[SCM] GNU gss branch, master, updated. gss-0-1-3-7-gec52111

gss-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gss branch, master, updated. gss-0-1-3-7-gec52111

From:	Simon Josefsson
Subject:	[SCM] GNU gss branch, master, updated. gss-0-1-3-7-gec52111
Date:	Fri, 19 Mar 2010 11:35:18 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gss".

http://git.savannah.gnu.org/cgit/gss.git/commit/?id=ec52111d8aff86cdda5167b4b973702ae225de39

The branch, master has been updated
       via  ec52111d8aff86cdda5167b4b973702ae225de39 (commit)
       via  ead1fa8afbd141074304c28a8dbb3eafb1533c3b (commit)
      from  760853a2d4f8524a2438d2414f8478e211f24cb9 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ec52111d8aff86cdda5167b4b973702ae225de39
Author: Simon Josefsson <address@hidden>
Date:   Fri Mar 19 12:35:00 2010 +0100

    Correctly hash all of channel bindings.

commit ead1fa8afbd141074304c28a8dbb3eafb1533c3b
Author: Simon Josefsson <address@hidden>
Date:   Thu Mar 18 13:14:51 2010 +0100

    Test channel bindings too, to avoid regressions.

-----------------------------------------------------------------------

Summary of changes:
 lib/krb5/checksum.c |   62 ++++++++++++++++++++++++++++++++++++--------------
 tests/krb5context.c |   26 +++++++++++++++++++--
 2 files changed, 67 insertions(+), 21 deletions(-)

diff --git a/lib/krb5/checksum.c b/lib/krb5/checksum.c
index bf0b86c..b147bbc 100644
--- a/lib/krb5/checksum.c
+++ b/lib/krb5/checksum.c
@@ -26,6 +26,15 @@
 /* Get specification. */
 #include "checksum.h"
 
+static void
+pack_uint32 (OM_uint32 i, char *buf)
+{
+  buf[0] = i & 0xFF;
+  buf[1] = (i >> 8) & 0xFF;
+  buf[2] = (i >> 16) & 0xFF;
+  buf[3] = (i >> 24) & 0xFF;
+}
+
 static int
 hash_cb (OM_uint32 *minor_status,
         gss_ctx_id_t * context_handle,
@@ -34,25 +43,20 @@ hash_cb (OM_uint32 *minor_status,
 {
   gss_ctx_id_t ctx = *context_handle;
   _gss_krb5_ctx_t k5 = ctx->krb5;
-  char *buf;
+  char *buf, *p;
   size_t len;
   int res;
 
-  /* We don't support addresses. */
-  if (input_chan_bindings->initiator_addrtype != 0 ||
-      input_chan_bindings->initiator_address.length != 0 ||
-      input_chan_bindings->initiator_address.value != NULL ||
-      input_chan_bindings->acceptor_addrtype != 0 ||
-      input_chan_bindings->acceptor_address.length != 0 ||
-      input_chan_bindings->acceptor_address.value != NULL)
-    return GSS_S_FAILURE;
-
-  /* We need to hash the four OM_uint32 values, for the
-     initiator_addrtype, initiator_address.length, accept_addrtype,
-     and accept_address.length. */
+  if (input_chan_bindings->initiator_address.length > UINT32_MAX ||
+      input_chan_bindings->acceptor_address.length > UINT32_MAX ||
+      input_chan_bindings->application_data.length > UINT32_MAX)
+    return GSS_S_BAD_BINDINGS;
 
-  len = 4 * 4 + input_chan_bindings->application_data.length;
-  buf = malloc (len);
+  len = sizeof (OM_uint32) * 5
+    + input_chan_bindings->initiator_address.length
+    + input_chan_bindings->acceptor_address.length
+    + input_chan_bindings->application_data.length;
+  p = buf = malloc (len);
   if (!buf)
     {
       if (minor_status)
@@ -60,9 +64,31 @@ hash_cb (OM_uint32 *minor_status,
       return GSS_S_FAILURE;
     }
 
