summaryrefslogtreecommitdiffstats
path: root/src/lib/gssapi/krb5/k5unseal.c
diff options
context:
space:
mode:
authorTom Yu <tlyu@mit.edu>2008-10-15 21:58:43 +0000
committerTom Yu <tlyu@mit.edu>2008-10-15 21:58:43 +0000
commita898a72410a38b03ff7c7691ceeea973e3eec6ca (patch)
treefdd601d15bb96904df7b684048381bb3b9d0e1d3 /src/lib/gssapi/krb5/k5unseal.c
parent07292e360eb8cad0151ed76edee11a9ce8ca925e (diff)
downloadkrb5-a898a72410a38b03ff7c7691ceeea973e3eec6ca.tar.gz
krb5-a898a72410a38b03ff7c7691ceeea973e3eec6ca.tar.xz
krb5-a898a72410a38b03ff7c7691ceeea973e3eec6ca.zip
Untabify. Normalize whitespace. Reindent. Fix some of the most
egregious formatting quirks. Add emacs mode settings to flag untabified source files. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20876 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/gssapi/krb5/k5unseal.c')
-rw-r--r--src/lib/gssapi/krb5/k5unseal.c611
1 files changed, 306 insertions, 305 deletions
diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c
index 72afb4576..f80be3fa2 100644
--- a/src/lib/gssapi/krb5/k5unseal.c
+++ b/src/lib/gssapi/krb5/k5unseal.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
/*
* Copyright 2001, 2007 by the Massachusetts Institute of Technology.
* Copyright 1993 by OpenVision Technologies, Inc.
@@ -58,7 +59,7 @@
static OM_uint32
kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
- conf_state, qop_state, toktype)
+ conf_state, qop_state, toktype)
krb5_context context;
OM_uint32 *minor_status;
krb5_gss_ctx_id_rec *ctx;
@@ -89,8 +90,8 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
krb5_keyusage sign_usage = KG_USAGE_SIGN;
if (toktype == KG_TOK_SEAL_MSG) {
- message_buffer->length = 0;
- message_buffer->value = NULL;
+ message_buffer->length = 0;
+ message_buffer->value = NULL;
}
/* get the sign and seal algorithms */
@@ -101,141 +102,141 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
/* Sanity checks */
if ((ptr[4] != 0xff) || (ptr[5] != 0xff)) {
- *minor_status = 0;
- return GSS_S_DEFECTIVE_TOKEN;
+ *minor_status = 0;
+ return GSS_S_DEFECTIVE_TOKEN;
}
if ((toktype != KG_TOK_SEAL_MSG) &&
- (sealalg != 0xffff)) {
- *minor_status = 0;
- return GSS_S_DEFECTIVE_TOKEN;
+ (sealalg != 0xffff)) {
+ *minor_status = 0;
+ return GSS_S_DEFECTIVE_TOKEN;
}
/* in the current spec, there is only one valid seal algorithm per
key type, so a simple comparison is ok */
if ((toktype == KG_TOK_SEAL_MSG) &&
- !((sealalg == 0xffff) ||
- (sealalg == ctx->sealalg))) {
- *minor_status = 0;
- return GSS_S_DEFECTIVE_TOKEN;
+ !((sealalg == 0xffff) ||
+ (sealalg == ctx->sealalg))) {
+ *minor_status = 0;
+ return GSS_S_DEFECTIVE_TOKEN;
}
/* there are several mappings of seal algorithms to sign algorithms,
but few enough that we can try them all. */
if ((ctx->sealalg == SEAL_ALG_NONE && signalg > 1) ||
- (ctx->sealalg == SEAL_ALG_1 && signalg != SGN_ALG_3) ||
- (ctx->sealalg == SEAL_ALG_DES3KD &&
- signalg != SGN_ALG_HMAC_SHA1_DES3_KD)||
- (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4 &&
- signalg != SGN_ALG_HMAC_MD5)) {
- *minor_status = 0;
- return GSS_S_DEFECTIVE_TOKEN;
+ (ctx->sealalg == SEAL_ALG_1 && signalg != SGN_ALG_3) ||
+ (ctx->sealalg == SEAL_ALG_DES3KD &&
