From 9e2b28b78988825281d3ea60b627fad53d508b3a Mon Sep 17 00:00:00 2001 From: Assar Westerlund Date: Mon, 16 Jun 1997 03:44:15 +0000 Subject: [PATCH] (gss_accept_sec_context): Set KRB5_AUTH_CONTEXT_DO_SEQUENCE. Verify 8003 checksum. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@1914 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/gssapi/accept_sec_context.c | 34 ++++++++++++++++++++++++++++ lib/gssapi/krb5/accept_sec_context.c | 34 ++++++++++++++++++++++++++++ 2 files changed, 68 insertions(+) diff --git a/lib/gssapi/accept_sec_context.c b/lib/gssapi/accept_sec_context.c index 736813a53..c3b81dc4e 100644 --- a/lib/gssapi/accept_sec_context.c +++ b/lib/gssapi/accept_sec_context.c @@ -22,6 +22,7 @@ OM_uint32 gss_accept_sec_context krb5_flags ap_options; OM_uint32 flags; krb5_ticket *ticket; + Checksum cksum; gssapi_krb5_init (); @@ -42,6 +43,18 @@ OM_uint32 gss_accept_sec_context goto failure; } + { + int32_t tmp; + + krb5_auth_con_getflags(gssapi_krb5_context, + &(*context_handle)->auth_context, + &tmp); + tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE; + krb5_auth_con_setflags(gssapi_krb5_context, + &(*context_handle)->auth_context, + tmp); + } + ret = gssapi_krb5_decapsulate (input_token_buffer, &indata, "\x01\x00"); @@ -84,6 +97,27 @@ OM_uint32 gss_accept_sec_context flags |= GSS_C_CONF_FLAG; flags |= GSS_C_INTEG_FLAG; + kret = gssapi_krb5_create_8003_checksum (input_chan_bindings, + flags, + &cksum); + + if (kret) { + ret = GSS_S_FAILURE; + goto failure; + } + + { + Checksum *c2 = &(*context_handle)->auth_context->authenticator->cksum; + if (cksum.cksumtype != c2->cksumtype || + cksum.checksum.length != c2->checksum.length || + memcmp(cksum.checksum.data, + c2->checksum.data, + cksum.checksum.length)) { + ret = GSS_S_FAILURE; + goto failure; + } + } + if (ret_flags) *ret_flags = flags; (*context_handle)->flags = flags; diff --git a/lib/gssapi/krb5/accept_sec_context.c b/lib/gssapi/krb5/accept_sec_context.c index 736813a53..c3b81dc4e 100644 --- a/lib/gssapi/krb5/accept_sec_context.c +++ b/lib/gssapi/krb5/accept_sec_context.c @@ -22,6 +22,7 @@ OM_uint32 gss_accept_sec_context krb5_flags ap_options; OM_uint32 flags; krb5_ticket *ticket; + Checksum cksum; gssapi_krb5_init (); @@ -42,6 +43,18 @@ OM_uint32 gss_accept_sec_context goto failure; } + { + int32_t tmp; + + krb5_auth_con_getflags(gssapi_krb5_context, + &(*context_handle)->auth_context, + &tmp); + tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE; + krb5_auth_con_setflags(gssapi_krb5_context, + &(*context_handle)->auth_context, + tmp); + } + ret = gssapi_krb5_decapsulate (input_token_buffer, &indata, "\x01\x00"); @@ -84,6 +97,27 @@ OM_uint32 gss_accept_sec_context flags |= GSS_C_CONF_FLAG; flags |= GSS_C_INTEG_FLAG; + kret = gssapi_krb5_create_8003_checksum (input_chan_bindings, + flags, + &cksum); + + if (kret) { + ret = GSS_S_FAILURE; + goto failure; + } + + { + Checksum *c2 = &(*context_handle)->auth_context->authenticator->cksum; + if (cksum.cksumtype != c2->cksumtype || + cksum.checksum.length != c2->checksum.length || + memcmp(cksum.checksum.data, + c2->checksum.data, + cksum.checksum.length)) { + ret = GSS_S_FAILURE; + goto failure; + } + } + if (ret_flags) *ret_flags = flags; (*context_handle)->flags = flags;