diff options
| author | Sam Hartman <hartmans@mit.edu> | 2009-01-03 23:19:42 +0000 |
|---|---|---|
| committer | Sam Hartman <hartmans@mit.edu> | 2009-01-03 23:19:42 +0000 |
| commit | 0ba5ccd7bb3ea15e44a87f84ca6feed8890f657d (patch) | |
| tree | 2049c9c2cb135fe36b14c0a171711259258d18ec /src/lib/gssapi/generic/util_token.c | |
| parent | ff0a6514c9f4230938c29922d69cbd4e83691adf (diff) | |
| download | krb5-0ba5ccd7bb3ea15e44a87f84ca6feed8890f657d.tar.gz krb5-0ba5ccd7bb3ea15e44a87f84ca6feed8890f657d.tar.xz krb5-0ba5ccd7bb3ea15e44a87f84ca6feed8890f657d.zip | |
Merge mskrb-integ onto trunk
The mskrb-integ branch includes support for the following projects:
Projects/Aliases
* Projects/PAC and principal APIs
* Projects/AEAD encryption API
* Projects/GSSAPI DCE
* Projects/RFC 3244
In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions.
In the KDC it includes support for protocol transition, constrained delegation
and a new authorization data interface.
The old authorization data interface is also supported.
This commit merges the mskrb-integ branch on to the trunk.
Additional review and testing is required.
Merge commit 'mskrb-integ' into trunk
ticket: new
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21690 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/gssapi/generic/util_token.c')
| -rw-r--r-- | src/lib/gssapi/generic/util_token.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/lib/gssapi/generic/util_token.c b/src/lib/gssapi/generic/util_token.c index b37d9065d..24d532548 100644 --- a/src/lib/gssapi/generic/util_token.c +++ b/src/lib/gssapi/generic/util_token.c @@ -174,7 +174,7 @@ g_verify_token_header( unsigned char **buf_in, int tok_type, unsigned int toksize_in, - int wrapper_required) + int flags) { unsigned char *buf = *buf_in; int seqsize; @@ -184,7 +184,7 @@ g_verify_token_header( if ((toksize-=1) < 0) return(G_BAD_TOK_HEADER); if (*buf++ != 0x60) { - if (wrapper_required) + if (flags & G_VFY_TOKEN_HDR_WRAPPER_REQUIRED) return(G_BAD_TOK_HEADER); buf--; toksize++; @@ -194,7 +194,8 @@ g_verify_token_header( if ((seqsize = der_read_length(&buf, &toksize)) < 0) return(G_BAD_TOK_HEADER); - if (seqsize != toksize) + if ((flags & G_VFY_TOKEN_HDR_IGNORE_SEQ_SIZE) == 0 && + seqsize != toksize) return(G_BAD_TOK_HEADER); if ((toksize-=1) < 0) |