svn commit: lorikeet r242 - in
branches/tmp/heimdal-gssapi/lib/gssapi: .
metze at samba.org
metze at samba.org
Mon Mar 7 14:04:55 GMT 2005
Author: metze
Date: 2005-03-07 14:04:55 +0000 (Mon, 07 Mar 2005)
New Revision: 242
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=242
Log:
- use better names for the state machine states
- fix the sequence numbers for GSS_C_DCE_STYLE
(this was missing in the last commit)
metze
Modified:
branches/tmp/heimdal-gssapi/lib/gssapi/gssapi_locl.h
branches/tmp/heimdal-gssapi/lib/gssapi/init_sec_context.c
Changeset:
Modified: branches/tmp/heimdal-gssapi/lib/gssapi/gssapi_locl.h
===================================================================
--- branches/tmp/heimdal-gssapi/lib/gssapi/gssapi_locl.h 2005-03-07 14:01:29 UTC (rev 241)
+++ branches/tmp/heimdal-gssapi/lib/gssapi/gssapi_locl.h 2005-03-07 14:04:55 UTC (rev 242)
@@ -58,8 +58,9 @@
typedef struct gss_ctx_id_t_desc_struct {
struct krb5_auth_context_data *auth_context;
gss_name_t source, target;
- enum {LOCAL_START = 1, LOCAL_WAIT_FOR_MUTAL = 2, LOCAL_READY= 3,
- REMOTE_START = 11, REMOTE_WAIT_FOR_DCESTYLE = 12, REMOTE_READY = 13
+ enum gss_ctx_id_t_state {
+ INITIATOR_START = 1, INITIATOR_WAIT_FOR_MUTAL = 2, INITIATOR_READY= 3,
+ ACCEPTOR_START = 11, ACCEPTOR_WAIT_FOR_DCESTYLE = 12, ACCEPTOR_READY = 13
} state;
OM_uint32 flags;
enum {LOCAL = 1,
Modified: branches/tmp/heimdal-gssapi/lib/gssapi/init_sec_context.c
===================================================================
--- branches/tmp/heimdal-gssapi/lib/gssapi/init_sec_context.c 2005-03-07 14:01:29 UTC (rev 241)
+++ branches/tmp/heimdal-gssapi/lib/gssapi/init_sec_context.c 2005-03-07 14:04:55 UTC (rev 242)
@@ -101,18 +101,9 @@
static OM_uint32
gsskrb5_create_ctx(
OM_uint32 * minor_status,
- const gss_cred_id_t initiator_cred_handle,
gss_ctx_id_t * context_handle,
- const gss_name_t target_name,
- const gss_OID mech_type,
- OM_uint32 req_flags,
- OM_uint32 time_req,
const gss_channel_bindings_t input_chan_bindings,
- const gss_buffer_t input_token,
- gss_OID * actual_mech_type,
- gss_buffer_t output_token,
- OM_uint32 * ret_flags,
- OM_uint32 * time_rec)
+ enum gss_ctx_id_t_state state)
{
krb5_error_code kret;
@@ -124,7 +115,7 @@
(*context_handle)->auth_context = NULL;
(*context_handle)->source = NULL;
(*context_handle)->target = NULL;
- (*context_handle)->state = LOCAL_START;
+ (*context_handle)->state = state;
(*context_handle)->flags = 0;
(*context_handle)->more_flags = 0;
(*context_handle)->ticket = NULL;
@@ -274,7 +265,7 @@
seq_number, 0, is_cfx);
if (ret) return ret;
- (*context_handle)->state = LOCAL_READY;
+ (*context_handle)->state = INITIATOR_READY;
(*context_handle)->more_flags |= OPEN;
return GSS_S_COMPLETE;
@@ -349,7 +340,7 @@
*/
static OM_uint32
-gsskrb5_local_start(
+gsskrb5_initiator_start(
OM_uint32 * minor_status,
const gss_cred_id_t initiator_cred_handle,
gss_ctx_id_t * context_handle,
@@ -555,7 +546,7 @@
/* We are done if GSS_C_MUTUAL_FLAG is in use */
if (flags & GSS_C_MUTUAL_FLAG) {
- (*context_handle)->state = LOCAL_WAIT_FOR_MUTAL;
+ (*context_handle)->state = INITIATOR_WAIT_FOR_MUTAL;
return GSS_S_CONTINUE_NEEDED;
}
@@ -563,7 +554,7 @@
}
static OM_uint32
-gsskrb5_local_wait_for_mutual(
+gsskrb5_initiator_wait_for_mutual(
OM_uint32 * minor_status,
const gss_cred_id_t initiator_cred_handle,
gss_ctx_id_t * context_handle,
