diff options
author | Luke Howard <lukeh@padl.com> | 2009-01-02 08:16:27 +0000 |
---|---|---|
committer | Luke Howard <lukeh@padl.com> | 2009-01-02 08:16:27 +0000 |
commit | ccb5db7659a8e8e1890019a6715754ea6c418d3b (patch) | |
tree | 8831085d1c6cacdb088ea5f395fcfa8454afe505 | |
parent | f938d75db220fa798fd7799c08f6ebabe7f36551 (diff) | |
download | krb5-ccb5db7659a8e8e1890019a6715754ea6c418d3b.zip krb5-ccb5db7659a8e8e1890019a6715754ea6c418d3b.tar.gz krb5-ccb5db7659a8e8e1890019a6715754ea6c418d3b.tar.bz2 |
Layer gss_sign() on top of gss_get_mic(), gss_verify() on top of
gss_verify_mic(), rather than the other way around. Mechanisms should
export a V2 interface.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21664 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r-- | src/lib/gssapi/krb5/gssapiP_krb5.h | 22 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/gssapi_krb5.c | 4 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/k5seal.c | 2 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/k5sealv3.c | 2 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/k5unseal.c | 2 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/seal.c | 5 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/sign.c | 17 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/unseal.c | 8 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/verify.c | 20 | ||||
-rw-r--r-- | src/lib/gssapi/mechglue/g_initialize.c | 4 | ||||
-rw-r--r-- | src/lib/gssapi/mechglue/g_sign.c | 34 | ||||
-rw-r--r-- | src/lib/gssapi/mechglue/g_verify.c | 37 | ||||
-rw-r--r-- | src/lib/gssapi/mechglue/mglueP.h | 8 | ||||
-rw-r--r-- | src/lib/gssapi/spnego/gssapiP_spnego.h | 8 | ||||
-rw-r--r-- | src/lib/gssapi/spnego/spnego_mech.c | 16 |
15 files changed, 70 insertions, 119 deletions
diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h index 9b0ebd6..76dfd44 100644 --- a/src/lib/gssapi/krb5/gssapiP_krb5.h +++ b/src/lib/gssapi/krb5/gssapiP_krb5.h @@ -319,7 +319,7 @@ krb5_error_code kg_decrypt_iov (krb5_context context, OM_uint32 kg_seal (OM_uint32 *minor_status, gss_ctx_id_t context_handle, int conf_req_flag, - int qop_req, + gss_qop_t qop_req, gss_buffer_t input_message_buffer, int *conf_state, gss_buffer_t output_message_buffer, @@ -330,7 +330,7 @@ OM_uint32 kg_unseal (OM_uint32 *minor_status, gss_buffer_t input_token_buffer, gss_buffer_t message_buffer, int *conf_state, - int *qop_state, + gss_qop_t *qop_state, int toktype); OM_uint32 kg_seal_size (OM_uint32 *minor_status, @@ -531,22 +531,6 @@ OM_uint32 krb5_gss_context_time OM_uint32* /* time_rec */ ); -OM_uint32 krb5_gss_sign -(OM_uint32*, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - int, /* qop_req */ - gss_buffer_t, /* message_buffer */ - gss_buffer_t /* message_token */ -); - -OM_uint32 krb5_gss_verify -(OM_uint32*, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - gss_buffer_t, /* message_buffer */ - gss_buffer_t, /* token_buffer */ - int* /* qop_state */ -); - OM_uint32 krb5_gss_display_status (OM_uint32*, /* minor_status */ OM_uint32, /* status_value */ @@ -796,7 +780,7 @@ OM_uint32 gss_krb5int_unseal_token_v3(krb5_context *contextptr, unsigned char *ptr, unsigned int bodysize, gss_buffer_t message_buffer, - int *conf_state, int *qop_state, + int *conf_state, gss_qop_t *qop_state, int toktype); int gss_krb5int_rotate_left (void *ptr, size_t bufsiz, size_t rc); diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c index 09bcdbe..16ab581 100644 --- a/src/lib/gssapi/krb5/gssapi_krb5.c +++ b/src/lib/gssapi/krb5/gssapi_krb5.c @@ -630,8 +630,8 @@ static struct gss_config krb5_mechanism = { krb5_gss_process_context_token, krb5_gss_delete_sec_context, krb5_gss_context_time, - krb5_gss_sign, - krb5_gss_verify, + krb5_gss_get_mic, + krb5_gss_verify_mic, #ifdef IOV_SHIM_EXERCISE NULL, NULL, diff --git a/src/lib/gssapi/krb5/k5seal.c b/src/lib/gssapi/krb5/k5seal.c index e3e50c0..dd3603b 100644 --- a/src/lib/gssapi/krb5/k5seal.c +++ b/src/lib/gssapi/krb5/k5seal.c @@ -324,7 +324,7 @@ kg_seal(minor_status, context_handle, conf_req_flag, qop_req, OM_uint32 *minor_status; gss_ctx_id_t context_handle; int conf_req_flag; - int qop_req; + gss_qop_t qop_req; gss_buffer_t input_message_buffer; int *conf_state; gss_buffer_t output_message_buffer; diff --git a/src/lib/gssapi/krb5/k5sealv3.c b/src/lib/gssapi/krb5/k5sealv3.c index 32faa78..71e832e 100644 --- a/src/lib/gssapi/krb5/k5sealv3.c +++ b/src/lib/gssapi/krb5/k5sealv3.c @@ -306,7 +306,7 @@ gss_krb5int_unseal_token_v3(krb5_context *contextptr, krb5_gss_ctx_id_rec *ctx, unsigned char *ptr, unsigned int bodysize, gss_buffer_t message_buffer, - int *conf_state, int *qop_state, int toktype) + int *conf_state, gss_qop_t *qop_state, int toktype) { krb5_context context = *contextptr; krb5_data plain; diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c index 9b16738..4b70fd0 100644 --- a/src/lib/gssapi/krb5/k5unseal.c +++ b/src/lib/gssapi/krb5/k5unseal.c @@ -486,7 +486,7 @@ kg_unseal(minor_status, context_handle, input_token_buffer, gss_buffer_t input_token_buffer; gss_buffer_t message_buffer; int *conf_state; - int *qop_state; + gss_qop_t *qop_state; int toktype; { krb5_gss_ctx_id_rec *ctx; diff --git a/src/lib/gssapi/krb5/seal.c b/src/lib/gssapi/krb5/seal.c index c7ed5ab..7265193 100644 --- a/src/lib/gssapi/krb5/seal.c +++ b/src/lib/gssapi/krb5/seal.c @@ -41,7 +41,7 @@ krb5_gss_wrap(minor_status, context_handle, conf_req_flag, gss_buffer_t output_message_buffer; { return(kg_seal(minor_status, context_handle, conf_req_flag, - (int) qop_req, input_message_buffer, conf_state, + qop_req, input_message_buffer, conf_state, output_message_buffer, KG_TOK_WRAP_MSG)); } @@ -58,7 +58,8 @@ krb5_gss_wrap_iov(OM_uint32 *minor_status, OM_uint32 major_status; major_status = kg_seal_iov(minor_status, context_handle, conf_req_flag, - qop_req, conf_state, iov, iov_count, KG_TOK_WRAP_MSG); + qop_req, conf_state, + iov, iov_count, KG_TOK_WRAP_MSG); return major_status; } diff --git a/src/lib/gssapi/krb5/sign.c b/src/lib/gssapi/krb5/sign.c index d4012f3..2d04720 100644 --- a/src/lib/gssapi/krb5/sign.c +++ b/src/lib/gssapi/krb5/sign.c @@ -27,21 +27,6 @@ * $Id$ */ -OM_uint32 -krb5_gss_sign(minor_status, context_handle, - qop_req, message_buffer, - message_token) - OM_uint32 *minor_status; - gss_ctx_id_t context_handle; - int qop_req; - gss_buffer_t message_buffer; - gss_buffer_t message_token; -{ - return(kg_seal(minor_status, context_handle, 0, - qop_req, message_buffer, NULL, - message_token, KG_TOK_SIGN_MSG)); -} - /* V2 interface */ OM_uint32 