The branch, v4-0-test has been updated
via dc2847c0acb0adaede4db72a7517046b93221162 (commit)
from 0aa6d63ec571b0ca05fbfe14d2b4e9ba3e1082e9 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -----------------------------------------------------------------
commit dc2847c0acb0adaede4db72a7517046b93221162
Author: Stefan Metzmacher <[EMAIL PROTECTED]>
Date: Fri Jul 25 18:26:31 2008 +0200
gensec_gssapi: add support for signing RPC messages
metze
-----------------------------------------------------------------------
Summary of changes:
source/auth/gensec/gensec_gssapi.c | 47 +++++++++--------------------------
1 files changed, 12 insertions(+), 35 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/auth/gensec/gensec_gssapi.c
b/source/auth/gensec/gensec_gssapi.c
index cc0d404..205d8a0 100644
--- a/source/auth/gensec/gensec_gssapi.c
+++ b/source/auth/gensec/gensec_gssapi.c
@@ -1034,35 +1034,22 @@ static NTSTATUS gensec_gssapi_sign_packet(struct
gensec_security *gensec_securit
= talloc_get_type(gensec_security->private_data, struct
gensec_gssapi_state);
OM_uint32 maj_stat, min_stat;
gss_buffer_desc input_token, output_token;
- int conf_state;
- ssize_t sig_length = 0;
input_token.length = length;
input_token.value = discard_const_p(uint8_t *, data);
- maj_stat = gss_wrap(&min_stat,
+ maj_stat = gss_get_mic(&min_stat,
gensec_gssapi_state->gssapi_context,
- 0,
GSS_C_QOP_DEFAULT,
&input_token,
- &conf_state,
&output_token);
if (GSS_ERROR(maj_stat)) {
- DEBUG(1, ("GSS Wrap failed: %s\n",
+ DEBUG(1, ("GSS GetMic failed: %s\n",
gssapi_error_string(mem_ctx, maj_stat, min_stat,
gensec_gssapi_state->gss_oid)));
return NT_STATUS_ACCESS_DENIED;
}
- if (output_token.length < input_token.length) {
- DEBUG(1, ("gensec_gssapi_sign_packet: GSS Wrap length [%ld]
*less* than caller length [%ld]\n",
- (long)output_token.length, (long)length));
- return NT_STATUS_INTERNAL_ERROR;
- }
-
- /* Caller must pad to right boundary */
- sig_length = output_token.length - input_token.length;
-
- *sig = data_blob_talloc(mem_ctx, (uint8_t *)output_token.value,
sig_length);
+ *sig = data_blob_talloc(mem_ctx, (uint8_t *)output_token.value,
output_token.length);
dump_data_pw("gensec_gssapi_seal_packet: sig\n", sig->data,
sig->length);
@@ -1080,39 +1067,29 @@ static NTSTATUS gensec_gssapi_check_packet(struct
gensec_security *gensec_securi
struct gensec_gssapi_state *gensec_gssapi_state
= talloc_get_type(gensec_security->private_data, struct
gensec_gssapi_state);
OM_uint32 maj_stat, min_stat;
- gss_buffer_desc input_token, output_token;
- int conf_state;
+ gss_buffer_desc input_token;
+ gss_buffer_desc input_message;
gss_qop_t qop_state;
- DATA_BLOB in;
dump_data_pw("gensec_gssapi_seal_packet: sig\n", sig->data,
sig->length);
- in = data_blob_talloc(mem_ctx, NULL, sig->length + length);
+ input_message.length = length;
+ input_message.value = data;
- memcpy(in.data, sig->data, sig->length);
- memcpy(in.data + sig->length, data, length);
+ input_token.length = sig->length;
+ input_token.value = sig->data;
- input_token.length = in.length;
- input_token.value = in.data;
-
- maj_stat = gss_unwrap(&min_stat,
+ maj_stat = gss_verify_mic(&min_stat,
gensec_gssapi_state->gssapi_context,
+ &input_message,
&input_token,
- &output_token,
- &conf_state,
&qop_state);
if (GSS_ERROR(maj_stat)) {
- DEBUG(1, ("GSS UnWrap failed: %s\n",
+ DEBUG(1, ("GSS VerifyMic failed: %s\n",
gssapi_error_string(mem_ctx, maj_stat, min_stat,
gensec_gssapi_state->gss_oid)));
return NT_STATUS_ACCESS_DENIED;
}
- if (output_token.length != length) {
- return NT_STATUS_INTERNAL_ERROR;
- }
-
- gss_release_buffer(&min_stat, &output_token);
-
return NT_STATUS_OK;
}
--
Samba Shared Repository
