[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: gss_accept_sec_context() problem
- To: Assar Westerlund <firstname.lastname@example.org>
- Subject: Re: gss_accept_sec_context() problem
- From: Michael Shuldman <email@example.com>
- Date: Tue, 22 Aug 2000 11:20:15 +0200
- Cc: firstname.lastname@example.org
- In-Reply-To: <email@example.com>; from Michael Shuldman on Mon, Jul 31, 2000 at 10:54:28AM +0200
- References: <firstname.lastname@example.org> <email@example.com> <firstname.lastname@example.org>
- Sender: email@example.com
Michael Shuldman wrote,
> Assar Westerlund wrote,
> > Michael Shuldman <firstname.lastname@example.org> writes:
> > > I can't see any requirement for input_token to be filled when calling
> > > gss_accept_sec_context() and was expecting GSS_S_CONTINUE_NEEDED.
> > I don't think it makes much sense to call gss_accept_sec_context with
> > an empty token. What would it mean and why would you do it?
> > GSS_S_CONTINUE_NEEDED is used when authentication requires more steps,
> > to indicate that you should continue looping around
> > gss_accept_sec_context (and gss_init_sec_context).
> > I changed the code to return GSS_S_DEFECTIVE_TOKEN instead of crashing.
> The draft (cbind-09) says that GSS_S_CONTINUE_NEEDED "Indicates
> that a token from the peer application is required to complete the
> context ...". Isn't that the case here, "a token from the peer
> application is required"?
> > > I tried filling input_token with the token gotten on the clientside
> > > from gss_init_sec_context, a assert() in Heimdal then fails. I
> > > guess I'm doing something wrong here?
> > Can also possible be us doing something wrong. :-) Just send us the
> > assert that's failing and we will look at it.
> Here it is (I didn't include it in the prevous mail since I'd deleted
> the coredump, will try not to do that so soon now):
> #0 0x94f9f in kill ()
> #1 0x949e4 in abort ()
> #2 0x2c6c1 in gssapi_krb5_verify_header (str=0xdfbeaef0, total_len=1026,
> type=0x2c172 "\001") at decapsulate.c:51
> #3 0x2c7c3 in gssapi_krb5_decapsulate (input_token_buffer=0xdfbfb0a0,
> out_data=0xdfbeaf34, type=0x2c172 "\001") at decapsulate.c:90
> #4 0x2c2ab in gss_accept_sec_context (minor_status=0xdfbfb0cc,
> context_handle=0xdfbfb0a8, acceptor_cred_handle=0x0,
> input_token_buffer=0xdfbfb0a0, input_chan_bindings=0x0,
> src_name=0xdfbfb0bc, mech_type=0x0, output_token=0xdfbfb098,
> ret_flags=0x0, time_rec=0x0, delegated_cred_handle=0x0)
> at accept_sec_context.c:118
> The arguments to gss_accept_sec_context() should be the same as in
> the testprogram except for input_token, which is the token the
> client got from gss_init_sec_context().
> _ //
> \X/ -- Michael Shuldman <email@example.com>
I think an answer would have been less rude than silence.
\X/ -- Michael Shuldman <firstname.lastname@example.org>