oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Implement gss_wrap_iov, gss_unwrap_iov for CFX type encryption types.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25286 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2009-06-22 17:56:41 +00:00
parent 4c302b52f8
commit c99b2003e2
62 changed files with 1447 additions and 551 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/gssapi/krb5/8003.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
krb5_error_code
_gsskrb5_encode_om_uint32(OM_uint32 n, u_char *p)
{

2
lib/gssapi/krb5/accept_sec_context.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
HEIMDAL_MUTEX gssapi_keytab_mutex = HEIMDAL_MUTEX_INITIALIZER;
krb5_keytab _gsskrb5_keytab;

2
lib/gssapi/krb5/acquire_cred.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
OM_uint32
__gsskrb5_ccache_lifetime(OM_uint32 *minor_status,
krb5_context context,

2
lib/gssapi/krb5/add_cred.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
OM_uint32 _gsskrb5_add_cred (
OM_uint32 *minor_status,
const gss_cred_id_t input_cred_handle,

241
lib/gssapi/krb5/aeap.c
View File

@@ -35,68 +35,6 @@
#include <roken.h>
#if 0
static OM_uint32
iov_allocate(OM_uint32 *minor_status, gss_iov_buffer_desc *iov, int iov_count)
{
unsigned int i;
for (i = 0; i < iov_count; i++) {
if (GSS_IOV_BUFFER_FLAGS(iov[i].type) & GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATE){
void *ptr = malloc(iov[i].buffer.length);
if (ptr == NULL)
abort();
if (iov[i].buffer.value)
memcpy(ptr, iov[i].buffer.value, iov[i].buffer.length);
iov[i].buffer.value = ptr;
iov[i].type |= GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATED;
}
}
return GSS_S_COMPLETE;
}
static OM_uint32
iov_map(OM_uint32 *minor_status,
const gss_iov_buffer_desc *iov,
int iov_count,
krb5_crypto_iov *data)
{
unsigned int i;
for (i = 0; i < iov_count; i++) {
switch(GSS_IOV_BUFFER_TYPE(iov[i].type)) {
case GSS_IOV_BUFFER_TYPE_EMPTY:
data[i].flags = KRB5_CRYPTO_TYPE_EMPTY;
break;
case GSS_IOV_BUFFER_TYPE_DATA:
data[i].flags = KRB5_CRYPTO_TYPE_DATA;
break;
case GSS_IOV_BUFFER_TYPE_SIGN_ONLY:
data[i].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY;
break;
case GSS_IOV_BUFFER_TYPE_HEADER:
data[i].flags = KRB5_CRYPTO_TYPE_HEADER;
break;
case GSS_IOV_BUFFER_TYPE_TRAILER:
data[i].flags = KRB5_CRYPTO_TYPE_TRAILER;
break;
case GSS_IOV_BUFFER_TYPE_PADDING:
data[i].flags = KRB5_CRYPTO_TYPE_PADDING;
break;
case GSS_IOV_BUFFER_TYPE_STREAM:
abort();
break;
default:
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
data[i].data.data = iov[i].buffer.value;
data[i].data.length = iov[i].buffer.length;
}
return GSS_S_COMPLETE;
}
#endif
OM_uint32 GSSAPI_LIB_FUNCTION
_gk_wrap_iov(OM_uint32 * minor_status,
gss_ctx_id_t context_handle,
@@ -106,54 +44,17 @@ _gk_wrap_iov(OM_uint32 * minor_status,
gss_iov_buffer_desc *iov,
int iov_count)
{
#if 1
const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
krb5_context context;
GSSAPI_KRB5_INIT (&context);
if (ctx->more_flags & IS_CFX)
return _gssapi_wrap_cfx_iov(minor_status, ctx, context,
conf_req_flag, conf_state,
iov, iov_count);
return GSS_S_FAILURE;
#else
gsskrb5_ctx ctx = (gsskrb5_ctx) context_handle;
krb5_context context;
OM_uint32 major_status, junk;
krb5_crypto_iov *data;
krb5_error_code ret;
unsigned usage;
GSSAPI_KRB5_INIT (&context);
major_status = iov_allocate(minor_status, iov, iov_count);
if (major_status != GSS_S_COMPLETE)
return major_status;
data = calloc(iov_count, sizeof(data[0]));
if (data == NULL) {
gss_release_iov_buffer(&junk, iov, iov_count);
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
