From 50adda2de32499bdff6aa6ec0705e82888ee39ba Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Fri, 26 Mar 1999 03:51:44 +0000 Subject: [PATCH] gssapi_krb5.c: Rearrange OID's so that the V1V2 mechanism set returns all three mechanism ID's recognized by this implementation, with the RFC1964 OID first (and thus preferred). import_sec_context.c (krb5_gss_convert_static_mech_oid): Make the old convert_static_oid() function globally accessible with a namespace compliant name, since init_sec_context() needs to be able to use this function. indicate_mechs.c (krb5_gss_indicate_mechs): Return the v1v2 mechanism set OID, since we should return all the mechanisms that we support. init_sec_context.c (krb5_gss_init_sec_context): Make ctx->mech_used use a static OID, since it is returned by gss_inquire_context which must return a static OID. wrap_size_limit.c (krb5_gss_wrap_size_limit): Fix bug where we would overestimate the size of the allowable input message by one byte, because we weren't passing the right estimate of the wrapped data to g_token_size(). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11315 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/krb5/ChangeLog | 25 +++++++++++++++++++++ src/lib/gssapi/krb5/gssapiP_krb5.h | 4 ++++ src/lib/gssapi/krb5/gssapi_krb5.c | 28 +++++++++++------------- src/lib/gssapi/krb5/import_sec_context.c | 4 ++-- src/lib/gssapi/krb5/indicate_mechs.c | 2 +- src/lib/gssapi/krb5/init_sec_context.c | 4 ++++ src/lib/gssapi/krb5/wrap_size_limit.c | 3 ++- 7 files changed, 51 insertions(+), 19 deletions(-) diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index d398ee329..448c9ab27 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,28 @@ +Thu Mar 25 22:43:54 1999 Theodore Y. Ts'o + + * gssapi_krb5.c: Rearrange OID's so that the V1V2 mechanism set + returns all three mechanism ID's recognized by this + implementation, with the RFC1964 OID first (and thus + preferred). + + * import_sec_context.c (krb5_gss_convert_static_mech_oid): Make + the old convert_static_oid() function globally accessible + with a namespace compliant name, since init_sec_context() + needs to be able to use this function. + + * indicate_mechs.c (krb5_gss_indicate_mechs): Return the v1v2 + mechanism set OID, since we should return all the + mechanisms that we support. + + * init_sec_context.c (krb5_gss_init_sec_context): Make + ctx->mech_used use a static OID, since it is returned by + gss_inquire_context which must return a static OID. + + * wrap_size_limit.c (krb5_gss_wrap_size_limit): Fix bug where we + would overestimate the size of the allowable input message + by one byte, because we weren't passing the right estimate + of the wrapped data to g_token_size(). + 1999-03-14 Miro Jurisic * gssapi_krb5.h: added extern "C" for C++ friendliness diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h index bcbde3894..e344b4fbb 100644 --- a/src/lib/gssapi/krb5/gssapiP_krb5.h +++ b/src/lib/gssapi/krb5/gssapiP_krb5.h @@ -558,5 +558,9 @@ OM_uint32 krb5_gss_validate_cred PROTOTYPE( (OM_uint32 *, /* minor_status */ gss_cred_id_t /* cred */ )); + +gss_OID krb5_gss_convert_static_mech_oid +PROTOTYPE( (gss_OID FAR oid + )); #endif /* _GSSAPIP_KRB5_H_ */ diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c index aaa47ea06..e700bb888 100644 --- a/src/lib/gssapi/krb5/gssapi_krb5.c +++ b/src/lib/gssapi/krb5/gssapi_krb5.c @@ -83,36 +83,34 @@ */ const gss_OID_desc krb5_gss_oid_array[] = { - /* this is the unofficial, wrong OID */ - {5, "\053\005\001\005\002"}, /* this is the official, rfc-specified OID */ {9, "\052\206\110\206\367\022\001\002\002"}, + /* this is the unofficial, wrong OID */ + {5, "\053\005\001\005\002"}, + /* this is the v2 assigned OID */ + {9, "\052\206\110\206\367\022\001\002\003"}, /* these two are name type OID's */ {10, "\052\206\110\206\367\022\001\002\002\001"}, {10, "\052\206\110\206\367\022\001\002\002\002"}, - /* this is the v2 assigned OID */ - {9, "\052\206\110\206\367\022\001\002\003"}, - /* this is the official, rfc-specified OID again */ - {9, "\052\206\110\206\367\022\001\002\002"}, { 0, 0 } }; -const gss_OID_desc * const gss_mech_krb5_old = krb5_gss_oid_array+0; -const gss_OID_desc * const gss_mech_krb5 = krb5_gss_oid_array+1; -const gss_OID_desc * const gss_nt_krb5_name = krb5_gss_oid_array+2; -const gss_OID_desc * const gss_nt_krb5_principal = krb5_gss_oid_array+3; -const gss_OID_desc * const gss_mech_krb5_v2 = krb5_gss_oid_array+4; +const gss_OID_desc * const gss_mech_krb5 = krb5_gss_oid_array+0; +const gss_OID_desc * const gss_mech_krb5_old = krb5_gss_oid_array+1; +const gss_OID_desc * const gss_mech_krb5_v2 = krb5_gss_oid_array+2; +const gss_OID_desc * const gss_nt_krb5_name = krb5_gss_oid_array+3; +const gss_OID_desc * const gss_nt_krb5_principal = krb5_gss_oid_array+4; static const gss_OID_set_desc oidsets[] = { {1, (gss_OID) krb5_gss_oid_array+0}, {1, (gss_OID) krb5_gss_oid_array+1}, {2, (gss_OID) krb5_gss_oid_array+0}, - {1, (gss_OID) krb5_gss_oid_array+4}, - {2, (gss_OID) krb5_gss_oid_array+4}, + {1, (gss_OID) krb5_gss_oid_array+2}, + {3, (gss_OID) krb5_gss_oid_array+0}, }; -const gss_OID_set_desc * const gss_mech_set_krb5_old = oidsets+0; -const gss_OID_set_desc * const gss_mech_set_krb5 = oidsets+1; +const gss_OID_set_desc * const gss_mech_set_krb5 = oidsets+0; +const gss_OID_set_desc * const gss_mech_set_krb5_old = oidsets+1; const gss_OID_set_desc * const gss_mech_set_krb5_both = oidsets+2; const gss_OID_set_desc * const gss_mech_set_krb5_v2 = oidsets+3; const gss_OID_set_desc * const gss_mech_set_krb5_v1v2 = oidsets+4; diff --git a/src/lib/gssapi/krb5/import_sec_context.c b/src/lib/gssapi/krb5/import_sec_context.c index baf901ca5..141736b9b 100644 --- a/src/lib/gssapi/krb5/import_sec_context.c +++ b/src/lib/gssapi/krb5/import_sec_context.c @@ -31,7 +31,7 @@ * Fix up the OID of the mechanism so that uses the static version of * the OID if possible. */ -static gss_OID convert_static_oid(oid) +gss_OID krb5_gss_convert_static_mech_oid(oid) gss_OID FAR oid; { const gss_OID_desc *p; @@ -85,7 +85,7 @@ krb5_gss_import_sec_context(minor_status, interprocess_token, context_handle) *minor_status = (OM_uint32) G_VALIDATE_FAILED; return(GSS_S_FAILURE); } - ctx->mech_used = convert_static_oid(ctx->mech_used); + ctx->mech_used = krb5_gss_convert_static_mech_oid(ctx->mech_used); *context_handle = (gss_ctx_id_t) ctx; diff --git a/src/lib/gssapi/krb5/indicate_mechs.c b/src/lib/gssapi/krb5/indicate_mechs.c index 9c1ca59e6..971811304 100644 --- a/src/lib/gssapi/krb5/indicate_mechs.c +++ b/src/lib/gssapi/krb5/indicate_mechs.c @@ -33,7 +33,7 @@ krb5_gss_indicate_mechs(minor_status, mech_set) { *minor_status = 0; - if (! g_copy_OID_set(gss_mech_set_krb5, mech_set)) { + if (! g_copy_OID_set(gss_mech_set_krb5_v1v2, mech_set)) { *mech_set = GSS_C_NO_OID_SET; *minor_status = ENOMEM; return(GSS_S_FAILURE); diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index f13763b6d..fb11cf5a2 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -655,6 +655,10 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, code = *minor_status; goto fail; } + /* + * Now try to make it static if at all possible.... + */ + ctx->mech_used = krb5_gss_convert_static_mech_oid(ctx->mech_used); if (ctx->gsskrb5_version == 2000) { /* gsskrb5 v2 */ diff --git a/src/lib/gssapi/krb5/wrap_size_limit.c b/src/lib/gssapi/krb5/wrap_size_limit.c index 745949260..54c29da30 100644 --- a/src/lib/gssapi/krb5/wrap_size_limit.c +++ b/src/lib/gssapi/krb5/wrap_size_limit.c @@ -156,7 +156,8 @@ krb5_gss_wrap_size_limit(minor_status, context_handle, conf_req_flag, /* Calculate the token size and subtract that from the output size */ cfsize = (conf_req_flag) ? kg_confounder_size(context, ctx->enc) : 0; ohlen = g_token_size((gss_OID) ctx->mech_used, - (unsigned int) cfsize + ctx->cksum_size + 14); + (unsigned int) (req_output_size + cfsize + + ctx->cksum_size + 14)); if (ohlen < req_output_size) /* -- 2.26.2