153     krb5_gss_ctx_id_rec *ctx;
177     if (data->ctx->gss_flags & GSS_C_DELEG_FLAG) {
186 				  data->cred->princ, data->ctx->there,
196 	    data->ctx->gss_flags &= ~GSS_C_DELEG_FLAG;
211     if (data->ctx->auth_context->keyblock != NULL
212 	&& data->ctx->auth_context->keyblock->enctype == 18) {
240     TWRITE_INT(ptr, data->ctx->gss_flags, 0);
260 make_ap_req_v1(context, ctx, cred, k_cred, chan_bindings, mech_type, token)
262     krb5_gss_ctx_id_rec *ctx;
287     krb5_auth_con_set_req_cksumtype(context, ctx->auth_context,
290     cksum_struct.ctx = ctx;
298       code = make_gss_checksum(context, ctx->auth_context, &cksum_struct,
304 	krb5_auth_con_set_checksum_func(context, ctx->auth_context,
314     if (ctx->gss_flags & GSS_C_MUTUAL_FLAG)
317     code = krb5_mk_req_extended(context, &ctx->auth_context, mk_req_flags,
324    ctx->endtime = k_cred->times.endtime;
325    ctx->krb_flags = k_cred->ticket_flags;
370    krb5_gss_ctx_id_rec *ctx,
381    ctx->have_acceptor_subkey = 0;
382    ctx->proto = 0;
383    ctx->cksumtype = 0;
384    switch(ctx->subkey->enctype) {
388       ctx->subkey->enctype = ENCTYPE_DES_CBC_RAW;
389       ctx->signalg = SGN_ALG_DES_MAC_MD5;
390       ctx->cksum_size = 8;
391       ctx->sealalg = SEAL_ALG_DES;
395       if ((code = krb5_copy_keyblock(context, ctx->subkey, &ctx->enc)))
398       for (i=0; i<ctx->enc->length; i++)
399 	 ctx->enc->contents[i] ^= 0xf0;
405       ctx->subkey->enctype = ENCTYPE_DES3_CBC_RAW;
406       ctx->signalg = SGN_ALG_HMAC_SHA1_DES3_KD;
407       ctx->cksum_size = 20;
408       ctx->sealalg = SEAL_ALG_DES3KD;
411       code = krb5_copy_keyblock (context, ctx->subkey, &ctx->enc);
415       code = krb5_copy_keyblock (context, ctx->subkey, &ctx->seq);
417 	 krb5_free_keyblock (context, ctx->enc);
424       ctx->signalg = SGN_ALG_HMAC_MD5 ;
425       ctx->cksum_size = 8;
426       ctx->sealalg = SEAL_ALG_MICROSOFT_RC4 ;
433        ctx->signalg = -10;
434        ctx->sealalg = -10;
436        ctx->proto = 1;
437        code = (*kaccess.krb5int_c_mandatory_cksumtype)(context, ctx->subkey->enctype,
438 					    &ctx->cksumtype);
441        code = krb5_c_checksum_length(context, ctx->cksumtype,
442 				     &ctx->cksum_size);
484    krb5_gss_ctx_id_rec *ctx, *ctx_free;
508    /* create the ctx */
510    if ((ctx = (krb5_gss_ctx_id_rec *) xmalloc(sizeof(krb5_gss_ctx_id_rec)))
516    /* fill in the ctx */
517    memset(ctx, 0, sizeof(krb5_gss_ctx_id_rec));
518    ctx_free = ctx;
519    if ((code = krb5_auth_con_init(context, &ctx->auth_context)))
521    krb5_auth_con_setflags(context, ctx->auth_context,
532    ctx->initiate = 1;
533    ctx->gss_flags = (GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG |
537    ctx->seed_init = 0;
538    ctx->big_endian = 0;  /* all initiators do little-endian, as per spec */
539    ctx->seqstate = 0;
545       ctx->endtime = 0;
547       ctx->endtime = now + time_req;
550    if ((code = krb5_copy_principal(context, cred->princ, &ctx->here)))
554 				   &ctx->there)))
557    code = get_credentials(context, cred, ctx->there, now,
558 			  ctx->endtime, &k_cred);
566    if (generic_gss_copy_oid(minor_status, mech_type, &ctx->mech_used)
574    ctx->mech_used = krb5_gss_convert_static_mech_oid(ctx->mech_used);
579       if ((code = make_ap_req_v1(context, ctx,
590       krb5_auth_con_getlocalseqnumber(context, ctx->auth_context,
592       ctx->seq_send = seq_temp;
593       krb5_auth_con_getsendsubkey(context, ctx->auth_context,
594 				  &ctx->subkey);
597    major_status = setup_enc(minor_status, ctx, context);
609    if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) {
613    *context_handle = (gss_ctx_id_t) ctx;
620       *time_rec = ctx->endtime - now;
627       *ret_flags = ctx->gss_flags;
635    if (ctx->gss_flags & GSS_C_MUTUAL_FLAG) {
636       ctx->established = 0;
639       ctx->seq_recv = ctx->seq_send;
640       g_order_init(&(ctx->seqstate), ctx->seq_recv,
641 		   (ctx->gss_flags & GSS_C_REPLAY_FLAG) != 0, 
642 		   (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) != 0, ctx->proto);
643       ctx->gss_flags |= GSS_C_PROT_READY_FLAG;
644       ctx->established = 1;
693    krb5_gss_ctx_id_rec *ctx;
711    ctx = (krb5_gss_ctx_id_t) *context_handle;
716    if ((ctx->established) ||
717        ((ctx->gss_flags & GSS_C_MUTUAL_FLAG) == 0)) {
722    if (! krb5_principal_compare(context, ctx->there, 
728        int kret1 = krb5_unparse_name(context, ctx->there, &s_princ);
760    if (g_verify_token_header(ctx->mech_used,
764       if (g_verify_token_header((gss_OID) ctx->mech_used,
793    if ((code = krb5_rd_rep(context, ctx->auth_context, &ap_rep,
799       krb5_auth_con_setuseruserkey(context, ctx->auth_context,
800 				   ctx->subkey);
801       if ((krb5_rd_rep(context, ctx->auth_context, &ap_rep,
807    ctx->seq_recv = ap_rep_data->seq_number;
808    g_order_init(&(ctx->seqstate), ctx->seq_recv,
809 		(ctx->gss_flags & GSS_C_REPLAY_FLAG) != 0,
810 		(ctx->gss_flags & GSS_C_SEQUENCE_FLAG) !=0, ctx->proto);
812    if (ctx->proto == 1 && ap_rep_data->subkey) {
814        ctx->have_acceptor_subkey = 1;
816 				 &ctx->acceptor_subkey);
820 					    ctx->acceptor_subkey->enctype,
821 					    &ctx->acceptor_subkey_cksumtype);
830    ctx->established = 1;
837       *time_rec = ctx->endtime - now;
841       *ret_flags = ctx->gss_flags;

Indexes created Tue Jul 24 14:28:13 CEST 2018