diff options
| author | Simo Sorce <simo@redhat.com> | 2013-10-16 21:51:16 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2013-10-18 16:29:51 -0400 |
| commit | fd8d8833e2f3496893c970550eecc6449b59b9d5 (patch) | |
| tree | 25fc65ee9548c38b861fb65986b452fc6ad36bc4 /src/gss_sec_ctx.c | |
| parent | 1793582754d508191bf90404b0936060060b9027 (diff) | |
| download | gss-ntlmssp-fd8d8833e2f3496893c970550eecc6449b59b9d5.tar.gz gss-ntlmssp-fd8d8833e2f3496893c970550eecc6449b59b9d5.tar.xz gss-ntlmssp-fd8d8833e2f3496893c970550eecc6449b59b9d5.zip | |
Add way to set sequence numbres.
In NTLMSSP connectionless mode applications are supposed to provide the
sequence number, however GSSAPI's get_mic and verify_mic functions do
not allow to pass an explicit sequence number.
Allow to override the context sequence numbers using a custom oid and
implemnting gss_set_sec_context_option()
Allows the operation only if the context is in connectionless mode.
Diffstat (limited to 'src/gss_sec_ctx.c')
| -rw-r--r-- | src/gss_sec_ctx.c | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/src/gss_sec_ctx.c b/src/gss_sec_ctx.c index 855aa9f..2290cb9 100644 --- a/src/gss_sec_ctx.c +++ b/src/gss_sec_ctx.c @@ -1235,3 +1235,51 @@ uint32_t gssntlm_inquire_context(uint32_t *minor_status, return GSS_S_COMPLETE; } + +gss_OID_desc set_seq_num_oid = { + GSS_NTLMSSP_SET_SEQ_NUM_OID_LENGTH, + GSS_NTLMSSP_SET_SEQ_NUM_OID_STRING +}; + +uint32_t gssntlm_set_sec_context_option(uint32_t *minor_status, + gss_ctx_id_t *context_handle, + const gss_OID desired_object, + const gss_buffer_t value) +{ + struct gssntlm_ctx *ctx; + + if (minor_status == NULL) { + return GSS_S_CALL_INACCESSIBLE_WRITE; + } + if (context_handle == NULL || *context_handle == NULL) { + return GSS_S_CALL_INACCESSIBLE_READ; + } + if (desired_object == GSS_C_NO_OID) { + return GSS_S_CALL_INACCESSIBLE_READ; + } + + ctx = (struct gssntlm_ctx *)*context_handle; + + *minor_status = 0; + + /* set seq num */ + if (gss_oid_equal(desired_object, &set_seq_num_oid)) { + if (ctx->gss_flags & GSS_C_DATAGRAM_FLAG) { + + if (value->length != 4) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + memcpy(&ctx->recv.seq_num, value->value, value->length); + ctx->send.seq_num = ctx->recv.seq_num; + return GSS_S_COMPLETE; + } else { + *minor_status = EACCES; + return GSS_S_UNAUTHORIZED; + } + } + + *minor_status = EINVAL; + return GSS_S_UNAVAILABLE; +} |