svn commit: lorikeet r241 - in
branches/tmp/heimdal-gssapi/lib/gssapi: .
metze at samba.org
metze at samba.org
Mon Mar 7 14:01:29 GMT 2005
Author: metze
Date: 2005-03-07 14:01:29 +0000 (Mon, 07 Mar 2005)
New Revision: 241
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=241
Log:
make GSS_C_DCE_STYLE gss_wrap()/unwrap() working:-)
the caller need to pass the BLOB with
'verifier'+'encrypted_data'
metze
Modified:
branches/tmp/heimdal-gssapi/lib/gssapi/arcfour.c
branches/tmp/heimdal-gssapi/lib/gssapi/arcfour.h
Changeset:
Modified: branches/tmp/heimdal-gssapi/lib/gssapi/arcfour.c
===================================================================
--- branches/tmp/heimdal-gssapi/lib/gssapi/arcfour.c 2005-03-01 18:58:11 UTC (rev 240)
+++ branches/tmp/heimdal-gssapi/lib/gssapi/arcfour.c 2005-03-07 14:01:29 UTC (rev 241)
@@ -344,10 +344,14 @@
if (conf_state)
*conf_state = 0;
- datalen = input_message_buffer->length + 1 /* padding */;
+ datalen = input_message_buffer->length;
len = 30;
- /* if GSS_C_DCE_STYLE is in use, we only need to encapsulate the WRAP token */
+ /* if GSS_C_DCE_STYLE is in use:
+ * - we only need to encapsulate the WRAP token
+ * - we should not add padding
+ */
if (!(context_handle->flags & GSS_C_DCE_STYLE)) {
+ datalen += 1 /* padding */;
len += datalen;
}
gssapi_krb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
@@ -404,7 +408,10 @@
/* p points to data */
p = p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE;
memcpy(p, input_message_buffer->value, input_message_buffer->length);
- p[input_message_buffer->length] = 1; /* PADDING */
+ /* only add padding when GSS_C_DCE_STYLE is not in use */
+ if (!(context_handle->flags & GSS_C_DCE_STYLE)) {
+ p[input_message_buffer->length] = 1; /* PADDING */
+ }
ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SEAL,
p0 + 16, 8, /* SGN_CKSUM */
@@ -493,7 +500,7 @@
u_char *p, *p0;
int cmp;
int conf_flag;
- size_t padlen;
+ size_t padlen = 0;
if (conf_state)
*conf_state = 0;
@@ -504,10 +511,10 @@
len = input_message_buffer->length;
/* if we have GSS_C_DCE_STYLE in use, we only need to decapsulate the WRAP token */
if (context_handle->flags & GSS_C_DCE_STYLE) {
- if (input_message_buffer->length < 45) {
+ if (input_message_buffer->length < (GSS_ARCFOUR_WRAP_TOKEN_OFFSET+GSS_ARCFOUR_WRAP_TOKEN_SIZE)) {
return GSS_S_BAD_MECH;
}
- len = 45;
+ len = GSS_ARCFOUR_WRAP_TOKEN_OFFSET+GSS_ARCFOUR_WRAP_TOKEN_SIZE;
}
omret = _gssapi_verify_mech_header(&p0,
len,
@@ -610,13 +617,15 @@
}
memset(k6_data, 0, sizeof(k6_data));
- ret = _gssapi_verify_pad(output_message_buffer, datalen, &padlen);
- if (ret) {
- gss_release_buffer(minor_status, output_message_buffer);
- *minor_status = 0;
- return ret;
+ if (!(context_handle->flags & GSS_C_DCE_STYLE)) {
+ ret = _gssapi_verify_pad(output_message_buffer, datalen, &padlen);
+ if (ret) {
+ gss_release_buffer(minor_status, output_message_buffer);
+ *minor_status = 0;
+ return ret;
+ }
+ output_message_buffer->length -= padlen;
}
- output_message_buffer->length -= padlen;
ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SEAL,
cksum_data, sizeof(cksum_data),
Modified: branches/tmp/heimdal-gssapi/lib/gssapi/arcfour.h
===================================================================
--- branches/tmp/heimdal-gssapi/lib/gssapi/arcfour.h 2005-03-01 18:58:11 UTC (rev 240)
+++ branches/tmp/heimdal-gssapi/lib/gssapi/arcfour.h 2005-03-07 14:01:29 UTC (rev 241)
@@ -37,6 +37,7 @@
#define GSSAPI_ARCFOUR_H_ 1
#define GSS_ARCFOUR_WRAP_TOKEN_SIZE 32
+#define GSS_ARCFOUR_WRAP_TOKEN_OFFSET 13
OM_uint32 _gssapi_wrap_arcfour(OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
More information about the samba-cvs
mailing list