oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

add AcceptorSubkey (but no code understand it yet)

Browse Source 
ignore unknown token flags


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13181 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2003-12-04 11:16:38 +00:00
parent b128760208
commit c5d2778488
2 changed files with 22 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
lib/gssapi/cfx.c
View File

@@ -40,6 +40,7 @@ RCSID("$Id$");
#define SentByAcceptor (1 << 0) #define SentByAcceptor (1 << 0)
#define Sealed (1 << 1) #define Sealed (1 << 1)
#define AcceptorSubkey (1 << 2)
static krb5_error_code static krb5_error_code
wrap_length_cfx(krb5_crypto crypto, wrap_length_cfx(krb5_crypto crypto,
@@ -416,6 +417,7 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
{ {
krb5_crypto crypto; krb5_crypto crypto;
gss_cfx_wrap_token token; gss_cfx_wrap_token token;
u_char token_flags;
krb5_error_code ret; krb5_error_code ret;
unsigned usage; unsigned usage;
krb5_data data; krb5_data data;
@@ -438,12 +440,10 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
return GSS_S_DEFECTIVE_TOKEN; return GSS_S_DEFECTIVE_TOKEN;
} }
/* Reject unknown flags */ /* Ignore unknown flags */
if (token->Flags & ~(SentByAcceptor | Sealed)) { token_flags = token->Flags & (SentByAcceptor | Sealed | AcceptorSubkey);
return GSS_S_DEFECTIVE_TOKEN;
}
if (token->Flags & SentByAcceptor) { if (token_flags & SentByAcceptor) {
if ((context_handle->more_flags & LOCAL) == 0) if ((context_handle->more_flags & LOCAL) == 0)
return GSS_S_DEFECTIVE_TOKEN; return GSS_S_DEFECTIVE_TOKEN;
} }
@@ -453,7 +453,7 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
} }
if (conf_state != NULL) { if (conf_state != NULL) {
*conf_state = (token->Flags & Sealed) ? 1 : 0; *conf_state = (token_flags & Sealed) ? 1 : 0;
} }
ec = (token->EC[0] << 8) | token->EC[1]; ec = (token->EC[0] << 8) | token->EC[1];
@@ -507,7 +507,7 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
return GSS_S_FAILURE; return GSS_S_FAILURE;
} }
if (token->Flags & Sealed) { if (token_flags & Sealed) {
ret = krb5_decrypt(gssapi_krb5_context, crypto, usage, ret = krb5_decrypt(gssapi_krb5_context, crypto, usage,
p, len, &data); p, len, &data);
if (ret != 0) { if (ret != 0) {
@@ -710,6 +710,7 @@ OM_uint32 _gssapi_verify_mic_cfx(OM_uint32 *minor_status,
{ {
krb5_crypto crypto; krb5_crypto crypto;
gss_cfx_mic_token token; gss_cfx_mic_token token;
u_char token_flags;
krb5_error_code ret; krb5_error_code ret;
unsigned usage; unsigned usage;
OM_uint32 seq_number_lo, seq_number_hi; OM_uint32 seq_number_lo, seq_number_hi;
@@ -730,12 +731,10 @@ OM_uint32 _gssapi_verify_mic_cfx(OM_uint32 *minor_status,
return GSS_S_DEFECTIVE_TOKEN; return GSS_S_DEFECTIVE_TOKEN;
} }
/* Reject unknown flags */ /* Ignore unknown flags */
if (token->Flags & ~(SentByAcceptor)) { token_flags = token->Flags & SentByAcceptor;
return GSS_S_DEFECTIVE_TOKEN;
}
if (token->Flags & SentByAcceptor) { if (token_flags & SentByAcceptor) {
if ((context_handle->more_flags & LOCAL) == 0) if ((context_handle->more_flags & LOCAL) == 0)
return GSS_S_DEFECTIVE_TOKEN; return GSS_S_DEFECTIVE_TOKEN;
} }

23
lib/gssapi/krb5/cfx.c
View File

@@ -40,6 +40,7 @@ RCSID("$Id$");
#define SentByAcceptor (1 << 0) #define SentByAcceptor (1 << 0)
#define Sealed (1 << 1) #define Sealed (1 << 1)
#define AcceptorSubkey (1 << 2)
static krb5_error_code static krb5_error_code
wrap_length_cfx(krb5_crypto crypto, wrap_length_cfx(krb5_crypto crypto,
@@ -416,6 +417,7 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
{ {
krb5_crypto crypto; krb5_crypto crypto;
gss_cfx_wrap_token token; gss_cfx_wrap_token token;
u_char token_flags;
krb5_error_code ret; krb5_error_code ret;
unsigned usage; unsigned usage;
krb5_data data; krb5_data data;
@@ -438,12 +440,10 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
return GSS_S_DEFECTIVE_TOKEN; return GSS_S_DEFECTIVE_TOKEN;
} }
/* Reject unknown flags */ /* Ignore unknown flags */
if (token->Flags & ~(SentByAcceptor | Sealed)) { token_flags = token->Flags & (SentByAcceptor | Sealed | AcceptorSubkey);
return GSS_S_DEFECTIVE_TOKEN;
}
if (token->Flags & SentByAcceptor) { if (token_flags & SentByAcceptor) {
if ((context_handle->more_flags & LOCAL) == 0) if ((context_handle->more_flags & LOCAL) == 0)
return GSS_S_DEFECTIVE_TOKEN; return GSS_S_DEFECTIVE_TOKEN;
} }
@@ -453,7 +453,7 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
} }
if (conf_state != NULL) { if (conf_state != NULL) {
*conf_state = (token->Flags & Sealed) ? 1 : 0; *conf_state = (token_flags & Sealed) ? 1 : 0;
} }
ec = (token->EC[0] << 8) | token->EC[1]; ec = (token->EC[0] << 8) | token->EC[1];
@@ -507,7 +507,7 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
return GSS_S_FAILURE; return GSS_S_FAILURE;
} }
if (token->Flags & Sealed) { if (token_flags & Sealed) {
ret = krb5_decrypt(gssapi_krb5_context, crypto, usage, ret = krb5_decrypt(gssapi_krb5_context, crypto, usage,
p, len, &data); p, len, &data);
if (ret != 0) { if (ret != 0) {
@@ -710,6 +710,7 @@ OM_uint32 _gssapi_verify_mic_cfx(OM_uint32 *minor_status,
{ {
krb5_crypto crypto; krb5_crypto crypto;
gss_cfx_mic_token token; gss_cfx_mic_token token;
u_char token_flags;
krb5_error_code ret; krb5_error_code ret;
unsigned usage; unsigned usage;
OM_uint32 seq_number_lo, seq_number_hi; OM_uint32 seq_number_lo, seq_number_hi;
@@ -730,12 +731,10 @@ OM_uint32 _gssapi_verify_mic_cfx(OM_uint32 *minor_status,
return GSS_S_DEFECTIVE_TOKEN; return GSS_S_DEFECTIVE_TOKEN;
} }
/* Reject unknown flags */ /* Ignore unknown flags */
if (token->Flags & ~(SentByAcceptor)) { token_flags = token->Flags & SentByAcceptor;
return GSS_S_DEFECTIVE_TOKEN;
}
if (token->Flags & SentByAcceptor) { if (token_flags & SentByAcceptor) {
if ((context_handle->more_flags & LOCAL) == 0) if ((context_handle->more_flags & LOCAL) == 0)
return GSS_S_DEFECTIVE_TOKEN; return GSS_S_DEFECTIVE_TOKEN;
} }