← Back to branch summary

~ubuntu-branches/ubuntu/maverick/krb5/maverick

« back to all changes in this revision

Viewing changes to src/lib/gssapi/mechglue/g_seal.c

  • Committer: Bazaar Package Importer
  • Author(s): Sam Hartman
  • Date: 2009-05-07 16:16:34 UTC
  • mfrom: (13.1.7 sid)
  • Revision ID: james.westby@ubuntu.com-20090507161634-xqyk0s9na0le4flj
Tags: 1.7dfsg~beta1-4
http://bugs.debian.org/527353
When  decrypting the TGS response fails with the subkey, try with the
session key to work around Heimdal bug, Closes: #527353 

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/lib/gssapi/mechglue/g_seal.c
23
23
 */
24
24
 
25
25
/*
26
 
 *  glue routine for gss_seal
 
26
 *  glue routine for gss_wrap
27
27
 */
28
28
 
29
29
#include "mglueP.h"
30
30
 
31
31
static OM_uint32
32
 
val_seal_args(
 
32
val_wrap_args(
33
33
    OM_uint32 *minor_status,
34
34
    gss_ctx_id_t context_handle,
35
35
    int conf_req_flag,
36
 
    int qop_req,
 
36
    gss_qop_t qop_req,
37
37
    gss_buffer_t input_message_buffer,
38
38
    int *conf_state,
39
39
    gss_buffer_t output_message_buffer)
66
66
    return (GSS_S_COMPLETE);
67
67
}
68
68
 
69
 
 
70
69
OM_uint32 KRB5_CALLCONV
71
 
gss_seal (minor_status,
 
70
gss_wrap (minor_status,
72
71
          context_handle,
73
72
          conf_req_flag,
74
73
          qop_req,
79
78
OM_uint32 *             minor_status;
80
79
gss_ctx_id_t            context_handle;
81
80
int                     conf_req_flag;
82
 
int                     qop_req;
 
81
gss_qop_t               qop_req;
83
82
gss_buffer_t            input_message_buffer;
84
83
int *                   conf_state;
85
84
gss_buffer_t            output_message_buffer;
90
89
    gss_union_ctx_id_t  ctx;
91
90
    gss_mechanism       mech;
92
91
 
93
 
    status = val_seal_args(minor_status, context_handle,
 
92
    status = val_wrap_args(minor_status, context_handle,
94
93
                           conf_req_flag, qop_req,
95
94
                           input_message_buffer, conf_state,
96
95
                           output_message_buffer);
106
105
    mech = gssint_get_mechanism (ctx->mech_type);
107
106
    
108
107
    if (mech) {
109
 
        if (mech->gss_seal)
110
 
            status = mech->gss_seal(
111
 
                                    mech->context,
 
108
        if (mech->gss_wrap) {
 
109
            status = mech->gss_wrap(
112
110
                                    minor_status,
113
111
                                    ctx->internal_ctx_id,
114
112
                                    conf_req_flag,
116
114
                                    input_message_buffer,
117
115
                                    conf_state,
118
116
                                    output_message_buffer);
119
 
        else
 
117
            if (status != GSS_S_COMPLETE)
 
118
                map_error(minor_status, mech);
 
119
        } else if (mech->gss_wrap_aead ||
 
120
                   (mech->gss_wrap_iov && mech->gss_wrap_iov_length)) {
 
121
            status = gssint_wrap_aead(mech,
 
122
                                      minor_status,
 
123
                                      ctx,
 
124
                                      conf_req_flag,
 
125
                                      (gss_qop_t)qop_req,
 
126
                                      GSS_C_NO_BUFFER,
 
127
                                      input_message_buffer,
 
128
                                      conf_state,
 
129
                                      output_message_buffer);
 
130
        } else
120
131
            status = GSS_S_UNAVAILABLE;
121
 
        
 
132
 
122
133
        return(status);
123
134
    }
124
135
 /* EXPORT DELETE END */
127
138
}
128
139
 
129
140
OM_uint32 KRB5_CALLCONV
130
 
gss_wrap (minor_status,
 
141
gss_seal (minor_status,
131
142
          context_handle,
132
143
          conf_req_flag,
133
144
          qop_req,
138
149
OM_uint32 *             minor_status;
139
150
gss_ctx_id_t            context_handle;
140
151
int                     conf_req_flag;
141
 
gss_qop_t               qop_req;
 
152
int                     qop_req;
142
153
gss_buffer_t            input_message_buffer;
143
154
int *                   conf_state;
144
155
gss_buffer_t            output_message_buffer;
145
156
 
146
157
{
147
 
    return gss_seal(minor_status, (gss_ctx_id_t)context_handle,
148
 
                    conf_req_flag, (int) qop_req,
149
 
                    (gss_buffer_t)input_message_buffer, conf_state,
 
158
    return gss_wrap(minor_status, context_handle,
 
159
                    conf_req_flag, (gss_qop_t) qop_req,
 
160
                    input_message_buffer, conf_state,
150
161
                    output_message_buffer);
151
162
}
152
163
 
153
164
/*
 
165
 * It is only possible to implement gss_wrap_size_limit() on top
 
166
 * of gss_wrap_iov_length() for mechanisms that do not use any
 
167
 * padding and have fixed length headers/trailers.
 
168
 */
 
169
static OM_uint32
 
170
gssint_wrap_size_limit_iov_shim(gss_mechanism mech,
 
171
                                OM_uint32 *minor_status,
 
172
                                gss_ctx_id_t context_handle,
 
173
                                int conf_req_flag,
 
174
                                gss_qop_t qop_req,
 
175
                                OM_uint32 req_output_size,
 
176
                                OM_uint32 *max_input_size)
 
177
{
 
178
    gss_iov_buffer_desc iov[4];
 
179
    OM_uint32           status;
 
180
    OM_uint32           ohlen;
 
181
 
 
182
    iov[0].type = GSS_IOV_BUFFER_TYPE_HEADER;
 
183
    iov[0].buffer.value = NULL;
 
184
    iov[0].buffer.length = 0;
 
185
 
 
186
    iov[1].type = GSS_IOV_BUFFER_TYPE_DATA;
 
187
    iov[1].buffer.length = req_output_size;
 
188
    iov[1].buffer.value = NULL;
 
189
 
 
190
    iov[2].type = GSS_IOV_BUFFER_TYPE_PADDING;
 
191
    iov[2].buffer.value = NULL;
 
192
    iov[2].buffer.length = 0;
 
193
 
 
194
    iov[3].type = GSS_IOV_BUFFER_TYPE_TRAILER;
 
195
    iov[3].buffer.value = NULL;
 
196
    iov[3].buffer.length = 0;
 
197
 
 
198
    assert(mech->gss_wrap_iov_length);
 
199
 
 
200
    status = mech->gss_wrap_iov_length(minor_status, context_handle,
 
201
                                       conf_req_flag, qop_req,
 
202
                                       NULL, iov,
 
203
                                       sizeof(iov)/sizeof(iov[0]));
 
204
    if (status != GSS_S_COMPLETE) {
 
205
        map_error(minor_status, mech);
 
206
        return status;
 
207
    }
 
208
 
 
209
    ohlen = iov[0].buffer.length + iov[3].buffer.length;
 
210
 
 
211
    if (iov[2].buffer.length == 0 && ohlen < req_output_size)
 
212
        *max_input_size = req_output_size - ohlen;
 
213
    else
 
214
        *max_input_size = 0;
 
215
 
 
216
    return GSS_S_COMPLETE;
 
217
}
 
218
 
 
219
/*
154
220
 * New for V2
155
221
 */
156
222
OM_uint32 KRB5_CALLCONV
165
231
{
166
232
    gss_union_ctx_id_t  ctx;
167
233
    gss_mechanism       mech;
 
234
    OM_uint32           major_status;
168
235
 
169
236
    if (minor_status == NULL)
170
237
        return (GSS_S_CALL_INACCESSIBLE_WRITE);
187
254
    if (!mech)
188
255
        return (GSS_S_BAD_MECH);
189
256
 
190
 
    if (!mech->gss_wrap_size_limit)
191
 
        return (GSS_S_UNAVAILABLE);
192
 
    
193
 
    return (mech->gss_wrap_size_limit(mech->context, minor_status,
194
 
                                      ctx->internal_ctx_id, conf_req_flag, qop_req,
195
 
                                      req_output_size, max_input_size));
 
257
    if (mech->gss_wrap_size_limit)
 
258
        major_status = mech->gss_wrap_size_limit(minor_status,
 
259
                                                 ctx->internal_ctx_id,
 
260
                                                 conf_req_flag, qop_req,
 
261
                                                 req_output_size, max_input_size);
 
262
    else if (mech->gss_wrap_iov_length)
 
263
        major_status = gssint_wrap_size_limit_iov_shim(mech, minor_status,
 
264
                                                       ctx->internal_ctx_id,
 
265
                                                       conf_req_flag, qop_req,
 
266
                                                       req_output_size, max_input_size);
 
267
    else
 
268
        major_status = GSS_S_UNAVAILABLE;
 
269
    if (major_status != GSS_S_COMPLETE)
 
270
        map_error(minor_status, mech);
 
271
    return major_status;
196
272
}