use gss_krb5_get_subkey() instead of gss_krb5_get_{local,remote}key()
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14450 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Luke Howard
@@ -270,7 +270,7 @@ OM_uint32 gss_get_mic
|
||||
OM_uint32 ret;
|
||||
krb5_keytype keytype;
|
||||
|
||||
ret = gss_krb5_get_localkey(context_handle, &key);
|
||||
ret = gss_krb5_get_subkey(context_handle, &key);
|
||||
if (ret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = ret;
|
||||
|
||||
@@ -209,12 +209,8 @@ gss_verify_mic_internal(OM_uint32 * minor_status,
|
||||
char * type);
|
||||
|
||||
OM_uint32
|
||||
gss_krb5_get_remotekey(const gss_ctx_id_t context_handle,
|
||||
krb5_keyblock **key);
|
||||
|
||||
OM_uint32
|
||||
gss_krb5_get_localkey(const gss_ctx_id_t context_handle,
|
||||
krb5_keyblock **key);
|
||||
gss_krb5_get_subkey(const gss_ctx_id_t context_handle,
|
||||
krb5_keyblock **key);
|
||||
|
||||
krb5_error_code
|
||||
gss_address_to_krb5addr(OM_uint32 gss_addr_type,
|
||||
|
||||
@@ -35,44 +35,6 @@
|
||||
|
||||
RCSID("$Id$");
|
||||
|
||||
OM_uint32
|
||||
gss_krb5_get_remotekey(const gss_ctx_id_t context_handle,
|
||||
krb5_keyblock **key)
|
||||
{
|
||||
krb5_keyblock *skey;
|
||||
|
||||
HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
|
||||
if (context_handle->more_flags & ACCEPTOR_SUBKEY) {
|
||||
if (context_handle->more_flags & LOCAL)
|
||||
krb5_auth_con_getremotesubkey(gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
&skey);
|
||||
else
|
||||
krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
&skey);
|
||||
} else {
|
||||
krb5_auth_con_getremotesubkey(gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
&skey);
|
||||
if(skey == NULL)
|
||||
krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
&skey);
|
||||
if(skey == NULL)
|
||||
krb5_auth_con_getkey(gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
&skey);
|
||||
if(skey == NULL) {
|
||||
HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
|
||||
return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */
|
||||
}
|
||||
}
|
||||
HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
|
||||
*key = skey;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static OM_uint32
|
||||
unwrap_des
|
||||
(OM_uint32 * minor_status,
|
||||
@@ -413,7 +375,7 @@ OM_uint32 gss_unwrap
|
||||
|
||||
if (qop_state != NULL)
|
||||
*qop_state = GSS_C_QOP_DEFAULT;
|
||||
ret = gss_krb5_get_remotekey(context_handle, &key);
|
||||
ret = gss_krb5_get_subkey(context_handle, &key);
|
||||
if (ret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = ret;
|
||||
|
||||
@@ -278,7 +278,7 @@ gss_verify_mic_internal
|
||||
OM_uint32 ret;
|
||||
krb5_keytype keytype;
|
||||
|
||||
ret = gss_krb5_get_remotekey(context_handle, &key);
|
||||
ret = gss_krb5_get_subkey(context_handle, &key);
|
||||
if (ret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = ret;
|
||||
|
||||
@@ -36,29 +36,36 @@
|
||||
RCSID("$Id$");
|
||||
|
||||
OM_uint32
|
||||
gss_krb5_get_localkey(const gss_ctx_id_t context_handle,
|
||||
krb5_keyblock **key)
|
||||
gss_krb5_get_subkey(const gss_ctx_id_t context_handle,
|
||||
krb5_keyblock **key)
|
||||
{
|
||||
krb5_keyblock *skey;
|
||||
krb5_keyblock *skey = NULL;
|
||||
|
||||
HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
|
||||
if (context_handle->more_flags & ACCEPTOR_SUBKEY) {
|
||||
if (context_handle->more_flags & LOCAL)
|
||||
krb5_auth_con_getremotesubkey(gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
&skey);
|
||||
else
|
||||
krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
&skey);
|
||||
if (context_handle->more_flags & LOCAL) {
|
||||
krb5_auth_con_getremotesubkey(gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
&skey);
|
||||
} else {
|
||||
krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
&skey);
|
||||
if(skey == NULL)
|
||||
}
|
||||
/*
|
||||
* Only use the initiator subkey or ticket session key if
|
||||
* an acceptor subkey was not required.
|
||||
*/
|
||||
if (skey == NULL &&
|
||||
(context_handle->more_flags & ACCEPTOR_SUBKEY) == 0) {
|
||||
if (context_handle->more_flags & LOCAL) {
|
||||
krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
&skey);
|
||||
} else {
|
||||
krb5_auth_con_getremotesubkey(gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
context_handle->auth_context,
|
||||
&skey);
|
||||
}
|
||||
if(skey == NULL)
|
||||
krb5_auth_con_getkey(gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
@@ -66,7 +73,7 @@ gss_krb5_get_localkey(const gss_ctx_id_t context_handle,
|
||||
}
|
||||
HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
|
||||
if(skey == NULL)
|
||||
return GSS_S_FAILURE;
|
||||
return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */
|
||||
*key = skey;
|
||||
return 0;
|
||||
}
|
||||
@@ -109,7 +116,7 @@ gss_wrap_size_limit (
|
||||
OM_uint32 ret;
|
||||
krb5_keytype keytype;
|
||||
|
||||
ret = gss_krb5_get_localkey(context_handle, &key);
|
||||
ret = gss_krb5_get_subkey(context_handle, &key);
|
||||
if (ret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = ret;
|
||||
@@ -448,7 +455,7 @@ OM_uint32 gss_wrap
|
||||
OM_uint32 ret;
|
||||
krb5_keytype keytype;
|
||||
|
||||
ret = gss_krb5_get_localkey(context_handle, &key);
|
||||
ret = gss_krb5_get_subkey(context_handle, &key);
|
||||
if (ret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = ret;
|
||||
|
||||
Reference in New Issue
Block a user