gssapi_krb5.c: Rearrange OID's so that the V1V2 mechanism set returns

	all three mechanism ID's recognized by this implementation, with the
	RFC1964 OID first (and thus preferred).

import_sec_context.c (krb5_gss_convert_static_mech_oid): Make the old
	convert_static_oid() function globally accessible with a namespace
	compliant name, since init_sec_context() needs to be able to use this
	function.

indicate_mechs.c (krb5_gss_indicate_mechs): Return the v1v2 mechanism
	set OID, since we should return all the mechanisms that we support.

init_sec_context.c (krb5_gss_init_sec_context): Make ctx->mech_used
	use a static OID, since it is returned by gss_inquire_context which
	must return a static OID.

wrap_size_limit.c (krb5_gss_wrap_size_limit): Fix bug where we would
	overestimate the size of the allowable input message by one byte,
	because we weren't passing the right estimate of the wrapped data to
	g_token_size().

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11315 dc483132-0cff-0310-8789-dd5450dbe970

7 files changed, 51 insertions, 19 deletions

diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog
index d398ee329..448c9ab27 100644
--- a/src/lib/gssapi/krb5/ChangeLog
+++ b/src/lib/gssapi/krb5/ChangeLog
@@ -1,3 +1,28 @@
+Thu Mar 25 22:43:54 1999  Theodore Y. Ts'o  <tytso@mit.edu>
+
+	* gssapi_krb5.c: Rearrange OID's so that the V1V2 mechanism set
+		returns all three mechanism ID's recognized by this
+		implementation, with the RFC1964 OID first (and thus
+		preferred). 
+
+	* import_sec_context.c (krb5_gss_convert_static_mech_oid): Make
+		the old convert_static_oid() function globally accessible
+		with a namespace compliant name, since init_sec_context()
+		needs to be able to use this function.
+
+	* indicate_mechs.c (krb5_gss_indicate_mechs): Return the v1v2
+		mechanism set OID, since we should return all the
+		mechanisms that we support.
+
+	* init_sec_context.c (krb5_gss_init_sec_context): Make
+ 		ctx->mech_used use a static OID, since it is returned by
+ 		gss_inquire_context which must return a static OID.
+
+	* wrap_size_limit.c (krb5_gss_wrap_size_limit): Fix bug where we
+		would overestimate the size of the allowable input message
+		by one byte, because we weren't passing the right estimate
+		of the wrapped data to g_token_size().
+
 1999-03-14  Miro Jurisic  <meeroh@mit.edu>
 
 	* gssapi_krb5.h: added extern "C" for C++ friendliness
diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h
index bcbde3894..e344b4fbb 100644
--- a/src/lib/gssapi/krb5/gssapiP_krb5.h
+++ b/src/lib/gssapi/krb5/gssapiP_krb5.h
@@ -558,5 +558,9 @@ OM_uint32 krb5_gss_validate_cred
 PROTOTYPE( (OM_uint32 *,		/* minor_status */
 	    gss_cred_id_t		/* cred */
          ));
+
+gss_OID krb5_gss_convert_static_mech_oid
+PROTOTYPE( (gss_OID FAR oid
+	 ));
 	
 #endif /* _GSSAPIP_KRB5_H_ */
diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c
index aaa47ea06..e700bb888 100644
--- a/src/lib/gssapi/krb5/gssapi_krb5.c
+++ b/src/lib/gssapi/krb5/gssapi_krb5.c
@@ -83,36 +83,34 @@
  */
 
 const gss_OID_desc krb5_gss_oid_array[] = {
-   /* this is the unofficial, wrong OID */
-   {5, "\053\005\001\005\002"},
    /* this is the official, rfc-specified OID */
    {9, "\052\206\110\206\367\022\001\002\002"},
+   /* this is the unofficial, wrong OID */
+   {5, "\053\005\001\005\002"},
+   /* this is the v2 assigned OID */
+   {9, "\052\206\110\206\367\022\001\002\003"},
    /* these two are name type OID's */
    {10, "\052\206\110\206\367\022\001\002\002\001"},
    {10, "\052\206\110\206\367\022\001\002\002\002"},
-   /* this is the v2 assigned OID */
-   {9, "\052\206\110\206\367\022\001\002\003"},
-   /* this is the official, rfc-specified OID again */
-   {9, "\052\206\110\206\367\022\001\002\002"},
    { 0, 0 }
 };
 
