diff options
| author | Sam Hartman <hartmans@mit.edu> | 2002-12-06 01:02:13 +0000 |
|---|---|---|
| committer | Sam Hartman <hartmans@mit.edu> | 2002-12-06 01:02:13 +0000 |
| commit | 17d65bfa2e5d0e4f942430e236c2ffd595f92cc7 (patch) | |
| tree | 240efd886266322ead96b745adbf93c9621e205d /src/lib/gssapi | |
| parent | 3a6617768e637b3f3a466f4815ab7339af7fc454 (diff) | |
| download | krb5-17d65bfa2e5d0e4f942430e236c2ffd595f92cc7.tar.gz krb5-17d65bfa2e5d0e4f942430e236c2ffd595f92cc7.tar.xz krb5-17d65bfa2e5d0e4f942430e236c2ffd595f92cc7.zip | |
2002-12-05 Sam Hartman <hartmans@mit.edu>
* util_token.c (g_verify_token_header g_make_token_header):
Accept -1 to mean that no token type is expected; the token type
is purely an RFC 1964 artifact and is not used in other mechanisms
such as SPNEGO.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15029 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/gssapi')
| -rw-r--r-- | src/lib/gssapi/generic/ChangeLog | 7 | ||||
| -rw-r--r-- | src/lib/gssapi/generic/util_token.c | 44 |
2 files changed, 28 insertions, 23 deletions
diff --git a/src/lib/gssapi/generic/ChangeLog b/src/lib/gssapi/generic/ChangeLog index f5f4c442cc..bae1d25718 100644 --- a/src/lib/gssapi/generic/ChangeLog +++ b/src/lib/gssapi/generic/ChangeLog @@ -1,3 +1,10 @@ +2002-12-05 Sam Hartman <hartmans@mit.edu> + + * util_token.c (g_verify_token_header g_make_token_header): + Accept -1 to mean that no token type is expected; the token type + is purely an RFC 1964 artifact and is not used in other mechanisms + such as SPNEGO. + 2002-11-15 Ezra Peisach <epeisach@bu.edu> * gssapiP_generic.h, util_token.c: Change g_make_token_header and diff --git a/src/lib/gssapi/generic/util_token.c b/src/lib/gssapi/generic/util_token.c index 9cd1ce2f15..088e6139e8 100644 --- a/src/lib/gssapi/generic/util_token.c +++ b/src/lib/gssapi/generic/util_token.c @@ -46,6 +46,11 @@ bytes 0,1 are the token type bytes 2,n are the token data +Note that the token type field is a feature of RFC 1964 mechanisms and +is not used by other GSSAPI mechanisms. As such, a token type of -1 +is interpreted to mean that no token type should be expected or +generated. + For the purposes of this abstraction, the token "header" consists of the sequence tag and length octets, the mech OID DER encoding, and the first two inner bytes, which indicate the token type. The token @@ -145,12 +150,14 @@ void g_make_token_header(mech, body_size, buf, tok_type) int tok_type; { *(*buf)++ = 0x60; - der_write_length(buf, 4 + mech->length + body_size); + der_write_length(buf, (tok_type == -1) ?2:4 + mech->length + body_size); *(*buf)++ = 0x06; *(*buf)++ = (unsigned char) mech->length; TWRITE_STR(*buf, mech->elements, mech->length); - *(*buf)++ = (unsigned char) ((tok_type>>8)&0xff); - *(*buf)++ = (unsigned char) (tok_type&0xff); + if (tok_type != -1) { + *(*buf)++ = (unsigned char) ((tok_type>>8)&0xff); + *(*buf)++ = (unsigned char) (tok_type&0xff); + } } /* @@ -171,7 +178,6 @@ gss_int32 g_verify_token_header(mech, body_size, buf_in, tok_type, toksize_in) unsigned char *buf = *buf_in; int seqsize; gss_OID_desc toid; - int ret = 0; int toksize = toksize_in; if ((toksize-=1) < 0) @@ -200,25 +206,17 @@ gss_int32 g_verify_token_header(mech, body_size, buf_in, tok_type, toksize_in) buf+=toid.length; if (! g_OID_equal(&toid, mech)) - ret = G_WRONG_MECH; - - /* G_WRONG_MECH is not returned immediately because it's more important - to return G_BAD_TOK_HEADER if the token header is in fact bad */ - - if ((toksize-=2) < 0) - return(G_BAD_TOK_HEADER); - - if (ret) - return(ret); - - if ((*buf++ != ((tok_type>>8)&0xff)) || - (*buf++ != (tok_type&0xff))) - return(G_WRONG_TOKID); - - if (!ret) { + return G_WRONG_MECH; + if (tok_type != -1) { + if ((toksize-=2) < 0) + return(G_BAD_TOK_HEADER); + + if ((*buf++ != ((tok_type>>8)&0xff)) || + (*buf++ != (tok_type&0xff))) + return(G_WRONG_TOKID); + } *buf_in = buf; *body_size = toksize; - } - return(ret); -} + return 0; + } |