summaryrefslogtreecommitdiff
path: root/kerberosV
diff options
context:
space:
mode:
authorBjorn Sandell <biorn@cvs.openbsd.org>2004-10-29 15:55:34 +0000
committerBjorn Sandell <biorn@cvs.openbsd.org>2004-10-29 15:55:34 +0000
commit9cac0dbaa5babf4e6b7a990144c672ce1d751b7b (patch)
treeb5e3aaf20450078a15147c7d74fac979dc5a2ba3 /kerberosV
parentf0eee395441156bd3541018c6652175f23283a58 (diff)
Import of heimdal-0.6.3
Diffstat (limited to 'kerberosV')
-rw-r--r--kerberosV/src/lib/gssapi/arcfour.c83
-rw-r--r--kerberosV/src/lib/gssapi/arcfour.h27
2 files changed, 61 insertions, 49 deletions
diff --git a/kerberosV/src/lib/gssapi/arcfour.c b/kerberosV/src/lib/gssapi/arcfour.c
index 4d25ee73498..cfe59267521 100644
--- a/kerberosV/src/lib/gssapi/arcfour.c
+++ b/kerberosV/src/lib/gssapi/arcfour.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003 - 2004 Kungliga Tekniska Högskolan
+ * Copyright (c) 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,30 +33,11 @@
#include "gssapi_locl.h"
-RCSID("$KTH: arcfour.c,v 1.17 2005/05/06 07:13:32 lha Exp $");
-
/*
* Implements draft-brezak-win2k-krb-rc4-hmac-04.txt
- *
- * The arcfour message have the following formats:
- *
- * MIC token
- * TOK_ID[2] = 01 01
- * SGN_ALG[2] = 11 00
- * Filler[4]
- * SND_SEQ[8]
- * SGN_CKSUM[8]
- *
- * WRAP token
- * TOK_ID[2] = 02 01
- * SGN_ALG[2];
- * SEAL_ALG[2]
- * Filler[2]
- * SND_SEQ[2]
- * SGN_CKSUM[8]
- * Confounder[8]
*/
+RCSID("$KTH: arcfour.c,v 1.12.2.3 2003/09/19 15:15:11 lha Exp $");
static krb5_error_code
arcfour_mic_key(krb5_context context, krb5_keyblock *key,
@@ -164,7 +145,7 @@ _gssapi_get_mic_arcfour(OM_uint32 * minor_status,
u_char k6_data[16], *p0, *p;
RC4_KEY rc4_key;
- gssapi_krb5_encap_length (22, &len, &total_len, GSS_KRB5_MECHANISM);
+ gssapi_krb5_encap_length (22, &len, &total_len);
message_token->length = total_len;
message_token->value = malloc (total_len);
@@ -174,8 +155,7 @@ _gssapi_get_mic_arcfour(OM_uint32 * minor_status,
}
p0 = _gssapi_make_mech_header(message_token->value,
- len,
- GSS_KRB5_MECHANISM);
+ len);
p = p0;
*p++ = 0x01; /* TOK_ID */
@@ -209,7 +189,6 @@ _gssapi_get_mic_arcfour(OM_uint32 * minor_status,
return GSS_S_FAILURE;
}
- HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
context_handle->auth_context,
&seq_number);
@@ -219,7 +198,6 @@ _gssapi_get_mic_arcfour(OM_uint32 * minor_status,
krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
context_handle->auth_context,
++seq_number);
- HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
memset (p + 4, (context_handle->more_flags & LOCAL) ? 0 : 0xff, 4);
@@ -244,7 +222,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
char *type)
{
krb5_error_code ret;
- int32_t seq_number;
+ int32_t seq_number, seq_number2;
OM_uint32 omret;
char cksum_data[8], k6_data[16], SND_SEQ[8];
u_char *p;
@@ -256,8 +234,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
p = token_buffer->value;
omret = gssapi_krb5_verify_header (&p,
token_buffer->length,
- type,
- GSS_KRB5_MECHANISM);
+ type);
if (omret)
return omret;
@@ -315,11 +292,18 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
return GSS_S_BAD_MIC;
}
- HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
- omret = _gssapi_msg_order_check(context_handle->order, seq_number);
- HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
- if (omret)
- return omret;
+ krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
+ context_handle->auth_context,
+ &seq_number2);
+
+ if (seq_number != seq_number2) {
+ *minor_status = 0;
+ return GSS_S_UNSEQ_TOKEN;
+ }
+
+ krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
