+2002-12-05 Sam Hartman <hartmans@mit.edu>
+
+ * util_token.c (g_verify_token_header g_make_token_header):
+ Accept -1 to mean that no token type is expected; the token type
+ is purely an RFC 1964 artifact and is not used in other mechanisms
+ such as SPNEGO.
+
2002-11-15 Ezra Peisach <epeisach@bu.edu>
* gssapiP_generic.h, util_token.c: Change g_make_token_header and
bytes 0,1 are the token type
bytes 2,n are the token data
+Note that the token type field is a feature of RFC 1964 mechanisms and
+is not used by other GSSAPI mechanisms. As such, a token type of -1
+is interpreted to mean that no token type should be expected or
+generated.
+
For the purposes of this abstraction, the token "header" consists of
the sequence tag and length octets, the mech OID DER encoding, and the
first two inner bytes, which indicate the token type. The token
int tok_type;
{
*(*buf)++ = 0x60;
- der_write_length(buf, 4 + mech->length + body_size);
+ der_write_length(buf, (tok_type == -1) ?2:4 + mech->length + body_size);
*(*buf)++ = 0x06;
*(*buf)++ = (unsigned char) mech->length;
TWRITE_STR(*buf, mech->elements, mech->length);
- *(*buf)++ = (unsigned char) ((tok_type>>8)&0xff);
- *(*buf)++ = (unsigned char) (tok_type&0xff);
+ if (tok_type != -1) {
+ *(*buf)++ = (unsigned char) ((tok_type>>8)&0xff);
+ *(*buf)++ = (unsigned char) (tok_type&0xff);
+ }
}
/*
unsigned char *buf = *buf_in;
int seqsize;
gss_OID_desc toid;
- int ret = 0;
int toksize = toksize_in;
if ((toksize-=1) < 0)
buf+=toid.length;
if (! g_OID_equal(&toid, mech))
- ret = G_WRONG_MECH;
-
- /* G_WRONG_MECH is not returned immediately because it's more important
- to return G_BAD_TOK_HEADER if the token header is in fact bad */
-
- if ((toksize-=2) < 0)
- return(G_BAD_TOK_HEADER);
-
- if (ret)
- return(ret);
-
- if ((*buf++ != ((tok_type>>8)&0xff)) ||
- (*buf++ != (tok_type&0xff)))
- return(G_WRONG_TOKID);
-
- if (!ret) {
+ return G_WRONG_MECH;
+ if (tok_type != -1) {
+ if ((toksize-=2) < 0)
+ return(G_BAD_TOK_HEADER);
+
+ if ((*buf++ != ((tok_type>>8)&0xff)) ||
+ (*buf++ != (tok_type&0xff)))
+ return(G_WRONG_TOKID);
+ }
*buf_in = buf;
*body_size = toksize;
- }
- return(ret);
-}
+ return 0;
+ }