major_status = iov_map(minor_status, iov, iov_count, data);
if (major_status != GSS_S_COMPLETE) {
gss_release_iov_buffer(&junk, iov, iov_count);
free(data);
return major_status;
}
if (ctx->more_flags & LOCAL) {
usage = KRB5_KU_USAGE_ACCEPTOR_SIGN;
} else {
usage = KRB5_KU_USAGE_INITIATOR_SIGN;
}
ret = krb5_encrypt_iov_ivec(context, ctx->crypto, usage,
data, iov_count, NULL);
free(data);
if (ret) {
gss_release_iov_buffer(&junk, iov, iov_count);
*minor_status = ret;
return GSS_S_FAILURE;
}
*minor_status = 0;
return GSS_S_COMPLETE;
#endif
}
OM_uint32 GSSAPI_LIB_FUNCTION
@@ -164,54 +65,16 @@ _gk_unwrap_iov(OM_uint32 *minor_status,
gss_iov_buffer_desc *iov,
int iov_count)
{
#if 1
const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
krb5_context context;
GSSAPI_KRB5_INIT (&context);
if (ctx->more_flags & IS_CFX)
return _gssapi_unwrap_cfx_iov(minor_status, ctx, context,
conf_state, qop_state, iov, iov_count);
return GSS_S_FAILURE;
#else
gsskrb5_ctx ctx = (gsskrb5_ctx) context_handle;
krb5_context context;
krb5_error_code ret;
OM_uint32 major_status, junk;
krb5_crypto_iov *data;
unsigned usage;
GSSAPI_KRB5_INIT (&context);
major_status = iov_allocate(minor_status, iov, iov_count);
if (major_status != GSS_S_COMPLETE)
return major_status;
data = calloc(iov_count, sizeof(data[0]));
if (data == NULL) {
gss_release_iov_buffer(&junk, iov, iov_count);
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
major_status = iov_map(minor_status, iov, iov_count, data);
if (major_status != GSS_S_COMPLETE) {
gss_release_iov_buffer(&junk, iov, iov_count);
free(data);
return major_status;
}
if (ctx->more_flags & LOCAL) {
usage = KRB5_KU_USAGE_INITIATOR_SIGN;
} else {
usage = KRB5_KU_USAGE_ACCEPTOR_SIGN;
}
ret = krb5_decrypt_iov_ivec(context, ctx->crypto, usage,
data, iov_count, NULL);
free(data);
if (ret) {
*minor_status = ret;
gss_release_iov_buffer(&junk, iov, iov_count);
return GSS_S_FAILURE;
}
*minor_status = 0;
return GSS_S_COMPLETE;
#endif
}
OM_uint32 GSSAPI_LIB_FUNCTION
@@ -223,63 +86,15 @@ _gk_wrap_iov_length(OM_uint32 * minor_status,
gss_iov_buffer_desc *iov,
int iov_count)
{
#if 1
return GSS_S_FAILURE;
#else
gsskrb5_ctx ctx = (gsskrb5_ctx) context_handle;
const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
krb5_context context;
unsigned int i;
size_t size;
size_t *padding = NULL;
GSSAPI_KRB5_INIT (&context);
*minor_status = 0;
for (size = 0, i = 0; i < iov_count; i++) {
switch(GSS_IOV_BUFFER_TYPE(iov[i].type)) {
case GSS_IOV_BUFFER_TYPE_EMPTY:
break;
case GSS_IOV_BUFFER_TYPE_DATA:
size += iov[i].buffer.length;
break;
case GSS_IOV_BUFFER_TYPE_HEADER:
iov[i].buffer.length =
krb5_crypto_length(context, ctx->crypto, KRB5_CRYPTO_TYPE_HEADER);
size += iov[i].buffer.length;
break;
case GSS_IOV_BUFFER_TYPE_TRAILER:
iov[i].buffer.length =
krb5_crypto_length(context, ctx->crypto, KRB5_CRYPTO_TYPE_TRAILER);
size += iov[i].buffer.length;
break;
case GSS_IOV_BUFFER_TYPE_PADDING:
if (padding != NULL) {
*minor_status = 0;
return GSS_S_FAILURE;
}
padding = &iov[i].buffer.length;
break;
case GSS_IOV_BUFFER_TYPE_STREAM:
size += iov[i].buffer.length;
break;
case GSS_IOV_BUFFER_TYPE_SIGN_ONLY:
break;
default:
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
}
if (padding) {
size_t pad = krb5_crypto_length(context, ctx->crypto,
KRB5_CRYPTO_TYPE_PADDING);
if (pad > 1) {
*padding = pad - (size % pad);
if (*padding == pad)
*padding = 0;
} else
*padding = 0;
}
return GSS_S_COMPLETE;
#endif
if (ctx->more_flags & IS_CFX)
return _gssapi_wrap_iov_length_cfx(minor_status, ctx, context,
conf_req_flag, qop_req, conf_state,
iov, iov_count);
return GSS_S_FAILURE;
}

