DCE_STYLE and sequence numbers

Stefan (metze) Metzmacher metze at samba.org
Fri Jul 25 06:11:18 GMT 2008


Andrew Bartlett schrieb:
> Looking into our DCE_STYLE patch, I wonder if this, from lib/gssapi/krb5/accept_sec_context.c is correct:
> 
>     if (req_flags & GSS_C_DCE_STYLE) {
> 	int32_t con_flags;
> 	krb5_data outbuf;
> 
> 	/* Do don't do sequence number for the mk-rep */
> 	krb5_auth_con_removeflags(context,
> 				  ctx->auth_context,
> 				  KRB5_AUTH_CONTEXT_DO_SEQUENCE,
> 				  &con_flags);
> 
> 	kret = krb5_mk_rep(context,
> 			   ctx->auth_context,
> 			   &outbuf);
> 	if (kret) {
> 	    *minor_status = kret;
> 	    return GSS_S_FAILURE;
> 	}
> 	
> 	output_token->length = outbuf.length;
> 	output_token->value  = outbuf.data;
> 
> 	krb5_auth_con_removeflags(context,
> 				  ctx->auth_context,
> 				  KRB5_AUTH_CONTEXT_DO_SEQUENCE,
> 				  NULL);
>     }

I also noticed that...but as it still worked with arcfour-hmac-md5
I was happy.

I think it was correct in my original patch...

metze


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20080725/64955459/signature.bin


More information about the samba-technical mailing list