summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib
diff options
context:
space:
mode:
Diffstat (limited to 'source4/heimdal/lib')
-rw-r--r--source4/heimdal/lib/gssapi/krb5/accept_sec_context.c22
-rwxr-xr-xsource4/heimdal/lib/gssapi/krb5/cfx.c49
-rw-r--r--source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h1
-rw-r--r--source4/heimdal/lib/gssapi/krb5/unwrap.c52
-rw-r--r--source4/heimdal/lib/gssapi/krb5/wrap.c34
5 files changed, 121 insertions, 37 deletions
diff --git a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
index 8dbd087da6..a6f0f31246 100644
--- a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
+++ b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
@@ -520,16 +520,30 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
if(ctx->flags & GSS_C_MUTUAL_FLAG) {
krb5_data outbuf;
+ int use_subkey = 0;
_gsskrb5i_is_cfx(ctx, &is_cfx);
if (is_cfx != 0
|| (ap_options & AP_OPTS_USE_SUBKEY)) {
- kret = krb5_auth_con_addflags(context,
- ctx->auth_context,
- KRB5_AUTH_CONTEXT_USE_SUBKEY,
- NULL);
+ use_subkey = 1;
+ } else {
+ krb5_keyblock *rkey;
+ kret = krb5_auth_con_getremotesubkey(context, ctx->auth_context, &rkey);
+ if (kret == 0) {
+ kret = krb5_auth_con_setlocalsubkey(context, ctx->auth_context, rkey);
+ if (kret == 0) {
+ use_subkey = 1;
+ }
+ krb5_free_keyblock(context, rkey);
+ }
+ }
+ if (use_subkey) {
ctx->more_flags |= ACCEPTOR_SUBKEY;
+ krb5_auth_con_addflags(context,
+ ctx->auth_context,
+ KRB5_AUTH_CONTEXT_USE_SUBKEY,
+ NULL);
}
kret = krb5_mk_rep(context,
diff --git a/source4/heimdal/lib/gssapi/krb5/cfx.c b/source4/heimdal/lib/gssapi/krb5/cfx.c
index 6452f802ab..bc0d736e81 100755
--- a/source4/heimdal/lib/gssapi/krb5/cfx.c
+++ b/source4/heimdal/lib/gssapi/krb5/cfx.c
@@ -43,7 +43,8 @@ RCSID("$Id: cfx.c 19031 2006-11-13 18:02:57Z lha $");
#define CFXAcceptorSubkey (1 << 2)
krb5_error_code
-_gsskrb5cfx_wrap_length_cfx(krb5_context context,
+_gsskrb5cfx_wrap_length_cfx(const gsskrb5_ctx context_handle,
+ krb5_context context,
krb5_crypto crypto,
int conf_req_flag,
size_t input_length,
@@ -72,7 +73,11 @@ _gsskrb5cfx_wrap_length_cfx(krb5_context context,
/* Header is concatenated with data before encryption */
input_length += sizeof(gss_cfx_wrap_token_desc);
- ret = krb5_crypto_getpadsize(context, crypto, &padsize);
+ if (IS_DCE_STYLE(context_handle)) {
+ ret = krb5_crypto_getblocksize(context, crypto, &padsize);
+ } else {
+ ret = krb5_crypto_getpadsize(context, crypto, &padsize);
+ }
if (ret) {
return ret;
}
@@ -258,7 +263,7 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
return GSS_S_FAILURE;
}
- ret = _gsskrb5cfx_wrap_length_cfx(context,
+ ret = _gsskrb5cfx_wrap_length_cfx(context_handle, context,
crypto, conf_req_flag,
input_message_buffer->length,
&wrapped_len, &cksumsize, &padlength);
@@ -380,7 +385,15 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
token->RRC[0] = (rrc >> 8) & 0xFF;
token->RRC[1] = (rrc >> 0) & 0xFF;
- ret = rrc_rotate(cipher.data, cipher.length, rrc, FALSE);
+ /*
+ * this is really ugly, but needed against windows
+ * for DCERPC, as windows rotates by EC+RRC.
+ */
+ if (IS_DCE_STYLE(context_handle)) {
+ ret = rrc_rotate(cipher.data, cipher.length, rrc+padlength, FALSE);
+ } else {
+ ret = rrc_rotate(cipher.data, cipher.length, rrc, FALSE);
+ }
if (ret != 0) {
*minor_status = ret;
krb5_crypto_destroy(context, crypto);
@@ -553,14 +566,21 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
len = input_message_buffer->length;
len -= (p - (u_char *)input_message_buffer->value);
- /* Rotate by RRC; bogus to do this in-place XXX */
- *minor_status = rrc_rotate(p, len, rrc, TRUE);
- if (*minor_status != 0) {
- krb5_crypto_destroy(context, crypto);
- return GSS_S_FAILURE;
- }
-
if (token_flags & CFXSealed) {
+ /*
+ * this is really ugly, but needed against windows
+ * for DCERPC, as windows rotates by EC+RRC.