2
lib/gssapi/krb5/arcfour.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
/*
* Implements draft-brezak-win2k-krb-rc4-hmac-04.txt
*

2
lib/gssapi/krb5/canonicalize_name.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
OM_uint32 _gsskrb5_canonicalize_name (
OM_uint32 * minor_status,
const gss_name_t input_name,

2
lib/gssapi/krb5/ccache_name.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
char *last_out_name;
OM_uint32

774
lib/gssapi/krb5/cfx.c
View File

@@ -32,10 +32,8 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
/*
* Implementation of draft-ietf-krb-wg-gssapi-cfx-06.txt
* Implementation of RFC 4121
*/
#define CFXSentByAcceptor (1 << 0)
@@ -96,13 +94,14 @@ _gsskrb5cfx_wrap_length_cfx(krb5_context context,
return 0;
}
OM_uint32 _gssapi_wrap_size_cfx(OM_uint32 *minor_status,
const gsskrb5_ctx ctx,
krb5_context context,
int conf_req_flag,
gss_qop_t qop_req,
OM_uint32 req_output_size,
OM_uint32 *max_input_size)
OM_uint32
_gssapi_wrap_size_cfx(OM_uint32 *minor_status,
const gsskrb5_ctx ctx,
krb5_context context,
int conf_req_flag,
gss_qop_t qop_req,
OM_uint32 req_output_size,
OM_uint32 *max_input_size)
{
krb5_error_code ret;
@@ -198,11 +197,764 @@ rrc_rotate(void *data, size_t len, uint16_t rrc, krb5_boolean unrotate)
return 0;
}
static gss_iov_buffer_desc *
find_buffer(gss_iov_buffer_desc *iov, int iov_count, OM_uint32 type)
{
int i;
for (i = 0; i < iov_count; i++)
if (type == GSS_IOV_BUFFER_TYPE(iov[i].type))
return &iov[i];
return NULL;
}
static OM_uint32
allocate_buffer(OM_uint32 *minor_status, gss_iov_buffer_desc *buffer, size_t size)
{
if (buffer->type & GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATED) {
if (buffer->buffer.length == size)
return GSS_S_COMPLETE;
free(buffer->buffer.value);
}
buffer->buffer.value = malloc(size);
buffer->buffer.length = size;
if (buffer->buffer.value == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
buffer->type |= GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATED;
return GSS_S_COMPLETE;
}
OM_uint32
_gssapi_wrap_cfx_iov(OM_uint32 *minor_status,
gsskrb5_ctx ctx,
krb5_context context,
int conf_req_flag,
int *conf_state,
gss_iov_buffer_desc *iov,
int iov_count)
{
OM_uint32 major_status, junk;
gss_iov_buffer_desc *header, *trailer, *padding;
size_t gsshsize, k5hsize;
size_t gsstsize, k5tsize;
size_t i, padlength, rrc = 0, ec = 0;
gss_cfx_wrap_token token;
krb5_error_code ret;
int32_t seq_number;
unsigned usage;
krb5_crypto_iov *data = NULL;
int paddingoffset = 0;
header = find_buffer(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
if (header == NULL) {
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
krb5_crypto_length(context, ctx->crypto, KRB5_CRYPTO_TYPE_PADDING, &padlength);
padding = find_buffer(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING);
if (padlength != 0 && padding == NULL) {
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
trailer = find_buffer(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
if (conf_req_flag) {
ec = padlength;
krb5_crypto_length(context, ctx->crypto, KRB5_CRYPTO_TYPE_TRAILER, &k5tsize);
krb5_crypto_length(context, ctx->crypto, KRB5_CRYPTO_TYPE_HEADER, &k5hsize);
gsshsize = k5hsize + sizeof(*token);
gsstsize = k5tsize + sizeof(*token); /* encrypted token stored in trailer */
} else {
krb5_crypto_length(context, ctx->crypto, KRB5_CRYPTO_TYPE_CHECKSUM, &k5tsize);
gsshsize = sizeof(*token);
gsstsize = k5tsize;
}
/*
*
*/
if (trailer == NULL) {
/* conf_req_flag=0 doesn't support DCE_STYLE */
if (conf_req_flag == 0) {
*minor_status = EINVAL;
major_status = GSS_S_FAILURE;
goto failure;
}
rrc = gsstsize;
if (IS_DCE_STYLE(ctx))
rrc -= ec;
gsshsize += gsstsize;
gsstsize = 0;
} else if (GSS_IOV_BUFFER_FLAGS(trailer->type) & GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATE) {
major_status = allocate_buffer(minor_status, trailer, gsstsize);
if (major_status)
goto failure;
} else if (trailer->buffer.length < gsstsize) {
*minor_status = KRB5_BAD_MSIZE;
major_status = GSS_S_FAILURE;
goto failure;
} else
trailer->buffer.length = gsstsize;
/*
*
*/
if (GSS_IOV_BUFFER_FLAGS(header->type) & GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATE) {
major_status = allocate_buffer(minor_status, header, gsshsize);
if (major_status != GSS_S_COMPLETE)
goto failure;
} else if (header->buffer.length < gsshsize) {
*minor_status = KRB5_BAD_MSIZE;
major_status = GSS_S_FAILURE;
goto failure;
} else
header->buffer.length = gsshsize;
token = (gss_cfx_wrap_token)header->buffer.value;
token->TOK_ID[0] = 0x05;
token->TOK_ID[1] = 0x04;
token->Flags = 0;
token->Filler = 0xFF;
if (ctx->more_flags & ACCEPTOR_SUBKEY)
token->Flags |= CFXAcceptorSubkey;
if (ctx->more_flags & LOCAL)
usage = KRB5_KU_USAGE_INITIATOR_SEAL;
else
usage = KRB5_KU_USAGE_ACCEPTOR_SEAL;
if (conf_req_flag) {
/*
* In Wrap tokens with confidentiality, the EC field is
* used to encode the size (in bytes) of the random filler.
