diff options
| author | Ezra Peisach <epeisach@mit.edu> | 2000-09-22 17:42:43 +0000 |
|---|---|---|
| committer | Ezra Peisach <epeisach@mit.edu> | 2000-09-22 17:42:43 +0000 |
| commit | 353d43da34c4f040a74dbca9c71dea8d5610789c (patch) | |
| tree | 6e4d3de7a21ed936538490bbcb5de8e549759f9e /src | |
| parent | d8fbbcfa1036dc8ae6967305d9639b7ceb99763d (diff) | |
| download | krb5-353d43da34c4f040a74dbca9c71dea8d5610789c.tar.gz krb5-353d43da34c4f040a74dbca9c71dea8d5610789c.tar.xz krb5-353d43da34c4f040a74dbca9c71dea8d5610789c.zip | |
* accept_sec_context.c (krb5_gss_accept_sec_context): When
GCC_S_NO_CHANNEL_BINDINGS is set by the server, skip over the
bindings sent from the client. RFC-1964 indicates that the
client's channel bindings are always sent in checksum field and
need to be accounted for, evn if the server does not care.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12664 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/gssapi/krb5/ChangeLog | 8 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/accept_sec_context.c | 24 |
2 files changed, 21 insertions, 11 deletions
diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index 499577e8a..821bf0b1b 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,11 @@ +Fri Sep 22 12:05:31 2000 Ezra Peisach <epeisach@mit.edu> + + * accept_sec_context.c (krb5_gss_accept_sec_context): When + GCC_S_NO_CHANNEL_BINDINGS is set by the server, skip over the + bindings sent from the client. RFC-1964 indicates that the + client's channel bindings are always sent in checksum field and + need to be accounted for, evn if the server does not care. + 2000-09-01 Jeffrey Altman <jaltman@columbia.edu> * accept_sec_context.c: krb5_gss_accept_sec_context() diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index ca29eaf47..75a6eaeca 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -434,16 +434,17 @@ krb5_gss_accept_sec_context(minor_status, context_handle, If either test succeeds we continue without error. */ + if ((code = kg_checksum_channel_bindings(context, + input_chan_bindings, + &reqcksum, bigend))) { + major_status = GSS_S_BAD_BINDINGS; + goto fail; + } + + /* Always read the clients bindings - eventhough we might ignore them */ + TREAD_STR(ptr, ptr2, reqcksum.length); + if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS ) { - if ((code = kg_checksum_channel_bindings(context, - input_chan_bindings, - &reqcksum, bigend))) { - major_status = GSS_S_BAD_BINDINGS; - goto fail; - } - - - TREAD_STR(ptr, ptr2, reqcksum.length); if (memcmp(ptr2, reqcksum.contents, reqcksum.length) != 0) { xfree(reqcksum.contents); reqcksum.contents = 0; @@ -460,10 +461,11 @@ krb5_gss_accept_sec_context(minor_status, context_handle, } } - xfree(reqcksum.contents); - reqcksum.contents = 0; } + xfree(reqcksum.contents); + reqcksum.contents = 0; + TREAD_INT(ptr, gss_flags, bigend); gss_flags &= ~GSS_C_DELEG_FLAG; /* mask out the delegation flag; if there's a delegation, we'll set |