sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-12-02 00:23:50 +03:00
Code Activity

r12863: As lha suggested to me a while back, it appears that the

Browse Source 
gsskrb5_get_initiator_subkey() routine is bougs.  We can indeed use
gss_krb5_get_subkey().

This is fortunate, as there was a segfault bug in 'initiator' version.

Andrew Bartlett
This commit is contained in:
Andrew Bartlett
2006-01-12 07:13:36 +00:00
committed by Gerald (Jerry) Carter
parent 3e90e7edfa
commit ec11870ca1
5 changed files with 9 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
source/auth/gensec/gensec_gssapi.c
View File

@@ -734,22 +734,21 @@ static NTSTATUS gensec_gssapi_session_key(struct gensec_security *gensec_securit
if ((gensec_gssapi_state->gss_oid->length == gss_mech_krb5->length) if ((gensec_gssapi_state->gss_oid->length == gss_mech_krb5->length)
&& (memcmp(gensec_gssapi_state->gss_oid->elements, gss_mech_krb5->elements, && (memcmp(gensec_gssapi_state->gss_oid->elements, gss_mech_krb5->elements,
gensec_gssapi_state->gss_oid->length) == 0)) { gensec_gssapi_state->gss_oid->length) == 0)) {
OM_uint32 maj_stat, min_stat; OM_uint32 maj_stat;
gss_buffer_desc skey; krb5_keyblock *skey;
maj_stat = gsskrb5_get_initiator_subkey(&min_stat, maj_stat = gss_krb5_get_subkey(gensec_gssapi_state->gssapi_context,
gensec_gssapi_state->gssapi_context, &skey);
&skey);
if (maj_stat == 0) { if (maj_stat == 0) {
DEBUG(10, ("Got KRB5 session key of length %d\n", DEBUG(10, ("Got KRB5 session key of length %d\n",
(int)skey.length)); (int)KRB5_KEY_LENGTH(skey)));
gensec_gssapi_state->session_key = data_blob_talloc(gensec_gssapi_state, gensec_gssapi_state->session_key = data_blob_talloc(gensec_gssapi_state,
skey.value, skey.length); KRB5_KEY_DATA(skey), KRB5_KEY_LENGTH(skey));
*session_key = gensec_gssapi_state->session_key; *session_key = gensec_gssapi_state->session_key;
dump_data_pw("KRB5 Session Key:\n", session_key->data, session_key->length); dump_data_pw("KRB5 Session Key:\n", session_key->data, session_key->length);
gss_release_buffer(&min_stat, &skey); krb5_free_keyblock(gensec_gssapi_state->smb_krb5_context->krb5_context, skey);
return NT_STATUS_OK; return NT_STATUS_OK;
} }
return NT_STATUS_NO_USER_SESSION_KEY; return NT_STATUS_NO_USER_SESSION_KEY;

4
source/auth/kerberos/kerberos-notes.txt
View File

@@ -247,10 +247,6 @@ the kerberos libraries
- DCE_STYLE - DCE_STYLE
- gsskrb5_get_initiator_subkey() (return the exact key that Samba3
has always asked for. gsskrb5_get_subkey() might do what we need
anyway)
- gsskrb5_acquire_creds() (takes keytab and/or ccache as input - gsskrb5_acquire_creds() (takes keytab and/or ccache as input
parameters, see keytab and state machine discussion) parameters, see keytab and state machine discussion)

6
source/heimdal/lib/gssapi/gssapi.h
View File

@@ -815,10 +815,8 @@ gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status,
gss_ctx_id_t context_handle, gss_ctx_id_t context_handle,
time_t *authtime); time_t *authtime);
OM_uint32 OM_uint32
gsskrb5_get_initiator_subkey gss_krb5_get_subkey(const gss_ctx_id_t context_handle,
(OM_uint32 * /*minor_status*/, struct EncryptionKey **key);
const gss_ctx_id_t context_handle,
gss_buffer_t /* subkey */);
#define GSS_C_KRB5_COMPAT_DES3_MIC 1 #define GSS_C_KRB5_COMPAT_DES3_MIC 1

3
source/heimdal/lib/gssapi/gssapi_locl.h
View File

@@ -226,9 +226,6 @@ gss_verify_mic_internal(OM_uint32 * minor_status,
gss_qop_t * qop_state, gss_qop_t * qop_state,
char * type); char * type);
OM_uint32
gss_krb5_get_subkey(const gss_ctx_id_t context_handle,
krb5_keyblock **key);
krb5_error_code krb5_error_code
gss_address_to_krb5addr(OM_uint32 gss_addr_type, gss_address_to_krb5addr(OM_uint32 gss_addr_type,

41
source/heimdal/lib/gssapi/wrap.c
View File

@@ -35,47 +35,6 @@
RCSID("$Id: wrap.c,v 1.31 2005/01/05 02:52:12 lukeh Exp $"); RCSID("$Id: wrap.c,v 1.31 2005/01/05 02:52:12 lukeh Exp $");
OM_uint32
gsskrb5_get_initiator_subkey(OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
gss_buffer_t key)
{
krb5_error_code ret;
krb5_keyblock *skey = NULL;
HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
if (context_handle->more_flags & LOCAL) {
ret = krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
context_handle->auth_context,
&skey);
if (ret) {
*minor_status = ret;
return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */
}
} else {
ret = krb5_auth_con_getremotesubkey(gssapi_krb5_context,
context_handle->auth_context,
&skey);
if (ret) {
*minor_status = ret;
return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */
}
}
HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
key->length = skey->keyvalue.length;
key->value = malloc (key->length);
if (!key->value) {
krb5_free_keyblock(gssapi_krb5_context, skey);
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
memcpy(key->value, skey->keyvalue.data, key->length);
krb5_free_keyblock(gssapi_krb5_context, skey);
return 0;
}
OM_uint32 OM_uint32
gss_krb5_get_subkey(const gss_ctx_id_t context_handle, gss_krb5_get_subkey(const gss_ctx_id_t context_handle,
krb5_keyblock **key) krb5_keyblock **key)