[1344] in Kerberos_V5_Development

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

oh yeah, the diffs

daemon@ATHENA.MIT.EDU (Marc Horowitz)
Fri Jun 21 00:04:35 1996

To: krbdev@MIT.EDU
Date: Fri, 21 Jun 1996 00:04:28 EDT
From: Marc Horowitz <marc@MIT.EDU>

Index: generic/util_token.c
===================================================================
RCS file: /mit/krb5/.cvsroot/src/lib/gssapi/generic/util_token.c,v
retrieving revision 1.9.2.2
retrieving revision 1.9.2.3
diff -c -r1.9.2.2 -r1.9.2.3
*** 1.9.2.2	1996/06/21 02:17:37
--- 1.9.2.3	1996/06/21 03:55:35
***************
*** 24,30 ****
  #include <memory.h>
  
  /*
!  * $Id: util_token.c,v 1.9.2.2 1996/06/21 02:17:37 marc Exp $
   */
  
  /* XXXX this code currently makes the assumption that a mech oid will
--- 24,30 ----
  #include <memory.h>
  
  /*
!  * $Id: util_token.c,v 1.9.2.3 1996/06/21 03:55:35 marc Exp $
   */
  
  /* XXXX this code currently makes the assumption that a mech oid will
***************
*** 199,204 ****
--- 199,207 ----
     if (! g_OID_equal(&toid, mech)) 
        ret = G_WRONG_MECH;
   
+    /* G_WRONG_MECH is not returned immediately because it's more important
+       to return G_BAD_TOK_HEADER if the token header is in fact bad */
+ 
     if ((toksize-=2) < 0)
        return(G_BAD_TOK_HEADER);
  
***************
*** 206,212 ****
         (*buf++ != (tok_type&0xff)))
        return(G_BAD_TOK_HEADER);
  
-    /* Why is G_WRONG_MECH the only case that does not return immediately? */
     if (!ret) {
  	*buf_in = buf;
  	*body_size = toksize;
--- 209,214 ----
Index: krb5/ChangeLog
===================================================================
RCS file: /mit/krb5/.cvsroot/src/lib/gssapi/krb5/ChangeLog,v
retrieving revision 1.68.2.4
retrieving revision 1.68.2.9
diff -c -r1.68.2.4 -r1.68.2.9
*** 1.68.2.4	1996/05/12 04:58:46
--- 1.68.2.9	1996/06/21 03:53:00
***************
*** 1,3 ****
--- 1,32 ----
+ Thu Jun 20 23:15:57 1996  Marc Horowitz  <marc@mit.edu>
+ 
+ 	* ser_sctx.c (kg_oid_size, kg_ctx_size): pull the oid-related code
+  	out of kg_ctx_size into kg_oid_size.
+ 	
+ 	* k5unseal.c (kg_unseal), k5seal.c (make_seal_token): == cannot be
+  	used to compare oid's.  The g_OID_equal macro must be used.
+ 
+ 	* init_sec_context.c (make_ap_req, krb5_gss_init_sec_context): -
+  	gss_init_sec_context should use the mech set in the credential.
+   	If the default mech is requested, but the old mech oid was
+  	explicitly passed to gss_acquire_cred, then the context should be
+  	the old mech, otherwise, the new mech.  If a mech was requested
+  	explicitly, then the code should insure that the credential is
+  	compatible.
+ 
+ 	* acquire_cred.c (krb5_gss_acquire_cred), gssapiP_krb5.h (struct
+  	_krb5_gss_cred_it_rec), gssapi_krb5.c (gss_mech_set_krb5*),
+  	inq_cred.c (krb5_gss_inquire_cred): gss_acquire_cred needs to be
+  	able to deal with both mech oid's.  It should return in
+  	actual_mechs the intersection of the set passed in and the
+  	{old,new} mechs, or if the default was requested, it should return
+  	both mech oid's.  This state should be stored in the credential
+  	handle, and regurgitated by gss_inquire_cred.
+ 
+ 	* accept_sec_context.c (krb5_gss_accept_sec_context): make sure
+  	that the oid in the token is compatible with the mechanisms
+  	specified by the credential.
+ 
  Sun May 12 00:54:35 1996  Marc Horowitz  <marc@mit.edu>
  