+ context_handle->auth_context,
+ ++seq_number2);
*minor_status = 0;
return GSS_S_COMPLETE;
@@ -345,8 +329,8 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status,
*conf_state = 0;
datalen = input_message_buffer->length + 1 /* padding */;
- len = datalen + GSS_ARCFOUR_WRAP_TOKEN_SIZE;
- _gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
+ len = datalen + 30;
+ gssapi_krb5_encap_length (len, &len, &total_len);
output_message_buffer->length = total_len;
output_message_buffer->value = malloc (total_len);
@@ -356,8 +340,7 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status,
}
p0 = _gssapi_make_mech_header(output_message_buffer->value,
- len,
- GSS_KRB5_MECHANISM);
+ len);
p = p0;
*p++ = 0x02; /* TOK_ID */
@@ -376,7 +359,6 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status,
p = NULL;
- HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
context_handle->auth_context,
&seq_number);
@@ -386,7 +368,6 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status,
krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
context_handle->auth_context,
++seq_number);
- HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
memset (p0 + 8 + 4,
(context_handle->more_flags & LOCAL) ? 0 : 0xff,
@@ -478,7 +459,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
u_char Klocaldata[16];
krb5_keyblock Klocal;
krb5_error_code ret;
- int32_t seq_number;
+ int32_t seq_number, seq_number2;
size_t datalen;
OM_uint32 omret;
char k6_data[16], SND_SEQ[8], Confounder[8];
@@ -495,8 +476,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
p0 = input_message_buffer->value;
omret = _gssapi_verify_mech_header(&p0,
- input_message_buffer->length,
- GSS_KRB5_MECHANISM);
+ input_message_buffer->length);
if (omret)
return omret;
p = p0;
@@ -622,11 +602,18 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
return GSS_S_BAD_MIC;
}
- HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
- omret = _gssapi_msg_order_check(context_handle->order, seq_number);
- HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
- if (omret)
- return omret;
+ krb5_auth_getremoteseqnumber (gssapi_krb5_context,
+ context_handle->auth_context,
+ &seq_number2);
+
+ if (seq_number != seq_number2) {
+ *minor_status = 0;
+ return GSS_S_UNSEQ_TOKEN;
+ }
+
+ krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,
+ context_handle->auth_context,
+ ++seq_number2);
if (conf_state)
*conf_state = conf_flag;
diff --git a/kerberosV/src/lib/gssapi/arcfour.h b/kerberosV/src/lib/gssapi/arcfour.h
index b9be096314e..17e047ad29f 100644
--- a/kerberosV/src/lib/gssapi/arcfour.h
+++ b/kerberosV/src/lib/gssapi/arcfour.h
@@ -31,11 +31,36 @@
* SUCH DAMAGE.
*/
-/* $KTH: arcfour.h,v 1.5 2004/03/07 22:30:57 lha Exp $ */
+/* $KTH: arcfour.h,v 1.3.2.2 2003/09/19 15:14:14 lha Exp $ */
#ifndef GSSAPI_ARCFOUR_H_
#define GSSAPI_ARCFOUR_H_ 1
+/*
+ * The arcfour message have the following formats, these are only here
+ * for reference and is not used.
+ */
+
+#if 0
+typedef struct gss_arcfour_mic_token {
+ u_char TOK_ID[2]; /* 01 01 */
+ u_char SGN_ALG[2]; /* 11 00 */
+ u_char Filler[4];
+ u_char SND_SEQ[8];
+ u_char SGN_CKSUM[8];
+} gss_arcfour_mic_token_desc, *gss_arcfour_mic_token;
+
+typedef struct gss_arcfour_wrap_token {
+ u_char TOK_ID[2]; /* 02 01 */
+ u_char SGN_ALG[2];
+ u_char SEAL_ALG[2];
+ u_char Filler[2];
+ u_char SND_SEQ[8];
+ u_char SGN_CKSUM[8];
+ u_char Confounder[8];
+} gss_arcfour_wrap_token_desc, *gss_arcfour_wrap_token;
+#endif
+
#define GSS_ARCFOUR_WRAP_TOKEN_SIZE 32
OM_uint32 _gssapi_wrap_arcfour(OM_uint32 *minor_status,