*/
token->Flags |= CFXSealed;
token->EC[0] = (padlength >> 8) & 0xFF;
token->EC[1] = (padlength >> 0) & 0xFF;
} else {
/*
* In Wrap tokens without confidentiality, the EC field is
* used to encode the size (in bytes) of the trailing
* checksum.
*
* This is not used in the checksum calcuation itself,
* because the checksum length could potentially vary
* depending on the data length.
*/
token->EC[0] = 0;
token->EC[1] = 0;
}
/*
* In Wrap tokens that provide for confidentiality, the RRC
* field in the header contains the hex value 00 00 before
* encryption.
*
* In Wrap tokens that do not provide for confidentiality,
* both the EC and RRC fields in the appended checksum
* contain the hex value 00 00 for the purpose of calculating
* the checksum.
*/
token->RRC[0] = 0;
token->RRC[1] = 0;
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
krb5_auth_con_getlocalseqnumber(context,
ctx->auth_context,
&seq_number);
_gsskrb5_encode_be_om_uint32(0, &token->SND_SEQ[0]);
_gsskrb5_encode_be_om_uint32(seq_number, &token->SND_SEQ[4]);
krb5_auth_con_setlocalseqnumber(context,
ctx->auth_context,
++seq_number);
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
data = calloc(iov_count + 3, sizeof(data[0]));
if (data == NULL) {
*minor_status = ENOMEM;
major_status = GSS_S_FAILURE;
goto failure;
}
if (conf_req_flag) {
/*
plain packet:
{"header" | encrypt(plaintext-data | padding | E"header")}
Expanded, this is with with RRC = 0:
{"header" | krb5-header | plaintext-data | padding | E"header" | krb5-trailer }
In DCE-RPC mode == no trailer: RRC = gss "trailer" == length(padding | E"header" | krb5-trailer)
{"header" | padding | E"header" | krb5-trailer | krb5-header | plaintext-data }
*/
i = 0;
data[i].flags = KRB5_CRYPTO_TYPE_HEADER;
data[i].data.data = ((uint8_t *)header->buffer.value) + header->buffer.length - k5hsize;
data[i].data.length = k5hsize;
for (i = 1; i < iov_count + 1; i++) {
switch (GSS_IOV_BUFFER_TYPE(iov[i - 1].type)) {
case GSS_IOV_BUFFER_TYPE_DATA:
data[i].flags = KRB5_CRYPTO_TYPE_DATA;
break;
case GSS_IOV_BUFFER_TYPE_PADDING:
data[i].flags = KRB5_CRYPTO_TYPE_PADDING;
paddingoffset = i;
break;
case GSS_IOV_BUFFER_TYPE_SIGN_ONLY:
data[i].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY;
break;
default:
data[i].flags = KRB5_CRYPTO_TYPE_EMPTY;
break;
}
data[i].data.length = iov[i - 1].buffer.length;
data[i].data.data = iov[i - 1].buffer.value;
}
/*
* Any necessary padding is added here to ensure that the
* encrypted token header is always at the end of the
* ciphertext.
*/
/* XXX KRB5_CRYPTO_TYPE_PADDING */
/* encrypted CFX header in trailer (or after the header if in
DCE mode). Copy in header into E"header"
*/
data[i].flags = KRB5_CRYPTO_TYPE_DATA;
if (trailer)
data[i].data.data = trailer->buffer.value;
else
data[i].data.data = ((uint8_t *)header->buffer.value) + header->buffer.length - k5hsize - k5tsize - sizeof(*token);
data[i].data.length = sizeof(*token);
memcpy(data[i].data.data, token, sizeof(*token));
i++;
/* Kerberos trailer comes after the gss trailer */
data[i].flags = KRB5_CRYPTO_TYPE_TRAILER;
data[i].data.data = ((uint8_t *)data[i-1].data.data) + sizeof(*token);
data[i].data.length = k5tsize;
i++;
ret = krb5_encrypt_iov_ivec(context, ctx->crypto, usage, data, i, NULL);
if (ret != 0) {
*minor_status = ret;
major_status = GSS_S_FAILURE;
goto failure;
}
if (rrc) {
token->RRC[0] = (rrc >> 8) & 0xFF;
token->RRC[1] = (rrc >> 0) & 0xFF;
}
if (paddingoffset)
padding->buffer.length = data[paddingoffset].data.length;
} else {
/*
plain packet:
{data | "header" | gss-trailer (krb5 checksum)
don't do RRC != 0
*/
for (i = 0; i < iov_count; i++) {
switch (GSS_IOV_BUFFER_TYPE(iov[i].type)) {
case GSS_IOV_BUFFER_TYPE_DATA:
case GSS_IOV_BUFFER_TYPE_PADDING:
data[i].flags = KRB5_CRYPTO_TYPE_DATA;
break;
case GSS_IOV_BUFFER_TYPE_SIGN_ONLY:
data[i].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY;
break;
default:
data[i].flags = KRB5_CRYPTO_TYPE_EMPTY;
break;
}
data[i].data.length = iov[i].buffer.length;
data[i].data.data = iov[i].buffer.value;
}
data[i].flags = KRB5_CRYPTO_TYPE_DATA;
data[i].data.data = header->buffer.value;
data[i].data.length = header->buffer.length;
i++;
data[i].flags = KRB5_CRYPTO_TYPE_CHECKSUM;
data[i].data.data = trailer->buffer.value;
data[i].data.length = trailer->buffer.length;
i++;
ret = krb5_create_checksum_iov(context, ctx->crypto, usage, data, i, NULL);
if (ret) {
*minor_status = ret;
major_status = GSS_S_FAILURE;
goto failure;
}
token->EC[0] = (trailer->buffer.length >> 8) & 0xFF;
token->EC[1] = (trailer->buffer.length >> 0) & 0xFF;
}
if (conf_state != NULL)
*conf_state = conf_req_flag;
free(data);
*minor_status = 0;
return GSS_S_COMPLETE;
failure:
if (data)
free(data);
gss_release_iov_buffer(&junk, iov, iov_count);
return major_status;
}
/* This is slowpath */
static OM_uint32
unrotate_iov(OM_uint32 *minor_status, size_t rrc, gss_iov_buffer_desc *iov, int iov_count)
