Use `gssapi_krb5_verify_8003_checksum'.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@4653 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
|
* Copyright (c) 1997, 1998 Kungliga Tekniska H<>gskolan
|
||||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||||
* All rights reserved.
|
* All rights reserved.
|
||||||
*
|
*
|
||||||
@@ -78,12 +78,11 @@ OM_uint32 gss_accept_sec_context
|
|||||||
krb5_flags ap_options;
|
krb5_flags ap_options;
|
||||||
OM_uint32 flags;
|
OM_uint32 flags;
|
||||||
krb5_ticket *ticket;
|
krb5_ticket *ticket;
|
||||||
Checksum cksum;
|
|
||||||
krb5_keytab keytab = NULL;
|
krb5_keytab keytab = NULL;
|
||||||
|
|
||||||
gssapi_krb5_init ();
|
gssapi_krb5_init ();
|
||||||
|
|
||||||
if (*context_handle != GSS_C_NO_CONTEXT) {
|
if (*context_handle == GSS_C_NO_CONTEXT) {
|
||||||
*context_handle = malloc(sizeof(**context_handle));
|
*context_handle = malloc(sizeof(**context_handle));
|
||||||
if (*context_handle == GSS_C_NO_CONTEXT)
|
if (*context_handle == GSS_C_NO_CONTEXT)
|
||||||
return GSS_S_FAILURE;
|
return GSS_S_FAILURE;
|
||||||
@@ -159,32 +158,25 @@ OM_uint32 gss_accept_sec_context
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
flags = 0;
|
|
||||||
if (ap_options & AP_OPTS_MUTUAL_REQUIRED)
|
|
||||||
flags |= GSS_C_MUTUAL_FLAG;
|
|
||||||
flags |= GSS_C_CONF_FLAG;
|
|
||||||
flags |= GSS_C_INTEG_FLAG;
|
|
||||||
flags |= GSS_C_SEQUENCE_FLAG;
|
|
||||||
|
|
||||||
kret = gssapi_krb5_create_8003_checksum (input_chan_bindings,
|
|
||||||
flags,
|
|
||||||
&cksum);
|
|
||||||
|
|
||||||
if (kret) {
|
|
||||||
ret = GSS_S_FAILURE;
|
|
||||||
goto failure;
|
|
||||||
}
|
|
||||||
|
|
||||||
{
|
{
|
||||||
Checksum *c2 = (*context_handle)->auth_context->authenticator->cksum;
|
krb5_authenticator authenticator;
|
||||||
if (cksum.cksumtype != c2->cksumtype ||
|
|
||||||
cksum.checksum.length != c2->checksum.length ||
|
kret = krb5_auth_getauthenticator(gssapi_krb5_context,
|
||||||
memcmp(cksum.checksum.data,
|
(*context_handle)->auth_context,
|
||||||
c2->checksum.data,
|
&authenticator);
|
||||||
cksum.checksum.length)) {
|
if(kret) {
|
||||||
ret = GSS_S_FAILURE;
|
ret = GSS_S_FAILURE;
|
||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
kret = gssapi_krb5_verify_8003_checksum(input_chan_bindings,
|
||||||
|
authenticator->cksum,
|
||||||
|
&flags);
|
||||||
|
krb5_free_authenticator(gssapi_krb5_context, &authenticator);
|
||||||
|
if (kret) {
|
||||||
|
ret = GSS_S_FAILURE;
|
||||||
|
goto failure;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ret_flags)
|
if (ret_flags)
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
|
* Copyright (c) 1997, 1998 Kungliga Tekniska H<>gskolan
|
||||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||||
* All rights reserved.
|
* All rights reserved.
|
||||||
*
|
*
|
||||||
@@ -78,12 +78,11 @@ OM_uint32 gss_accept_sec_context
|
|||||||
krb5_flags ap_options;
|
krb5_flags ap_options;
|
||||||
OM_uint32 flags;
|
OM_uint32 flags;
|
||||||
krb5_ticket *ticket;
|
krb5_ticket *ticket;
|
||||||
Checksum cksum;
|
|
||||||
krb5_keytab keytab = NULL;
|
krb5_keytab keytab = NULL;
|
||||||
|
|
||||||
gssapi_krb5_init ();
|
gssapi_krb5_init ();
|
||||||
|
|
||||||
if (*context_handle != GSS_C_NO_CONTEXT) {
|
if (*context_handle == GSS_C_NO_CONTEXT) {
|
||||||
*context_handle = malloc(sizeof(**context_handle));
|
*context_handle = malloc(sizeof(**context_handle));
|
||||||
if (*context_handle == GSS_C_NO_CONTEXT)
|
if (*context_handle == GSS_C_NO_CONTEXT)
|
||||||
return GSS_S_FAILURE;
|
return GSS_S_FAILURE;
|
||||||
@@ -159,32 +158,25 @@ OM_uint32 gss_accept_sec_context
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
flags = 0;
|
|
||||||
if (ap_options & AP_OPTS_MUTUAL_REQUIRED)
|
|
||||||
flags |= GSS_C_MUTUAL_FLAG;
|
|
||||||
flags |= GSS_C_CONF_FLAG;
|
|
||||||
flags |= GSS_C_INTEG_FLAG;
|
|
||||||
flags |= GSS_C_SEQUENCE_FLAG;
|
|
||||||
|
|
||||||
kret = gssapi_krb5_create_8003_checksum (input_chan_bindings,
|
|
||||||
flags,
|
|
||||||
&cksum);
|
|
||||||
|
|
||||||
if (kret) {
|
|
||||||
ret = GSS_S_FAILURE;
|
|
||||||
goto failure;
|
|
||||||
}
|
|
||||||
|
|
||||||
{
|
{
|
||||||
Checksum *c2 = (*context_handle)->auth_context->authenticator->cksum;
|
krb5_authenticator authenticator;
|
||||||
if (cksum.cksumtype != c2->cksumtype ||
|
|
||||||
cksum.checksum.length != c2->checksum.length ||
|
kret = krb5_auth_getauthenticator(gssapi_krb5_context,
|
||||||
memcmp(cksum.checksum.data,
|
(*context_handle)->auth_context,
|
||||||
c2->checksum.data,
|
&authenticator);
|
||||||
cksum.checksum.length)) {
|
if(kret) {
|
||||||
ret = GSS_S_FAILURE;
|
ret = GSS_S_FAILURE;
|
||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
kret = gssapi_krb5_verify_8003_checksum(input_chan_bindings,
|
||||||
|
authenticator->cksum,
|
||||||
|
&flags);
|
||||||
|
krb5_free_authenticator(gssapi_krb5_context, &authenticator);
|
||||||
|
if (kret) {
|
||||||
|
ret = GSS_S_FAILURE;
|
||||||
|
goto failure;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ret_flags)
|
if (ret_flags)
|
||||||
|
|||||||
Reference in New Issue
Block a user