goto fail;
}
- /*
- "Be liberal in what you accept, and
- conservative in what you send"
- -- rfc1123
-
- This code will let this acceptor interoperate with an initiator
- using little-endian or big-endian integer encoding.
- */
-
ptr = (unsigned char *) authdat->checksum->contents;
- bigend = 0;
- TREAD_INT(ptr, tmp, bigend);
+ TREAD_INT(ptr, tmp, 0);
if (tmp != md5len) {
- ptr = (unsigned char *) authdat->checksum->contents;
- bigend = 1;
-
- TREAD_INT(ptr, tmp, bigend);
-
- if (tmp != md5len) {
- code = KG_BAD_LENGTH;
- major_status = GSS_S_FAILURE;
- goto fail;
- }
+ code = KG_BAD_LENGTH;
+ major_status = GSS_S_FAILURE;
+ goto fail;
}
- /* at this point, bigend is set according to the initiator's
- byte order */
-
-
/*
The following section of code attempts to implement the
optional channel binding facility as described in RFC2743.
if ((code = kg_checksum_channel_bindings(context,
input_chan_bindings,
- &reqcksum, bigend))) {
+ &reqcksum))) {
major_status = GSS_S_BAD_BINDINGS;
goto fail;
}
xfree(reqcksum.contents);
reqcksum.contents = 0;
- TREAD_INT(ptr, gss_flags, bigend);
+ TREAD_INT(ptr, gss_flags, 0);
#if 0
gss_flags &= ~GSS_C_DELEG_FLAG; /* mask out the delegation flag; if
there's a delegation, we'll set
i = authdat->checksum->length - 24;
if (i && (gss_flags & GSS_C_DELEG_FLAG)) {
if (i >= 4) {
- TREAD_INT16(ptr, option_id, bigend);
- TREAD_INT16(ptr, option.length, bigend);
+ TREAD_INT16(ptr, option_id, 0);
+ TREAD_INT16(ptr, option.length, 0);
i -= 4;
if (i < option.length || option.length < 0) {
GSS_C_DCE_STYLE | GSS_C_IDENTIFY_FLAG |
GSS_C_EXTENDED_ERROR_FLAG)));
ctx->seed_init = 0;
- ctx->big_endian = bigend;
ctx->cred_rcache = cred_rcache;
/* XXX move this into gss_name_t */
krb5_magic magic;
unsigned int initiate : 1; /* nonzero if initiating, zero if accepting */
unsigned int established : 1;
- unsigned int big_endian : 1;
unsigned int have_acceptor_subkey : 1;
unsigned int seed_init : 1; /* XXX tested but never actually set */
OM_uint32 gss_flags;
krb5_error_code kg_checksum_channel_bindings
(krb5_context context, gss_channel_bindings_t cb,
- krb5_checksum *cksum,
- int bigend);
+ krb5_checksum *cksum);
krb5_error_code kg_make_seq_num (krb5_context context,
krb5_key key,
/* compute the hash of the channel bindings */
- if ((code = kg_checksum_channel_bindings(context, chan_bindings, &md5, 0)))
+ if ((code = kg_checksum_channel_bindings(context, chan_bindings, &md5)))
return(code);
krb5_auth_con_set_req_cksumtype(context, ctx->auth_context,
GSS_C_DCE_STYLE | GSS_C_IDENTIFY_FLAG |
GSS_C_EXTENDED_ERROR_FLAG)));
ctx->seed_init = 0;
- ctx->big_endian = 0; /* all initiators do little-endian, as per spec */
ctx->seqstate = 0;
if (req_flags & GSS_C_DCE_STYLE)
int sealalg,
int do_encrypt,
int toktype,
- int bigend,
gss_OID oid)
{
krb5_error_code code;
assert((!do_encrypt) || (toktype == KG_TOK_SEAL_MSG));
/* create the token buffer */
/* Do we need confounder? */
- if (do_encrypt || (!bigend && (toktype == KG_TOK_SEAL_MSG)))
+ if (do_encrypt || toktype == KG_TOK_SEAL_MSG)
conflen = kg_confounder_size(context, enc->keyblock.enctype);
else conflen = 0;
/* compute the checksum */
/* 8 = head of token body as specified by mech spec */
