svn commit: lorikeet r242 - in branches/tmp/heimdal-gssapi/lib/gssapi: .

Mon Mar 7 14:04:55 GMT 2005

Author: metze
Date: 2005-03-07 14:04:55 +0000 (Mon, 07 Mar 2005)
New Revision: 242

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=242

Log:
- use better names for the state machine states

- fix the sequence numbers for GSS_C_DCE_STYLE
  (this was missing in the last commit)

metze

Modified:
   branches/tmp/heimdal-gssapi/lib/gssapi/gssapi_locl.h
   branches/tmp/heimdal-gssapi/lib/gssapi/init_sec_context.c


Changeset:
Modified: branches/tmp/heimdal-gssapi/lib/gssapi/gssapi_locl.h
===================================================================

--- branches/tmp/heimdal-gssapi/lib/gssapi/gssapi_locl.h	2005-03-07 14:01:29 UTC (rev 241)
+++ branches/tmp/heimdal-gssapi/lib/gssapi/gssapi_locl.h	2005-03-07 14:04:55 UTC (rev 242)
@@ -58,8 +58,9 @@
 typedef struct gss_ctx_id_t_desc_struct {
   struct krb5_auth_context_data *auth_context;
   gss_name_t source, target;
-  enum {LOCAL_START = 1, LOCAL_WAIT_FOR_MUTAL = 2, LOCAL_READY= 3,
-	REMOTE_START = 11, REMOTE_WAIT_FOR_DCESTYLE = 12, REMOTE_READY = 13
+  enum gss_ctx_id_t_state {
+  	INITIATOR_START = 1, INITIATOR_WAIT_FOR_MUTAL = 2, INITIATOR_READY= 3,
+	ACCEPTOR_START = 11, ACCEPTOR_WAIT_FOR_DCESTYLE = 12, ACCEPTOR_READY = 13
   } state;
   OM_uint32 flags;
   enum {LOCAL = 1,

Modified: branches/tmp/heimdal-gssapi/lib/gssapi/init_sec_context.c
===================================================================
--- branches/tmp/heimdal-gssapi/lib/gssapi/init_sec_context.c	2005-03-07 14:01:29 UTC (rev 241)
+++ branches/tmp/heimdal-gssapi/lib/gssapi/init_sec_context.c	2005-03-07 14:04:55 UTC (rev 242)
@@ -101,18 +101,9 @@
 static OM_uint32
 gsskrb5_create_ctx(
 	OM_uint32 * minor_status,
-	const gss_cred_id_t initiator_cred_handle,
 	gss_ctx_id_t * context_handle,
-	const gss_name_t target_name,
-	const gss_OID mech_type,
-	OM_uint32 req_flags,
-	OM_uint32 time_req,
  	const gss_channel_bindings_t input_chan_bindings,
-	const gss_buffer_t input_token,
-	gss_OID * actual_mech_type,
-	gss_buffer_t output_token,
-	OM_uint32 * ret_flags,
-	OM_uint32 * time_rec)
+ 	enum gss_ctx_id_t_state state)
 {
 	krb5_error_code kret;
 
@@ -124,7 +115,7 @@
 	(*context_handle)->auth_context	= NULL;
 	(*context_handle)->source	= NULL;
 	(*context_handle)->target	= NULL;
-	(*context_handle)->state	= LOCAL_START;
+	(*context_handle)->state	= state;
 	(*context_handle)->flags	= 0;
 	(*context_handle)->more_flags	= 0;
 	(*context_handle)->ticket	= NULL;
@@ -274,7 +265,7 @@
 				      seq_number, 0, is_cfx);
 	if (ret) return ret;
 
-	(*context_handle)->state	= LOCAL_READY;
+	(*context_handle)->state	= INITIATOR_READY;
 	(*context_handle)->more_flags	|= OPEN;
 
 	return GSS_S_COMPLETE;
@@ -349,7 +340,7 @@
  */
 
 static OM_uint32
-gsskrb5_local_start(
+gsskrb5_initiator_start(
 	OM_uint32 * minor_status,
 	const gss_cred_id_t initiator_cred_handle,
 	gss_ctx_id_t * context_handle,
@@ -555,7 +546,7 @@
 
 	/* We are done if GSS_C_MUTUAL_FLAG is in use */
 	if (flags & GSS_C_MUTUAL_FLAG) {
-		(*context_handle)->state = LOCAL_WAIT_FOR_MUTAL;
+		(*context_handle)->state = INITIATOR_WAIT_FOR_MUTAL;
 		return GSS_S_CONTINUE_NEEDED;
 	}
 
@@ -563,7 +554,7 @@
 }
 
 static OM_uint32
-gsskrb5_local_wait_for_mutual(
+gsskrb5_initiator_wait_for_mutual(
 	OM_uint32 * minor_status,
 	const gss_cred_id_t initiator_cred_handle,
 	gss_ctx_id_t * context_handle,
@@ -581,6 +572,8 @@
 	krb5_error_code kret;
 	krb5_data inbuf;
 	u_int32_t flags = (*context_handle)->flags;
+	OM_uint32 l_seq_number;
+	OM_uint32 r_seq_number;
 	
