gssapi_krb5.c: Rearrange OID's so that the V1V2 mechanism set returns
authorTheodore Tso <tytso@mit.edu>
Fri, 26 Mar 1999 03:51:44 +0000 (03:51 +0000)
committerTheodore Tso <tytso@mit.edu>
Fri, 26 Mar 1999 03:51:44 +0000 (03:51 +0000)
all three mechanism ID's recognized by this implementation, with the
RFC1964 OID first (and thus preferred).

import_sec_context.c (krb5_gss_convert_static_mech_oid): Make the old
convert_static_oid() function globally accessible with a namespace
compliant name, since init_sec_context() needs to be able to use this
function.

indicate_mechs.c (krb5_gss_indicate_mechs): Return the v1v2 mechanism
set OID, since we should return all the mechanisms that we support.

init_sec_context.c (krb5_gss_init_sec_context): Make ctx->mech_used
use a static OID, since it is returned by gss_inquire_context which
must return a static OID.

wrap_size_limit.c (krb5_gss_wrap_size_limit): Fix bug where we would
overestimate the size of the allowable input message by one byte,
because we weren't passing the right estimate of the wrapped data to
g_token_size().

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11315 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/gssapi/krb5/ChangeLog
src/lib/gssapi/krb5/gssapiP_krb5.h
src/lib/gssapi/krb5/gssapi_krb5.c
src/lib/gssapi/krb5/import_sec_context.c
src/lib/gssapi/krb5/indicate_mechs.c
src/lib/gssapi/krb5/init_sec_context.c
src/lib/gssapi/krb5/wrap_size_limit.c

index d398ee329e4ad148731df552e700d9a51ab17a71..448c9ab27c782e8505a4d05b1ae5d7430e08ae77 100644 (file)
@@ -1,3 +1,28 @@
+Thu Mar 25 22:43:54 1999  Theodore Y. Ts'o  <tytso@mit.edu>
+
+       * gssapi_krb5.c: Rearrange OID's so that the V1V2 mechanism set
+               returns all three mechanism ID's recognized by this
+               implementation, with the RFC1964 OID first (and thus
+               preferred). 
+
+       * import_sec_context.c (krb5_gss_convert_static_mech_oid): Make
+               the old convert_static_oid() function globally accessible
+               with a namespace compliant name, since init_sec_context()
+               needs to be able to use this function.
+
+       * indicate_mechs.c (krb5_gss_indicate_mechs): Return the v1v2
+               mechanism set OID, since we should return all the
+               mechanisms that we support.
+
+       * init_sec_context.c (krb5_gss_init_sec_context): Make
+               ctx->mech_used use a static OID, since it is returned by
+               gss_inquire_context which must return a static OID.
+
+       * wrap_size_limit.c (krb5_gss_wrap_size_limit): Fix bug where we
+               would overestimate the size of the allowable input message
+               by one byte, because we weren't passing the right estimate
+               of the wrapped data to g_token_size().
+
 1999-03-14  Miro Jurisic  <meeroh@mit.edu>
 
        * gssapi_krb5.h: added extern "C" for C++ friendliness
index bcbde389438eaad8bf07e18e3e982f2e8a624dbb..e344b4fbb56e6faa512fea8832261b635eedfddc 100644 (file)
@@ -558,5 +558,9 @@ OM_uint32 krb5_gss_validate_cred
 PROTOTYPE( (OM_uint32 *,               /* minor_status */
            gss_cred_id_t               /* cred */
          ));
+
+gss_OID krb5_gss_convert_static_mech_oid
+PROTOTYPE( (gss_OID FAR oid
+        ));
        
 #endif /* _GSSAPIP_KRB5_H_ */
index aaa47ea06536797d7bd69d09c2661ebc146e5fa1..e700bb888ed35d07033407f7ae10e011f8742f04 100644 (file)
  */
 
 const gss_OID_desc krb5_gss_oid_array[] = {
-   /* this is the unofficial, wrong OID */
-   {5, "\053\005\001\005\002"},
    /* this is the official, rfc-specified OID */
    {9, "\052\206\110\206\367\022\001\002\002"},
+   /* this is the unofficial, wrong OID */
+   {5, "\053\005\001\005\002"},
+   /* this is the v2 assigned OID */
+   {9, "\052\206\110\206\367\022\001\002\003"},
    /* these two are name type OID's */
    {10, "\052\206\110\206\367\022\001\002\002\001"},
    {10, "\052\206\110\206\367\022\001\002\002\002"},
-   /* this is the v2 assigned OID */
-   {9, "\052\206\110\206\367\022\001\002\003"},
-   /* this is the official, rfc-specified OID again */
-   {9, "\052\206\110\206\367\022\001\002\002"},
    { 0, 0 }
 };
 
