[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gss_accept_sec_context() problem

To: Assar Westerlund <assar@sics.se>
Subject: Re: gss_accept_sec_context() problem
From: Michael Shuldman <michaels@inet.no>
Date: Tue, 22 Aug 2000 11:20:15 +0200
Cc: heimdal-discuss@sics.se
In-Reply-To: <20000731105428.37476@bastesen.inet.no>; from Michael Shuldman on Mon, Jul 31, 2000 at 10:54:28AM +0200
References: <20000728144948.14080@bastesen.inet.no> <5lzon1fq14.fsf@assaris.sics.se> <20000731105428.37476@bastesen.inet.no>
Sender: owner-heimdal-discuss@sics.se

Michael Shuldman wrote,
> Assar Westerlund wrote,
> > Michael Shuldman <michaels@inet.no> writes:
> > > I can't see any requirement for input_token to be filled when calling
> > > gss_accept_sec_context() and was expecting GSS_S_CONTINUE_NEEDED.
> > 
> > I don't think it makes much sense to call gss_accept_sec_context with
> > an empty token.  What would it mean and why would you do it?
> > 
> > GSS_S_CONTINUE_NEEDED is used when authentication requires more steps,
> > to indicate that you should continue looping around
> > gss_accept_sec_context (and gss_init_sec_context).
> >
> > I changed the code to return GSS_S_DEFECTIVE_TOKEN instead of crashing.
> 
> The draft (cbind-09) says that GSS_S_CONTINUE_NEEDED "Indicates
> that a token from the peer application is required to complete the
> context ...".  Isn't that the case here, "a token from the peer
> application is required"?
> 
> > > I tried filling input_token with the token gotten on the clientside
> > > from gss_init_sec_context, a assert() in Heimdal then fails.  I
> > > guess I'm doing something wrong here?
> > 
> > Can also possible be us doing something wrong. :-)  Just send us the
> > assert that's failing and we will look at it.
> 
> Here it is (I didn't include it in the prevous mail since I'd deleted
> the coredump, will try not to do that so soon now):
> 
> #0  0x94f9f in kill ()
> #1  0x949e4 in abort ()
> #2  0x2c6c1 in gssapi_krb5_verify_header (str=0xdfbeaef0, total_len=1026, 
>     type=0x2c172 "\001") at decapsulate.c:51
> #3  0x2c7c3 in gssapi_krb5_decapsulate (input_token_buffer=0xdfbfb0a0, 
>     out_data=0xdfbeaf34, type=0x2c172 "\001") at decapsulate.c:90
> #4  0x2c2ab in gss_accept_sec_context (minor_status=0xdfbfb0cc, 
>     context_handle=0xdfbfb0a8, acceptor_cred_handle=0x0, 
>     input_token_buffer=0xdfbfb0a0, input_chan_bindings=0x0, 
>     src_name=0xdfbfb0bc, mech_type=0x0, output_token=0xdfbfb098, 
>     ret_flags=0x0, time_rec=0x0, delegated_cred_handle=0x0)
>     at accept_sec_context.c:118
> 
> The arguments to gss_accept_sec_context() should be the same as in
> the testprogram except for input_token, which is the token the
> client got from gss_init_sec_context().
> 
> -- 
>   _ // 
>   \X/ -- Michael Shuldman <michaels@inet.no>

I think an answer would have been less rude than silence.



-- 
  _ // 
  \X/ -- Michael Shuldman <michaels@inet.no>

Prev by Date: Re: noaddress?
Next by Date: ldap patch ?
Prev by thread: Re: noaddress?
Next by thread: ldap patch ?
Index(es):
- Date
- Thread