diff options
| author | mp153739 <none@none> | 2007-01-08 02:45:56 -0800 |
|---|---|---|
| committer | mp153739 <none@none> | 2007-01-08 02:45:56 -0800 |
| commit | 3dba6097f91d71408b4a7c824521f8f0687ab6ff (patch) | |
| tree | 4f4c7655b6f61bb8ea0f1bff16059616d7423cd5 /usr/src/uts/common/gssapi/mechs | |
| parent | d51f1d338914fe15108ef3fb04d422a459cfdeda (diff) | |
| download | illumos-joyent-3dba6097f91d71408b4a7c824521f8f0687ab6ff.tar.gz | |
4854431 krb5_gss_acquire_cred() does not implement correct GSS_C_NO_NAME semantics
6290693 krb mech isn't doing the right thing in regards to gss_delete_sec_context and the output token
6491792 gss_unwrap() is causing duplicate token detection to fail for subsequent calls to gss_unwrap()
Diffstat (limited to 'usr/src/uts/common/gssapi/mechs')
| -rw-r--r-- | usr/src/uts/common/gssapi/mechs/krb5/mech/k5sealv3.c | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/usr/src/uts/common/gssapi/mechs/krb5/mech/k5sealv3.c b/usr/src/uts/common/gssapi/mechs/krb5/mech/k5sealv3.c index 0d29d158eb..36263e6a1f 100644 --- a/usr/src/uts/common/gssapi/mechs/krb5/mech/k5sealv3.c +++ b/usr/src/uts/common/gssapi/mechs/krb5/mech/k5sealv3.c @@ -1,5 +1,5 @@ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -313,9 +313,12 @@ gss_krb5int_make_seal_token_v3 (krb5_context context, message2 = &empty_message; goto wrap_with_checksum; } else if (toktype == KG_TOK_DEL_CTX) { - tok_id = 0x0405; - message = message2 = &empty_message; - goto wrap_with_checksum; + /* + * Solaris Kerberos: + * No token should be generated for context deletion. Just + * return. + */ + return 0; } else { err = KRB5KRB_AP_ERR_BAD_INTEGRITY; goto error; @@ -512,6 +515,16 @@ gss_krb5int_unseal_token_v3(krb5_context context, goto no_mem; (void) memcpy(message_buffer->value, plain.data, message_buffer->length); + + /* + * Solaris Kerberos: Restore the original token. + * This allows the token to be detected as a duplicate if it + * is passed in to gss_unwrap() again. + */ + if (!rotate_left(ptr, bodysize-ec, bodysize - ec - 16)) + goto no_mem; + store_16_be(ec, ptr+4); + store_16_be(rrc, ptr+6); } err = g_order_check(&ctx->seqstate, seqnum); *minor_status = 0; |