+ signalg != SGN_ALG_HMAC_SHA1_DES3_KD)||
+ (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4 &&
+ signalg != SGN_ALG_HMAC_MD5)) {
+ *minor_status = 0;
+ return GSS_S_DEFECTIVE_TOKEN;
}
switch (signalg) {
case SGN_ALG_DES_MAC_MD5:
case SGN_ALG_MD2_5:
case SGN_ALG_HMAC_MD5:
- cksum_len = 8;
- if (toktype != KG_TOK_SEAL_MSG)
- sign_usage = 15;
- break;
+ cksum_len = 8;
+ if (toktype != KG_TOK_SEAL_MSG)
+ sign_usage = 15;
+ break;
case SGN_ALG_3:
- cksum_len = 16;
- break;
+ cksum_len = 16;
+ break;
case SGN_ALG_HMAC_SHA1_DES3_KD:
- cksum_len = 20;
- break;
+ cksum_len = 20;
+ break;
default:
- *minor_status = 0;
- return GSS_S_DEFECTIVE_TOKEN;
+ *minor_status = 0;
+ return GSS_S_DEFECTIVE_TOKEN;
}
/* get the token parameters */
if ((code = kg_get_seq_num(context, ctx->seq, ptr+14, ptr+6, &direction,
- &seqnum))) {
- *minor_status = code;
- return(GSS_S_BAD_SIG);
+ &seqnum))) {
+ *minor_status = code;
+ return(GSS_S_BAD_SIG);
}
/* decode the message, if SEAL */
if (toktype == KG_TOK_SEAL_MSG) {
- int tmsglen = bodysize-(14+cksum_len);
- if (sealalg != 0xffff) {
- if ((plain = (unsigned char *) xmalloc(tmsglen)) == NULL) {
- *minor_status = ENOMEM;
- return(GSS_S_FAILURE);
- }
- if (ctx->enc->enctype == ENCTYPE_ARCFOUR_HMAC) {
- unsigned char bigend_seqnum[4];
- krb5_keyblock *enc_key;
- int i;
- bigend_seqnum[0] = (seqnum>>24) & 0xff;
- bigend_seqnum[1] = (seqnum>>16) & 0xff;
- bigend_seqnum[2] = (seqnum>>8) & 0xff;
- bigend_seqnum[3] = seqnum & 0xff;
- code = krb5_copy_keyblock (context, ctx->enc, &enc_key);
- if (code)
- {
- xfree(plain);
- *minor_status = code;
- return(GSS_S_FAILURE);
- }
-
- assert (enc_key->length == 16);
- for (i = 0; i <= 15; i++)
- ((char *) enc_key->contents)[i] ^=0xf0;
- code = kg_arcfour_docrypt (enc_key, 0,
- &bigend_seqnum[0], 4,
- ptr+14+cksum_len, tmsglen,
- plain);
- krb5_free_keyblock (context, enc_key);
- } else {
- code = kg_decrypt(context, ctx->enc, KG_USAGE_SEAL, NULL,
- ptr+14+cksum_len, plain, tmsglen);
- }
- if (code) {
- xfree(plain);
- *minor_status = code;
- return(GSS_S_FAILURE);
- }
- } else {
- plain = ptr+14+cksum_len;
- }
-
- plainlen = tmsglen;
-
- if ((sealalg == 0xffff) && ctx->big_endian) {
- token.length = tmsglen;
- } else {
- conflen = kg_confounder_size(context, ctx->enc);
- token.length = tmsglen - conflen - plain[tmsglen-1];
- }
-
- if (token.length) {
- if ((token.value = (void *) xmalloc(token.length)) == NULL) {
- if (sealalg != 0xffff)
- xfree(plain);
- *minor_status = ENOMEM;
- return(GSS_S_FAILURE);
- }
- memcpy(token.value, plain+conflen, token.length);
- } else {
- token.value = NULL;
- }
+ int tmsglen = bodysize-(14+cksum_len);
+ if (sealalg != 0xffff) {
+ if ((plain = (unsigned char *) xmalloc(tmsglen)) == NULL) {
+ *minor_status = ENOMEM;
+ return(GSS_S_FAILURE);
+ }
+ if (ctx->enc->enctype == ENCTYPE_ARCFOUR_HMAC) {
+ unsigned char bigend_seqnum[4];
+ krb5_keyblock *enc_key;
+ int i;
+ bigend_seqnum[0] = (seqnum>>24) & 0xff;
+ bigend_seqnum[1] = (seqnum>>16) & 0xff;
+ bigend_seqnum[2] = (seqnum>>8) & 0xff;
+ bigend_seqnum[3] = seqnum & 0xff;
+ code = krb5_copy_keyblock (context, ctx->enc, &enc_key);
+ if (code)
+ {
+ xfree(plain);
+ *minor_status = code;
+ return(GSS_S_FAILURE);
+ }
+
