diff options
| author | Cy Schubert <cy@FreeBSD.org> | 2023-06-26 22:56:52 +0000 |
|---|---|---|
| committer | Cy Schubert <cy@FreeBSD.org> | 2023-06-26 22:56:52 +0000 |
| commit | b6a943f7197af1a5eb6bb028b9b808ec5016e30c (patch) | |
| tree | cfbb91e940dd89d0e1d46095f43c228d7d079fa0 /lib/gssapi/krb5/export_sec_context.c | |
| parent | 6f4e10db3298f6d65e1e646fe52aaafc3682b788 (diff) | |
heimdal: Vendor import f62e2f278vendor/heimdal/7.8.0-2023-06-10-f62e2f278vendor/heimdal
Heimdal 7.8.0 does not support OpenSSL 3.0. 7.9.0 will but it hasn't
been released yet. We are importing f62e2f278 for its OpenSSL 3.0
support.
Diffstat (limited to 'lib/gssapi/krb5/export_sec_context.c')
| -rw-r--r-- | lib/gssapi/krb5/export_sec_context.c | 79 |
1 files changed, 47 insertions, 32 deletions
diff --git a/lib/gssapi/krb5/export_sec_context.c b/lib/gssapi/krb5/export_sec_context.c index b500f4230cd3..c29841537526 100644 --- a/lib/gssapi/krb5/export_sec_context.c +++ b/lib/gssapi/krb5/export_sec_context.c @@ -46,7 +46,6 @@ _gsskrb5_export_sec_context( krb5_auth_context ac; OM_uint32 ret = GSS_S_COMPLETE; krb5_data data; - gss_buffer_desc buffer; int flags; OM_uint32 minor; krb5_error_code kret; @@ -69,6 +68,9 @@ _gsskrb5_export_sec_context( } ac = ctx->auth_context; + krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_PACKED); + krb5_storage_set_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE); + /* flagging included fields */ flags = 0; @@ -82,6 +84,14 @@ _gsskrb5_export_sec_context( flags |= SC_LOCAL_SUBKEY; if (ac->remote_subkey) flags |= SC_REMOTE_SUBKEY; + if (ac->authenticator) + flags |= SC_AUTHENTICATOR; + if (ctx->source) + flags |= SC_SOURCE_NAME; + if (ctx->target) + flags |= SC_TARGET_NAME; + if (ctx->order) + flags |= SC_ORDER; kret = krb5_store_int32 (sp, flags); if (kret) { @@ -151,6 +161,18 @@ _gsskrb5_export_sec_context( *minor_status = kret; goto failure; } + if (ac->authenticator) { + kret = krb5_store_int64(sp, ac->authenticator->ctime); + if (kret) { + *minor_status = kret; + goto failure; + } + kret = krb5_store_int32(sp, ac->authenticator->cusec); + if (kret) { + *minor_status = kret; + goto failure; + } + } kret = krb5_store_int32 (sp, ac->keytype); if (kret) { @@ -164,34 +186,20 @@ _gsskrb5_export_sec_context( } /* names */ - - ret = _gsskrb5_export_name (minor_status, - (gss_name_t)ctx->source, &buffer); - if (ret) - goto failure; - data.data = buffer.value; - data.length = buffer.length; - kret = krb5_store_data (sp, data); - _gsskrb5_release_buffer (&minor, &buffer); - if (kret) { - *minor_status = kret; - goto failure; + if (ctx->source) { + kret = krb5_store_principal(sp, ctx->source); + if (kret) { + *minor_status = kret; + goto failure; + } } - ret = _gsskrb5_export_name (minor_status, - (gss_name_t)ctx->target, &buffer); - if (ret) - goto failure; - data.data = buffer.value; - data.length = buffer.length; - - ret = GSS_S_FAILURE; - - kret = krb5_store_data (sp, data); - _gsskrb5_release_buffer (&minor, &buffer); - if (kret) { - *minor_status = kret; - goto failure; + if (ctx->target) { + kret = krb5_store_principal(sp, ctx->target); + if (kret) { + *minor_status = kret; + goto failure; + } } kret = krb5_store_int32 (sp, ctx->flags); @@ -204,6 +212,11 @@ _gsskrb5_export_sec_context( *minor_status = kret; goto failure; } + kret = krb5_store_int32 (sp, ctx->state); + if (kret) { + *minor_status = kret; + goto failure; + } /* * XXX We should put a 64-bit int here, but we don't have a * krb5_store_int64() yet. @@ -213,10 +226,12 @@ _gsskrb5_export_sec_context( *minor_status = kret; goto failure; } - kret = _gssapi_msg_order_export(sp, ctx->order); - if (kret ) { - *minor_status = kret; - goto failure; + if (ctx->order) { + kret = _gssapi_msg_order_export(sp, ctx->order); + if (kret) { + *minor_status = kret; + goto failure; + } } kret = krb5_storage_to_data (sp, &data); @@ -232,7 +247,7 @@ _gsskrb5_export_sec_context( ret = _gsskrb5_delete_sec_context (minor_status, context_handle, GSS_C_NO_BUFFER); if (ret != GSS_S_COMPLETE) - _gsskrb5_release_buffer (NULL, interprocess_token); + _gss_secure_release_buffer (&minor, interprocess_token); *minor_status = 0; return ret; failure: |