From: Luke Howard Date: Thu, 27 Aug 2009 10:59:38 +0000 (+0000) Subject: AP_REQ attributes belong on initiator name, notiator not target GSS name X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=551ba4df4f68cbb4c593cc78b9730b997608fd98;p=thirdparty%2Fkrb5.git AP_REQ attributes belong on initiator name, notiator not target GSS name git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/authdata@22633 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index 66556e3f06..16b73b7339 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -523,7 +523,7 @@ new_connection( /* gsskrb5 v1 */ krb5_int32 seq_temp; if ((code = make_ap_req_v1(context, ctx, - cred, k_cred, ctx->there->ad_context, + cred, k_cred, ctx->here->ad_context, input_chan_bindings, mech_type, &token))) { if ((code == KRB5_FCC_NOFILE) || (code == KRB5_CC_NOTFOUND) || diff --git a/src/tests/gssapi/t_namingexts.c b/src/tests/gssapi/t_namingexts.c index d9603e6be6..3bfc298f35 100644 --- a/src/tests/gssapi/t_namingexts.c +++ b/src/tests/gssapi/t_namingexts.c @@ -31,6 +31,8 @@ #include #include +#define USE_SPNEGO 1 + #ifdef USE_SPNEGO static gss_OID_desc spnego_mech = { 6, "\053\006\001\005\005\002" }; #endif @@ -237,7 +239,7 @@ testExportImportName(OM_uint32 *minor, static OM_uint32 testGreetAuthzData(OM_uint32 *minor, - gss_name_t target_name) + gss_name_t name) { OM_uint32 major; gss_buffer_desc attr; @@ -250,7 +252,7 @@ testGreetAuthzData(OM_uint32 *minor, value.length = strlen((char *)value.value); major = gss_set_name_attribute(minor, - target_name, + name, 1, &attr, &value); @@ -291,7 +293,6 @@ initAcceptSecContext(OM_uint32 *minor, return major; } - testGreetAuthzData(minor, target_name); displayCanonName(minor, target_name, "Target name"); major = gss_init_sec_context(minor, @@ -351,11 +352,12 @@ initAcceptSecContext(OM_uint32 *minor, int main(int argc, char *argv[]) { - OM_uint32 minor, major; + OM_uint32 minor, major, tmp; gss_cred_id_t cred_handle = GSS_C_NO_CREDENTIAL; gss_cred_id_t delegated_cred_handle = GSS_C_NO_CREDENTIAL; gss_OID_set_desc mechs; gss_OID_set actual_mechs = GSS_C_NO_OID_SET; + gss_name_t name = GSS_C_NO_NAME; if (argc > 1) { major = krb5_gss_register_acceptor_identity(argv[1]); @@ -365,7 +367,36 @@ int main(int argc, char *argv[]) } } -#if USE_SPNEGO + if (argc > 2) { + gss_buffer_desc name_buf; + gss_name_t tmp_name; + + name_buf.value = argv[2]; + name_buf.length = strlen(argv[2]); + + major = gss_import_name(&minor, &name_buf, + (gss_OID)GSS_KRB5_NT_PRINCIPAL_NAME, &tmp_name); + if (GSS_ERROR(major)) { + displayStatus("gss_import_name", major, minor); + goto out; + } + + major = gss_canonicalize_name(&minor, tmp_name, + (gss_OID)gss_mech_krb5, &name); + if (GSS_ERROR(major)) { + gss_release_name(&tmp, &tmp_name); + displayStatus("gss_canonicalze_name", major, minor); + goto out; + } + + gss_release_name(&tmp, &tmp_name); + + major = testGreetAuthzData(&minor, name); + if (GSS_ERROR(major)) + goto out; + } + +#if 0 /* XXX mechglue bug */ mechs.elements = (gss_OID)&spnego_mech; #else mechs.elements = (gss_OID)gss_mech_krb5; @@ -374,7 +405,7 @@ int main(int argc, char *argv[]) /* get default cred */ major = gss_acquire_cred(&minor, - GSS_C_NO_NAME, + name, GSS_C_INDEFINITE, &mechs, GSS_C_BOTH, @@ -397,9 +428,10 @@ int main(int argc, char *argv[]) printf("\n"); out: - (void) gss_release_cred(&minor, &delegated_cred_handle); - (void) gss_release_cred(&minor, &cred_handle); - (void) gss_release_oid_set(&minor, &actual_mechs); + (void) gss_release_cred(&tmp, &delegated_cred_handle); + (void) gss_release_cred(&tmp, &cred_handle); + (void) gss_release_oid_set(&tmp, &actual_mechs); + (void) gss_release_name(&tmp, &name); return GSS_ERROR(major) ? 1 : 0; }