+ assert (enc_key->length == 16);
+ for (i = 0; i <= 15; i++)
+ ((char *) enc_key->contents)[i] ^=0xf0;
+ code = kg_arcfour_docrypt (enc_key, 0,
+ &bigend_seqnum[0], 4,
+ ptr+14+cksum_len, tmsglen,
+ plain);
+ krb5_free_keyblock (context, enc_key);
+ } else {
+ code = kg_decrypt(context, ctx->enc, KG_USAGE_SEAL, NULL,
+ ptr+14+cksum_len, plain, tmsglen);
+ }
+ if (code) {
+ xfree(plain);
+ *minor_status = code;
+ return(GSS_S_FAILURE);
+ }
+ } else {
+ plain = ptr+14+cksum_len;
+ }
+
+ plainlen = tmsglen;
+
+ if ((sealalg == 0xffff) && ctx->big_endian) {
+ token.length = tmsglen;
+ } else {
+ conflen = kg_confounder_size(context, ctx->enc);
+ token.length = tmsglen - conflen - plain[tmsglen-1];
+ }
+
+ if (token.length) {
+ if ((token.value = (void *) xmalloc(token.length)) == NULL) {
+ if (sealalg != 0xffff)
+ xfree(plain);
+ *minor_status = ENOMEM;
+ return(GSS_S_FAILURE);
+ }
+ memcpy(token.value, plain+conflen, token.length);
+ } else {
+ token.value = NULL;
+ }
} else if (toktype == KG_TOK_SIGN_MSG) {
- token = *message_buffer;
- plain = token.value;
- plainlen = token.length;
+ token = *message_buffer;
+ plain = token.value;
+ plainlen = token.length;
} else {
- token.length = 0;
- token.value = NULL;
- plain = token.value;
- plainlen = token.length;
+ token.length = 0;
+ token.value = NULL;
+ plain = token.value;
+ plainlen = token.length;
}
/* compute the checksum of the message */
@@ -246,224 +247,224 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
case SGN_ALG_MD2_5:
case SGN_ALG_DES_MAC:
case SGN_ALG_3:
- md5cksum.checksum_type = CKSUMTYPE_RSA_MD5;
- break;
+ md5cksum.checksum_type = CKSUMTYPE_RSA_MD5;
+ break;
case SGN_ALG_HMAC_MD5:
- md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR;
- break;
+ md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR;
+ break;
case SGN_ALG_HMAC_SHA1_DES3_KD:
- md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3;
- break;
+ md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3;
+ break;
default:
- abort ();
+ abort ();
}
code = krb5_c_checksum_length(context, md5cksum.checksum_type, &sumlen);
if (code)
- return(code);
+ return(code);
md5cksum.length = sumlen;
switch (signalg) {
case SGN_ALG_DES_MAC_MD5:
case SGN_ALG_3:
- /* compute the checksum of the message */
-
- /* 8 = bytes of token body to be checksummed according to spec */
-
- if (! (data_ptr = (void *)
- xmalloc(8 + (ctx->big_endian ? token.length : plainlen)))) {
- if (sealalg != 0xffff)
- xfree(plain);
- if (toktype == KG_TOK_SEAL_MSG)
- xfree(token.value);
- *minor_status = ENOMEM;
- return(GSS_S_FAILURE);
- }
-
- (void) memcpy(data_ptr, ptr-2, 8);
-
- if (ctx->big_endian)
- (void) memcpy(data_ptr+8, token.value, token.length);
- else
- (void) memcpy(data_ptr+8, plain, plainlen);
-
- plaind.length = 8 + (ctx->big_endian ? token.length : plainlen);
- plaind.data = data_ptr;
- code = krb5_c_make_checksum(context, md5cksum.checksum_type,
- ctx->seq, sign_usage,
- &plaind, &md5cksum);
- xfree(data_ptr);
-
- if (code) {
- if (toktype == KG_TOK_SEAL_MSG)
- xfree(token.value);
- *minor_status = code;
- return(GSS_S_FAILURE);
- }
-
- if ((code = kg_encrypt(context, ctx->seq, KG_USAGE_SEAL,
- (g_OID_equal(ctx->mech_used, gss_mech_krb5_old) ?