  	* util_crypt.c (kg_encrypt): It used to be that krb5_encrypt could
Index: krb5/accept_sec_context.c
===================================================================
RCS file: /mit/krb5/.cvsroot/src/lib/gssapi/krb5/accept_sec_context.c,v
retrieving revision 1.28.2.4
retrieving revision 1.28.2.5
diff -c -r1.28.2.4 -r1.28.2.5
*** 1.28.2.4	1996/06/21 01:56:12
--- 1.28.2.5	1996/06/21 03:18:53
***************
*** 24,30 ****
  #include <memory.h>
  
  /*
!  * $Id: accept_sec_context.c,v 1.28.2.4 1996/06/21 01:56:12 marc Exp $
   */
  
  #if 0
--- 24,30 ----
  #include <memory.h>
  
  /*
!  * $Id: accept_sec_context.c,v 1.28.2.5 1996/06/21 03:18:53 marc Exp $
   */
  
  #if 0
***************
*** 177,183 ****
        return(GSS_S_NO_CRED);
     }
  
!    /* verify the token's integrity, and leave the token in ap_req */
  
     ptr = (unsigned char *) input_token->value;
  
--- 177,184 ----
        return(GSS_S_NO_CRED);
     }
  
!    /* verify the token's integrity, and leave the token in ap_req.
!       figure out which mech oid was used, and save it */
  
     ptr = (unsigned char *) input_token->value;
  
***************
*** 198,207 ****
  					 input_token->length))) {
  	     *minor_status = err;
  	     return(GSS_S_DEFECTIVE_TOKEN);
! 	} else
  	     mech_used = gss_mech_krb5_old;
!    } else
  	mech_used = gss_mech_krb5;
  
     sptr = (char *) ptr;
     TREAD_STR(sptr, ap_req.data, ap_req.length);
--- 199,220 ----
  					 input_token->length))) {
  	     *minor_status = err;
  	     return(GSS_S_DEFECTIVE_TOKEN);
! 	} else {
! 	     if (! cred->prerfc_mech) {
! 		  *minor_error = G_WRONG_MECH;
! 		  return(GSS_S_DEFECTIVE_TOKEN);
! 	     }
! 
  	     mech_used = gss_mech_krb5_old;
! 	}
!    } else {
! 	if (! cred->rfc_mech) {
! 	     *minor_error = G_WRONG_MECH;
! 	     return(GSS_S_DEFECTIVE_TOKEN);
! 	}
! 
  	mech_used = gss_mech_krb5;
+    }
  
     sptr = (char *) ptr;
     TREAD_STR(sptr, ap_req.data, ap_req.length);
Index: krb5/acquire_cred.c
===================================================================
RCS file: /mit/krb5/.cvsroot/src/lib/gssapi/krb5/acquire_cred.c,v
retrieving revision 1.13.2.2
retrieving revision 1.13.2.3
diff -c -r1.13.2.2 -r1.13.2.3
*** 1.13.2.2	1996/04/18 01:38:50
--- 1.13.2.3	1996/06/21 03:23:17
***************
*** 28,34 ****
  #endif
  
  /*
!  * $Id: acquire_cred.c,v 1.13.2.2 1996/04/18 01:38:50 marc Exp $
   */
  
  /* get credentials corresponding to a key in the krb5 keytab.
--- 28,34 ----
  #endif
  
  /*
!  * $Id: acquire_cred.c,v 1.13.2.3 1996/06/21 03:23:17 marc Exp $
   */
  
  /* get credentials corresponding to a key in the krb5 keytab.
***************
*** 267,273 ****
     krb5_context context;
     size_t i;
     krb5_gss_cred_id_t cred;
!    gss_OID_set mechs;
     OM_uint32 ret;
     krb5_error_code code;
  
--- 267,274 ----
     krb5_context context;
     size_t i;
     krb5_gss_cred_id_t cred;
!    gss_OID_set valid_mechs, ret_mechs;
!    int req_old, req_new;
     OM_uint32 ret;
     krb5_error_code code;
  