-const gss_OID_desc * const gss_mech_krb5_old = krb5_gss_oid_array+0;
-const gss_OID_desc * const gss_mech_krb5 = krb5_gss_oid_array+1;
-const gss_OID_desc * const gss_nt_krb5_name = krb5_gss_oid_array+2;
-const gss_OID_desc * const gss_nt_krb5_principal = krb5_gss_oid_array+3;
-const gss_OID_desc * const gss_mech_krb5_v2 = krb5_gss_oid_array+4;
+const gss_OID_desc * const gss_mech_krb5 = krb5_gss_oid_array+0;
+const gss_OID_desc * const gss_mech_krb5_old = krb5_gss_oid_array+1;
+const gss_OID_desc * const gss_mech_krb5_v2 = krb5_gss_oid_array+2;
+const gss_OID_desc * const gss_nt_krb5_name = krb5_gss_oid_array+3;
+const gss_OID_desc * const gss_nt_krb5_principal = krb5_gss_oid_array+4;
 
 static const gss_OID_set_desc oidsets[] = {
    {1, (gss_OID) krb5_gss_oid_array+0},
    {1, (gss_OID) krb5_gss_oid_array+1},
    {2, (gss_OID) krb5_gss_oid_array+0},
-   {1, (gss_OID) krb5_gss_oid_array+4},
-   {2, (gss_OID) krb5_gss_oid_array+4},
+   {1, (gss_OID) krb5_gss_oid_array+2},
+   {3, (gss_OID) krb5_gss_oid_array+0},
 };
 
-const gss_OID_set_desc * const gss_mech_set_krb5_old = oidsets+0;
-const gss_OID_set_desc * const gss_mech_set_krb5 = oidsets+1;
+const gss_OID_set_desc * const gss_mech_set_krb5 = oidsets+0;
+const gss_OID_set_desc * const gss_mech_set_krb5_old = oidsets+1;
 const gss_OID_set_desc * const gss_mech_set_krb5_both = oidsets+2;
 const gss_OID_set_desc * const gss_mech_set_krb5_v2 = oidsets+3;
 const gss_OID_set_desc * const gss_mech_set_krb5_v1v2 = oidsets+4;
diff --git a/src/lib/gssapi/krb5/import_sec_context.c b/src/lib/gssapi/krb5/import_sec_context.c
index baf901ca5..141736b9b 100644
--- a/src/lib/gssapi/krb5/import_sec_context.c
+++ b/src/lib/gssapi/krb5/import_sec_context.c
@@ -31,7 +31,7 @@
  * Fix up the OID of the mechanism so that uses the static version of
  * the OID if possible.
  */
-static gss_OID convert_static_oid(oid)
+gss_OID krb5_gss_convert_static_mech_oid(oid)
      gss_OID	FAR oid;
 {
 	const gss_OID_desc 	*p;
@@ -85,7 +85,7 @@ krb5_gss_import_sec_context(minor_status, interprocess_token, context_handle)
        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
        return(GSS_S_FAILURE);
     }
-    ctx->mech_used = convert_static_oid(ctx->mech_used);
+    ctx->mech_used = krb5_gss_convert_static_mech_oid(ctx->mech_used);
     
     *context_handle = (gss_ctx_id_t) ctx;
 
diff --git a/src/lib/gssapi/krb5/indicate_mechs.c b/src/lib/gssapi/krb5/indicate_mechs.c
index 9c1ca59e6..971811304 100644
--- a/src/lib/gssapi/krb5/indicate_mechs.c
+++ b/src/lib/gssapi/krb5/indicate_mechs.c
@@ -33,7 +33,7 @@ krb5_gss_indicate_mechs(minor_status, mech_set)
 {
    *minor_status = 0;
 
-   if (! g_copy_OID_set(gss_mech_set_krb5, mech_set)) {
+   if (! g_copy_OID_set(gss_mech_set_krb5_v1v2, mech_set)) {
          *mech_set     = GSS_C_NO_OID_SET;
          *minor_status = ENOMEM;
          return(GSS_S_FAILURE);
diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c
index f13763b6d..fb11cf5a2 100644
--- a/src/lib/gssapi/krb5/init_sec_context.c
+++ b/src/lib/gssapi/krb5/init_sec_context.c
@@ -655,6 +655,10 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
 	  code = *minor_status;
 	  goto fail;
       }
+      /*
+       * Now try to make it static if at all possible....
+       */
+      ctx->mech_used = krb5_gss_convert_static_mech_oid(ctx->mech_used);
 
       if (ctx->gsskrb5_version == 2000) {
 	  /* gsskrb5 v2 */
diff --git a/src/lib/gssapi/krb5/wrap_size_limit.c b/src/lib/gssapi/krb5/wrap_size_limit.c
index 745949260..54c29da30 100644
--- a/src/lib/gssapi/krb5/wrap_size_limit.c
+++ b/src/lib/gssapi/krb5/wrap_size_limit.c
@@ -156,7 +156,8 @@ krb5_gss_wrap_size_limit(minor_status, context_handle, conf_req_flag,
 	/* Calculate the token size and subtract that from the output size */
 	cfsize = (conf_req_flag) ? kg_confounder_size(context, ctx->enc) : 0;
 	ohlen = g_token_size((gss_OID) ctx->mech_used,
-			     (unsigned int) cfsize + ctx->cksum_size + 14);
+			     (unsigned int) (req_output_size + cfsize +
+					     ctx->cksum_size + 14));
 
 	if (ohlen < req_output_size)
 	    /*