{
uint8_t *p, *q;
size_t len = 0, skip;
int i;
for (i = 0; i < iov_count; i++)
if (GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_DATA ||
GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_PADDING ||
GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_TRAILER)
len += iov[i].buffer.length;
p = malloc(len);
if (p == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
q = p;
/* copy up */
for (i = 0; i < iov_count; i++) {
if (GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_DATA ||
GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_PADDING ||
GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_TRAILER)
{
memcpy(q, iov[i].buffer.value, iov[i].buffer.length);
q += iov[i].buffer.length;
}
}
assert((q - p) == len);
/* unrotate first part */
q = p + rrc;
skip = rrc;
for (i = 0; i < iov_count; i++) {
if (GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_DATA ||
GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_PADDING ||
GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_TRAILER)
{
if (iov[i].buffer.length <= skip) {
skip -= iov[i].buffer.length;
} else {
memcpy(((uint8_t *)iov[i].buffer.value) + skip, q, iov[i].buffer.length - skip);
q += iov[i].buffer.length - skip;
skip = 0;
}
}
}
/* copy trailer */
q = p;
skip = rrc;
for (i = 0; i < iov_count; i++) {
if (GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_DATA ||
GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_PADDING ||
GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_TRAILER)
{
memcpy(q, iov[i].buffer.value, MIN(iov[i].buffer.length, skip));
if (iov[i].buffer.length > skip)
break;
skip -= iov[i].buffer.length;
q += iov[i].buffer.length;
}
}
return GSS_S_COMPLETE;
}
OM_uint32
_gssapi_unwrap_cfx_iov(OM_uint32 *minor_status,
gsskrb5_ctx ctx,
krb5_context context,
int *conf_state,
gss_qop_t *qop_state,
gss_iov_buffer_desc *iov,
int iov_count)
{
OM_uint32 seq_number_lo, seq_number_hi, major_status, junk;
gss_iov_buffer_desc *header, *trailer;
gss_cfx_wrap_token token, ttoken;
u_char token_flags;
krb5_error_code ret;
unsigned usage;
uint16_t ec, rrc;
krb5_crypto_iov *data = NULL;
int i, j;
*minor_status = 0;
header = find_buffer(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
if (header == NULL) {
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
if (header->buffer.length < sizeof(*token)) /* we check exact below */
return GSS_S_DEFECTIVE_TOKEN;
trailer = find_buffer(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
token = (gss_cfx_wrap_token)header->buffer.value;
if (token->TOK_ID[0] != 0x05 || token->TOK_ID[1] != 0x04)
return GSS_S_DEFECTIVE_TOKEN;
/* Ignore unknown flags */
token_flags = token->Flags &
(CFXSentByAcceptor | CFXSealed | CFXAcceptorSubkey);
if (token_flags & CFXSentByAcceptor) {
if ((ctx->more_flags & LOCAL) == 0)
return GSS_S_DEFECTIVE_TOKEN;
}
if (ctx->more_flags & ACCEPTOR_SUBKEY) {
if ((token_flags & CFXAcceptorSubkey) == 0)
return GSS_S_DEFECTIVE_TOKEN;
} else {
if (token_flags & CFXAcceptorSubkey)
return GSS_S_DEFECTIVE_TOKEN;
}
if (token->Filler != 0xFF)
return GSS_S_DEFECTIVE_TOKEN;
if (conf_state != NULL)
*conf_state = (token_flags & CFXSealed) ? 1 : 0;
ec = (token->EC[0] << 8) | token->EC[1];
rrc = (token->RRC[0] << 8) | token->RRC[1];
/*
* Check sequence number
*/
_gsskrb5_decode_be_om_uint32(&token->SND_SEQ[0], &seq_number_hi);
_gsskrb5_decode_be_om_uint32(&token->SND_SEQ[4], &seq_number_lo);
if (seq_number_hi) {
/* no support for 64-bit sequence numbers */
*minor_status = ERANGE;
return GSS_S_UNSEQ_TOKEN;
}
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
ret = _gssapi_msg_order_check(ctx->order, seq_number_lo);
if (ret != 0) {
*minor_status = 0;
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
return ret;
}
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
/*
* Decrypt and/or verify checksum
*/
if (ctx->more_flags & LOCAL) {
usage = KRB5_KU_USAGE_ACCEPTOR_SEAL;
} else {
usage = KRB5_KU_USAGE_INITIATOR_SEAL;
}
data = calloc(iov_count + 3, sizeof(data[0]));
if (data == NULL) {
*minor_status = ENOMEM;
major_status = GSS_S_FAILURE;
goto failure;
}
if (token_flags & CFXSealed) {
size_t k5tsize, k5hsize;
krb5_crypto_length(context, ctx->crypto, KRB5_CRYPTO_TYPE_HEADER, &k5hsize);
krb5_crypto_length(context, ctx->crypto, KRB5_CRYPTO_TYPE_TRAILER, &k5tsize);
/* Rotate by RRC; bogus to do this in-place XXX */
/* Check RRC */
if (trailer == NULL) {
size_t gsstsize = k5tsize + sizeof(*token);
size_t gsshsize = k5hsize + sizeof(*token);
if (IS_DCE_STYLE(ctx))
gsstsize += ec;
gsshsize += gsstsize;
if (rrc != gsstsize) {
major_status = GSS_S_DEFECTIVE_TOKEN;
goto failure;
}
if (header->buffer.length != gsshsize) {
major_status = GSS_S_DEFECTIVE_TOKEN;
goto failure;
}
} else if (trailer->buffer.length != sizeof(*token) + k5tsize) {
major_status = GSS_S_DEFECTIVE_TOKEN;
goto failure;
} else if (header->buffer.length != sizeof(*token) + k5hsize) {