***************
*** 294,304 ****
     /* verify that the requested mechanism set is the default, or
        contains krb5 */
  
!    if (desired_mechs != GSS_C_NULL_OID_SET) {
!       for (i=0; i<desired_mechs->count; i++)
  	 if (g_OID_equal(gss_mech_krb5, &(desired_mechs->elements[i])))
! 	    break;
!       if (i == desired_mechs->count) {
  	 *minor_status = 0;
  	 return(GSS_S_BAD_MECH);
        }
--- 295,320 ----
     /* verify that the requested mechanism set is the default, or
        contains krb5 */
  
!    if (desired_mechs == GSS_C_NULL_OID_SET) {
!       valid_mechs = gss_mech_set_krb5_both;
!    } else {
!       req_old = 0;
!       req_new = 0;
! 
!       for (i=0; i<desired_mechs->count; i++) {
! 	 if (g_OID_equal(gss_mech_krb5_old, &(desired_mechs->elements[i])))
! 	    req_old++;
  	 if (g_OID_equal(gss_mech_krb5, &(desired_mechs->elements[i])))
! 	    req_new++;
!       }
! 
!       if (req_old && req_new) {
! 	 valid_mechs = gss_mech_set_krb5_both;
!       } else if (req_old) {
! 	 valid_mechs = gss_mech_set_krb5_old;
!       } else if (req_new) {
! 	 valid_mechs = gss_mech_set_krb5;
!       } else {
  	 *minor_status = 0;
  	 return(GSS_S_BAD_MECH);
        }
***************
*** 315,320 ****
--- 331,339 ----
  
     cred->usage = cred_usage;
     cred->princ = NULL;
+    cred->actual_mechs = valid_mechs;
+    cred->prerfc_mech = req_old;
+    cred->rfc_mech = req_new;
  
     cred->keytab = NULL;
     cred->ccache = NULL;
***************
*** 405,411 ****
     /* create mechs */
  
     if (actual_mechs) {
!       if (! g_copy_OID_set(gss_mech_set_krb5, &mechs)) {
  	 if (cred->ccache)
  	    (void)krb5_cc_close(context, cred->ccache);
  	 if (cred->keytab)
--- 424,430 ----
     /* create mechs */
  
     if (actual_mechs) {
!       if (! g_copy_OID_set(cred->actual_mechs, &ret_mechs)) {
  	 if (cred->ccache)
  	    (void)krb5_cc_close(context, cred->ccache);
  	 if (cred->keytab)
***************
*** 421,428 ****
     /* intern the credential handle */
  
     if (! kg_save_cred_id((gss_cred_id_t) cred)) {
!       free(mechs->elements);
!       free(mechs);
        if (cred->ccache)
  	 (void)krb5_cc_close(context, cred->ccache);
        if (cred->keytab)
--- 440,447 ----
     /* intern the credential handle */
  
     if (! kg_save_cred_id((gss_cred_id_t) cred)) {
!       free(ret_mechs->elements);
!       free(ret_mechs);
        if (cred->ccache)
  	 (void)krb5_cc_close(context, cred->ccache);
        if (cred->keytab)
***************
*** 439,445 ****
     *minor_status = 0;
     *output_cred_handle = (gss_cred_id_t) cred;
     if (actual_mechs)
!       *actual_mechs = mechs;
  
     return(GSS_S_COMPLETE);
  }
--- 458,464 ----
     *minor_status = 0;
     *output_cred_handle = (gss_cred_id_t) cred;
     if (actual_mechs)
!       *actual_mechs = ret_mechs;
  
     return(GSS_S_COMPLETE);
  }
Index: krb5/gssapiP_krb5.h
===================================================================
RCS file: /mit/krb5/.cvsroot/src/lib/gssapi/krb5/gssapiP_krb5.h,v
retrieving revision 1.27.2.4
retrieving revision 1.27.2.5
diff -c -r1.27.2.4 -r1.27.2.5
*** 1.27.2.4	1996/06/21 01:56:15
--- 1.27.2.5	1996/06/21 03:23:19
***************
*** 24,30 ****
  #define _GSSAPIP_KRB5_H_
  