- ctx->seq->contents : NULL),
- md5cksum.contents, md5cksum.contents, 16))) {
- krb5_free_checksum_contents(context, &md5cksum);
- if (toktype == KG_TOK_SEAL_MSG)
- xfree(token.value);
- *minor_status = code;
- return GSS_S_FAILURE;
- }
-
- if (signalg == 0)
- cksum.length = 8;
- else
- cksum.length = 16;
- cksum.contents = md5cksum.contents + 16 - cksum.length;
-
- code = memcmp(cksum.contents, ptr+14, cksum.length);
- break;
+ /* compute the checksum of the message */
+
+ /* 8 = bytes of token body to be checksummed according to spec */
+
+ if (! (data_ptr = (void *)
+ xmalloc(8 + (ctx->big_endian ? token.length : plainlen)))) {
+ if (sealalg != 0xffff)
+ xfree(plain);
+ if (toktype == KG_TOK_SEAL_MSG)
+ xfree(token.value);
+ *minor_status = ENOMEM;
+ return(GSS_S_FAILURE);
+ }
+
+ (void) memcpy(data_ptr, ptr-2, 8);
+
+ if (ctx->big_endian)
+ (void) memcpy(data_ptr+8, token.value, token.length);
+ else
+ (void) memcpy(data_ptr+8, plain, plainlen);
+
+ plaind.length = 8 + (ctx->big_endian ? token.length : plainlen);
+ plaind.data = data_ptr;
+ code = krb5_c_make_checksum(context, md5cksum.checksum_type,
+ ctx->seq, sign_usage,
+ &plaind, &md5cksum);
+ xfree(data_ptr);
+
+ if (code) {
+ if (toktype == KG_TOK_SEAL_MSG)
+ xfree(token.value);
+ *minor_status = code;
+ return(GSS_S_FAILURE);
+ }
+
+ if ((code = kg_encrypt(context, ctx->seq, KG_USAGE_SEAL,
+ (g_OID_equal(ctx->mech_used, gss_mech_krb5_old) ?