major_status = GSS_S_DEFECTIVE_TOKEN;
goto failure;
} else if (rrc != 0) {
/* go though slowpath */
major_status = unrotate_iov(minor_status, rrc, iov, iov_count);
if (major_status)
goto failure;
}
i = 0;
data[i].flags = KRB5_CRYPTO_TYPE_HEADER;
data[i].data.data = ((uint8_t *)header->buffer.value) + header->buffer.length - k5hsize;
data[i].data.length = k5hsize;
i++;
for (j = 0; j < iov_count; i++, j++) {
switch (GSS_IOV_BUFFER_TYPE(iov[j].type)) {
case GSS_IOV_BUFFER_TYPE_DATA:
case GSS_IOV_BUFFER_TYPE_PADDING:
data[i].flags = KRB5_CRYPTO_TYPE_DATA;
break;
case GSS_IOV_BUFFER_TYPE_SIGN_ONLY:
data[i].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY;
break;
default:
data[i].flags = KRB5_CRYPTO_TYPE_EMPTY;
break;
}
data[i].data.length = iov[j].buffer.length;
data[i].data.data = iov[j].buffer.value;
}
/* encrypted CFX header in trailer (or after the header if in
DCE mode). Copy in header into E"header"
*/
data[i].flags = KRB5_CRYPTO_TYPE_DATA;
if (trailer)
data[i].data.data = trailer->buffer.value;
else
data[i].data.data = ((uint8_t *)header->buffer.value) + header->buffer.length - k5hsize - k5tsize - sizeof(*token);
data[i].data.length = sizeof(*token);
ttoken = (gss_cfx_wrap_token)data[i].data.data;
i++;
/* Kerberos trailer comes after the gss trailer */
data[i].flags = KRB5_CRYPTO_TYPE_TRAILER;
data[i].data.data = ((uint8_t *)data[i-1].data.data) + sizeof(*token);
data[i].data.length = k5tsize;
i++;
ret = krb5_decrypt_iov_ivec(context, ctx->crypto, usage, data, i, NULL);
if (ret != 0) {
*minor_status = ret;
major_status = GSS_S_FAILURE;
goto failure;
}
ttoken->RRC[0] = token->RRC[0];
ttoken->RRC[1] = token->RRC[1];
/* Check the integrity of the header */
if (memcmp(ttoken, token, sizeof(*token)) != 0) {
major_status = GSS_S_BAD_MIC;
goto failure;
}
} else {
/* Check RRC */
if (rrc != 0) {
*minor_status = EINVAL;
major_status = GSS_S_FAILURE;
goto failure;
}
if (trailer == NULL) {
*minor_status = EINVAL;
major_status = GSS_S_FAILURE;
goto failure;
}
if (trailer->buffer.length != ec) {
*minor_status = EINVAL;
major_status = GSS_S_FAILURE;
goto failure;
}
for (i = 0; i < iov_count; i++) {
switch (GSS_IOV_BUFFER_TYPE(iov[i].type)) {
case GSS_IOV_BUFFER_TYPE_DATA:
case GSS_IOV_BUFFER_TYPE_PADDING:
data[i].flags = KRB5_CRYPTO_TYPE_DATA;
break;
case GSS_IOV_BUFFER_TYPE_SIGN_ONLY:
data[i].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY;
break;
default:
data[i].flags = KRB5_CRYPTO_TYPE_EMPTY;
break;
}
data[i].data.length = iov[i].buffer.length;
data[i].data.data = iov[i].buffer.value;
}
data[i].flags = KRB5_CRYPTO_TYPE_DATA;
data[i].data.data = header->buffer.value;
data[i].data.length = header->buffer.length;
i++;
data[i].flags = KRB5_CRYPTO_TYPE_CHECKSUM;
data[i].data.data = trailer->buffer.value;
data[i].data.length = trailer->buffer.length;
i++;
token = (gss_cfx_wrap_token)header->buffer.value;
token->EC[0] = 0;
token->EC[1] = 0;
token->RRC[0] = 0;
token->RRC[1] = 0;
ret = krb5_verify_checksum_iov(context, ctx->crypto, usage, data, i, NULL);
if (ret) {
*minor_status = ret;
major_status = GSS_S_FAILURE;
goto failure;
}
}
if (qop_state != NULL) {
*qop_state = GSS_C_QOP_DEFAULT;
}
free(data);
*minor_status = 0;
return GSS_S_COMPLETE;
failure:
if (data)
free(data);
gss_release_iov_buffer(&junk, iov, iov_count);
return major_status;
}
OM_uint32
_gssapi_wrap_iov_length_cfx(OM_uint32 *minor_status,
gsskrb5_ctx ctx,
krb5_context context,
int conf_req_flag,
gss_qop_t qop_req,
int *conf_state,
gss_iov_buffer_desc *iov,
int iov_count)
{
size_t size;
int i;
size_t *padding = NULL;
GSSAPI_KRB5_INIT (&context);
*minor_status = 0;
for (size = 0, i = 0; i < iov_count; i++) {
switch(GSS_IOV_BUFFER_TYPE(iov[i].type)) {
case GSS_IOV_BUFFER_TYPE_EMPTY:
break;
case GSS_IOV_BUFFER_TYPE_DATA:
size += iov[i].buffer.length;
break;
case GSS_IOV_BUFFER_TYPE_HEADER:
*minor_status = krb5_crypto_length(context, ctx->crypto, KRB5_CRYPTO_TYPE_HEADER, &iov[i].buffer.length);
if (*minor_status)
return GSS_S_FAILURE;
break;
case GSS_IOV_BUFFER_TYPE_TRAILER:
*minor_status = krb5_crypto_length(context, ctx->crypto, KRB5_CRYPTO_TYPE_TRAILER, &iov[i].buffer.length);
if (*minor_status)
return GSS_S_FAILURE;
break;
case GSS_IOV_BUFFER_TYPE_PADDING:
if (padding != NULL) {
*minor_status = 0;
return GSS_S_FAILURE;
}
padding = &iov[i].buffer.length;
break;
case GSS_IOV_BUFFER_TYPE_SIGN_ONLY:
break;
default:
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
}
if (padding) {
size_t pad;
krb5_crypto_length(context, ctx->crypto, KRB5_CRYPTO_TYPE_PADDING, &pad);
if (pad > 1) {
*padding = pad - (size % pad);
if (*padding == pad)
*padding = 0;
} else
*padding = 0;
}
return GSS_S_COMPLETE;
}
OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
const gsskrb5_ctx ctx,
krb5_context context,
int conf_req_flag,
gss_qop_t qop_req,
const gss_buffer_t input_message_buffer,
int *conf_state,
gss_buffer_t output_message_buffer)

