diff options
author | Andrew Bartlett <abartlet@samba.org> | 2006-11-08 01:48:35 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:25:21 -0500 |
commit | f722b0743811a4a5caf5288fa901cc8f683b9ffd (patch) | |
tree | 3aaa2473a79fc58ad937723b67510f4bf0d0cc6a /source4/heimdal/lib/gssapi/krb5/arcfour.c | |
parent | e10791a36451da82906cd7cec66c7a54802353b5 (diff) | |
download | samba-f722b0743811a4a5caf5288fa901cc8f683b9ffd.tar.gz samba-f722b0743811a4a5caf5288fa901cc8f683b9ffd.tar.bz2 samba-f722b0743811a4a5caf5288fa901cc8f683b9ffd.zip |
r19633: Merge to lorikeet-heimdal, removing krb5_rd_req_return_keyblock in favour of a more tasteful replacement.
Remove kerberos_verify.c, as we don't need that code any more.
Replace with code for using the new krb5_rd_req_ctx() borrowed from
Heimdal's accecpt_sec_context.c
Andrew Bartlett
(This used to be commit 13c9df1d4f0517468c80040d3756310d4dcbdd50)
Diffstat (limited to 'source4/heimdal/lib/gssapi/krb5/arcfour.c')
-rw-r--r-- | source4/heimdal/lib/gssapi/krb5/arcfour.c | 30 |
1 files changed, 14 insertions, 16 deletions
diff --git a/source4/heimdal/lib/gssapi/krb5/arcfour.c b/source4/heimdal/lib/gssapi/krb5/arcfour.c index 82851f5a78..2c43ed8b32 100644 --- a/source4/heimdal/lib/gssapi/krb5/arcfour.c +++ b/source4/heimdal/lib/gssapi/krb5/arcfour.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: arcfour.c,v 1.29 2006/10/07 22:14:05 lha Exp $"); +RCSID("$Id: arcfour.c,v 1.30 2006/11/07 19:05:16 lha Exp $"); /* * Implements draft-brezak-win2k-krb-rc4-hmac-04.txt @@ -355,17 +355,16 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status, if (conf_state) *conf_state = 0; - if ((context_handle->flags & GSS_C_DCE_STYLE) == 0) { - datalen = input_message_buffer->length + 1 /* padding */; - - len = datalen + GSS_ARCFOUR_WRAP_TOKEN_SIZE; - _gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM); - } else { - datalen = input_message_buffer->length; + datalen = input_message_buffer->length; + if (IS_DCE_STYLE(context_handle)) { len = GSS_ARCFOUR_WRAP_TOKEN_SIZE; _gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM); total_len += datalen; + } else { + datalen += 1; /* padding */ + len = datalen + GSS_ARCFOUR_WRAP_TOKEN_SIZE; + _gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM); } output_message_buffer->length = total_len; @@ -418,9 +417,8 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status, p = p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE; memcpy(p, input_message_buffer->value, input_message_buffer->length); - if ((context_handle->flags & GSS_C_DCE_STYLE) == 0) { - p[input_message_buffer->length] = 1; /* PADDING */ - } + if (!IS_DCE_STYLE(context_handle)) + p[input_message_buffer->length] = 1; /* padding */ ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SEAL, p0 + 16, 8, /* SGN_CKSUM */ @@ -518,13 +516,13 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, p0 = input_message_buffer->value; - if ((context_handle->flags & GSS_C_DCE_STYLE) == 0) { - len = input_message_buffer->length; - } else { + if (IS_DCE_STYLE(context_handle)) { len = GSS_ARCFOUR_WRAP_TOKEN_SIZE + GSS_ARCFOUR_WRAP_TOKEN_DCE_DER_HEADER_SIZE; if (input_message_buffer->length < len) return GSS_S_BAD_MECH; + } else { + len = input_message_buffer->length; } omret = _gssapi_verify_mech_header(&p0, @@ -635,7 +633,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, } memset(k6_data, 0, sizeof(k6_data)); - if ((context_handle->flags & GSS_C_DCE_STYLE) == 0) { + if (!IS_DCE_STYLE(context_handle)) { ret = _gssapi_verify_pad(output_message_buffer, datalen, &padlen); if (ret) { _gsskrb5_release_buffer(minor_status, output_message_buffer); @@ -688,7 +686,7 @@ max_wrap_length_arcfour(const gsskrb5_ctx ctx, * - we only need to encapsulate the WRAP token * However, since this is a fixed since, we just */ - if (ctx->flags & GSS_C_DCE_STYLE) { + if (IS_DCE_STYLE(ctx)) { size_t len, total_len; len = GSS_ARCFOUR_WRAP_TOKEN_SIZE; |