+ ctx->seq->contents : NULL),
+ md5cksum.contents, md5cksum.contents, 16))) {
+ krb5_free_checksum_contents(context, &md5cksum);
+ if (toktype == KG_TOK_SEAL_MSG)
+ xfree(token.value);
+ *minor_status = code;
+ return GSS_S_FAILURE;
+ }
+
+ if (signalg == 0)
+ cksum.length = 8;
+ else
+ cksum.length = 16;
+ cksum.contents = md5cksum.contents + 16 - cksum.length;
+
+ code = memcmp(cksum.contents, ptr+14, cksum.length);
+ break;
case SGN_ALG_MD2_5:
- if (!ctx->seed_init &&
- (code = kg_make_seed(context, ctx->subkey, ctx->seed))) {
- krb5_free_checksum_contents(context, &md5cksum);
- if (sealalg != 0xffff)
- xfree(plain);
- if (toktype == KG_TOK_SEAL_MSG)
- xfree(token.value);
- *minor_status = code;
- return GSS_S_FAILURE;
- }
-
- if (! (data_ptr = (void *)
- xmalloc(sizeof(ctx->seed) + 8 +
- (ctx->big_endian ? token.length : plainlen)))) {
- krb5_free_checksum_contents(context, &md5cksum);
- if (sealalg == 0)
- xfree(plain);
- if (toktype == KG_TOK_SEAL_MSG)
- xfree(token.value);
- *minor_status = ENOMEM;
- return(GSS_S_FAILURE);
- }
- (void) memcpy(data_ptr, ptr-2, 8);
- (void) memcpy(data_ptr+8, ctx->seed, sizeof(ctx->seed));
- if (ctx->big_endian)
- (void) memcpy(data_ptr+8+sizeof(ctx->seed),
- token.value, token.length);
- else
- (void) memcpy(data_ptr+8+sizeof(ctx->seed),
- plain, plainlen);
- plaind.length = 8 + sizeof(ctx->seed) +
- (ctx->big_endian ? token.length : plainlen);
- plaind.data = data_ptr;
- krb5_free_checksum_contents(context, &md5cksum);
- code = krb5_c_make_checksum(context, md5cksum.checksum_type,
- ctx->seq, sign_usage,
- &plaind, &md5cksum);
- xfree(data_ptr);
-
- if (code) {
- if (sealalg == 0)
- xfree(plain);
- if (toktype == KG_TOK_SEAL_MSG)
- xfree(token.value);
- *minor_status = code;
- return(GSS_S_FAILURE);
- }
-
- code = memcmp(md5cksum.contents, ptr+14, 8);
- /* Falls through to defective-token?? */
+ if (!ctx->seed_init &&
+ (code = kg_make_seed(context, ctx->subkey, ctx->seed))) {
+ krb5_free_checksum_contents(context, &md5cksum);
+ if (sealalg != 0xffff)
+ xfree(plain);
+ if (toktype == KG_TOK_SEAL_MSG)
+ xfree(token.value);
+ *minor_status = code;
+ return GSS_S_FAILURE;
+ }
+
+ if (! (data_ptr = (void *)
+ xmalloc(sizeof(ctx->seed) + 8 +
+ (ctx->big_endian ? token.length : plainlen)))) {
+ krb5_free_checksum_contents(context, &md5cksum);
+ if (sealalg == 0)
+ xfree(plain);
+ if (toktype == KG_TOK_SEAL_MSG)
+ xfree(token.value);
+ *minor_status = ENOMEM;
+ return(GSS_S_FAILURE);
+ }
+ (void) memcpy(data_ptr, ptr-2, 8);
+ (void) memcpy(data_ptr+8, ctx->seed, sizeof(ctx->seed));
+ if (ctx->big_endian)
+ (void) memcpy(data_ptr+8+sizeof(ctx->seed),
+ token.value, token.length);
+ else
+ (void) memcpy(data_ptr+8+sizeof(ctx->seed),
+ plain, plainlen);
+ plaind.length = 8 + sizeof(ctx->seed) +
+ (ctx->big_endian ? token.length : plainlen);
+ plaind.data = data_ptr;
+ krb5_free_checksum_contents(context, &md5cksum);
+ code = krb5_c_make_checksum(context, md5cksum.checksum_type,
+ ctx->seq, sign_usage,
+ &plaind, &md5cksum);
+ xfree(data_ptr);
+
+ if (code) {
+ if (sealalg == 0)
+ xfree(plain);
+ if (toktype == KG_TOK_SEAL_MSG)
+ xfree(token.value);
+ *minor_status = code;
+ return(GSS_S_FAILURE);
+ }
+
