diff --git a/lib/gssapi/get_mic.c b/lib/gssapi/get_mic.c index 43ccd06ac..f23cc20d2 100644 --- a/lib/gssapi/get_mic.c +++ b/lib/gssapi/get_mic.c @@ -54,7 +54,7 @@ mic_des int32_t seq_number; size_t len, total_len; - gssapi_krb5_encap_length (22, &len, &total_len); + gssapi_krb5_encap_length (22, &len, &total_len, GSS_KRB5_MECHANISM); message_token->length = total_len; message_token->value = malloc (total_len); @@ -65,7 +65,8 @@ mic_des p = gssapi_krb5_make_header(message_token->value, len, - "\x01\x01"); /* TOK_ID */ + "\x01\x01", /* TOK_ID */ + GSS_KRB5_MECHANISM); memcpy (p, "\x00\x00", 2); /* SGN_ALG = DES MAC MD5 */ p += 2; @@ -144,7 +145,7 @@ mic_des3 char *tmp; char ivec[8]; - gssapi_krb5_encap_length (36, &len, &total_len); + gssapi_krb5_encap_length (36, &len, &total_len, GSS_KRB5_MECHANISM); message_token->length = total_len; message_token->value = malloc (total_len); @@ -155,7 +156,8 @@ mic_des3 p = gssapi_krb5_make_header(message_token->value, len, - "\x01\x01"); /* TOK-ID */ + "\x01\x01", /* TOK-ID */ + GSS_KRB5_MECHANISM); memcpy (p, "\x04\x00", 2); /* SGN_ALG = HMAC SHA1 DES3-KD */ p += 2; @@ -285,10 +287,19 @@ OM_uint32 gss_get_mic ret = mic_des3 (minor_status, context_handle, qop_req, message_buffer, message_token, key); break; - default : - *minor_status = KRB5_PROG_ETYPE_NOSUPP; + case KEYTYPE_ARCFOUR: + *minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP; ret = GSS_S_FAILURE; break; + default : +#ifdef HAVE_GSSAPI_CFX + ret = mic_cfx (minor_status, context_handle, qop_req, + message_buffer, message_token, key); +#else + *minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP; + ret = GSS_S_FAILURE; +#endif + break; } krb5_free_keyblock (gssapi_krb5_context, key); return ret; diff --git a/lib/gssapi/krb5/get_mic.c b/lib/gssapi/krb5/get_mic.c index 43ccd06ac..f23cc20d2 100644 --- a/lib/gssapi/krb5/get_mic.c +++ b/lib/gssapi/krb5/get_mic.c @@ -54,7 +54,7 @@ mic_des int32_t seq_number; size_t len, total_len; - gssapi_krb5_encap_length (22, &len, &total_len); + gssapi_krb5_encap_length (22, &len, &total_len, GSS_KRB5_MECHANISM); message_token->length = total_len; message_token->value = malloc (total_len); @@ -65,7 +65,8 @@ mic_des p = gssapi_krb5_make_header(message_token->value, len, - "\x01\x01"); /* TOK_ID */ + "\x01\x01", /* TOK_ID */ + GSS_KRB5_MECHANISM); memcpy (p, "\x00\x00", 2); /* SGN_ALG = DES MAC MD5 */ p += 2; @@ -144,7 +145,7 @@ mic_des3 char *tmp; char ivec[8]; - gssapi_krb5_encap_length (36, &len, &total_len); + gssapi_krb5_encap_length (36, &len, &total_len, GSS_KRB5_MECHANISM); message_token->length = total_len; message_token->value = malloc (total_len); @@ -155,7 +156,8 @@ mic_des3 p = gssapi_krb5_make_header(message_token->value, len, - "\x01\x01"); /* TOK-ID */ + "\x01\x01", /* TOK-ID */ + GSS_KRB5_MECHANISM); memcpy (p, "\x04\x00", 2); /* SGN_ALG = HMAC SHA1 DES3-KD */ p += 2; @@ -285,10 +287,19 @@ OM_uint32 gss_get_mic ret = mic_des3 (minor_status, context_handle, qop_req, message_buffer, message_token, key); break; - default : - *minor_status = KRB5_PROG_ETYPE_NOSUPP; + case KEYTYPE_ARCFOUR: + *minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP; ret = GSS_S_FAILURE; break; + default : +#ifdef HAVE_GSSAPI_CFX + ret = mic_cfx (minor_status, context_handle, qop_req, + message_buffer, message_token, key); +#else + *minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP; + ret = GSS_S_FAILURE; +#endif + break; } krb5_free_keyblock (gssapi_krb5_context, key); return ret; diff --git a/lib/gssapi/krb5/unwrap.c b/lib/gssapi/krb5/unwrap.c index 5118879b8..eb55b8309 100644 --- a/lib/gssapi/krb5/unwrap.c +++ b/lib/gssapi/krb5/unwrap.c @@ -88,7 +88,8 @@ unwrap_des p = input_message_buffer->value; ret = gssapi_krb5_verify_header (&p, input_message_buffer->length, - "\x02\x01"); + "\x02\x01", + GSS_KRB5_MECHANISM); if (ret) return ret; @@ -226,7 +227,8 @@ unwrap_des3 p = input_message_buffer->value; ret = gssapi_krb5_verify_header (&p, input_message_buffer->length, - "\x02\x01"); + "\x02\x01", + GSS_KRB5_MECHANISM); if (ret) return ret; @@ -426,10 +428,20 @@ OM_uint32 gss_unwrap input_message_buffer, output_message_buffer, conf_state, qop_state, key); break; - default : - *minor_status = KRB5_PROG_ETYPE_NOSUPP; + case KEYTYPE_ARCFOUR: + *minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP; ret = GSS_S_FAILURE; break; + default : +#ifdef HAVE_GSSAPI_CFX + ret = unwrap_cfx (minor_status, context_handle, + input_message_buffer, output_message_buffer, + conf_state, qop_state, key); +#else + *minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP; + ret = GSS_S_FAILURE; +#endif + break; } krb5_free_keyblock (gssapi_krb5_context, key); return ret; diff --git a/lib/gssapi/krb5/verify_mic.c b/lib/gssapi/krb5/verify_mic.c index 6fa7e0b92..0111ce4b0 100644 --- a/lib/gssapi/krb5/verify_mic.c +++ b/lib/gssapi/krb5/verify_mic.c @@ -59,7 +59,8 @@ verify_mic_des p = token_buffer->value; ret = gssapi_krb5_verify_header (&p, token_buffer->length, - type); + type, + GSS_KRB5_MECHANISM); if (ret) return ret; @@ -151,7 +152,8 @@ verify_mic_des3 p = token_buffer->value; ret = gssapi_krb5_verify_header (&p, token_buffer->length, - type); + type, + GSS_KRB5_MECHANISM); if (ret) return ret; @@ -295,10 +297,19 @@ gss_verify_mic_internal message_buffer, token_buffer, qop_state, key, type); break; - default : - *minor_status = KRB5_PROG_ETYPE_NOSUPP; + case KEYTYPE_ARCFOUR : + *minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP; ret = GSS_S_FAILURE; break; + default : +#ifdef HAVE_GSSAPI_CFX + ret = verify_mic_cfx (minor_status, context_handle, + message_buffer, token_buffer, qop_state, key); +#else + *minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP; + ret = GSS_S_FAILURE; +#endif + break; } krb5_free_keyblock (gssapi_krb5_context, key); diff --git a/lib/gssapi/krb5/wrap.c b/lib/gssapi/krb5/wrap.c index 9ce0a1240..273cb1cb1 100644 --- a/lib/gssapi/krb5/wrap.c +++ b/lib/gssapi/krb5/wrap.c @@ -72,7 +72,7 @@ sub_wrap_size ( len = 8 + req_output_size + blocksize + extrasize; - gssapi_krb5_encap_length(len, &len, &total_len); + gssapi_krb5_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM); total_len -= req_output_size; /* token length */ if (total_len < req_output_size) { @@ -108,14 +108,20 @@ gss_wrap_size_limit ( switch (keytype) { case KEYTYPE_DES : + case KEYTYPE_ARCFOUR: ret = sub_wrap_size(req_output_size, max_input_size, 8, 22); break; case KEYTYPE_DES3 : ret = sub_wrap_size(req_output_size, max_input_size, 8, 34); break; default : - *minor_status = KRB5_PROG_ETYPE_NOSUPP; +#ifdef HAVE_GSSAPI_CFX + ret = wrap_size_cfx(minor_status, context_handle, conf_req_flag, + qop_req, req_output_size, max_input_size, key); +#else + *minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP; ret = GSS_S_FAILURE; +#endif break; } krb5_free_keyblock (gssapi_krb5_context, key); @@ -148,7 +154,7 @@ wrap_des padlength = 8 - (input_message_buffer->length % 8); datalen = input_message_buffer->length + padlength + 8; len = datalen + 22; - gssapi_krb5_encap_length (len, &len, &total_len); + gssapi_krb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); output_message_buffer->length = total_len; output_message_buffer->value = malloc (total_len); @@ -159,7 +165,8 @@ wrap_des p = gssapi_krb5_make_header(output_message_buffer->value, len, - "\x02\x01"); /* TOK_ID */ + "\x02\x01", /* TOK_ID */ + GSS_KRB5_MECHANISM); /* SGN_ALG */ memcpy (p, "\x00\x00", 2); @@ -271,7 +278,7 @@ wrap_des3 padlength = 8 - (input_message_buffer->length % 8); datalen = input_message_buffer->length + padlength + 8; len = datalen + 34; - gssapi_krb5_encap_length (len, &len, &total_len); + gssapi_krb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); output_message_buffer->length = total_len; output_message_buffer->value = malloc (total_len); @@ -282,7 +289,8 @@ wrap_des3 p = gssapi_krb5_make_header(output_message_buffer->value, len, - "\x02\x01"); /* TOK_ID */ + "\x02\x01", /* TOK_ID */ + GSS_KRB5_MECHANISM); /* SGN_ALG */ memcpy (p, "\x04\x00", 2); /* HMAC SHA1 DES3-KD */ @@ -452,10 +460,20 @@ OM_uint32 gss_wrap qop_req, input_message_buffer, conf_state, output_message_buffer, key); break; - default : - *minor_status = KRB5_PROG_ETYPE_NOSUPP; + case KEYTYPE_ARCFOUR: + *minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP; ret = GSS_S_FAILURE; break; + default : +#ifdef HAVE_GSSAPI_CFX + ret = wrap_cfx (minor_status, context_handle, conf_req_flag, + qop_req, input_message_buffer, conf_state, + output_message_buffer, key); +#else + *minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP; + ret = GSS_S_FAILURE; +#endif + break; } krb5_free_keyblock (gssapi_krb5_context, key); return ret; diff --git a/lib/gssapi/unwrap.c b/lib/gssapi/unwrap.c index 5118879b8..eb55b8309 100644 --- a/lib/gssapi/unwrap.c +++ b/lib/gssapi/unwrap.c @@ -88,7 +88,8 @@ unwrap_des p = input_message_buffer->value; ret = gssapi_krb5_verify_header (&p, input_message_buffer->length, - "\x02\x01"); + "\x02\x01", + GSS_KRB5_MECHANISM); if (ret) return ret; @@ -226,7 +227,8 @@ unwrap_des3 p = input_message_buffer->value; ret = gssapi_krb5_verify_header (&p, input_message_buffer->length, - "\x02\x01"); + "\x02\x01", + GSS_KRB5_MECHANISM); if (ret) return ret; @@ -426,10 +428,20 @@ OM_uint32 gss_unwrap input_message_buffer, output_message_buffer, conf_state, qop_state, key); break; - default : - *minor_status = KRB5_PROG_ETYPE_NOSUPP; + case KEYTYPE_ARCFOUR: + *minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP; ret = GSS_S_FAILURE; break; + default : +#ifdef HAVE_GSSAPI_CFX + ret = unwrap_cfx (minor_status, context_handle, + input_message_buffer, output_message_buffer, + conf_state, qop_state, key); +#else + *minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP; + ret = GSS_S_FAILURE; +#endif + break; } krb5_free_keyblock (gssapi_krb5_context, key); return ret; diff --git a/lib/gssapi/verify_mic.c b/lib/gssapi/verify_mic.c index 6fa7e0b92..0111ce4b0 100644 --- a/lib/gssapi/verify_mic.c +++ b/lib/gssapi/verify_mic.c @@ -59,7 +59,8 @@ verify_mic_des p = token_buffer->value; ret = gssapi_krb5_verify_header (&p, token_buffer->length, - type); + type, + GSS_KRB5_MECHANISM); if (ret) return ret; @@ -151,7 +152,8 @@ verify_mic_des3 p = token_buffer->value; ret = gssapi_krb5_verify_header (&p, token_buffer->length, - type); + type, + GSS_KRB5_MECHANISM); if (ret) return ret; @@ -295,10 +297,19 @@ gss_verify_mic_internal message_buffer, token_buffer, qop_state, key, type); break; - default : - *minor_status = KRB5_PROG_ETYPE_NOSUPP; + case KEYTYPE_ARCFOUR : + *minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP; ret = GSS_S_FAILURE; break; + default : +#ifdef HAVE_GSSAPI_CFX + ret = verify_mic_cfx (minor_status, context_handle, + message_buffer, token_buffer, qop_state, key); +#else + *minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP; + ret = GSS_S_FAILURE; +#endif + break; } krb5_free_keyblock (gssapi_krb5_context, key); diff --git a/lib/gssapi/wrap.c b/lib/gssapi/wrap.c index 9ce0a1240..273cb1cb1 100644 --- a/lib/gssapi/wrap.c +++ b/lib/gssapi/wrap.c @@ -72,7 +72,7 @@ sub_wrap_size ( len = 8 + req_output_size + blocksize + extrasize; - gssapi_krb5_encap_length(len, &len, &total_len); + gssapi_krb5_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM); total_len -= req_output_size; /* token length */ if (total_len < req_output_size) { @@ -108,14 +108,20 @@ gss_wrap_size_limit ( switch (keytype) { case KEYTYPE_DES : + case KEYTYPE_ARCFOUR: ret = sub_wrap_size(req_output_size, max_input_size, 8, 22); break; case KEYTYPE_DES3 : ret = sub_wrap_size(req_output_size, max_input_size, 8, 34); break; default : - *minor_status = KRB5_PROG_ETYPE_NOSUPP; +#ifdef HAVE_GSSAPI_CFX + ret = wrap_size_cfx(minor_status, context_handle, conf_req_flag, + qop_req, req_output_size, max_input_size, key); +#else + *minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP; ret = GSS_S_FAILURE; +#endif break; } krb5_free_keyblock (gssapi_krb5_context, key); @@ -148,7 +154,7 @@ wrap_des padlength = 8 - (input_message_buffer->length % 8); datalen = input_message_buffer->length + padlength + 8; len = datalen + 22; - gssapi_krb5_encap_length (len, &len, &total_len); + gssapi_krb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); output_message_buffer->length = total_len; output_message_buffer->value = malloc (total_len); @@ -159,7 +165,8 @@ wrap_des p = gssapi_krb5_make_header(output_message_buffer->value, len, - "\x02\x01"); /* TOK_ID */ + "\x02\x01", /* TOK_ID */ + GSS_KRB5_MECHANISM); /* SGN_ALG */ memcpy (p, "\x00\x00", 2); @@ -271,7 +278,7 @@ wrap_des3 padlength = 8 - (input_message_buffer->length % 8); datalen = input_message_buffer->length + padlength + 8; len = datalen + 34; - gssapi_krb5_encap_length (len, &len, &total_len); + gssapi_krb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); output_message_buffer->length = total_len; output_message_buffer->value = malloc (total_len); @@ -282,7 +289,8 @@ wrap_des3 p = gssapi_krb5_make_header(output_message_buffer->value, len, - "\x02\x01"); /* TOK_ID */ + "\x02\x01", /* TOK_ID */ + GSS_KRB5_MECHANISM); /* SGN_ALG */ memcpy (p, "\x04\x00", 2); /* HMAC SHA1 DES3-KD */ @@ -452,10 +460,20 @@ OM_uint32 gss_wrap qop_req, input_message_buffer, conf_state, output_message_buffer, key); break; - default : - *minor_status = KRB5_PROG_ETYPE_NOSUPP; + case KEYTYPE_ARCFOUR: + *minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP; ret = GSS_S_FAILURE; break; + default : +#ifdef HAVE_GSSAPI_CFX + ret = wrap_cfx (minor_status, context_handle, conf_req_flag, + qop_req, input_message_buffer, conf_state, + output_message_buffer, key); +#else + *minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP; + ret = GSS_S_FAILURE; +#endif + break; } krb5_free_keyblock (gssapi_krb5_context, key); return ret;