2
lib/gssapi/krb5/compare_name.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
OM_uint32 _gsskrb5_compare_name
(OM_uint32 * minor_status,
const gss_name_t name1,

3
lib/gssapi/krb5/compat.c
View File

@@ -33,9 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
static krb5_error_code
check_compat(OM_uint32 *minor_status,
krb5_context context, krb5_const_principal name,

2
lib/gssapi/krb5/context_time.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
OM_uint32
_gsskrb5_lifetime_left(OM_uint32 *minor_status,
krb5_context context,

2
lib/gssapi/krb5/copy_ccache.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
#if 0
OM_uint32
gss_krb5_copy_ccache(OM_uint32 *minor_status,

2
lib/gssapi/krb5/decapsulate.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
/*
* return the length of the mechanism in token or -1
* (which implies that the token was bad - GSS_S_DEFECTIVE_TOKEN

2
lib/gssapi/krb5/delete_sec_context.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
OM_uint32
_gsskrb5_delete_sec_context(OM_uint32 * minor_status,
gss_ctx_id_t * context_handle,

2
lib/gssapi/krb5/display_name.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
OM_uint32 _gsskrb5_display_name
(OM_uint32 * minor_status,
const gss_name_t input_name,

2
lib/gssapi/krb5/display_status.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
static const char *
calling_error(OM_uint32 v)
{

2
lib/gssapi/krb5/duplicate_name.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
OM_uint32 _gsskrb5_duplicate_name (
OM_uint32 * minor_status,
const gss_name_t src_name,

2
lib/gssapi/krb5/encapsulate.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
void
_gssapi_encap_length (size_t data_len,
size_t *len,

2
lib/gssapi/krb5/export_name.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
OM_uint32 _gsskrb5_export_name
(OM_uint32 * minor_status,
const gss_name_t input_name,

2
lib/gssapi/krb5/export_sec_context.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
OM_uint32
_gsskrb5_export_sec_context (
OM_uint32 * minor_status,

2
lib/gssapi/krb5/external.c
View File

@@ -34,8 +34,6 @@
#include "gsskrb5_locl.h"
#include <gssapi_mech.h>
RCSID("$Id$");
/*
* The implementation must reserve static storage for a
* gss_OID_desc object containing the value

2
lib/gssapi/krb5/get_mic.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
static OM_uint32
mic_des
(OM_uint32 * minor_status,

2
lib/gssapi/krb5/import_name.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
static OM_uint32
parse_krb5_name (OM_uint32 *minor_status,
krb5_context context,

2
lib/gssapi/krb5/import_sec_context.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
OM_uint32
_gsskrb5_import_sec_context (
OM_uint32 * minor_status,

2
lib/gssapi/krb5/indicate_mechs.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
OM_uint32 _gsskrb5_indicate_mechs
(OM_uint32 * minor_status,
gss_OID_set * mech_set

2
lib/gssapi/krb5/init.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
static HEIMDAL_MUTEX context_mutex = HEIMDAL_MUTEX_INITIALIZER;
static int created_key;
static HEIMDAL_thread_key context_key;

