oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

use gss_krb5_get_subkey() instead of gss_krb5_get_{local,remote}key()

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14450 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Luke Howard
2005-01-05 02:32:44 +00:00
parent 33c4663ba5
commit 847cb0fa5b
10 changed files with 58 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/gssapi/get_mic.c
View File

@@ -270,7 +270,7 @@ OM_uint32 gss_get_mic
OM_uint32 ret; OM_uint32 ret;
krb5_keytype keytype; krb5_keytype keytype;
ret = gss_krb5_get_localkey(context_handle, &key); ret = gss_krb5_get_subkey(context_handle, &key);
if (ret) { if (ret) {
gssapi_krb5_set_error_string (); gssapi_krb5_set_error_string ();
*minor_status = ret; *minor_status = ret;

8
lib/gssapi/gssapi_locl.h
View File

@@ -209,12 +209,8 @@ gss_verify_mic_internal(OM_uint32 * minor_status,
char * type); char * type);
OM_uint32 OM_uint32
gss_krb5_get_remotekey(const gss_ctx_id_t context_handle, gss_krb5_get_subkey(const gss_ctx_id_t context_handle,
krb5_keyblock **key); krb5_keyblock **key);
OM_uint32
gss_krb5_get_localkey(const gss_ctx_id_t context_handle,
krb5_keyblock **key);
krb5_error_code krb5_error_code
gss_address_to_krb5addr(OM_uint32 gss_addr_type, gss_address_to_krb5addr(OM_uint32 gss_addr_type,

2
lib/gssapi/krb5/get_mic.c
View File

@@ -270,7 +270,7 @@ OM_uint32 gss_get_mic
OM_uint32 ret; OM_uint32 ret;
krb5_keytype keytype; krb5_keytype keytype;
ret = gss_krb5_get_localkey(context_handle, &key); ret = gss_krb5_get_subkey(context_handle, &key);
if (ret) { if (ret) {
gssapi_krb5_set_error_string (); gssapi_krb5_set_error_string ();
*minor_status = ret; *minor_status = ret;

8
lib/gssapi/krb5/gssapi_locl.h
View File

@@ -209,12 +209,8 @@ gss_verify_mic_internal(OM_uint32 * minor_status,
char * type); char * type);
OM_uint32 OM_uint32
gss_krb5_get_remotekey(const gss_ctx_id_t context_handle, gss_krb5_get_subkey(const gss_ctx_id_t context_handle,
krb5_keyblock **key); krb5_keyblock **key);
OM_uint32
gss_krb5_get_localkey(const gss_ctx_id_t context_handle,
krb5_keyblock **key);
krb5_error_code krb5_error_code
gss_address_to_krb5addr(OM_uint32 gss_addr_type, gss_address_to_krb5addr(OM_uint32 gss_addr_type,

40
lib/gssapi/krb5/unwrap.c
View File

@@ -35,44 +35,6 @@
RCSID("$Id$"); RCSID("$Id$");
OM_uint32
gss_krb5_get_remotekey(const gss_ctx_id_t context_handle,
krb5_keyblock **key)
{
krb5_keyblock *skey;
HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
if (context_handle->more_flags & ACCEPTOR_SUBKEY) {
if (context_handle->more_flags & LOCAL)
krb5_auth_con_getremotesubkey(gssapi_krb5_context,
context_handle->auth_context,
&skey);
else
krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
context_handle->auth_context,
&skey);
} else {
krb5_auth_con_getremotesubkey(gssapi_krb5_context,
context_handle->auth_context,
&skey);
if(skey == NULL)
krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
context_handle->auth_context,
&skey);
if(skey == NULL)
krb5_auth_con_getkey(gssapi_krb5_context,
context_handle->auth_context,
&skey);
if(skey == NULL) {
HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */
}
}
HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
*key = skey;
return 0;
}
static OM_uint32 static OM_uint32
unwrap_des unwrap_des
(OM_uint32 * minor_status, (OM_uint32 * minor_status,
@@ -413,7 +375,7 @@ OM_uint32 gss_unwrap
if (qop_state != NULL) if (qop_state != NULL)
*qop_state = GSS_C_QOP_DEFAULT; *qop_state = GSS_C_QOP_DEFAULT;
ret = gss_krb5_get_remotekey(context_handle, &key); ret = gss_krb5_get_subkey(context_handle, &key);
if (ret) { if (ret) {
gssapi_krb5_set_error_string (); gssapi_krb5_set_error_string ();
*minor_status = ret; *minor_status = ret;