- if (! (data_ptr =
- (char *) xmalloc(8 + (bigend ? text->length : msglen)))) {
+ if (! (data_ptr = xmalloc(8 + msglen))) {
xfree(plain);
gssalloc_free(t);
return(ENOMEM);
}
(void) memcpy(data_ptr, ptr-2, 8);
- if (bigend)
- (void) memcpy(data_ptr+8, text->value, text->length);
- else
- (void) memcpy(data_ptr+8, plain, msglen);
- plaind.length = 8 + (bigend ? text->length : msglen);
+ (void) memcpy(data_ptr+8, plain, msglen);
+ plaind.length = 8 + msglen;
plaind.data = data_ptr;
code = krb5_k_make_checksum(context, md5cksum.checksum_type, seq,
sign_usage, &plaind, &md5cksum);
&ctx->seq_send, ctx->initiate,
input_message_buffer, output_message_buffer,
ctx->signalg, ctx->cksum_size, ctx->sealalg,
- conf_req_flag, toktype, ctx->big_endian,
- ctx->mech_used);
+ conf_req_flag, toktype, ctx->mech_used);
break;
case 1:
code = gss_krb5int_make_seal_token_v3(context, ctx,
krb5_key key;
krb5_cksumtype cksumtype;
- assert(ctx->big_endian == 0);
-
acceptor_flag = ctx->initiate ? 0 : FLAG_SENDER_IS_ACCEPTOR;
key_usage = (toktype == KG_TOK_WRAP_MSG
? (ctx->initiate
krb5_key key;
krb5_cksumtype cksumtype;
- if (ctx->big_endian != 0)
- goto defective;
-
if (qop_state)
*qop_state = GSS_C_QOP_DEFAULT;
krb5_cksumtype cksumtype;
size_t data_length, assoc_data_length;
- assert(ctx->big_endian == 0);
assert(ctx->proto == 1);
acceptor_flag = ctx->initiate ? 0 : FLAG_SENDER_IS_ACCEPTOR;
krb5_cksumtype cksumtype;
int conf_flag = 0;
- if (ctx->big_endian != 0)
- return GSS_S_DEFECTIVE_TOKEN;
-
if (qop_state != NULL)
*qop_state = GSS_C_QOP_DEFAULT;
plainlen = tmsglen;
- if ((sealalg == 0xffff) && ctx->big_endian) {
- token.length = tmsglen;
- } else {
- conflen = kg_confounder_size(context, ctx->enc->keyblock.enctype);
- token.length = tmsglen - conflen - plain[tmsglen-1];
- }
+ conflen = kg_confounder_size(context, ctx->enc->keyblock.enctype);
+ token.length = tmsglen - conflen - plain[tmsglen-1];
if (token.length) {
if ((token.value = (void *) gssalloc_malloc(token.length)) == NULL) {
/* 8 = bytes of token body to be checksummed according to spec */
- if (! (data_ptr = (void *)
- xmalloc(8 + (ctx->big_endian ? token.length : plainlen)))) {
+ if (! (data_ptr = xmalloc(8 + plainlen))) {
if (sealalg != 0xffff)
xfree(plain);
if (toktype == KG_TOK_SEAL_MSG)
(void) memcpy(data_ptr, ptr-2, 8);
- if (ctx->big_endian)
- (void) memcpy(data_ptr+8, token.value, token.length);
- else
- (void) memcpy(data_ptr+8, plain, plainlen);
+ (void) memcpy(data_ptr+8, plain, plainlen);
- plaind.length = 8 + (ctx->big_endian ? token.length : plainlen);
+ plaind.length = 8 + plainlen;
plaind.data = data_ptr;
code = krb5_k_make_checksum(context, md5cksum.checksum_type,
ctx->seq, sign_usage,
return GSS_S_FAILURE;
}
- if (! (data_ptr = (void *)
- xmalloc(sizeof(ctx->seed) + 8 +
- (ctx->big_endian ? token.length : plainlen)))) {
+ if (! (data_ptr = xmalloc(sizeof(ctx->seed) + 8 + plainlen))) {
krb5_free_checksum_contents(context, &md5cksum);
if (sealalg == 0)
xfree(plain);
}
(void) memcpy(data_ptr, ptr-2, 8);
(void) memcpy(data_ptr+8, ctx->seed, sizeof(ctx->seed));
- if (ctx->big_endian)
- (void) memcpy(data_ptr+8+sizeof(ctx->seed),
- token.value, token.length);
- else
- (void) memcpy(data_ptr+8+sizeof(ctx->seed),
- plain, plainlen);
- plaind.length = 8 + sizeof(ctx->seed) +
- (ctx->big_endian ? token.length : plainlen);
+ (void) memcpy(data_ptr+8+sizeof(ctx->seed), plain, plainlen);
+ plaind.length = 8 + sizeof(ctx->seed) + plainlen;
plaind.data = data_ptr;
krb5_free_checksum_contents(context, &md5cksum);
code = krb5_k_make_checksum(context, md5cksum.checksum_type,
/* 8 = bytes of token body to be checksummed according to spec */
- if (! (data_ptr = (void *)
- xmalloc(8 + (ctx->big_endian ? token.length : plainlen)))) {
+ if (! (data_ptr = xmalloc(8 + plainlen))) {
if (sealalg != 0xffff)
xfree(plain);
if (toktype == KG_TOK_SEAL_MSG)
(void) memcpy(data_ptr, ptr-2, 8);
- if (ctx->big_endian)
- (void) memcpy(data_ptr+8, token.value, token.length);
- else
- (void) memcpy(data_ptr+8, plain, plainlen);
+ (void) memcpy(data_ptr+8, plain, plainlen);
- plaind.length = 8 + (ctx->big_endian ? token.length : plainlen);
+ plaind.length = 8 + plainlen;
plaind.data = data_ptr;
code = krb5_k_make_checksum(context, md5cksum.checksum_type,
ctx->seq, sign_usage,
return GSS_S_BAD_SIG;
}
- assert(ctx->big_endian == 0);
-
/* decode the message, if SEAL */
if (toktype == KG_TOK_WRAP_MSG) {
if (sealalg != 0xFFFF) {
* krb5_int32 for KG_CONTEXT
* krb5_int32 for initiate.
* krb5_int32 for established.
- * krb5_int32 for big_endian.
* krb5_int32 for have_acceptor_subkey.
* krb5_int32 for seed_init.
* krb5_int32 for gss_flags.
&bp, &remain);
(void) krb5_ser_pack_int32((krb5_int32) ctx->established,
&bp, &remain);
- (void) krb5_ser_pack_int32((krb5_int32) ctx->big_endian,
- &bp, &remain);
(void) krb5_ser_pack_int32((krb5_int32) ctx->have_acceptor_subkey,
&bp, &remain);
(void) krb5_ser_pack_int32((krb5_int32) ctx->seed_init,
(void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
ctx->established = (int) ibuf;
(void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
- ctx->big_endian = (int) ibuf;
- (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
ctx->have_acceptor_subkey = (int) ibuf;
(void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
ctx->seed_init = (int) ibuf;
/* Checksumming the channel bindings always uses plain MD5. */
krb5_error_code
-kg_checksum_channel_bindings(context, cb, cksum, bigend)
+kg_checksum_channel_bindings(context, cb, cksum)
krb5_context context;
gss_channel_bindings_t cb;
krb5_checksum *cksum;
- int bigend;
{
size_t len;
char *buf = 0;
ptr = buf;
- TWRITE_INT(ptr, cb->initiator_addrtype, bigend);
- TWRITE_BUF(ptr, cb->initiator_address, bigend);
- TWRITE_INT(ptr, cb->acceptor_addrtype, bigend);
- TWRITE_BUF(ptr, cb->acceptor_address, bigend);
- TWRITE_BUF(ptr, cb->application_data, bigend);
+ TWRITE_INT(ptr, cb->initiator_addrtype, 0);
+ TWRITE_BUF(ptr, cb->initiator_address, 0);
+ TWRITE_INT(ptr, cb->acceptor_addrtype, 0);
+ TWRITE_BUF(ptr, cb->acceptor_address, 0);
+ TWRITE_BUF(ptr, cb->application_data, 0);
/* checksum the data */
}
}
- /* Assume the proper krb5 mech and no big-endian compatibility. */
- gctx->big_endian = 0;
gctx->seed_init = 0;
gctx->established = 1;
gctx->mech_used = (gss_OID_desc *)gss_mech_krb5;
projects / thirdparty / krb5.git / commitdiff