-  memset (buf, 0, 4 * 4);
-  memcpy (buf + 4 * 4, input_chan_bindings->application_data.value,
-         input_chan_bindings->application_data.length);
+  pack_uint32 (input_chan_bindings->initiator_addrtype, p);
+  p += sizeof (OM_uint32);
+  pack_uint32 (input_chan_bindings->initiator_address.length, p);
+  p += sizeof (OM_uint32);
+  if (input_chan_bindings->initiator_address.length > 0)
+    {
+      memcpy (p, input_chan_bindings->initiator_address.value,
+             input_chan_bindings->initiator_address.length);
+      p += input_chan_bindings->initiator_address.length;
+    }
+  pack_uint32 (input_chan_bindings->acceptor_addrtype, p);
+  p += sizeof (OM_uint32);
+  pack_uint32 (input_chan_bindings->acceptor_address.length, p);
+  p += sizeof (OM_uint32);
+  if (input_chan_bindings->acceptor_address.length > 0)
+    {
+      memcpy (p, input_chan_bindings->acceptor_address.value,
+             input_chan_bindings->acceptor_address.length);
+      p += input_chan_bindings->acceptor_address.length;
+    }
+  pack_uint32 (input_chan_bindings->application_data.length, p);
+  p += sizeof (OM_uint32);
+  if (input_chan_bindings->application_data.value > 0)
+    memcpy (p, input_chan_bindings->application_data.value,
+           input_chan_bindings->application_data.length);
 
   res = shishi_md5 (k5->sh, buf, len, out);
   free (buf);
diff --git a/tests/krb5context.c b/tests/krb5context.c
index 946e823..87ea506 100644
--- a/tests/krb5context.c
+++ b/tests/krb5context.c
@@ -81,6 +81,11 @@ main (int argc, char *argv[])
   gss_cred_id_t server_creds;
   Shishi *handle;
   size_t i;
+  struct gss_channel_bindings_struct cb;
+
+  memset (&cb, 0, sizeof (cb));
+  cb.application_data.length = 3;
+  cb.application_data.value = (char*) "hej";
 
   do
     if (strcmp (argv[argc - 1], "-v") == 0 ||
@@ -146,7 +151,7 @@ main (int argc, char *argv[])
          break;
 
        case 1:
-         /* Default OID. */
+         /* Default OID, channel bindings. */
          maj_stat = gss_init_sec_context (&min_stat,
                                           GSS_C_NO_CREDENTIAL,
                                           &cctx,
@@ -156,7 +161,7 @@ main (int argc, char *argv[])
                                           GSS_C_REPLAY_FLAG |
                                           GSS_C_SEQUENCE_FLAG,
                                           0,
-                                          GSS_C_NO_CHANNEL_BINDINGS,
+                                          &cb,
                                           GSS_C_NO_BUFFER, NULL,
                                           &bufdesc2, NULL, NULL);
          if (maj_stat != GSS_S_CONTINUE_NEEDED)
@@ -226,7 +231,19 @@ main (int argc, char *argv[])
            fail ("loop 0 accept flag failure (%d)\n", ret_flags);
          break;
 
-       default:
+       case 1:
+         maj_stat = gss_accept_sec_context (&min_stat,
+                                            &sctx,
+                                            server_creds,
+                                            &bufdesc2,
+                                            &cb,
+                                            &name,
+                                            NULL,
+                                            &bufdesc,
+                                            &ret_flags, &time_rec, NULL);
+         break;
+
+       case 2:
          maj_stat = gss_accept_sec_context (&min_stat,
                                             &sctx,
                                             server_creds,
@@ -237,6 +254,9 @@ main (int argc, char *argv[])
                                             &bufdesc,
                                             &ret_flags, &time_rec, NULL);
          break;
+       default:
+         fail ("default?!\n");
+         break;
        }
       if (GSS_ERROR (maj_stat))
        {


hooks/post-receive
-- 
GNU gss

[Prev in Thread]

Current Thread

[Next in Thread]

[SCM] GNU gss branch, master, updated. gss-0-1-3-7-gec52111, Simon Josefsson <=

Prev by Date: [SCM] GNU gss branch, master, updated. gss-0-1-3-5-g760853a
Next by Date: [SCM] GNU gss branch, master, updated. gss-0-1-3-10-g6bff401
Previous by thread: [SCM] GNU gss branch, master, updated. gss-0-1-3-5-g760853a
Next by thread: [SCM] GNU gss branch, master, updated. gss-0-1-3-10-g6bff401
Index(es):
- Date
- Thread