  /*
!  * $Id: gssapiP_krb5.h,v 1.27.2.4 1996/06/21 01:56:15 marc Exp $
   */
  
  #include <krb5.h>
--- 24,30 ----
  #define _GSSAPIP_KRB5_H_
  
  /*
!  * $Id: gssapiP_krb5.h,v 1.27.2.5 1996/06/21 03:23:19 marc Exp $
   */
  
  #include <krb5.h>
***************
*** 77,82 ****
--- 77,85 ----
     /* name/type of credential */
     gss_cred_usage_t usage;
     krb5_principal princ;	/* this is not interned as a gss_name_t */
+    const gss_OID_set_desc *actual_mechs;
+    int prerfc_mech;		/* these are a cache of the set above */
+    int rfc_mech;
  
     /* keytab (accept) data */
     krb5_keytab keytab;
Index: krb5/gssapi_krb5.c
===================================================================
RCS file: /mit/krb5/.cvsroot/src/lib/gssapi/krb5/gssapi_krb5.c,v
retrieving revision 1.12.2.3
retrieving revision 1.12.2.4
diff -c -r1.12.2.3 -r1.12.2.4
*** 1.12.2.3	1996/06/21 01:56:17
--- 1.12.2.4	1996/06/21 03:23:22
***************
*** 21,27 ****
   */
  
  /*
!  * $Id: gssapi_krb5.c,v 1.12.2.3 1996/06/21 01:56:17 marc Exp $
   */
  
  #include "gssapiP_krb5.h"
--- 21,27 ----
   */
  
  /*
!  * $Id: gssapi_krb5.c,v 1.12.2.4 1996/06/21 03:23:22 marc Exp $
   */
  
  #include "gssapiP_krb5.h"
***************
*** 54,76 ****
   */
  
  static const gss_OID_desc oids[] = {
!    /* XXXX this OID is from Ted.  It's not official yet, but it's close. */
     {5, "\053\005\001\005\002"},
     {10, "\052\206\110\206\367\022\001\002\002\001"},
     {10, "\052\206\110\206\367\022\001\002\002\002"},
-    {9, "\052\206\110\206\367\022\001\002\002"},
  };
  
  const gss_OID_desc * const gss_mech_krb5_old = oids+0;
  const gss_OID_desc * const gss_nt_krb5_name = oids+1;
! const gss_OID_desc * const gss_nt_krb5_principal = oids+2;
! const gss_OID_desc * const gss_mech_krb5 = oids+3;
  
  static const gss_OID_set_desc oidsets[] = {
!    {1, (gss_OID) oids},
  };
  
! const gss_OID_set_desc * const gss_mech_set_krb5 = oidsets+0;
  
  void *kg_vdb = NULL;
  
--- 54,81 ----
   */
  
  static const gss_OID_desc oids[] = {
!    /* this is the unofficial, wrong OID */
     {5, "\053\005\001\005\002"},
+    /* this is the official, rfc-specified OID */
+    {9, "\052\206\110\206\367\022\001\002\002"},
     {10, "\052\206\110\206\367\022\001\002\002\001"},
     {10, "\052\206\110\206\367\022\001\002\002\002"},
  };
  
  const gss_OID_desc * const gss_mech_krb5_old = oids+0;
+ const gss_OID_desc * const gss_mech_krb5 = oids+1;
  const gss_OID_desc * const gss_nt_krb5_name = oids+1;
! const gss_OID_desc * const gss_nt_krb5_principal = oids+3;
  
  static const gss_OID_set_desc oidsets[] = {
!    {1, (gss_OID) oids+0},
!    {1, (gss_OID) oids+1},
!    {2, (gss_OID) oids+0},
  };
  
! const gss_OID_set_desc * const gss_mech_set_krb5_old = oidsets+0;
! const gss_OID_set_desc * const gss_mech_set_krb5 = oidsets+1;
! const gss_OID_set_desc * const gss_mech_set_krb5_both = oidsets+2;
  
  void *kg_vdb = NULL;
  
