X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=blobdiff_plain;f=utils%2Fgssd%2Fcontext_mit.c;h=868eaa9f796c61da1db7cb023ba3fc19d1b2d8c8;hp=0af92a3804a7c6312546171affb3d8414e43b863;hb=aaf1ebff9c894f341dfb7db5ced2c47a5d50e750;hpb=4ce79c4ef9d40b9df12e1f55c2fbb7a75744052c diff --git a/utils/gssd/context_mit.c b/utils/gssd/context_mit.c index 0af92a3..868eaa9 100644 --- a/utils/gssd/context_mit.c +++ b/utils/gssd/context_mit.c @@ -185,6 +185,11 @@ prepare_krb5_rfc1964_buffer(gss_krb5_lucid_context_v1_t *lctx, if (WRITE_BYTES(&p, end, word_send_seq)) goto out_err; if (write_buffer(&p, end, (gss_buffer_desc*)&krb5oid)) goto out_err; + printerr(2, "prepare_krb5_rfc1964_buffer: serializing keys with " + "enctype %d and length %d\n", + lctx->rfc1964_kd.ctx_key.type, + lctx->rfc1964_kd.ctx_key.length); + /* derive the encryption key and copy it into buffer */ enc_key.type = lctx->rfc1964_kd.ctx_key.type; enc_key.length = lctx->rfc1964_kd.ctx_key.length; @@ -232,10 +237,13 @@ serialize_krb5_ctx(gss_ctx_id_t ctx, gss_buffer_desc *buf) int retcode = 0; printerr(2, "DEBUG: serialize_krb5_ctx: lucid version!\n"); - maj_stat = gss_krb5_export_lucid_sec_context(&min_stat, &ctx, - 1, &return_ctx); - if (maj_stat != GSS_S_COMPLETE) + maj_stat = gss_export_lucid_sec_context(&min_stat, ctx, + 1, &return_ctx); + if (maj_stat != GSS_S_COMPLETE) { + pgsserr("gss_export_lucid_sec_context", + maj_stat, min_stat, &krb5oid); goto out_err; + } /* Check the version returned, we only support v1 right now */ vers = ((gss_krb5_lucid_context_version_t *)return_ctx)->version; @@ -256,12 +264,18 @@ serialize_krb5_ctx(gss_ctx_id_t ctx, gss_buffer_desc *buf) else retcode = prepare_krb5_rfc_cfx_buffer(lctx, buf); - maj_stat = gss_krb5_free_lucid_sec_context(&min_stat, - (void *)lctx); - if (maj_stat != GSS_S_COMPLETE) + maj_stat = gss_free_lucid_sec_context(&min_stat, ctx, return_ctx); + if (maj_stat != GSS_S_COMPLETE) { + pgsserr("gss_export_lucid_sec_context", + maj_stat, min_stat, &krb5oid); printerr(0, "WARN: failed to free lucid sec context\n"); - if (retcode) + } + + if (retcode) { + printerr(1, "serialize_krb5_ctx: prepare_krb5_*_buffer " + "failed (retcode = %d)\n", retcode); goto out_err; + } return 0; @@ -285,10 +299,21 @@ write_keyblock(char **p, char *end, struct _krb5_keyblock *arg) return 0; } +/* + * We really shouldn't know about glue-layer context structure, but + * we need to get at the real krb5 context pointer. This should be + * removed as soon as we say there is no support for MIT Kerberos + * prior to 1.4 -- which gives us "legal" access to the context info. + */ +typedef struct gss_union_ctx_id_t { + gss_OID mech_type; + gss_ctx_id_t internal_ctx_id; +} gss_union_ctx_id_desc, *gss_union_ctx_id_t; + int serialize_krb5_ctx(gss_ctx_id_t ctx, gss_buffer_desc *buf) { - krb5_gss_ctx_id_t kctx = (krb5_gss_ctx_id_t)ctx; + krb5_gss_ctx_id_t kctx = ((gss_union_ctx_id_t)ctx)->internal_ctx_id; char *p, *end; static int constant_one = 1; static int constant_zero = 0; @@ -319,6 +344,11 @@ serialize_krb5_ctx(gss_ctx_id_t ctx, gss_buffer_desc *buf) word_seq_send = kctx->seq_send; if (WRITE_BYTES(&p, end, word_seq_send)) goto out_err; if (write_buffer(&p, end, kctx->mech_used)) goto out_err; + + printerr(2, "serialize_krb5_ctx: serializing keys with " + "enctype %d and length %d\n", + kctx->enc->enctype, kctx->enc->length); + if (write_keyblock(&p, end, kctx->enc)) goto out_err; if (write_keyblock(&p, end, kctx->seq)) goto out_err;