2
lib/gssapi/krb5/verify_mic.c
View File

@@ -278,7 +278,7 @@ gss_verify_mic_internal
OM_uint32 ret; OM_uint32 ret;
krb5_keytype keytype; krb5_keytype keytype;
ret = gss_krb5_get_remotekey(context_handle, &key); ret = gss_krb5_get_subkey(context_handle, &key);
if (ret) { if (ret) {
gssapi_krb5_set_error_string (); gssapi_krb5_set_error_string ();
*minor_status = ret; *minor_status = ret;

41
lib/gssapi/krb5/wrap.c
View File

@@ -36,29 +36,36 @@
RCSID("$Id$"); RCSID("$Id$");
OM_uint32 OM_uint32
gss_krb5_get_localkey(const gss_ctx_id_t context_handle, gss_krb5_get_subkey(const gss_ctx_id_t context_handle,
krb5_keyblock **key) krb5_keyblock **key)
{ {
krb5_keyblock *skey; krb5_keyblock *skey = NULL;
HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
if (context_handle->more_flags & ACCEPTOR_SUBKEY) { if (context_handle->more_flags & LOCAL) {
if (context_handle->more_flags & LOCAL) krb5_auth_con_getremotesubkey(gssapi_krb5_context,
krb5_auth_con_getremotesubkey(gssapi_krb5_context, context_handle->auth_context,
context_handle->auth_context, &skey);
&skey);
else
krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
context_handle->auth_context,
&skey);
} else { } else {
krb5_auth_con_getlocalsubkey(gssapi_krb5_context, krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
context_handle->auth_context, context_handle->auth_context,
&skey); &skey);
if(skey == NULL) }
/*
* Only use the initiator subkey or ticket session key if
* an acceptor subkey was not required.
*/
if (skey == NULL &&
(context_handle->more_flags & ACCEPTOR_SUBKEY) == 0) {
if (context_handle->more_flags & LOCAL) {
krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
context_handle->auth_context,
&skey);
} else {
krb5_auth_con_getremotesubkey(gssapi_krb5_context, krb5_auth_con_getremotesubkey(gssapi_krb5_context,
context_handle->auth_context, context_handle->auth_context,
&skey); &skey);
}
if(skey == NULL) if(skey == NULL)
krb5_auth_con_getkey(gssapi_krb5_context, krb5_auth_con_getkey(gssapi_krb5_context,
context_handle->auth_context, context_handle->auth_context,
@@ -66,7 +73,7 @@ gss_krb5_get_localkey(const gss_ctx_id_t context_handle,
} }
HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
if(skey == NULL) if(skey == NULL)
return GSS_S_FAILURE; return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */
*key = skey; *key = skey;
return 0; return 0;
} }
@@ -109,7 +116,7 @@ gss_wrap_size_limit (
OM_uint32 ret; OM_uint32 ret;
krb5_keytype keytype; krb5_keytype keytype;
ret = gss_krb5_get_localkey(context_handle, &key); ret = gss_krb5_get_subkey(context_handle, &key);
if (ret) { if (ret) {
gssapi_krb5_set_error_string (); gssapi_krb5_set_error_string ();
*minor_status = ret; *minor_status = ret;
@@ -448,7 +455,7 @@ OM_uint32 gss_wrap
OM_uint32 ret; OM_uint32 ret;
krb5_keytype keytype; krb5_keytype keytype;
ret = gss_krb5_get_localkey(context_handle, &key); ret = gss_krb5_get_subkey(context_handle, &key);
if (ret) { if (ret) {
gssapi_krb5_set_error_string (); gssapi_krb5_set_error_string ();
*minor_status = ret; *minor_status = ret;

