← Back to branch summary

~ubuntu-branches/ubuntu/maverick/krb5/maverick

« back to all changes in this revision

Viewing changes to src/lib/gssapi/krb5/set_allowable_enctypes.c

  • Committer: Bazaar Package Importer
  • Author(s): Sam Hartman
  • Date: 2009-05-07 16:16:34 UTC
  • mfrom: (13.1.7 sid)
  • Revision ID: james.westby@ubuntu.com-20090507161634-xqyk0s9na0le4flj
Tags: 1.7dfsg~beta1-4
http://bugs.debian.org/527353
When  decrypting the TGS response fails with the subkey, try with the
session key to work around Heimdal bug, Closes: #527353 

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/lib/gssapi/krb5/set_allowable_enctypes.c
 
1
/* -*- mode: c; indent-tabs-mode: nil -*- */
1
2
/*
2
3
 * lib/gssapi/krb5/set_allowable_enctypes.c
3
4
 *
8
9
 *   require a specific license from the United States Government.
9
10
 *   It is the responsibility of any person or organization contemplating
10
11
 *   export to obtain such a license before exporting.
11
 
 * 
 
12
 *
12
13
 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13
14
 * distribute this software and its documentation for any purpose and
14
15
 * without fee is hereby granted, provided that the above copyright
59
60
#include "gssapi_krb5.h"
60
61
 
61
62
OM_uint32 KRB5_CALLCONV
62
 
gss_krb5int_set_allowable_enctypes(OM_uint32 *minor_status, 
63
 
                                   gss_cred_id_t cred_handle,
64
 
                                   OM_uint32 num_ktypes,
65
 
                                   krb5_enctype *ktypes)
 
63
gss_krb5int_set_allowable_enctypes(OM_uint32 *minor_status,
 
64
                                   gss_cred_id_t cred_handle,
 
65
                                   const gss_OID desired_oid,
 
66
                                   const gss_buffer_t value)
66
67
{
67
 
    int i;
 
68
    unsigned int i;
68
69
    krb5_enctype * new_ktypes;
69
70
    OM_uint32 major_status;
70
71
    krb5_gss_cred_id_t cred;
71
72
    krb5_error_code kerr = 0;
72
73
    OM_uint32 temp_status;
 
74
    struct krb5_gss_set_allowable_enctypes_req *req;
73
75
 
74
76
    /* Assume a failure */
75
77
    *minor_status = 0;
76
78
    major_status = GSS_S_FAILURE;
77
79
 
 
80
    assert(value->length == sizeof(*req));
 
81
    req = (struct krb5_gss_set_allowable_enctypes_req *)value->value;
 
82
 
78
83
    /* verify and valildate cred handle */
79
84
    if (cred_handle == GSS_C_NO_CREDENTIAL) {
80
 
        kerr = KRB5_NOCREDS_SUPPLIED;
81
 
        goto error_out;
 
85
        kerr = KRB5_NOCREDS_SUPPLIED;
 
86
        goto error_out;
82
87
    }
83
88
    major_status = krb5_gss_validate_cred(&temp_status, cred_handle);
84
89
    if (GSS_ERROR(major_status)) {
85
 
        kerr = temp_status;
86
 
        goto error_out;
 
90
        kerr = temp_status;
 
91
        goto error_out;
87
92
    }
88
93
    cred = (krb5_gss_cred_id_t) cred_handle;
89
94
 
90
 
    if (ktypes) {
91
 
        for (i = 0; i < num_ktypes && ktypes[i]; i++) {
92
 
            if (!krb5_c_valid_enctype(ktypes[i])) {
93
 
                kerr = KRB5_PROG_ETYPE_NOSUPP;
94
 
                goto error_out;
95
 
            }
96
 
        }
 
95
    if (req->ktypes) {
 
96
        for (i = 0; i < req->num_ktypes && req->ktypes[i]; i++) {
 
97
            if (!krb5_c_valid_enctype(req->ktypes[i])) {
 
98
                kerr = KRB5_PROG_ETYPE_NOSUPP;
 
99
                goto error_out;
 
100
            }
 
101
        }
97
102
    } else {
98
 
        kerr = k5_mutex_lock(&cred->lock);
99
 
        if (kerr)
100
 
            goto error_out;
101
 
        if (cred->req_enctypes)
102
 
            free(cred->req_enctypes);
103
 
        cred->req_enctypes = NULL;
104
 
        k5_mutex_unlock(&cred->lock);
105
 
        return GSS_S_COMPLETE;
 
103
        kerr = k5_mutex_lock(&cred->lock);
 
104
        if (kerr)
 
105
            goto error_out;
 
106
        if (cred->req_enctypes)
 
107
            free(cred->req_enctypes);
 
108
        cred->req_enctypes = NULL;
 
109
        k5_mutex_unlock(&cred->lock);
 
110
        return GSS_S_COMPLETE;
106
111
    }
107
112
 
108
113
    /* Copy the requested ktypes into the cred structure */
109
114
    if ((new_ktypes = (krb5_enctype *)malloc(sizeof(krb5_enctype) * (i + 1)))) {
110
 
        memcpy(new_ktypes, ktypes, sizeof(krb5_enctype) * i);
111
 
        new_ktypes[i] = 0;      /* "null-terminate" the list */
 
115
        memcpy(new_ktypes, req->ktypes, sizeof(krb5_enctype) * i);
 
116
        new_ktypes[i] = 0;      /* "null-terminate" the list */
112
117
    }
113
118
    else {
114
 
        kerr = ENOMEM;
115
 
        goto error_out;
 
119
        kerr = ENOMEM;
 
120
        goto error_out;
116
121
    }
117
122
    kerr = k5_mutex_lock(&cred->lock);
118
123
    if (kerr) {
119
 
        free(new_ktypes);
120
 
        goto error_out;
 
124
        free(new_ktypes);
 
125
        goto error_out;
121
126
    }
122
127
    if (cred->req_enctypes)
123
 
        free(cred->req_enctypes);
 
128
        free(cred->req_enctypes);
124
129
    cred->req_enctypes = new_ktypes;
125
130
    k5_mutex_unlock(&cred->lock);
126
131