krb5_gss_get_mic(minor_status, context_handle, qop_req, @@ -53,7 +38,7 @@ krb5_gss_get_mic(minor_status, context_handle, qop_req, gss_buffer_t message_token; { return(kg_seal(minor_status, context_handle, 0, - (int) qop_req, message_buffer, NULL, + qop_req, message_buffer, NULL, message_token, KG_TOK_MIC_MSG)); } diff --git a/src/lib/gssapi/krb5/unseal.c b/src/lib/gssapi/krb5/unseal.c index 1e42705..82764a9 100644 --- a/src/lib/gssapi/krb5/unseal.c +++ b/src/lib/gssapi/krb5/unseal.c @@ -40,13 +40,10 @@ krb5_gss_unwrap(minor_status, context_handle, gss_qop_t *qop_state; { OM_uint32 rstat; - int qstate; rstat = kg_unseal(minor_status, context_handle, input_message_buffer, output_message_buffer, - conf_state, &qstate, KG_TOK_WRAP_MSG); - if (!rstat && qop_state) - *qop_state = (gss_qop_t) qstate; + conf_state, qop_state, KG_TOK_WRAP_MSG); return(rstat); } @@ -62,7 +59,8 @@ krb5_gss_unwrap_iov(OM_uint32 *minor_status, OM_uint32 major_status; major_status = kg_unseal_iov(minor_status, context_handle, - conf_state, qop_state, iov, iov_count, KG_TOK_WRAP_MSG); + conf_state, qop_state, + iov, iov_count, KG_TOK_WRAP_MSG); return major_status; } diff --git a/src/lib/gssapi/krb5/verify.c b/src/lib/gssapi/krb5/verify.c index ef5e7ea..31e8ff2 100644 --- a/src/lib/gssapi/krb5/verify.c +++ b/src/lib/gssapi/krb5/verify.c @@ -27,21 +27,6 @@ * $Id$ */ -OM_uint32 -krb5_gss_verify(minor_status, context_handle, - message_buffer, token_buffer, - qop_state) - OM_uint32 *minor_status; - gss_ctx_id_t context_handle; - gss_buffer_t message_buffer; - gss_buffer_t token_buffer; - int *qop_state; -{ - return(kg_unseal(minor_status, context_handle, - token_buffer, message_buffer, - NULL, qop_state, KG_TOK_SIGN_MSG)); -} - /* V2 interface */ OM_uint32 krb5_gss_verify_mic(minor_status, context_handle, @@ -54,13 +39,10 @@ krb5_gss_verify_mic(minor_status, context_handle, gss_qop_t *qop_state; { OM_uint32 rstat; - int qstate; rstat = kg_unseal(minor_status, context_handle, token_buffer, message_buffer, - NULL, &qstate, KG_TOK_MIC_MSG); - if (!rstat && qop_state) - *qop_state = (gss_qop_t) qstate; + NULL, qop_state, KG_TOK_MIC_MSG); return(rstat); } diff --git a/src/lib/gssapi/mechglue/g_initialize.c b/src/lib/gssapi/mechglue/g_initialize.c index 6c47788..e762341 100644 --- a/src/lib/gssapi/mechglue/g_initialize.c +++ b/src/lib/gssapi/mechglue/g_initialize.c @@ -729,8 +729,8 @@ build_dynamicMech(void *dl, const gss_OID mech_type) GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_process_context_token); GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_delete_sec_context); GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_context_time); - GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_sign); - GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_verify); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_get_mic); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_verify_mic); GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_wrap); GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_unwrap); GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_display_status); diff --git a/src/lib/gssapi/mechglue/g_sign.c b/src/lib/gssapi/mechglue/g_sign.c index 4e8e34b..eec0f49 100644 --- a/src/lib/gssapi/mechglue/g_sign.c +++ b/src/lib/gssapi/mechglue/g_sign.c @@ -23,16 +23,16 @@ */ /* - * glue routine gss_sign + * glue routine gss_get_mic */ #include "mglueP.h" static OM_uint32 -val_sign_args( +val_get_mic_args( OM_uint32 *minor_status, gss_ctx_id_t context_handle, - int qop_req, + gss_qop_t qop_req, gss_buffer_t message_buffer, gss_buffer_t msg_token) { @@ -66,15 +66,15 @@ val_sign_args( OM_uint32 KRB5_CALLCONV -gss_sign (minor_status, - context_handle, - qop_req, - message_buffer, - msg_token) +gss_get_mic (minor_status, + context_handle, + qop_req, + message_buffer, + msg_token) OM_uint32 * minor_status; gss_ctx_id_t context_handle; -int qop_req; +gss_qop_t qop_req; gss_buffer_t message_buffer; gss_buffer_t msg_token; @@ -83,8 +83,8 @@ gss_buffer_t msg_token; gss_union_ctx_id_t ctx; gss_mechanism mech; - status = val_sign_args(minor_status, context_handle, - qop_req, message_buffer, msg_token); + status = val_get_mic_args(minor_status, context_handle, + qop_req, message_buffer, msg_token); if (status != GSS_S_COMPLETE) return (status); @@ -97,8 +97,8 @@ gss_buffer_t msg_token; mech = gssint_get_mechanism (ctx->mech_type); if (mech) { - if (mech->gss_sign) { - status = mech->gss_sign( + if (mech->gss_get_mic) { + status = mech->gss_get_mic( minor_status, ctx->internal_ctx_id, qop_req, @@ -116,7 +116,7 @@ gss_buffer_t msg_token; } OM_uint32 KRB5_CALLCONV -gss_get_mic (minor_status, +gss_sign (minor_status, context_handle, qop_req, message_buffer, @@ -124,12 +124,12 @@ gss_get_mic (minor_status, OM_uint32 * minor_status; gss_ctx_id_t context_handle; -gss_qop_t qop_req; +int qop_req; gss_buffer_t message_buffer; gss_buffer_t msg_token; { - return (gss_sign(minor_status, context_handle, (int) qop_req, - message_buffer, msg_token)); + return (gss_get_mic(minor_status, context_handle, (gss_qop_t) qop_req, + message_buffer, msg_token)); } diff --git a/src/lib/gssapi/mechglue/g_verify.c b/src/lib/gssapi/mechglue/g_verify.c index 2100cb4..da3279c 100644 --- a/src/lib/gssapi/mechglue/g_verify.c +++ b/src/lib/gssapi/mechglue/g_verify.c @@ -23,23 +23,23 @@ */ /* - * glue routine for gss_verify + * glue routine for gss_verify_mic */ #include "mglueP.h" OM_uint32 KRB5_CALLCONV -gss_verify (minor_status, - context_handle, - message_buffer, - token_buffer, - qop_state) +gss_verify_mic (minor_status, + context_handle, + message_buffer, + token_buffer, + qop_state) OM_uint32 * minor_status; gss_ctx_id_t context_handle; gss_buffer_t message_buffer; gss_buffer_t token_buffer; -int * qop_state; +gss_qop_t * qop_state; { OM_uint32 status; @@ -68,13 +68,13 @@ int * qop_state; mech = gssint_get_mechanism (ctx->mech_type); if (mech) { - if (mech->gss_verify) { - status = mech->gss_verify( - minor_status, - ctx->internal_ctx_id, - message_buffer, - token_buffer, - qop_state); + if (mech->gss_verify_mic) { + status = mech->gss_verify_mic( + minor_status, + ctx->internal_ctx_id, + message_buffer, + token_buffer, + qop_state); if (status != GSS_S_COMPLETE) map_error(minor_status, mech); } else @@ -87,7 +87,7 @@ int * qop_state; } OM_uint32 KRB5_CALLCONV -gss_verify_mic (minor_status, +gss_verify (minor_status, context_handle, message_buffer, token_buffer, @@ -97,9 +97,10 @@ OM_uint32 * minor_status; gss_ctx_id_t context_handle; gss_buffer_t message_buffer; gss_buffer_t