From: Sam Hartman Date: Fri, 6 Dec 2002 01:02:13 +0000 (+0000) Subject: 2002-12-05 Sam Hartman X-Git-Tag: krb5-1.3-alpha1~245 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=17d65bfa2e5d0e4f942430e236c2ffd595f92cc7;p=krb5.git 2002-12-05 Sam Hartman * util_token.c (g_verify_token_header g_make_token_header): Accept -1 to mean that no token type is expected; the token type is purely an RFC 1964 artifact and is not used in other mechanisms such as SPNEGO. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15029 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/gssapi/generic/ChangeLog b/src/lib/gssapi/generic/ChangeLog index f5f4c442c..bae1d2571 100644 --- a/src/lib/gssapi/generic/ChangeLog +++ b/src/lib/gssapi/generic/ChangeLog @@ -1,3 +1,10 @@ +2002-12-05 Sam Hartman + + * util_token.c (g_verify_token_header g_make_token_header): + Accept -1 to mean that no token type is expected; the token type + is purely an RFC 1964 artifact and is not used in other mechanisms + such as SPNEGO. + 2002-11-15 Ezra Peisach * gssapiP_generic.h, util_token.c: Change g_make_token_header and diff --git a/src/lib/gssapi/generic/util_token.c b/src/lib/gssapi/generic/util_token.c index 9cd1ce2f1..088e6139e 100644 --- a/src/lib/gssapi/generic/util_token.c +++ b/src/lib/gssapi/generic/util_token.c @@ -46,6 +46,11 @@ bytes 0,1 are the token type bytes 2,n are the token data +Note that the token type field is a feature of RFC 1964 mechanisms and +is not used by other GSSAPI mechanisms. As such, a token type of -1 +is interpreted to mean that no token type should be expected or +generated. + For the purposes of this abstraction, the token "header" consists of the sequence tag and length octets, the mech OID DER encoding, and the first two inner bytes, which indicate the token type. The token @@ -145,12 +150,14 @@ void g_make_token_header(mech, body_size, buf, tok_type) int tok_type; { *(*buf)++ = 0x60; - der_write_length(buf, 4 + mech->length + body_size); + der_write_length(buf, (tok_type == -1) ?2:4 + mech->length + body_size); *(*buf)++ = 0x06; *(*buf)++ = (unsigned char) mech->length; TWRITE_STR(*buf, mech->elements, mech->length); - *(*buf)++ = (unsigned char) ((tok_type>>8)&0xff); - *(*buf)++ = (unsigned char) (tok_type&0xff); + if (tok_type != -1) { + *(*buf)++ = (unsigned char) ((tok_type>>8)&0xff); + *(*buf)++ = (unsigned char) (tok_type&0xff); + } } /* @@ -171,7 +178,6 @@ gss_int32 g_verify_token_header(mech, body_size, buf_in, tok_type, toksize_in) unsigned char *buf = *buf_in; int seqsize; gss_OID_desc toid; - int ret = 0; int toksize = toksize_in; if ((toksize-=1) < 0) @@ -200,25 +206,17 @@ gss_int32 g_verify_token_header(mech, body_size, buf_in, tok_type, toksize_in) buf+=toid.length; if (! g_OID_equal(&toid, mech)) - ret = G_WRONG_MECH; - - /* G_WRONG_MECH is not returned immediately because it's more important - to return G_BAD_TOK_HEADER if the token header is in fact bad */ - - if ((toksize-=2) < 0) - return(G_BAD_TOK_HEADER); - - if (ret) - return(ret); - - if ((*buf++ != ((tok_type>>8)&0xff)) || - (*buf++ != (tok_type&0xff))) - return(G_WRONG_TOKID); - - if (!ret) { + return G_WRONG_MECH; + if (tok_type != -1) { + if ((toksize-=2) < 0) + return(G_BAD_TOK_HEADER); + + if ((*buf++ != ((tok_type>>8)&0xff)) || + (*buf++ != (tok_type&0xff))) + return(G_WRONG_TOKID); + } *buf_in = buf; *body_size = toksize; - } - return(ret); -} + return 0; + }