Index: krb5/init_sec_context.c
===================================================================
RCS file: /mit/krb5/.cvsroot/src/lib/gssapi/krb5/init_sec_context.c,v
retrieving revision 1.31.2.4
retrieving revision 1.31.2.5
diff -c -r1.31.2.4 -r1.31.2.5
*** 1.31.2.4	1996/06/21 01:56:21
--- 1.31.2.5	1996/06/21 03:26:02
***************
*** 24,35 ****
  #include <memory.h>
  
  /*
!  * $Id: init_sec_context.c,v 1.31.2.4 1996/06/21 01:56:21 marc Exp $
   */
  
  static krb5_error_code
  make_ap_req(context, auth_context, cred, server, endtime, chan_bindings, 
! 	    req_flags, flags, token)
      krb5_context context;
      krb5_auth_context * auth_context;
      krb5_gss_cred_id_t cred;
--- 24,35 ----
  #include <memory.h>
  
  /*
!  * $Id: init_sec_context.c,v 1.31.2.5 1996/06/21 03:26:02 marc Exp $
   */
  
  static krb5_error_code
  make_ap_req(context, auth_context, cred, server, endtime, chan_bindings, 
! 	    req_flags, flags, mech_type, token)
      krb5_context context;
      krb5_auth_context * auth_context;
      krb5_gss_cred_id_t cred;
***************
*** 38,43 ****
--- 38,44 ----
      gss_channel_bindings_t chan_bindings;
      OM_uint32 req_flags;
      krb5_flags *flags;
+     gss_OID mech_type;
      gss_buffer_t token;
  {
      krb5_flags mk_req_flags = 0;
***************
*** 163,169 ****
     /* build up the token */
  
     /* allocate space for the token */
!    tlen = g_token_size((gss_OID) gss_mech_krb5, ap_req.length);
  
     if ((t = (unsigned char *) xmalloc(tlen)) == NULL) {
        code = ENOMEM;
--- 164,170 ----
     /* build up the token */
  
     /* allocate space for the token */
!    tlen = g_token_size((gss_OID) mech_type, ap_req.length);
  
     if ((t = (unsigned char *) xmalloc(tlen)) == NULL) {
        code = ENOMEM;
***************
*** 174,180 ****
  
     ptr = t;
  
!    g_make_token_header((gss_OID) gss_mech_krb5, ap_req.length,
  		       &ptr, KG_TOK_CTX_AP_REQ);
  
     TWRITE_STR(ptr, (unsigned char *) ap_req.data, ap_req.length);
--- 175,181 ----
  
     ptr = t;
  
!    g_make_token_header((gss_OID) mech_type, ap_req.length,
  		       &ptr, KG_TOK_CTX_AP_REQ);
  
     TWRITE_STR(ptr, (unsigned char *) ap_req.data, ap_req.length);
***************
*** 238,252 ****
     output_token->length = 0;
     output_token->value = NULL;
     if (actual_mech_type)
!       *actual_mech_type = (gss_OID) gss_mech_krb5;
! 
!    /* verify the mech_type */
! 
!    if ((mech_type != GSS_C_NULL_OID) &&
!        (! g_OID_equal(mech_type, gss_mech_krb5))) {
!       *minor_status = 0;
!       return(GSS_S_BAD_MECH);
!    }
  
     /* verify the credential, or use the default */
     /*SUPPRESS 29*/
--- 239,245 ----
     output_token->length = 0;
     output_token->value = NULL;
     if (actual_mech_type)
!       *actual_mech_type = NULL;
  
     /* verify the credential, or use the default */
     /*SUPPRESS 29*/
***************
*** 266,271 ****
--- 259,275 ----
  
     cred = (krb5_gss_cred_id_t) claimant_cred_handle;
  
