5_keyblock *skey; + + krb5_auth_con_getlocalsubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + if(skey == NULL) + krb5_auth_con_getremotesubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + if(skey == NULL) + krb5_auth_con_getkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + if(skey == NULL) + return GSS_S_FAILURE; + *key = skey; + return 0; +} + static OM_uint32 sub_wrap_size ( OM_uint32 req_output_size, @@ -65,7 +88,7 @@ gss_wrap_size_limit ( OM_uint32 ret; krb5_keytype keytype; - ret = gss_krb5_getsomekey(context_handle, &key); + ret = gss_krb5_get_localkey(context_handle, &key); if (ret) { gssapi_krb5_set_error_string (); *minor_status = ret; @@ -162,7 +185,7 @@ wrap_des memcpy (p - 8, hash, 8); /* sequence number */ - krb5_auth_getlocalseqnumber (gssapi_krb5_context, + krb5_auth_con_getlocalseqnumber (gssapi_krb5_context, context_handle->auth_context, &seq_number); @@ -179,7 +202,7 @@ wrap_des des_cbc_encrypt ((void *)p, (void *)p, 8, schedule, (des_cblock *)(p + 8), DES_ENCRYPT); - krb5_auth_setlocalseqnumber (gssapi_krb5_context, + krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, context_handle->auth_context, ++seq_number); @@ -294,7 +317,7 @@ wrap_des3 free_Checksum (&cksum); /* sequence number */ - krb5_auth_getlocalseqnumber (gssapi_krb5_context, + krb5_auth_con_getlocalseqnumber (gssapi_krb5_context, context_handle->auth_context, &seq_number); @@ -338,7 +361,7 @@ wrap_des3 memcpy (p, encdata.data, encdata.length); krb5_data_free (&encdata); - krb5_auth_setlocalseqnumber (gssapi_krb5_context, + krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, context_handle->auth_context, ++seq_number); @@ -389,7 +412,7 @@ OM_uint32 gss_wrap OM_uint32 ret; krb5_keytype keytype; - ret = gss_krb5_getsomekey(context_handle, &key); + ret = gss_krb5_get_localkey(context_handle, &key); if (ret) { gssapi_krb5_set_error_string (); *minor_status = ret; diff --git a/lib/gssapi/unwrap.c b/lib/gssapi/unwrap.c index 4b146ce32..1b282acd6 100644 --- a/lib/gssapi/unwrap.c +++ b/lib/gssapi/unwrap.c @@ -36,18 +36,18 @@ RCSID("$Id$"); OM_uint32 -gss_krb5_getsomekey(const gss_ctx_id_t context_handle, - krb5_keyblock **key) +gss_krb5_get_remotekey(const gss_ctx_id_t context_handle, + krb5_keyblock **key) { - /* XXX this is ugly, and probably incorrect... */ krb5_keyblock *skey; - krb5_auth_con_getlocalsubkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); + + krb5_auth_con_getremotesubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); if(skey == NULL) - krb5_auth_con_getremotesubkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); + krb5_auth_con_getlocalsubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); if(skey == NULL) krb5_auth_con_getkey(gssapi_krb5_context, context_handle->auth_context, @@ -176,7 +176,7 @@ unwrap_des return GSS_S_BAD_MIC; } - krb5_auth_setremoteseqnumber (gssapi_krb5_context, + krb5_auth_con_setremoteseqnumber (gssapi_krb5_context, context_handle->auth_context, ++seq_number); @@ -327,7 +327,7 @@ unwrap_des3 return GSS_S_BAD_MIC; } - krb5_auth_setremoteseqnumber (gssapi_krb5_context, + krb5_auth_con_setremoteseqnumber (gssapi_krb5_context, context_handle->auth_context, ++seq_number); @@ -386,7 +386,7 @@ OM_uint32 gss_unwrap OM_uint32 ret; krb5_keytype keytype; - ret = gss_krb5_getsomekey(context_handle, &key); + ret = gss_krb5_get_remotekey(context_handle, &key); if (ret) { gssapi_krb5_set_error_string (); *minor_status = ret; diff --git a/lib/gssapi/wrap.c b/lib/gssapi/wrap.c index 1061a727b..38bd6dcc8 100644 --- a/lib/gssapi/wrap.c +++ b/lib/gssapi/wrap.c @@ -35,6 +35,29 @@ RCSID("$Id$"); +OM_uint32 +gss_krb5_get_localkey(const gss_ctx_id_t context_handle, + krb5_keyblock **key) +{ + krb5_keyblock *skey; + + krb5_auth_con_getlocalsubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + if(skey == NULL) + krb5_auth_con_getremotesubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + if(skey == NULL) + krb5_auth_con_getkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + if(skey == NULL) + return GSS_S_FAILURE; + *key = skey; + return 0; +} + static OM_uint32 sub_wrap_size ( OM_uint32 req_output_size, @@ -65,7 +88,7 @@ gss_wrap_size_limit ( OM_uint32 ret; krb5_keytype keytype; - ret = gss_krb5_getsomekey(context_handle, &key); + ret = gss_krb5_get_localkey(context_handle, &key); if (ret) { gssapi_krb5_set_error_string (); *minor_status = ret; @@ -162,7 +185,7 @@ wrap_des memcpy (p - 8, hash, 8); /* sequence number */ - krb5_auth_getlocalseqnumber (gssapi_krb5_context, + krb5_auth_con_getlocalseqnumber (gssapi_krb5_context, context_handle->auth_context, &seq_number); @@ -179,7 +202,7 @@ wrap_des des_cbc_encrypt ((void *)p, (void *)p, 8, schedule, (des_cblock *)(p + 8), DES_ENCRYPT); - krb5_auth_setlocalseqnumber (gssapi_krb5_context, + krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, context_handle->auth_context, ++seq_number); @@ -294,7 +317,7 @@ wrap_des3 free_Checksum (&cksum); /* sequence number */ - krb5_auth_getlocalseqnumber (gssapi_krb5_context, + krb5_auth_con_getlocalseqnumber (gssapi_krb5_context, context_handle->auth_context, &seq_number); @@ -338,7 +361,7 @@ wrap_des3 memcpy (p, encdata.data, encdata.length); krb5_data_free (&encdata); - krb5_auth_setlocalseqnumber (gssapi_krb5_context, + krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, context_handle->auth_context, ++seq_number); @@ -389,7 +412,7 @@ OM_uint32 gss_wrap OM_uint32 ret; krb5_keytype keytype; - ret = gss_krb5_getsomekey(context_handle, &key); + ret = gss_krb5_get_localkey(context_handle, &key); if (ret) { gssapi_krb5_set_error_string (); *minor_status = ret;