oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

gssapi: add channel-bound return flag

Browse Source 
In gss_accept_sec_context, return a new flag to let
the caller know that bindings were provided and verified.
This commit is contained in:
Isaac Boukris
2020-04-21 19:14:26 +02:00
committed by Luke Howard
parent 33fccb8bbe
commit 51ce4c8d15
2 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lib/gssapi/gssapi/gssapi.h
View File

@@ -174,6 +174,7 @@ typedef OM_uint32 gss_qop_t;
#define GSS_C_PROT_READY_FLAG 128 #define GSS_C_PROT_READY_FLAG 128
#define GSS_C_TRANS_FLAG 256 #define GSS_C_TRANS_FLAG 256
#define GSS_C_CHANNEL_BOUND_FLAG 2048
#define GSS_C_DCE_STYLE 4096 #define GSS_C_DCE_STYLE 4096
#define GSS_C_IDENTIFY_FLAG 8192 #define GSS_C_IDENTIFY_FLAG 8192
#define GSS_C_EXTENDED_ERROR_FLAG 16384 #define GSS_C_EXTENDED_ERROR_FLAG 16384

8
lib/gssapi/krb5/8003.c
View File

@@ -181,6 +181,7 @@ _gsskrb5_verify_8003_checksum(
OM_uint32 length; OM_uint32 length;
int DlgOpt; int DlgOpt;
static unsigned char zeros[16]; static unsigned char zeros[16];
krb5_boolean channel_bound = FALSE;
/* XXX should handle checksums > 24 bytes */ /* XXX should handle checksums > 24 bytes */
if(cksum->cksumtype != CKSUMTYPE_GSSAPI || cksum->checksum.length < 24) { if(cksum->cksumtype != CKSUMTYPE_GSSAPI || cksum->checksum.length < 24) {
@@ -207,6 +208,7 @@ _gsskrb5_verify_8003_checksum(
*minor_status = 0; *minor_status = 0;
return GSS_S_BAD_BINDINGS; return GSS_S_BAD_BINDINGS;
} }
channel_bound = TRUE;
} }
p += sizeof(hash); p += sizeof(hash);
@@ -241,5 +243,11 @@ _gsskrb5_verify_8003_checksum(
memcpy(fwd_data->data, p, fwd_data->length); memcpy(fwd_data->data, p, fwd_data->length);
} }
if (channel_bound) {
*flags |= GSS_C_CHANNEL_BOUND_FLAG;
} else {
*flags &= ~GSS_C_CHANNEL_BOUND_FLAG;
}
return GSS_S_COMPLETE; return GSS_S_COMPLETE;
} }