+    /* verify the mech_type */
+ 
+    if (mech_type == GSS_C_NULL_OID) {
+       mech_type = cred->rfc_mech?gss_mech_krb5:gss_mech_krb5_old;
+    } else if ((g_OID_equal(mech_type, gss_mech_krb5) && !cred->rfc_mech) ||
+ 	      (g_OID_equal(mech_type, gss_mech_krb5_old) &&
+ 	       !cred->prerfc_mech)) {
+       *minor_status = 0;
+       return(GSS_S_BAD_MECH);
+    }
+ 
     /* verify that the target_name is valid and usable */
  
     if (! kg_validate_name(target_name)) {
***************
*** 302,308 ****
  
        /* fill in the ctx */
        memset(ctx, 0, sizeof(krb5_gss_ctx_id_rec));
!       ctx->mech_used = gss_mech_krb5;
        ctx->auth_context = NULL;
        ctx->initiate = 1;
        ctx->mutual = req_flags & GSS_C_MUTUAL_FLAG;
--- 306,312 ----
  
        /* fill in the ctx */
        memset(ctx, 0, sizeof(krb5_gss_ctx_id_rec));
!       ctx->mech_used = mech_type;
        ctx->auth_context = NULL;
        ctx->initiate = 1;
        ctx->mutual = req_flags & GSS_C_MUTUAL_FLAG;
***************
*** 338,344 ****
  
        if ((code = make_ap_req(context, &(ctx->auth_context), cred, 
  			      ctx->there, &ctx->endtime, input_chan_bindings, 
! 			      req_flags, &ctx->flags, &token))) {
  	 krb5_free_principal(context, ctx->here);
  	 krb5_free_principal(context, ctx->there);
  	 xfree(ctx);
--- 342,348 ----
  
        if ((code = make_ap_req(context, &(ctx->auth_context), cred, 
  			      ctx->there, &ctx->endtime, input_chan_bindings, 
! 			      req_flags, &ctx->flags, mech_type, &token))) {
  	 krb5_free_principal(context, ctx->here);
  	 krb5_free_principal(context, ctx->there);
  	 xfree(ctx);
***************
*** 424,429 ****
--- 428,436 ----
        if (ret_flags)
  	 *ret_flags = KG_IMPLFLAGS(req_flags);
  
+       if (actual_mech_type)
+ 	 *actual_mech_type = mech_type;
+ 
        /* return successfully */
  
        *minor_status = 0;
***************
*** 485,491 ****
  
        ptr = (unsigned char *) input_token->value;
  
!       if (err = g_verify_token_header((gss_OID) gss_mech_krb5, &(ap_rep.length),
  				      &ptr, KG_TOK_CTX_AP_REP,
  				      input_token->length)) {
  	 *minor_status = err;
--- 492,498 ----
  
        ptr = (unsigned char *) input_token->value;
  
!       if (err = g_verify_token_header((gss_OID) mech_type, &(ap_rep.length),
  				      &ptr, KG_TOK_CTX_AP_REP,
  				      input_token->length)) {
  	 *minor_status = err;
***************
*** 538,543 ****
--- 545,553 ----
  
        if (ret_flags)
  	 *ret_flags = KG_IMPLFLAGS(req_flags);
+ 
+       if (actual_mech_type)
+ 	 *actual_mech_type = mech_type;
  
        /* success */
  
Index: krb5/inq_cred.c
===================================================================
RCS file: /mit/krb5/.cvsroot/src/lib/gssapi/krb5/inq_cred.c,v
retrieving revision 1.9.2.1
retrieving revision 1.9.2.2
diff -c -r1.9.2.1 -r1.9.2.2
*** 1.9.2.1	1996/04/18 01:39:19
--- 1.9.2.2	1996/06/21 03:23:24
***************
*** 84,90 ****
     }
  
     if (mechanisms)
!       if (! g_copy_OID_set(gss_mech_set_krb5, &mechs)) {
  	 krb5_free_principal(context, ret_name);
  	 *minor_status = ENOMEM;
  	 return(GSS_S_FAILURE);
--- 84,90 ----
     }
  
