diff options
Diffstat (limited to 'src/lib/gssapi/krb5/k5unseal.c')
-rw-r--r-- | src/lib/gssapi/krb5/k5unseal.c | 43 |
1 files changed, 35 insertions, 8 deletions
diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c index 347d6b8..6851352 100644 --- a/src/lib/gssapi/krb5/k5unseal.c +++ b/src/lib/gssapi/krb5/k5unseal.c @@ -224,6 +224,8 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, return(GSS_S_FAILURE); } memcpy(token.value, plain+conflen, token.length); + } else { + token.value = NULL; } } else if (toktype == KG_TOK_SIGN_MSG) { token = *message_buffer; @@ -488,6 +490,7 @@ kg_unseal(context, minor_status, context_handle, input_token_buffer, unsigned char *ptr; unsigned int bodysize; int err; + int toktype2; /* validate the context handle */ if (! kg_validate_ctx_id(context_handle)) { @@ -508,14 +511,38 @@ kg_unseal(context, minor_status, context_handle, input_token_buffer, ptr = (unsigned char *) input_token_buffer->value; - if (!(err = g_verify_token_header((gss_OID) ctx->mech_used, - &bodysize, &ptr, toktype, - input_token_buffer->length))) { - return(kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, - message_buffer, conf_state, qop_state, - toktype)); + if (ctx->proto) + switch (toktype) { + case KG_TOK_SIGN_MSG: + toktype2 = 0x0404; + break; + case KG_TOK_SEAL_MSG: + toktype2 = 0x0504; + break; + case KG_TOK_DEL_CTX: + toktype2 = 0x0405; + break; + default: + toktype2 = toktype; + break; + } + else + toktype2 = toktype; + err = g_verify_token_header((gss_OID) ctx->mech_used, + &bodysize, &ptr, toktype2, + input_token_buffer->length, + !ctx->proto); + if (err) { + *minor_status = err; + return GSS_S_DEFECTIVE_TOKEN; } - *minor_status = err; - return(GSS_S_DEFECTIVE_TOKEN); + if (ctx->proto == 0) + return kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, + message_buffer, conf_state, qop_state, + toktype); + else + return gss_krb5int_unseal_token_v3(context, minor_status, ctx, + ptr, bodysize, message_buffer, + conf_state, qop_state, toktype); } |