@@ -581,6 +572,8 @@
krb5_error_code kret;
krb5_data inbuf;
u_int32_t flags = (*context_handle)->flags;
+ OM_uint32 l_seq_number;
+ OM_uint32 r_seq_number;
/* We need to decapsulate the AP_REP if GSS_C_DCE_STYLE isn't in use */
{
@@ -635,29 +628,38 @@
return gsskrb5_local_ready(minor_status, context_handle);
}
- /* TODO: do we need to set the seq_number or the subkey here? --metze */
-/* {
- OM_uint32 seq_number;
-
+ /* do we need to set the local seq_number to the remote one just for the krb5_mk_rep(),
+ * and then we need to use the old local seq_number again for the GSS_Wrap() messages
+ */
+ {
kret = krb5_auth_getremoteseqnumber(gssapi_krb5_context,
(*context_handle)->auth_context,
- &seq_number);
+ &r_seq_number);
if (kret) {
gssapi_krb5_set_error_string ();
*minor_status = kret;
return GSS_S_FAILURE;
}
+ kret = krb5_auth_con_getlocalseqnumber(gssapi_krb5_context,
+ (*context_handle)->auth_context,
+ &l_seq_number);
+ if (kret) {
+ gssapi_krb5_set_error_string ();
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
+
kret = krb5_auth_con_setlocalseqnumber(gssapi_krb5_context,
(*context_handle)->auth_context,
- seq_number);
+ r_seq_number);
if (kret) {
gssapi_krb5_set_error_string ();
*minor_status = kret;
return GSS_S_FAILURE;
}
}
-*/
+
/* We need to create an AP_REP */
{
krb5_data outbuf;
@@ -675,6 +677,18 @@
output_token->value = outbuf.data;
}
+ /* We need to reset the local seq_number */
+ {
+ kret = krb5_auth_con_setlocalseqnumber(gssapi_krb5_context,
+ (*context_handle)->auth_context,
+ l_seq_number);
+ if (kret) {
+ gssapi_krb5_set_error_string ();
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
+ }
+
return gsskrb5_local_ready(minor_status, context_handle);
}
@@ -698,18 +712,9 @@
if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) {
ret = gsskrb5_create_ctx(minor_status,
- initiator_cred_handle,
context_handle,
- target_name,
- mech_type,
- req_flags,
- time_req,
- input_chan_bindings,
- input_token,
- actual_mech_type,
- output_token,
- ret_flags,
- time_rec);
+ input_chan_bindings,
+ INITIATOR_START);
if (ret) return ret;
}
@@ -718,35 +723,35 @@
HEIMDAL_MUTEX_lock(&(*context_handle)->ctx_id_mutex);
switch ((*context_handle)->state) {
- case LOCAL_START:
- ret = gsskrb5_local_start(minor_status,
- initiator_cred_handle,
- context_handle,
- target_name,
- mech_type,
- req_flags,
- time_req,
- input_chan_bindings,
- input_token,
- output_token,
- ret_flags,
- time_rec);
+ case INITIATOR_START:
+ ret = gsskrb5_initiator_start(minor_status,
+ initiator_cred_handle,
+ context_handle,
+ target_name,
+ mech_type,
+ req_flags,
+ time_req,
+ input_chan_bindings,
+ input_token,
+ output_token,
+ ret_flags,
+ time_rec);
break;
- case LOCAL_WAIT_FOR_MUTAL:
- ret = gsskrb5_local_wait_for_mutual(minor_status,
- initiator_cred_handle,
- context_handle,
- target_name,
- mech_type,
- req_flags,
- time_req,
- input_chan_bindings,
- input_token,
- output_token,
- ret_flags,
- time_rec);
+ case INITIATOR_WAIT_FOR_MUTAL:
+ ret = gsskrb5_initiator_wait_for_mutual(minor_status,
+ initiator_cred_handle,
+ context_handle,
+ target_name,
+ mech_type,
+ req_flags,
+ time_req,
+ input_chan_bindings,
+ input_token,
+ output_token,
+ ret_flags,
+ time_rec);
break;
- case LOCAL_READY:
+ case INITIATOR_READY:
/* We need to check the liftime */
{
OM_uint32 lifetime_rec;
More information about the samba-cvs
mailing list