     if (mechanisms)
!       if (! g_copy_OID_set(cred->actual_mechs, &mechs)) {
  	 krb5_free_principal(context, ret_name);
  	 *minor_status = ENOMEM;
  	 return(GSS_S_FAILURE);
Index: krb5/k5seal.c
===================================================================
RCS file: /mit/krb5/.cvsroot/src/lib/gssapi/krb5/k5seal.c,v
retrieving revision 1.15.6.4
retrieving revision 1.15.6.5
diff -c -r1.15.6.4 -r1.15.6.5
*** 1.15.6.4	1996/06/21 01:56:28
--- 1.15.6.5	1996/06/21 03:27:38
***************
*** 235,241 ****
         xfree(cksum.contents);
  #else
         if (code = kg_encrypt(context, seq_ed,
! 			     (oid == gss_mech_krb5_old ?
  			      seq_ed->key->contents : NULL),
  			     md5cksum.contents, md5cksum.contents, 16)) {
  	  xfree(md5cksum.contents);
--- 235,241 ----
         xfree(cksum.contents);
  #else
         if (code = kg_encrypt(context, seq_ed,
! 			     (g_OID_equal(oid, gss_mech_krb5_old) ?
  			      seq_ed->key->contents : NULL),
  			     md5cksum.contents, md5cksum.contents, 16)) {
  	  xfree(md5cksum.contents);
Index: krb5/k5unseal.c
===================================================================
RCS file: /mit/krb5/.cvsroot/src/lib/gssapi/krb5/k5unseal.c,v
retrieving revision 1.13.6.4
retrieving revision 1.13.6.5
diff -c -r1.13.6.4 -r1.13.6.5
*** 1.13.6.4	1996/06/21 01:56:30
--- 1.13.6.5	1996/06/21 03:27:40
***************
*** 24,30 ****
  #include <memory.h>
  
  /*
!  * $Id: k5unseal.c,v 1.13.6.4 1996/06/21 01:56:30 marc Exp $
   */
  
  /* message_buffer is an input if SIGN, output if SEAL, and ignored if DEL_CTX
--- 24,30 ----
  #include <memory.h>
  
  /*
!  * $Id: k5unseal.c,v 1.13.6.5 1996/06/21 03:27:40 marc Exp $
   */
  
  /* message_buffer is an input if SIGN, output if SEAL, and ignored if DEL_CTX
***************
*** 286,293 ****
        xfree(cksum.contents);
  #else
        if (code = kg_encrypt(context, &ctx->seq,
! 			    (ctx->mech_used == gss_mech_krb5 ?
! 			     NULL : ctx->seq.key->contents),
  			    md5cksum.contents, md5cksum.contents, 16)) {
  	 xfree(md5cksum.contents);
  	 if (toktype == KG_TOK_SEAL_MSG)
--- 286,293 ----
        xfree(cksum.contents);
  #else
        if (code = kg_encrypt(context, &ctx->seq,
! 			    (g_OID_equal(ctx->mech_used, gss_mech_krb5_old) ?
! 			     ctx->seq.key->contents : NULL),
  			    md5cksum.contents, md5cksum.contents, 16)) {
  	 xfree(md5cksum.contents);
  	 if (toktype == KG_TOK_SEAL_MSG)
Index: krb5/ser_sctx.c
===================================================================
RCS file: /mit/krb5/.cvsroot/src/lib/gssapi/krb5/ser_sctx.c,v
retrieving revision 1.3.6.4
retrieving revision 1.3.6.5
diff -c -r1.3.6.4 -r1.3.6.5
*** 1.3.6.4	1996/06/21 01:56:34
--- 1.3.6.5	1996/06/21 03:52:42
***************
*** 225,230 ****
--- 225,288 ----
      return(kret);
  }
  
