uint64_t seq_recv; /* gssint_uint64 */
void *seqstate;
krb5_auth_context auth_context;
- gss_buffer_desc *mech_used; /* gss_OID_desc */
+ gss_OID_desc *mech_used; /* gss_OID_desc */
/* Protocol spec revision
0 => RFC 1964 with 3DES and RC4 enhancements
1 => draft-ietf-krb-wg-gssapi-cfx-01
int established;
int big_endian;
krb5_auth_context auth_context;
- gss_buffer_desc *mech_used;
+ gss_OID_desc *mech_used;
int nctypes;
krb5_cksumtype *ctypes;
} krb5_gss_ctx_id_rec, *krb5_gss_ctx_id_t;
if (WRITE_BYTES(&p, end, lctx->endtime)) goto out_err;
word_send_seq = lctx->send_seq; /* XXX send_seq is 64-bit */
if (WRITE_BYTES(&p, end, word_send_seq)) goto out_err;
- if (write_buffer(&p, end, (gss_buffer_desc*)&krb5oid)) goto out_err;
+ if (write_oid(&p, end, &krb5oid)) goto out_err;
+
+ printerr(2, "prepare_krb5_rfc1964_buffer: serializing keys with "
+ "enctype %d and length %d\n",
+ lctx->rfc1964_kd.ctx_key.type,
+ lctx->rfc1964_kd.ctx_key.length);
/* derive the encryption key and copy it into buffer */
enc_key.type = lctx->rfc1964_kd.ctx_key.type;
int retcode = 0;
printerr(2, "DEBUG: serialize_krb5_ctx: lucid version!\n");
- maj_stat = gss_krb5_export_lucid_sec_context(&min_stat, &ctx,
- 1, &return_ctx);
- if (maj_stat != GSS_S_COMPLETE)
+ maj_stat = gss_export_lucid_sec_context(&min_stat, &ctx,
+ 1, &return_ctx);
+ if (maj_stat != GSS_S_COMPLETE) {
+ pgsserr("gss_export_lucid_sec_context",
+ maj_stat, min_stat, &krb5oid);
goto out_err;
+ }
/* Check the version returned, we only support v1 right now */
vers = ((gss_krb5_lucid_context_version_t *)return_ctx)->version;
else
retcode = prepare_krb5_rfc_cfx_buffer(lctx, buf);
- maj_stat = gss_krb5_free_lucid_sec_context(&min_stat,
- (void *)lctx);
- if (maj_stat != GSS_S_COMPLETE)
+ maj_stat = gss_free_lucid_sec_context(&min_stat, ctx, return_ctx);
+ if (maj_stat != GSS_S_COMPLETE) {
+ pgsserr("gss_export_lucid_sec_context",
+ maj_stat, min_stat, &krb5oid);
printerr(0, "WARN: failed to free lucid sec context\n");
- if (retcode)
+ }
+
+ if (retcode) {
+ printerr(1, "serialize_krb5_ctx: prepare_krb5_*_buffer "
+ "failed (retcode = %d)\n", retcode);
goto out_err;
+ }
return 0;
return 0;
}
+/*
+ * We really shouldn't know about glue-layer context structure, but
+ * we need to get at the real krb5 context pointer. This should be
+ * removed as soon as we say there is no support for MIT Kerberos
+ * prior to 1.4 -- which gives us "legal" access to the context info.
+ */
+typedef struct gss_union_ctx_id_t {
+ gss_OID mech_type;
+ gss_ctx_id_t internal_ctx_id;
+} gss_union_ctx_id_desc, *gss_union_ctx_id_t;
+
int
serialize_krb5_ctx(gss_ctx_id_t ctx, gss_buffer_desc *buf)
{
- krb5_gss_ctx_id_t kctx = (krb5_gss_ctx_id_t)ctx;
+ krb5_gss_ctx_id_t kctx = ((gss_union_ctx_id_t)ctx)->internal_ctx_id;
char *p, *end;
static int constant_one = 1;
static int constant_zero = 0;
if (WRITE_BYTES(&p, end, kctx->endtime)) goto out_err;
word_seq_send = kctx->seq_send;
if (WRITE_BYTES(&p, end, word_seq_send)) goto out_err;
- if (write_buffer(&p, end, kctx->mech_used)) goto out_err;
+ if (write_oid(&p, end, kctx->mech_used)) goto out_err;
+
+ printerr(2, "serialize_krb5_ctx: serializing keys with "
+ "enctype %d and length %d\n",
+ kctx->enc->enctype, kctx->enc->length);
+
if (write_keyblock(&p, end, kctx->enc)) goto out_err;
if (write_keyblock(&p, end, kctx->seq)) goto out_err;