+ */
+ if (IS_DCE_STYLE(context_handle)) {
+ *minor_status = rrc_rotate(p, len, rrc+ec, TRUE);
+ } else {
+ *minor_status = rrc_rotate(p, len, rrc, TRUE);
+ }
+ if (*minor_status != 0) {
+ krb5_crypto_destroy(context, crypto);
+ return GSS_S_FAILURE;
+ }
+
ret = krb5_decrypt(context, crypto, usage,
p, len, &data);
if (ret != 0) {
@@ -594,6 +614,13 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
} else {
Checksum cksum;
+ /* Rotate by RRC; bogus to do this in-place XXX */
+ *minor_status = rrc_rotate(p, len, rrc, TRUE);
+ if (*minor_status != 0) {
+ krb5_crypto_destroy(context, crypto);
+ return GSS_S_FAILURE;
+ }
+
/* Determine checksum type */
ret = krb5_crypto_get_checksum_type(context,
crypto, &cksum.cksumtype);
diff --git a/source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h b/source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h
index 64a0dd36b1..f6edb8b247 100644
--- a/source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h
+++ b/source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h
@@ -661,6 +661,7 @@ _gsskrb5cfx_max_wrap_length_cfx (
krb5_error_code
_gsskrb5cfx_wrap_length_cfx (
+ const gsskrb5_ctx /*context_handle*/,
krb5_context /*context*/,
krb5_crypto /*crypto*/,
int /*conf_req_flag*/,
diff --git a/source4/heimdal/lib/gssapi/krb5/unwrap.c b/source4/heimdal/lib/gssapi/krb5/unwrap.c
index eec4078a70..c287469e96 100644
--- a/source4/heimdal/lib/gssapi/krb5/unwrap.c
+++ b/source4/heimdal/lib/gssapi/krb5/unwrap.c
@@ -59,10 +59,17 @@ unwrap_des
OM_uint32 ret;
int cstate;
int cmp;
+ int token_len;
+
+ if (IS_DCE_STYLE(context_handle)) {
+ token_len = 22 + 8 + 15; /* 45 */
+ } else {
+ token_len = input_message_buffer->length;
+ }
p = input_message_buffer->value;
ret = _gsskrb5_verify_header (&p,
- input_message_buffer->length,
+ token_len,
"\x02\x01",
GSS_KRB5_MECHANISM);
if (ret)
@@ -105,12 +112,17 @@ unwrap_des
memset (deskey, 0, sizeof(deskey));
memset (&schedule, 0, sizeof(schedule));
}
- /* check pad */
- ret = _gssapi_verify_pad(input_message_buffer,
- input_message_buffer->length - len,
- &padlength);
- if (ret)
- return ret;
+
+ if (IS_DCE_STYLE(context_handle)) {
+ padlength = 0;
+ } else {
+ /* check pad */
+ ret = _gssapi_verify_pad(input_message_buffer,
+ input_message_buffer->length - len,
+ &padlength);
+ if (ret)
+ return ret;
+ }
MD5_Init (&md5);
MD5_Update (&md5, p - 24, 8);
@@ -195,10 +207,17 @@ unwrap_des3
krb5_crypto crypto;
Checksum csum;
int cmp;
+ int token_len;
+
+ if (IS_DCE_STYLE(context_handle)) {
+ token_len = 34 + 8 + 15; /* 57 */
+ } else {
+ token_len = input_message_buffer->length;
+ }
p = input_message_buffer->value;
ret = _gsskrb5_verify_header (&p,
- input_message_buffer->length,
+ token_len,
"\x02\x01",
GSS_KRB5_MECHANISM);
if (ret)
@@ -245,12 +264,17 @@ unwrap_des3
memcpy (p, tmp.data, tmp.length);
krb5_data_free(&tmp);
}
- /* check pad */
- ret = _gssapi_verify_pad(input_message_buffer,
- input_message_buffer->length - len,
- &padlength);
- if (ret)
- return ret;
+
+ if (IS_DCE_STYLE(context_handle)) {
+ padlength = 0;
+ } else {
+ /* check pad */
+ ret = _gssapi_verify_pad(input_message_buffer,
+ input_message_buffer->length - len,
+ &padlength);
+ if (ret)
+ return ret;
+ }
/* verify sequence number */
diff --git a/source4/heimdal/lib/gssapi/krb5/wrap.c b/source4/heimdal/lib/gssapi/krb5/wrap.c
index 6d00f2adcf..bedeace4dd 100644
--- a/source4/heimdal/lib/gssapi/krb5/wrap.c
+++ b/source4/heimdal/lib/gssapi/krb5/wrap.c
@@ -210,10 +210,19 @@ wrap_des
int32_t seq_number;
size_t len, total_len, padlength, datalen;
- padlength = 8 - (input_message_buffer->length % 8);
- datalen = input_message_buffer->length + padlength + 8;
- len = datalen + 22;
- _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
+ if (IS_DCE_STYLE(ctx)) {
+ padlength = 0;
+ datalen = input_message_buffer->length;
+ len = 22 + 8;
+ _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
+ total_len += datalen;
+ datalen += 8;
+ } else {
+ padlength = 8 - (input_message_buffer->length % 8);
+ datalen = input_message_buffer->length + padlength + 8;
+ len = datalen + 22;
+ _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
+ }
output_message_buffer->length = total_len;
output_message_buffer->value = malloc (total_len);
@@ -336,10 +345,19 @@ wrap_des3
Checksum cksum;
krb5_data encdata;
- padlength = 8 - (input_message_buffer->length % 8);
- datalen = input_message_buffer->length + padlength + 8;
- len = datalen + 34;
- _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
+ if (IS_DCE_STYLE(ctx)) {
+ padlength = 0;
+ datalen = input_message_buffer->length;
+ len = 34 + 8;
+ _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
+ total_len += datalen;
+ datalen += 8;
+ } else {
+ padlength = 8 - (input_message_buffer->length % 8);
+ datalen = input_message_buffer->length + padlength + 8;
+ len = datalen + 34;
+ _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
+ }
output_message_buffer->length = total_len;
output_message_buffer->value = malloc (total_len);