+ code = memcmp(md5cksum.contents, ptr+14, 8);
+ /* Falls through to defective-token?? */
default:
- *minor_status = 0;
- return(GSS_S_DEFECTIVE_TOKEN);
+ *minor_status = 0;
+ return(GSS_S_DEFECTIVE_TOKEN);
case SGN_ALG_HMAC_SHA1_DES3_KD:
case SGN_ALG_HMAC_MD5:
- /* compute the checksum of the message */
-
- /* 8 = bytes of token body to be checksummed according to spec */
-
- if (! (data_ptr = (void *)
- xmalloc(8 + (ctx->big_endian ? token.length : plainlen)))) {
- if (sealalg != 0xffff)
- xfree(plain);
- if (toktype == KG_TOK_SEAL_MSG)
- xfree(token.value);
- *minor_status = ENOMEM;
- return(GSS_S_FAILURE);
- }
-
- (void) memcpy(data_ptr, ptr-2, 8);
-
- if (ctx->big_endian)
- (void) memcpy(data_ptr+8, token.value, token.length);
- else
- (void) memcpy(data_ptr+8, plain, plainlen);
-
- plaind.length = 8 + (ctx->big_endian ? token.length : plainlen);
- plaind.data = data_ptr;
- code = krb5_c_make_checksum(context, md5cksum.checksum_type,
- ctx->seq, sign_usage,
- &plaind, &md5cksum);
- xfree(data_ptr);
-
- if (code) {
- if (toktype == KG_TOK_SEAL_MSG)
- xfree(token.value);
- *minor_status = code;
- return(GSS_S_FAILURE);
- }
-
- code = memcmp(md5cksum.contents, ptr+14, cksum_len);
- break;
+ /* compute the checksum of the message */
+
+ /* 8 = bytes of token body to be checksummed according to spec */
+
+ if (! (data_ptr = (void *)
+ xmalloc(8 + (ctx->big_endian ? token.length : plainlen)))) {
+ if (sealalg != 0xffff)
+ xfree(plain);
+ if (toktype == KG_TOK_SEAL_MSG)
+ xfree(token.value);
+ *minor_status = ENOMEM;
+ return(GSS_S_FAILURE);
+ }
+
+ (void) memcpy(data_ptr, ptr-2, 8);
+
+ if (ctx->big_endian)
+ (void) memcpy(data_ptr+8, token.value, token.length);
+ else
+ (void) memcpy(data_ptr+8, plain, plainlen);
+
+ plaind.length = 8 + (ctx->big_endian ? token.length : plainlen);
+ plaind.data = data_ptr;
+ code = krb5_c_make_checksum(context, md5cksum.checksum_type,
+ ctx->seq, sign_usage,
+ &plaind, &md5cksum);
+ xfree(data_ptr);
+
+ if (code) {
+ if (toktype == KG_TOK_SEAL_MSG)
+ xfree(token.value);
+ *minor_status = code;
+ return(GSS_S_FAILURE);
+ }
+
+ code = memcmp(md5cksum.contents, ptr+14, cksum_len);
+ break;
}
krb5_free_checksum_contents(context, &md5cksum);
if (sealalg != 0xffff)
- xfree(plain);
+ xfree(plain);
/* compare the computed checksum against the transmitted checksum */
if (code) {
- if (toktype == KG_TOK_SEAL_MSG)
- xfree(token.value);
- *minor_status = 0;
- return(GSS_S_BAD_SIG);
+ if (toktype == KG_TOK_SEAL_MSG)
+ xfree(token.value);
+ *minor_status = 0;
+ return(GSS_S_BAD_SIG);
}
/* it got through unscathed. Make sure the context is unexpired */
if (toktype == KG_TOK_SEAL_MSG)
- *message_buffer = token;
+ *message_buffer = token;
if (conf_state)
- *conf_state = (sealalg != 0xffff);
+ *conf_state = (sealalg != 0xffff);
if (qop_state)
- *qop_state = GSS_C_QOP_DEFAULT;
+ *qop_state = GSS_C_QOP_DEFAULT;
if ((code = krb5_timeofday(context, &now))) {
- *minor_status = code;
- return(GSS_S_FAILURE);
+ *minor_status = code;
+ return(GSS_S_FAILURE);
}
if (now > ctx->endtime) {
- *minor_status = 0;
- return(GSS_S_CONTEXT_EXPIRED);
+ *minor_status = 0;
+ return(GSS_S_CONTEXT_EXPIRED);
}
/* do sequencing checks */
