From c31b9ba8b18c9114d6b3ca93e9aac8b1f6534813 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Mon, 27 Sep 2010 18:51:55 +0000 Subject: [PATCH] Use IAKERB OID header for all IAKERB messages including AP-REQ git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24363 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/krb5/accept_sec_context.c | 6 ++++++ src/lib/gssapi/krb5/iakerb.c | 11 +++++++---- src/lib/gssapi/krb5/init_sec_context.c | 2 ++ src/lib/gssapi/krb5/rel_oid.c | 1 + 4 files changed, 16 insertions(+), 4 deletions(-) diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index e3ec8224b..47eff359d 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -542,6 +542,12 @@ kg_accept_krb5(minor_status, context_handle, &ptr, KG_TOK_CTX_AP_REQ, input_token->length, 1))) { mech_used = gss_mech_krb5; + } else if ((code == G_WRONG_MECH) + &&!(code = g_verify_token_header((gss_OID) gss_mech_iakerb, + &(ap_req.length), + &ptr, KG_TOK_CTX_AP_REQ, + input_token->length, 1))) { + mech_used = gss_mech_iakerb; } else if ((code == G_WRONG_MECH) &&!(code = g_verify_token_header((gss_OID) gss_mech_krb5_wrong, &(ap_req.length), diff --git a/src/lib/gssapi/krb5/iakerb.c b/src/lib/gssapi/krb5/iakerb.c index 0a86fa56a..8c9958ffd 100644 --- a/src/lib/gssapi/krb5/iakerb.c +++ b/src/lib/gssapi/krb5/iakerb.c @@ -857,7 +857,7 @@ iakerb_gss_accept_sec_context(OM_uint32 *minor_status, input_token, input_chan_bindings, src_name, - mech_type, + NULL, output_token, ret_flags, time_rec, @@ -868,6 +868,8 @@ iakerb_gss_accept_sec_context(OM_uint32 *minor_status, ctx->gssc = NULL; iakerb_release_context(ctx); } + if (mech_type != NULL) + *mech_type = (gss_OID)gss_mech_krb5; } cleanup: @@ -988,12 +990,12 @@ iakerb_gss_init_sec_context(OM_uint32 *minor_status, (gss_cred_id_t) kcred, &ctx->gssc, target_name, - GSS_C_NULL_OID, + (gss_OID)gss_mech_iakerb, req_flags, time_req, input_chan_bindings, input_token, - actual_mech_type, + NULL, output_token, ret_flags, time_rec, @@ -1003,6 +1005,8 @@ iakerb_gss_init_sec_context(OM_uint32 *minor_status, ctx->gssc = GSS_C_NO_CONTEXT; iakerb_release_context(ctx); } + if (actual_mech_type != NULL) + *actual_mech_type = (gss_OID)gss_mech_krb5; } else { if (actual_mech_type != NULL) *actual_mech_type = (gss_OID)gss_mech_iakerb; @@ -1024,4 +1028,3 @@ cleanup: return major_status; } - diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index 25cee16f0..19586b9be 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -1012,6 +1012,8 @@ krb5_gss_init_sec_context_ext( mech_type = (gss_OID) gss_mech_krb5_old; } else if (g_OID_equal(mech_type, gss_mech_krb5_wrong)) { mech_type = (gss_OID) gss_mech_krb5_wrong; + } else if (g_OID_equal(mech_type, gss_mech_iakerb)) { + mech_type = (gss_OID) gss_mech_iakerb; } else { k5_mutex_unlock(&cred->lock); if (claimant_cred_handle == GSS_C_NO_CREDENTIAL) diff --git a/src/lib/gssapi/krb5/rel_oid.c b/src/lib/gssapi/krb5/rel_oid.c index dfa2738c6..4e6c0f671 100644 --- a/src/lib/gssapi/krb5/rel_oid.c +++ b/src/lib/gssapi/krb5/rel_oid.c @@ -74,6 +74,7 @@ krb5_gss_internal_release_oid(minor_status, oid) if ((*oid != gss_mech_krb5) && (*oid != gss_mech_krb5_old) && (*oid != gss_mech_krb5_wrong) && + (*oid != gss_mech_iakerb) && (*oid != gss_nt_krb5_name) && (*oid != gss_nt_krb5_principal)) { /* We don't know about this OID */ -- 2.26.2