token_buffer; -gss_qop_t * qop_state; +int * qop_state; { - return (gss_verify(minor_status, context_handle, - message_buffer, token_buffer, (int *) qop_state)); + return (gss_verify_mic(minor_status, context_handle, + message_buffer, token_buffer, + (gss_qop_t *) qop_state)); } diff --git a/src/lib/gssapi/mechglue/mglueP.h b/src/lib/gssapi/mechglue/mglueP.h index be2f229..52195f2 100644 --- a/src/lib/gssapi/mechglue/mglueP.h +++ b/src/lib/gssapi/mechglue/mglueP.h @@ -184,21 +184,21 @@ typedef struct gss_config { gss_ctx_id_t, /* context_handle */ OM_uint32* /* time_rec */ ); - OM_uint32 (*gss_sign) + OM_uint32 (*gss_get_mic) ( OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ - int, /* qop_req */ + gss_qop_t, /* qop_req */ gss_buffer_t, /* message_buffer */ gss_buffer_t /* message_token */ ); - OM_uint32 (*gss_verify) + OM_uint32 (*gss_verify_mic) ( OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_buffer_t, /* message_buffer */ gss_buffer_t, /* token_buffer */ - int* /* qop_state */ + gss_qop_t* /* qop_state */ ); OM_uint32 (*gss_wrap) ( diff --git a/src/lib/gssapi/spnego/gssapiP_spnego.h b/src/lib/gssapi/spnego/gssapiP_spnego.h index 1386460..e1f3987 100644 --- a/src/lib/gssapi/spnego/gssapiP_spnego.h +++ b/src/lib/gssapi/spnego/gssapiP_spnego.h @@ -305,22 +305,22 @@ OM_uint32 spnego_gss_wrap_size_limit OM_uint32 *max_input_size ); -OM_uint32 spnego_gss_sign +OM_uint32 spnego_gss_get_mic ( OM_uint32 *minor_status, const gss_ctx_id_t context_handle, - int qop_req, + gss_qop_t qop_req, const gss_buffer_t message_buffer, gss_buffer_t message_token ); -OM_uint32 spnego_gss_verify +OM_uint32 spnego_gss_verify_mic ( OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const gss_buffer_t msg_buffer, const gss_buffer_t token_buffer, - int *qop_state + gss_qop_t *qop_state ); OM_uint32 diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c index 12f0c34..44aea26 100644 --- a/src/lib/gssapi/spnego/spnego_mech.c +++ b/src/lib/gssapi/spnego/spnego_mech.c @@ -221,8 +221,8 @@ static struct gss_config spnego_mechanism = NULL, /* gss_process_context_token */ spnego_gss_delete_sec_context, /* gss_delete_sec_context */ spnego_gss_context_time, /* gss_context_time */ - spnego_gss_sign, /* gss_sign */ - spnego_gss_verify, /* gss_verify */ + spnego_gss_get_mic, /* gss_get_mic */ + spnego_gss_verify_mic, /* gss_verify_mic */ spnego_gss_wrap, /* gss_wrap */ spnego_gss_unwrap, /* gss_unwrap */ spnego_gss_display_status, @@ -2033,15 +2033,15 @@ spnego_gss_wrap_size_limit( } OM_uint32 -spnego_gss_sign( +spnego_gss_get_mic( OM_uint32 *minor_status, const gss_ctx_id_t context_handle, - int qop_req, + gss_qop_t qop_req, const gss_buffer_t message_buffer, gss_buffer_t message_token) { OM_uint32 ret; - ret = gss_sign(minor_status, + ret = gss_get_mic(minor_status, context_handle, qop_req, message_buffer, @@ -2050,19 +2050,19 @@ spnego_gss_sign( } OM_uint32 -spnego_gss_verify( +spnego_gss_verify_mic( OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const gss_buffer_t msg_buffer, const gss_buffer_t token_buffer, - int *qop_state) + gss_qop_t *qop_state) { OM_uint32 ret; ret = gss_verify_mic(minor_status, context_handle, msg_buffer, token_buffer, - (gss_qop_t *)qop_state); /* XXX */ + qop_state); return (ret); } |