 	/* We need to decapsulate the AP_REP if GSS_C_DCE_STYLE isn't in use */
 	{
@@ -635,29 +628,38 @@
 		return gsskrb5_local_ready(minor_status, context_handle);
 	}
 
-	/* TODO: do we need to set the seq_number or the subkey here? --metze */
-/*	{
-		OM_uint32 seq_number;
-
+	/* do we need to set the local seq_number to the remote one just for the krb5_mk_rep(),
+	 * and then we need to use the old local seq_number again for the GSS_Wrap() messages
+	 */
+	{
 		kret = krb5_auth_getremoteseqnumber(gssapi_krb5_context,
 						    (*context_handle)->auth_context,
-						    &seq_number);
+						    &r_seq_number);
 		if (kret) {
 			gssapi_krb5_set_error_string ();
 			*minor_status = kret;
 			return GSS_S_FAILURE;
 		}
 
+		kret = krb5_auth_con_getlocalseqnumber(gssapi_krb5_context,
+						    (*context_handle)->auth_context,
+						    &l_seq_number);
+		if (kret) {
+			gssapi_krb5_set_error_string ();
+			*minor_status = kret;
+			return GSS_S_FAILURE;
+		}
+
 		kret = krb5_auth_con_setlocalseqnumber(gssapi_krb5_context,
 						       (*context_handle)->auth_context,
-						       seq_number);	
+						       r_seq_number);	
 		if (kret) {
 			gssapi_krb5_set_error_string ();
 			*minor_status = kret;
 			return GSS_S_FAILURE;
 		}
 	}
-*/
+
 	/* We need to create an AP_REP */ 
 	{
 		krb5_data outbuf;
@@ -675,6 +677,18 @@
 		output_token->value  = outbuf.data;
 	}
 
+	/* We need to reset the local seq_number */
+	{
+		kret = krb5_auth_con_setlocalseqnumber(gssapi_krb5_context,
+						       (*context_handle)->auth_context,
+						       l_seq_number);	
+		if (kret) {
+			gssapi_krb5_set_error_string ();
+			*minor_status = kret;
+			return GSS_S_FAILURE;
+		}	
+	}
+
 	return gsskrb5_local_ready(minor_status, context_handle);
 }
 
@@ -698,18 +712,9 @@
 
 	if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) {
 		ret = gsskrb5_create_ctx(minor_status,
-					 initiator_cred_handle,
 					 context_handle,
-					 target_name,
-					 mech_type,
-					 req_flags,
-					 time_req,
- 					 input_chan_bindings,
-					 input_token,
-					 actual_mech_type,
-					 output_token,
-					 ret_flags,
-					 time_rec);
+					 input_chan_bindings,
+					 INITIATOR_START);
 		if (ret) return ret;
 	}
 
@@ -718,35 +723,35 @@
 	HEIMDAL_MUTEX_lock(&(*context_handle)->ctx_id_mutex);
 
 	switch ((*context_handle)->state) {
-	case LOCAL_START:
-		ret = gsskrb5_local_start(minor_status,
-					  initiator_cred_handle,
-					  context_handle,
-					  target_name,
-					  mech_type,
-					  req_flags,
-					  time_req,
-					  input_chan_bindings,
-					  input_token,
-					  output_token,
-					  ret_flags,
-					  time_rec);
+	case INITIATOR_START:
+		ret = gsskrb5_initiator_start(minor_status,
+					      initiator_cred_handle,
+					      context_handle,
+					      target_name,
+					      mech_type,
+					      req_flags,
+					      time_req,
+					      input_chan_bindings,
+					      input_token,
+					      output_token,
+					      ret_flags,
+					      time_rec);
 		break;
-	case LOCAL_WAIT_FOR_MUTAL:
-		ret = gsskrb5_local_wait_for_mutual(minor_status,
-						    initiator_cred_handle,
-						    context_handle,
-						    target_name,
-						    mech_type,
-						    req_flags,
-						    time_req,
-						    input_chan_bindings,
-						    input_token,
-						    output_token,
-						    ret_flags,
-						    time_rec);
+	case INITIATOR_WAIT_FOR_MUTAL:
+		ret = gsskrb5_initiator_wait_for_mutual(minor_status,
+							initiator_cred_handle,
+							context_handle,
+							target_name,
+							mech_type,
+							req_flags,
+							time_req,
+							input_chan_bindings,
+							input_token,
+							output_token,
+							ret_flags,
+							time_rec);
 		break;
-	case LOCAL_READY:
+	case INITIATOR_READY:
 		/* We need to check the liftime */
 		{
 			OM_uint32 lifetime_rec;