+ static krb5_error_code
+ kg_oid_externalize(kcontext, arg, buffer, lenremain)
+     krb5_context	kcontext;
+     krb5_pointer	arg;
+     krb5_octet		**buffer;
+     size_t		*lenremain;
+ {
+      gss_OID oid = (gss_OID) arg;
+      
+      (void) krb5_ser_pack_int32((krb5_int32) oid->length,
+ 				buffer, lenremain);
+      (void) krb5_ser_pack_bytes((krb5_octet *) oid->elements,
+ 				oid->length, buffer, lenremain);
+ }
+ 
+ static krb5_error_code
+ kg_oid_internalize(kcontext, argp, buffer, lenremain)
+     krb5_context	kcontext;
+     krb5_pointer	*argp;
+     krb5_octet		**buffer;
+     size_t		*lenremain;
+ {
+      gss_OID oid;
+      krb5_int32 ibuf;
+ 
+      oid = (gss_OID) malloc(sizeof(gss_OID_desc));
+      if (oid == NULL)
+ 	  return ENOMEM;
+      (void) krb5_ser_unpack_int32(&ibuf, buffer, lenremain);
+      oid->length = ibuf;
+      (void) krb5_ser_unpack_bytes((krb5_octet *) oid->elements,
+ 				  oid->length, buffer, lenremain);
+      return 0;
+ }
+ 
+ krb5_error_code
+ kg_oid_size(kcontext, arg, sizep)
+     krb5_context	kcontext;
+     krb5_pointer	arg;
+     size_t		*sizep;
+ {
+    krb5_error_code kret;
+    gss_OID oid;
+    size_t required;
+ 
+    kret = EINVAL;
+    if ((oid = (gss_OID) arg)) {
+       required = sizeof(krb5_int32);
+       required += oid->length;
+ 
+       kret = 0;
+ 
+       *sizep += required;
+    }
+ 
+    return(kret);
+ }
+ 
  /*
   * Determine the size required for this krb5_gss_ctx_id_rec.
   */
***************
*** 255,268 ****
       *	krb5_int32	for established.
       *	krb5_int32	for big_endian.
       *	krb5_int32	for trailer.
-      *  OM_uint32	for length of mech_used
-      *  length(mech_used) for mech_used
       */
      kret = EINVAL;
      if ((ctx = (krb5_gss_ctx_id_rec *) arg)) {
! 	required = 15*sizeof(krb5_int32);
  	required += sizeof(ctx->seed);
- 	required += ctx->mech_used->length;
  
  	kret = 0;
  	if (!kret && ctx->here)
--- 313,323 ----
       *	krb5_int32	for established.
       *	krb5_int32	for big_endian.
       *	krb5_int32	for trailer.
       */
      kret = EINVAL;
      if ((ctx = (krb5_gss_ctx_id_rec *) arg)) {
! 	required = 14*sizeof(krb5_int32);
  	required += sizeof(ctx->seed);
  
  	kret = 0;
  	if (!kret && ctx->here)
***************
*** 294,336 ****
  				    &required);
  
  	if (!kret)
  	    *sizep += required;
      }
      return(kret);
- }
- 
- static krb5_error_code kg_oid_externalize(kcontext, arg, buffer, lenremain)
-     krb5_context	kcontext;
-     krb5_pointer	arg;
-     krb5_octet		**buffer;
-     size_t		*lenremain;
- {
-      gss_OID oid = (gss_OID) arg;
-      
-      (void) krb5_ser_pack_int32((krb5_int32) oid->length,
- 				buffer, lenremain);
-      (void) krb5_ser_pack_bytes((krb5_octet *) oid->elements,
- 				oid->length, buffer, lenremain);
- }
- 
- static krb5_error_code
- kg_oid_internalize(kcontext, argp, buffer, lenremain)
-     krb5_context	kcontext;
-     krb5_pointer	*argp;
-     krb5_octet		**buffer;
-     size_t		*lenremain;
- {
-      gss_OID oid;
-      krb5_int32 ibuf;
- 
-      oid = (gss_OID) malloc(sizeof(gss_OID_desc));
-      if (oid == NULL)
- 	  return ENOMEM;
-      (void) krb5_ser_unpack_int32(&ibuf, buffer, lenremain);
-      oid->length = ibuf;
-      (void) krb5_ser_unpack_bytes((krb5_octet *) oid->elements,
- 				  oid->length, buffer, lenremain);
-      return 0;
  }
  
  /*
--- 349,362 ----
  				    &required);
  
  	if (!kret)
+ 	    kret = kg_oid_size(kcontext,
+ 			       (krb5_pointer) ctx->mech_used,
+ 			       &required);
+ 
+ 	if (!kret)
  	    *sizep += required;
      }
      return(kret);
  }
  
  /*

home	help	back	first	fref	pref	prev	next	nref	lref	last	post