-const gss_OID_desc * const gss_mech_krb5_old = krb5_gss_oid_array+0;
-const gss_OID_desc * const gss_mech_krb5 = krb5_gss_oid_array+1;
-const gss_OID_desc * const gss_nt_krb5_name = krb5_gss_oid_array+2;
-const gss_OID_desc * const gss_nt_krb5_principal = krb5_gss_oid_array+3;
-const gss_OID_desc * const gss_mech_krb5_v2 = krb5_gss_oid_array+4;
+const gss_OID_desc * const gss_mech_krb5 = krb5_gss_oid_array+0;
+const gss_OID_desc * const gss_mech_krb5_old = krb5_gss_oid_array+1;
+const gss_OID_desc * const gss_mech_krb5_v2 = krb5_gss_oid_array+2;
+const gss_OID_desc * const gss_nt_krb5_name = krb5_gss_oid_array+3;
+const gss_OID_desc * const gss_nt_krb5_principal = krb5_gss_oid_array+4;
 
 static const gss_OID_set_desc oidsets[] = {
    {1, (gss_OID) krb5_gss_oid_array+0},
    {1, (gss_OID) krb5_gss_oid_array+1},
    {2, (gss_OID) krb5_gss_oid_array+0},
-   {1, (gss_OID) krb5_gss_oid_array+4},
-   {2, (gss_OID) krb5_gss_oid_array+4},
+   {1, (gss_OID) krb5_gss_oid_array+2},
+   {3, (gss_OID) krb5_gss_oid_array+0},
 };
 
-const gss_OID_set_desc * const gss_mech_set_krb5_old = oidsets+0;
-const gss_OID_set_desc * const gss_mech_set_krb5 = oidsets+1;
+const gss_OID_set_desc * const gss_mech_set_krb5 = oidsets+0;
+const gss_OID_set_desc * const gss_mech_set_krb5_old = oidsets+1;
 const gss_OID_set_desc * const gss_mech_set_krb5_both = oidsets+2;
 const gss_OID_set_desc * const gss_mech_set_krb5_v2 = oidsets+3;
 const gss_OID_set_desc * const gss_mech_set_krb5_v1v2 = oidsets+4;
index baf901ca597da5ca527d17821d7aa9e8affaa04d..141736b9bdeca9440f0ba7488ca1483932c93491 100644 (file)
@@ -31,7 +31,7 @@
  * Fix up the OID of the mechanism so that uses the static version of
  * the OID if possible.
  */
-static gss_OID convert_static_oid(oid)
+gss_OID krb5_gss_convert_static_mech_oid(oid)
      gss_OID   FAR oid;
 {
        const gss_OID_desc      *p;
@@ -85,7 +85,7 @@ krb5_gss_import_sec_context(minor_status, interprocess_token, context_handle)
        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
        return(GSS_S_FAILURE);
     }
-    ctx->mech_used = convert_static_oid(ctx->mech_used);
+    ctx->mech_used = krb5_gss_convert_static_mech_oid(ctx->mech_used);
     
     *context_handle = (gss_ctx_id_t) ctx;
 
index 9c1ca59e697b6abb4d1e1884cf4ff2c068eed29e..9718113044754152adb9b9e500b24fd06725cdeb 100644 (file)
@@ -33,7 +33,7 @@ krb5_gss_indicate_mechs(minor_status, mech_set)
 {
    *minor_status = 0;
 
-   if (! g_copy_OID_set(gss_mech_set_krb5, mech_set)) {
+   if (! g_copy_OID_set(gss_mech_set_krb5_v1v2, mech_set)) {
          *mech_set     = GSS_C_NO_OID_SET;
          *minor_status = ENOMEM;
          return(GSS_S_FAILURE);
index f13763b6dd844ba641344fc8b204209114075779..fb11cf5a2d4ecaf5b750f68a7a9d557df97fa6f3 100644 (file)
@@ -655,6 +655,10 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
          code = *minor_status;
          goto fail;
       }
+      /*
+       * Now try to make it static if at all possible....
+       */
+      ctx->mech_used = krb5_gss_convert_static_mech_oid(ctx->mech_used);
 
       if (ctx->gsskrb5_version == 2000) {
          /* gsskrb5 v2 */
index 74594926097ef716e569cd26026f87fc5865f9bb..54c29da30664000dbf580285ec1bb7db1f6ba6ad 100644 (file)
@@ -156,7 +156,8 @@ krb5_gss_wrap_size_limit(minor_status, context_handle, conf_req_flag,
        /* Calculate the token size and subtract that from the output size */
        cfsize = (conf_req_flag) ? kg_confounder_size(context, ctx->enc) : 0;
        ohlen = g_token_size((gss_OID) ctx->mech_used,
-                            (unsigned int) cfsize + ctx->cksum_size + 14);
+                            (unsigned int) (req_output_size + cfsize +
+                                            ctx->cksum_size + 14));
 
        if (ohlen < req_output_size)
            /*