if ((ctx->initiate && direction != 0xff) ||
- (!ctx->initiate && direction != 0)) {
- if (toktype == KG_TOK_SEAL_MSG) {
- xfree(token.value);
- message_buffer->value = NULL;
- message_buffer->length = 0;
- }
- *minor_status = G_BAD_DIRECTION;
- return(GSS_S_BAD_SIG);
+ (!ctx->initiate && direction != 0)) {
+ if (toktype == KG_TOK_SEAL_MSG) {
+ xfree(token.value);
+ message_buffer->value = NULL;
+ message_buffer->length = 0;
+ }
+ *minor_status = G_BAD_DIRECTION;
+ return(GSS_S_BAD_SIG);
}
retval = g_order_check(&(ctx->seqstate), seqnum);
@@ -479,7 +480,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
OM_uint32
kg_unseal(minor_status, context_handle, input_token_buffer,
- message_buffer, conf_state, qop_state, toktype)
+ message_buffer, conf_state, qop_state, toktype)
OM_uint32 *minor_status;
gss_ctx_id_t context_handle;
gss_buffer_t input_token_buffer;
@@ -497,15 +498,15 @@ kg_unseal(minor_status, context_handle, input_token_buffer,
/* validate the context handle */
if (! kg_validate_ctx_id(context_handle)) {
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- return(GSS_S_NO_CONTEXT);
+ *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+ return(GSS_S_NO_CONTEXT);
}
ctx = (krb5_gss_ctx_id_rec *) context_handle;
if (! ctx->established) {
- *minor_status = KG_CTX_INCOMPLETE;
- return(GSS_S_NO_CONTEXT);
+ *minor_status = KG_CTX_INCOMPLETE;
+ return(GSS_S_NO_CONTEXT);
}
/* parse the token, leave the data in message_buffer, setting conf_state */
@@ -515,40 +516,40 @@ kg_unseal(minor_status, context_handle, input_token_buffer,
ptr = (unsigned char *) input_token_buffer->value;
if (ctx->proto)
- switch (toktype) {
- case KG_TOK_SIGN_MSG:
- toktype2 = 0x0404;
- break;
- case KG_TOK_SEAL_MSG:
- toktype2 = 0x0504;
- break;
- case KG_TOK_DEL_CTX:
- toktype2 = 0x0405;
- break;
- default:
- toktype2 = toktype;
- break;
- }
+ switch (toktype) {
+ case KG_TOK_SIGN_MSG:
+ toktype2 = 0x0404;
+ break;
+ case KG_TOK_SEAL_MSG:
+ toktype2 = 0x0504;
+ break;
+ case KG_TOK_DEL_CTX:
+ toktype2 = 0x0405;
+ break;
+ default:
+ toktype2 = toktype;
+ break;
+ }
else
- toktype2 = toktype;
+ toktype2 = toktype;
err = g_verify_token_header(ctx->mech_used,
- &bodysize, &ptr, toktype2,
- input_token_buffer->length,
- !ctx->proto);
+ &bodysize, &ptr, toktype2,
+ input_token_buffer->length,
+ !ctx->proto);
if (err) {
- *minor_status = err;
- return GSS_S_DEFECTIVE_TOKEN;
+ *minor_status = err;
+ return GSS_S_DEFECTIVE_TOKEN;
}
if (ctx->proto == 0)
- ret = kg_unseal_v1(ctx->k5_context, minor_status, ctx, ptr, bodysize,
- message_buffer, conf_state, qop_state,
- toktype);
+ ret = kg_unseal_v1(ctx->k5_context, minor_status, ctx, ptr, bodysize,
+ message_buffer, conf_state, qop_state,
+ toktype);
else
- ret = gss_krb5int_unseal_token_v3(&ctx->k5_context, minor_status, ctx,
- ptr, bodysize, message_buffer,
- conf_state, qop_state, toktype);
+ ret = gss_krb5int_unseal_token_v3(&ctx->k5_context, minor_status, ctx,
+ ptr, bodysize, message_buffer,
+ conf_state, qop_state, toktype);
if (ret != 0)
- save_error_info (*minor_status, ctx->k5_context);
+ save_error_info (*minor_status, ctx->k5_context);
return ret;
}
generated by cgit (git 2.34.1) at 2024-09-20 07:21:21 +0000