40
lib/gssapi/unwrap.c
View File

@@ -35,44 +35,6 @@
RCSID("$Id$"); RCSID("$Id$");
OM_uint32
gss_krb5_get_remotekey(const gss_ctx_id_t context_handle,
krb5_keyblock **key)
{
krb5_keyblock *skey;
HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
if (context_handle->more_flags & ACCEPTOR_SUBKEY) {
if (context_handle->more_flags & LOCAL)
krb5_auth_con_getremotesubkey(gssapi_krb5_context,
context_handle->auth_context,
&skey);
else
krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
context_handle->auth_context,
&skey);
} else {
krb5_auth_con_getremotesubkey(gssapi_krb5_context,
context_handle->auth_context,
&skey);
if(skey == NULL)
krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
context_handle->auth_context,
&skey);
if(skey == NULL)
krb5_auth_con_getkey(gssapi_krb5_context,
context_handle->auth_context,
&skey);
if(skey == NULL) {
HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */
}
}
HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
*key = skey;
return 0;
}
static OM_uint32 static OM_uint32
unwrap_des unwrap_des
(OM_uint32 * minor_status, (OM_uint32 * minor_status,
@@ -413,7 +375,7 @@ OM_uint32 gss_unwrap
if (qop_state != NULL) if (qop_state != NULL)
*qop_state = GSS_C_QOP_DEFAULT; *qop_state = GSS_C_QOP_DEFAULT;
ret = gss_krb5_get_remotekey(context_handle, &key); ret = gss_krb5_get_subkey(context_handle, &key);
if (ret) { if (ret) {
gssapi_krb5_set_error_string (); gssapi_krb5_set_error_string ();
*minor_status = ret; *minor_status = ret;

2
lib/gssapi/verify_mic.c
View File

@@ -278,7 +278,7 @@ gss_verify_mic_internal
OM_uint32 ret; OM_uint32 ret;
krb5_keytype keytype; krb5_keytype keytype;
ret = gss_krb5_get_remotekey(context_handle, &key); ret = gss_krb5_get_subkey(context_handle, &key);
if (ret) { if (ret) {
gssapi_krb5_set_error_string (); gssapi_krb5_set_error_string ();
*minor_status = ret; *minor_status = ret;

41
lib/gssapi/wrap.c
View File

@@ -36,29 +36,36 @@
RCSID("$Id$"); RCSID("$Id$");
OM_uint32 OM_uint32
gss_krb5_get_localkey(const gss_ctx_id_t context_handle, gss_krb5_get_subkey(const gss_ctx_id_t context_handle,
krb5_keyblock **key) krb5_keyblock **key)
{ {
krb5_keyblock *skey; krb5_keyblock *skey = NULL;
HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
if (context_handle->more_flags & ACCEPTOR_SUBKEY) { if (context_handle->more_flags & LOCAL) {
if (context_handle->more_flags & LOCAL) krb5_auth_con_getremotesubkey(gssapi_krb5_context,
krb5_auth_con_getremotesubkey(gssapi_krb5_context, context_handle->auth_context,
context_handle->auth_context, &skey);
&skey);
else
krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
context_handle->auth_context,
&skey);
} else { } else {
krb5_auth_con_getlocalsubkey(gssapi_krb5_context, krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
context_handle->auth_context, context_handle->auth_context,
&skey); &skey);
if(skey == NULL) }
/*
* Only use the initiator subkey or ticket session key if
* an acceptor subkey was not required.
*/
if (skey == NULL &&
(context_handle->more_flags & ACCEPTOR_SUBKEY) == 0) {
if (context_handle->more_flags & LOCAL) {
krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
context_handle->auth_context,
&skey);
} else {
krb5_auth_con_getremotesubkey(gssapi_krb5_context, krb5_auth_con_getremotesubkey(gssapi_krb5_context,
context_handle->auth_context, context_handle->auth_context,
&skey); &skey);
}
if(skey == NULL) if(skey == NULL)
krb5_auth_con_getkey(gssapi_krb5_context, krb5_auth_con_getkey(gssapi_krb5_context,
context_handle->auth_context, context_handle->auth_context,
@@ -66,7 +73,7 @@ gss_krb5_get_localkey(const gss_ctx_id_t context_handle,
} }
HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
if(skey == NULL) if(skey == NULL)
return GSS_S_FAILURE; return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */
*key = skey; *key = skey;
return 0; return 0;
} }
@@ -109,7 +116,7 @@ gss_wrap_size_limit (
OM_uint32 ret; OM_uint32 ret;
krb5_keytype keytype; krb5_keytype keytype;
ret = gss_krb5_get_localkey(context_handle, &key); ret = gss_krb5_get_subkey(context_handle, &key);
if (ret) { if (ret) {
gssapi_krb5_set_error_string (); gssapi_krb5_set_error_string ();
*minor_status = ret; *minor_status = ret;
@@ -448,7 +455,7 @@ OM_uint32 gss_wrap
OM_uint32 ret; OM_uint32 ret;
krb5_keytype keytype; krb5_keytype keytype;
ret = gss_krb5_get_localkey(context_handle, &key); ret = gss_krb5_get_subkey(context_handle, &key);
if (ret) { if (ret) {
gssapi_krb5_set_error_string (); gssapi_krb5_set_error_string ();
*minor_status = ret; *minor_status = ret;