checksum the header last in MIC token, update to -03
From: Luke Howard <lukeh@padl.com> git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13082 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
@@ -35,7 +35,7 @@
|
|||||||
RCSID("$Id$");
|
RCSID("$Id$");
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Implementation of draft-ietf-krb-wg-gssapi-cfx-02.txt
|
* Implementation of draft-ietf-krb-wg-gssapi-cfx-03.txt
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#define SentByAcceptor (1 << 0)
|
#define SentByAcceptor (1 << 0)
|
||||||
@@ -634,7 +634,7 @@ OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status,
|
|||||||
return GSS_S_FAILURE;
|
return GSS_S_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
len = sizeof(*token) + message_buffer->length;
|
len = message_buffer->length + sizeof(*token);
|
||||||
buf = malloc(len);
|
buf = malloc(len);
|
||||||
if (buf == NULL) {
|
if (buf == NULL) {
|
||||||
*minor_status = ENOMEM;
|
*minor_status = ENOMEM;
|
||||||
@@ -642,7 +642,9 @@ OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status,
|
|||||||
return GSS_S_FAILURE;
|
return GSS_S_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
token = (gss_cfx_mic_token)buf;
|
memcpy(buf, message_buffer->value, message_buffer->length);
|
||||||
|
|
||||||
|
token = (gss_cfx_mic_token)(buf + message_buffer->length);
|
||||||
token->TOK_ID[0] = 0x04;
|
token->TOK_ID[0] = 0x04;
|
||||||
token->TOK_ID[1] = 0x04;
|
token->TOK_ID[1] = 0x04;
|
||||||
token->Flags = 0;
|
token->Flags = 0;
|
||||||
@@ -661,8 +663,6 @@ OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status,
|
|||||||
++seq_number);
|
++seq_number);
|
||||||
HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
|
HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
|
||||||
|
|
||||||
memcpy(buf + sizeof(*token), message_buffer->value, message_buffer->length);
|
|
||||||
|
|
||||||
if (context_handle->more_flags & LOCAL) {
|
if (context_handle->more_flags & LOCAL) {
|
||||||
usage = KRB5_KU_USAGE_INITIATOR_SIGN;
|
usage = KRB5_KU_USAGE_INITIATOR_SIGN;
|
||||||
} else {
|
} else {
|
||||||
@@ -792,14 +792,14 @@ OM_uint32 _gssapi_verify_mic_cfx(OM_uint32 *minor_status,
|
|||||||
usage = KRB5_KU_USAGE_INITIATOR_SIGN;
|
usage = KRB5_KU_USAGE_INITIATOR_SIGN;
|
||||||
}
|
}
|
||||||
|
|
||||||
buf = malloc(sizeof(*token) + message_buffer->length);
|
buf = malloc(message_buffer->length + sizeof(*token));
|
||||||
if (buf == NULL) {
|
if (buf == NULL) {
|
||||||
*minor_status = ENOMEM;
|
*minor_status = ENOMEM;
|
||||||
krb5_crypto_destroy(gssapi_krb5_context, crypto);
|
krb5_crypto_destroy(gssapi_krb5_context, crypto);
|
||||||
return GSS_S_FAILURE;
|
return GSS_S_FAILURE;
|
||||||
}
|
}
|
||||||
memcpy(buf, token, sizeof(*token));
|
memcpy(buf, message_buffer->value, message_buffer->length);
|
||||||
memcpy(buf + sizeof(*token), message_buffer->value, message_buffer->length);
|
memcpy(buf + message_buffer->length, token, sizeof(*token));
|
||||||
|
|
||||||
ret = krb5_verify_checksum(gssapi_krb5_context, crypto,
|
ret = krb5_verify_checksum(gssapi_krb5_context, crypto,
|
||||||
usage,
|
usage,
|
||||||
|
|||||||
@@ -35,7 +35,7 @@
|
|||||||
RCSID("$Id$");
|
RCSID("$Id$");
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Implementation of draft-ietf-krb-wg-gssapi-cfx-02.txt
|
* Implementation of draft-ietf-krb-wg-gssapi-cfx-03.txt
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#define SentByAcceptor (1 << 0)
|
#define SentByAcceptor (1 << 0)
|
||||||
@@ -634,7 +634,7 @@ OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status,
|
|||||||
return GSS_S_FAILURE;
|
return GSS_S_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
len = sizeof(*token) + message_buffer->length;
|
len = message_buffer->length + sizeof(*token);
|
||||||
buf = malloc(len);
|
buf = malloc(len);
|
||||||
if (buf == NULL) {
|
if (buf == NULL) {
|
||||||
*minor_status = ENOMEM;
|
*minor_status = ENOMEM;
|
||||||
@@ -642,7 +642,9 @@ OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status,
|
|||||||
return GSS_S_FAILURE;
|
return GSS_S_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
token = (gss_cfx_mic_token)buf;
|
memcpy(buf, message_buffer->value, message_buffer->length);
|
||||||
|
|
||||||
|
token = (gss_cfx_mic_token)(buf + message_buffer->length);
|
||||||
token->TOK_ID[0] = 0x04;
|
token->TOK_ID[0] = 0x04;
|
||||||
token->TOK_ID[1] = 0x04;
|
token->TOK_ID[1] = 0x04;
|
||||||
token->Flags = 0;
|
token->Flags = 0;
|
||||||
@@ -661,8 +663,6 @@ OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status,
|
|||||||
++seq_number);
|
++seq_number);
|
||||||
HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
|
HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
|
||||||
|
|
||||||
memcpy(buf + sizeof(*token), message_buffer->value, message_buffer->length);
|
|
||||||
|
|
||||||
if (context_handle->more_flags & LOCAL) {
|
if (context_handle->more_flags & LOCAL) {
|
||||||
usage = KRB5_KU_USAGE_INITIATOR_SIGN;
|
usage = KRB5_KU_USAGE_INITIATOR_SIGN;
|
||||||
} else {
|
} else {
|
||||||
@@ -792,14 +792,14 @@ OM_uint32 _gssapi_verify_mic_cfx(OM_uint32 *minor_status,
|
|||||||
usage = KRB5_KU_USAGE_INITIATOR_SIGN;
|
usage = KRB5_KU_USAGE_INITIATOR_SIGN;
|
||||||
}
|
}
|
||||||
|
|
||||||
buf = malloc(sizeof(*token) + message_buffer->length);
|
buf = malloc(message_buffer->length + sizeof(*token));
|
||||||
if (buf == NULL) {
|
if (buf == NULL) {
|
||||||
*minor_status = ENOMEM;
|
*minor_status = ENOMEM;
|
||||||
krb5_crypto_destroy(gssapi_krb5_context, crypto);
|
krb5_crypto_destroy(gssapi_krb5_context, crypto);
|
||||||
return GSS_S_FAILURE;
|
return GSS_S_FAILURE;
|
||||||
}
|
}
|
||||||
memcpy(buf, token, sizeof(*token));
|
memcpy(buf, message_buffer->value, message_buffer->length);
|
||||||
memcpy(buf + sizeof(*token), message_buffer->value, message_buffer->length);
|
memcpy(buf + message_buffer->length, token, sizeof(*token));
|
||||||
|
|
||||||
ret = krb5_verify_checksum(gssapi_krb5_context, crypto,
|
ret = krb5_verify_checksum(gssapi_krb5_context, crypto,
|
||||||
usage,
|
usage,
|
||||||
|
|||||||
Reference in New Issue
Block a user