[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [patch] miscellaneous mechglue stuff
>I decided to implement this in lorikeet-heimdal, and here is what I
>actually got:
Don't forget to free the crypto context. Here's what I got (untested):
Index: accept_sec_context.c
===================================================================
RCS file: /home/project/cvs/heimdal/lib/gssapi/accept_sec_context.c,v
retrieving revision 1.104
diff -u -r1.104 accept_sec_context.c
--- accept_sec_context.c 24 Dec 2005 14:25:41 -0000 1.104
+++ accept_sec_context.c 7 May 2006 14:42:01 -0000
@@ -372,11 +372,31 @@
goto failure;
}
- ret = gssapi_krb5_verify_8003_checksum(minor_status,
- input_chan_bindings,
- authenticator->cksum,
- &flags,
- &fwd_data);
+ if (authenticator->cksum->cksumtype == CKSUMTYPE_GSSAPI) {
+ ret = gssapi_krb5_verify_8003_checksum(minor_status,
+ input_chan_bindings,
+ authenticator->cksum,
+ &flags,
+ &fwd_data);
+ } else {
+ krb5_crypto crypto;
+
+ kret = krb5_crypto_init(gssapi_krb5_context,
+ (*context_handle)->auth_context->keyblock,
+ 0, &crypto);
+ if (kret == 0) {
+ kret = krb5_verify_checksum(gssapi_krb5_context,
+ crypto, KRB5_KU_AP_REQ_AUTH_CKSUM,
+ NULL, 0, authenticator->cksum);
+ flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+ krb5_crypto_destroy(gssapi_krb5_context, crypto);
+ }
+ if (kret != 0) {
+ ret = GSS_S_BAD_SIG;
+ gssapi_krb5_set_error_string ();
+ } else
+ ret = GSS_S_COMPLETE;
+ }
krb5_free_authenticator(gssapi_krb5_context, &authenticator);
if (ret)
goto failure;
-- Luke
--