diff options
| author | Ken Raeburn <raeburn@mit.edu> | 2004-01-05 21:12:23 +0000 |
|---|---|---|
| committer | Ken Raeburn <raeburn@mit.edu> | 2004-01-05 21:12:23 +0000 |
| commit | b32122b9363c37c3460d5fabd074617030c4107d (patch) | |
| tree | 6b8d86d2905160709dde3f59d26ff0244cec2023 /src/lib/gssapi/krb5/init_sec_context.c | |
| parent | 125b7d41ce29fb3e24112ab29705ecf55813f5dd (diff) | |
| download | krb5-b32122b9363c37c3460d5fabd074617030c4107d.zip krb5-b32122b9363c37c3460d5fabd074617030c4107d.tar.gz krb5-b32122b9363c37c3460d5fabd074617030c4107d.tar.bz2 | |
* init_sec_context.c: Include auth_con.h if CFX_EXERCISE is defined.
(make_gss_checksum) [CFX_EXERCISE]: If the key enctype is aes256, insert some
stuff after the delegation slot.
(new_connection) [CFX_EXERCISE]: Don't send messages with bogus token ids.
* accept_sec_context.c (krb5_gss_accept_sec_context): Don't discard the
delegation flag; only look for a delegation if the flag is set, and only look
for delegation, not other options. Ignore any other data there.
ticket: 2079
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15964 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/gssapi/krb5/init_sec_context.c')
| -rw-r--r-- | src/lib/gssapi/krb5/init_sec_context.c | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index 3c67217..20d416f 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -142,6 +142,9 @@ struct gss_checksum_data { krb5_data checksum_data; }; +#ifdef CFX_EXERCISE +#include "../../krb5/krb/auth_con.h" +#endif static krb5_error_code KRB5_CALLCONV make_gss_checksum (krb5_context context, krb5_auth_context auth_context, void *cksum_data, krb5_data **out) @@ -151,6 +154,8 @@ make_gss_checksum (krb5_context context, krb5_auth_context auth_context, unsigned char *ptr; struct gss_checksum_data *data = cksum_data; krb5_data credmsg; + int junk; + data->checksum_data.data = 0; credmsg.data = 0; /* build the checksum field */ @@ -188,6 +193,20 @@ make_gss_checksum (krb5_context context, krb5_auth_context auth_context, } else { data->checksum_data.length = 24; } +#ifdef CFX_EXERCISE + if (data->ctx->auth_context->keyblock->enctype == 18) { + srand(time(0) ^ getpid()); + /* Our ftp client code stupidly assumes a base64-encoded + version of the token will fit in 10K, so don't make this + too big. */ + junk = rand() & 0xff; + } else + junk = 0; +#else + junk = 0; +#endif + + data->checksum_data.length += junk; /* now allocate a buffer to hold the checksum data and (maybe) KRB_CRED msg */ @@ -216,6 +235,8 @@ make_gss_checksum (krb5_context context, krb5_auth_context auth_context, /* free credmsg data */ krb5_free_data_contents(context, &credmsg); } + if (junk) + memset(ptr, 'i', junk); *out = &data->checksum_data; return 0; } @@ -564,6 +585,7 @@ new_connection( *context_handle = (gss_ctx_id_t) ctx; ctx_free = 0; +#if 0 /* Sigh. We're changing the spec again. */ #ifdef CFX_EXERCISE if (ctx->proto == 1 /* I think the RPC code may be broken. Don't mess around @@ -603,7 +625,8 @@ new_connection( ctx->testing_unknown_tokid = 0; ctx_free = 0; } -#endif +#endif /* CFX_EXERCISE */ +#endif /* 0 */ /* compute time_rec */ if (time_rec) { |