first stab at integrity and privacy
note: privacy will not work when we have more than 1 outstanding rpcs which generates out of order replies which sspi does not allow when privacy is enabled. adding auth_wrap() and auth_unwrap() to per-message gss token protection required adding these methods to auth_sys and auth_non. linux server doesnt support v2 kerberos tokens that have rotated data. sspi will always produce such tokens for aes. thus thus code was only tested for v1 kerberos tokens (ie des).
This commit is contained in:
Olga Kornievskaia
parent
b6120b41fd
commit
4411d3d807
7 changed files with 149 additions and 28 deletions
|
|
@ -198,7 +198,7 @@ typedef struct __auth {
|
|||
/* encode data for wire */
|
||||
int (*ah_wrap) (struct __auth *, XDR *, xdrproc_t, caddr_t);
|
||||
/* decode data for wire */
|
||||
int (*ah_unwrap) (struct __auth *, XDR *, xdrproc_t, caddr_t);
|
||||
int (*ah_unwrap) (struct __auth *, XDR *, xdrproc_t, caddr_t, u_int);
|
||||
|
||||
} *ah_ops;
|
||||
void *ah_private;
|
||||
|
|
@ -245,12 +245,12 @@ typedef struct __auth {
|
|||
((*((auth)->ah_ops->ah_wrap))(auth, xdrs, \
|
||||
xfunc, xwhere))
|
||||
|
||||
#define AUTH_UNWRAP(auth, xdrs, xfunc, xwhere) \
|
||||
#define AUTH_UNWRAP(auth, xdrs, xfunc, xwhere, seq) \
|
||||
((*((auth)->ah_ops->ah_unwrap))(auth, xdrs, \
|
||||
xfunc, xwhere))
|
||||
#define auth_unwrap(auth, xdrs, xfunc, xwhere) \
|
||||
xfunc, xwhere, seq))
|
||||
#define auth_unwrap(auth, xdrs, xfunc, xwhere, seq) \
|
||||
((*((auth)->ah_ops->ah_unwrap))(auth, xdrs, \
|
||||
xfunc, xwhere))
|
||||
xfunc, xwhere, seq))
|
||||
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue