summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/lib/gssapi/init_sec_context.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/lib/gssapi/init_sec_context.c')
-rw-r--r--crypto/heimdal/lib/gssapi/init_sec_context.c83
1 files changed, 53 insertions, 30 deletions
diff --git a/crypto/heimdal/lib/gssapi/init_sec_context.c b/crypto/heimdal/lib/gssapi/init_sec_context.c
index 2cef3a9..6473038 100644
--- a/crypto/heimdal/lib/gssapi/init_sec_context.c
+++ b/crypto/heimdal/lib/gssapi/init_sec_context.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "gssapi_locl.h"
-RCSID("$Id: init_sec_context.c,v 1.31 2002/09/02 17:16:12 joda Exp $");
+RCSID("$Id: init_sec_context.c,v 1.36 2003/03/16 18:00:00 lha Exp $");
/*
* copy the addresses from `input_chan_bindings' (if any) to
@@ -111,21 +111,11 @@ do_delegation (krb5_auth_context ac,
{
krb5_creds creds;
krb5_kdc_flags fwd_flags;
- krb5_keyblock *subkey;
krb5_error_code kret;
memset (&creds, 0, sizeof(creds));
krb5_data_zero (fwd_data);
- kret = krb5_generate_subkey (gssapi_krb5_context, &cred->session, &subkey);
- if (kret)
- goto out;
-
- kret = krb5_auth_con_setlocalsubkey(gssapi_krb5_context, ac, subkey);
- krb5_free_keyblock (gssapi_krb5_context, subkey);
- if (kret)
- goto out;
-
kret = krb5_cc_get_principal(gssapi_krb5_context, ccache, &creds.client);
if (kret)
goto out;
@@ -204,9 +194,6 @@ init_auth
krb5_enctype enctype;
krb5_data fwd_data;
- output_token->length = 0;
- output_token->value = NULL;
-
krb5_data_zero(&outbuf);
krb5_data_zero(&fwd_data);
@@ -224,6 +211,7 @@ init_auth
(*context_handle)->flags = 0;
(*context_handle)->more_flags = 0;
(*context_handle)->ticket = NULL;
+ (*context_handle)->lifetime = GSS_C_INDEFINITE;
kret = krb5_auth_con_init (gssapi_krb5_context,
&(*context_handle)->auth_context);
@@ -288,10 +276,15 @@ init_auth
goto failure;
}
+ ret = _gss_DES3_get_mic_compat(minor_status, *context_handle);
+ if (ret)
+ goto failure;
+
+
memset(&this_cred, 0, sizeof(this_cred));
this_cred.client = (*context_handle)->source;
this_cred.server = (*context_handle)->target;
- if (time_req) {
+ if (time_req && time_req != GSS_C_INDEFINITE) {
krb5_timestamp ts;
krb5_timeofday (gssapi_krb5_context, &ts);
@@ -313,10 +306,22 @@ init_auth
goto failure;
}
+ (*context_handle)->lifetime = cred->times.endtime;
+
krb5_auth_con_setkey(gssapi_krb5_context,
(*context_handle)->auth_context,
&cred->session);
+ kret = krb5_auth_con_generatelocalsubkey(gssapi_krb5_context,
+ (*context_handle)->auth_context,
+ &cred->session);
+ if(kret) {
+ gssapi_krb5_set_error_string ();
+ *minor_status = kret;
+ ret = GSS_S_FAILURE;
+ goto failure;
+ }
+
flags = 0;
ap_options = 0;
if (req_flags & GSS_C_DELEG_FLAG)
@@ -342,7 +347,7 @@ init_auth
if (ret_flags)
*ret_flags = flags;
(*context_handle)->flags = flags;
- (*context_handle)->more_flags = LOCAL;
+ (*context_handle)->more_flags |= LOCAL;
ret = gssapi_krb5_create_8003_checksum (minor_status,
input_chan_bindings,
@@ -367,16 +372,6 @@ init_auth
}
#endif
- kret = krb5_auth_con_generatelocalsubkey(gssapi_krb5_context,
- (*context_handle)->auth_context,
- &cred->session);
- if(kret) {
- gssapi_krb5_set_error_string ();
- *minor_status = kret;
- ret = GSS_S_FAILURE;
- goto failure;
- }
-
kret = krb5_build_authenticator (gssapi_krb5_context,
(*context_handle)->auth_context,
enctype,
@@ -417,6 +412,9 @@ init_auth
if (flags & GSS_C_MUTUAL_FLAG) {
return GSS_S_CONTINUE_NEEDED;
} else {
+ if (time_rec)
+ *time_rec = (*context_handle)->lifetime;
+
(*context_handle)->more_flags |= OPEN;
return GSS_S_COMPLETE;
}
@@ -458,6 +456,12 @@ repl_mutual
krb5_data indata;
krb5_ap_rep_enc_part *repl;
+ output_token->length = 0;
+ output_token->value = NULL;
+
+ if (actual_mech_type)
+ *actual_mech_type = GSS_KRB5_MECHANISM;
+
ret = gssapi_krb5_decapsulate (minor_status, input_token, &indata,
"\x02\x00");
if (ret)
@@ -476,10 +480,14 @@ repl_mutual
krb5_free_ap_rep_enc_part (gssapi_krb5_context,
repl);
- output_token->length = 0;
-
(*context_handle)->more_flags |= OPEN;
+
+ if (time_rec)
+ *time_rec = (*context_handle)->lifetime;
+ if (ret_flags)
+ *ret_flags = (*context_handle)->flags;
+ *minor_status = 0;
return GSS_S_COMPLETE;
}
@@ -503,7 +511,22 @@ OM_uint32 gss_init_sec_context
OM_uint32 * time_rec
)
{
- gssapi_krb5_init ();
+ GSSAPI_KRB5_INIT ();
+
+ output_token->length = 0;
+ output_token->value = NULL;
+
+ if (ret_flags)
+ *ret_flags = 0;
+ if (time_rec)
+ *time_rec = 0;
+
+ if (target_name == GSS_C_NO_NAME) {
+ if (actual_mech_type)
+ *actual_mech_type = GSS_C_NO_OID;
+ *minor_status = 0;
+ return GSS_S_BAD_NAME;
+ }
if (input_token == GSS_C_NO_BUFFER || input_token->length == 0)
return init_auth (minor_status,
OpenPOWER on IntegriCloud