oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

(gss_accept_sec_context): if the token doesn't start with [APPLICATION

Browse Source 
0] SEQUENCE, lets assume its a DCE-style kerberos 5 connection. XXX
this needs to be made better in cause we get another GSS-API protocol
violating protocol. It should be possible to detach the Kerberos
DCE-style since it starts with a AP-REQ PDU, but that have to wait for
now.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18167 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-09-25 19:24:48 +00:00
parent 32f0206a80
commit 6accd4715c
1 changed files with 39 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/gssapi/mech/gss_accept_sec_context.c
View File

@@ -71,9 +71,13 @@ OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status,
/*
* Token must start with [APPLICATION 0] SEQUENCE.
* But if it doesn't assume its DCE-STYLE Kerberos!
*/
if (len == 0 || *p != 0x60)
if (len == 0)
return (GSS_S_DEFECTIVE_TOKEN);
if (*p != 0x60) {
mech_oid = *GSS_KRB5_MECHANISM;
} else {
p++;
len--;
@@ -116,7 +120,7 @@ OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status,
p += 2;
len -= 2;
mech_oid.elements = p;
}
/*
* Now that we have a mechanism, we can find the
* implementation.