4
lib/gssapi/krb5/init_sec_context.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
/*
* copy the addresses from `input_chan_bindings' (if any) to
* the auth context `ac'
@@ -697,7 +695,7 @@ repl_mutual
if (actual_mech_type)
*actual_mech_type = GSS_KRB5_MECHANISM;
if (ctx->flags & GSS_C_DCE_STYLE) {
if (IS_DCE_STYLE(ctx)) {
/* There is no OID wrapping. */
indata.length = input_token->length;
indata.data = input_token->value;

2
lib/gssapi/krb5/inquire_context.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
OM_uint32 _gsskrb5_inquire_context (
OM_uint32 * minor_status,
const gss_ctx_id_t context_handle,

2
lib/gssapi/krb5/inquire_cred.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
OM_uint32 _gsskrb5_inquire_cred
(OM_uint32 * minor_status,
const gss_cred_id_t cred_handle,

2
lib/gssapi/krb5/inquire_cred_by_mech.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
OM_uint32 _gsskrb5_inquire_cred_by_mech (
OM_uint32 * minor_status,
const gss_cred_id_t cred_handle,

2
lib/gssapi/krb5/inquire_cred_by_oid.c
View File

@@ -32,8 +32,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
OM_uint32 _gsskrb5_inquire_cred_by_oid
(OM_uint32 * minor_status,
const gss_cred_id_t cred_handle,

2
lib/gssapi/krb5/inquire_mechs_for_name.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
OM_uint32 _gsskrb5_inquire_mechs_for_name (
OM_uint32 * minor_status,
const gss_name_t input_name,

3
lib/gssapi/krb5/inquire_names_for_mech.c
View File

@@ -33,9 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
static gss_OID *name_list[] = {
&GSS_C_NT_HOSTBASED_SERVICE,
&GSS_C_NT_USER_NAME,

2
lib/gssapi/krb5/inquire_sec_context_by_oid.c
View File

@@ -32,8 +32,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
static int
oid_prefix_equal(gss_OID oid_enc, gss_OID prefix_enc, unsigned *suffix)
{

2
lib/gssapi/krb5/prf.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
OM_uint32
_gsskrb5_pseudo_random(OM_uint32 *minor_status,
gss_ctx_id_t context_handle,

2
lib/gssapi/krb5/process_context_token.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
OM_uint32 _gsskrb5_process_context_token (
OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,

2
lib/gssapi/krb5/release_buffer.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
OM_uint32 _gsskrb5_release_buffer
(OM_uint32 * minor_status,
gss_buffer_t buffer

2
lib/gssapi/krb5/release_cred.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
OM_uint32 _gsskrb5_release_cred
(OM_uint32 * minor_status,
gss_cred_id_t * cred_handle

2
lib/gssapi/krb5/release_name.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
OM_uint32 _gsskrb5_release_name
(OM_uint32 * minor_status,
gss_name_t * input_name

2
lib/gssapi/krb5/sequence.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
#define DEFAULT_JITTER_WINDOW 20
struct gss_msg_order {

2
lib/gssapi/krb5/set_cred_option.c
View File

@@ -32,8 +32,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
/* 1.2.752.43.13.17 */
static gss_OID_desc gss_krb5_cred_no_ci_flags_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x11")};

2
lib/gssapi/krb5/set_sec_context_option.c
View File

@@ -36,8 +36,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
static OM_uint32
get_bool(OM_uint32 *minor_status,
const gss_buffer_t value,

2
lib/gssapi/krb5/test_acquire_cred.c
View File

@@ -34,8 +34,6 @@
#include "gsskrb5_locl.h"
#include <err.h>
RCSID("$Id$");
static void
print_time(OM_uint32 time_rec)
{

2
lib/gssapi/krb5/test_cfx.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
struct range {
size_t lower;
size_t upper;

2
lib/gssapi/krb5/test_cred.c
View File

@@ -35,8 +35,6 @@
#include <err.h>
#include <getarg.h>
RCSID("$Id$");
static void
gss_print_errors (int min_stat)
{

2
lib/gssapi/krb5/test_kcred.c
View File

@@ -35,8 +35,6 @@
#include <err.h>
#include <getarg.h>
RCSID("$Id$");
static int version_flag = 0;
static int help_flag = 0;

2
lib/gssapi/krb5/test_oid.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
int
main(int argc, char **argv)
{

2
lib/gssapi/krb5/test_sequence.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
/* correct ordering */
OM_uint32 pattern1[] = {
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13

2
lib/gssapi/krb5/ticket_flags.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
OM_uint32
_gsskrb5_get_tkt_flags(OM_uint32 *minor_status,
gsskrb5_ctx ctx,

2
lib/gssapi/krb5/unwrap.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
static OM_uint32
unwrap_des
(OM_uint32 * minor_status,

2
lib/gssapi/krb5/verify_mic.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
static OM_uint32
verify_mic_des
(OM_uint32 * minor_status,

4
lib/gssapi/krb5/wrap.c
View File

@@ -33,8 +33,6 @@
#include "gsskrb5_locl.h"
RCSID("$Id$");
/*
* Return initiator subkey, or if that doesn't exists, the subkey.
*/
@@ -522,7 +520,7 @@ OM_uint32 _gsskrb5_wrap
if (ctx->more_flags & IS_CFX)
return _gssapi_wrap_cfx (minor_status, ctx, context, conf_req_flag,
qop_req, input_message_buffer, conf_state,
input_message_buffer, conf_state,
output_message_buffer);
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);