svn rev #22080: tools/gssmonger/trunk/ gssmaggot/ gssmaster/ include/

raeburn@MIT.EDU raeburn at MIT.EDU
Wed Mar 11 22:07:27 EDT 2009 

http://src.mit.edu/fisheye/changelog/krb5/?cs=22080
Commit By: raeburn
Log Message:
Make WrapEx support a capability flag reported by the maggot.  Set
that flag if not using SSPI (for which the test code hasn't been
written yet).

Create a context flag to indicate that all parties indicate WrapEx
capability.  (This check may be too strict.)  Only run the WrapEx test
if the context flag is set.

Also fix a recent bug that disabled the WrapEx tests in the default
case.



Changed Files:
U   tools/gssmonger/trunk/gssmaggot/handlers.c
U   tools/gssmonger/trunk/gssmaster/combos.c
U   tools/gssmonger/trunk/gssmaster/interfere.c
U   tools/gssmonger/trunk/include/mapvals.h
Modified: tools/gssmonger/trunk/gssmaggot/handlers.c
===================================================================
--- tools/gssmonger/trunk/gssmaggot/handlers.c	2009-03-11 22:14:24 UTC (rev 22079)
+++ tools/gssmonger/trunk/gssmaggot/handlers.c	2009-03-12 02:07:26 UTC (rev 22080)
@@ -1748,6 +1748,11 @@
     Capabilities |= GSMCAP_MS_KERBEROS;
 #endif
 
+    /* XXX Should tie this to actual capabilities.  */
+#ifndef USE_SSPI /* haven't written the SSPI version yet */
+    Capabilities |= GSMCAP_HAS_WRAPEX;
+#endif
+
     if ( !VersionString ) {
 
       CHAR OsVersion[ 255 ];

Modified: tools/gssmonger/trunk/gssmaster/combos.c
===================================================================
--- tools/gssmonger/trunk/gssmaster/combos.c	2009-03-11 22:14:24 UTC (rev 22079)
+++ tools/gssmonger/trunk/gssmaster/combos.c	2009-03-12 02:07:26 UTC (rev 22080)
@@ -313,7 +313,6 @@
   
  **************************************************************--*/
 
-
 BOOL
 IterateOverServers( IN PTESTARGS   pArgs,
                     IN PGSSCONTEXT pDelegatingContext,
@@ -403,6 +402,13 @@
         ContextArgs.GsmTestFlags    = 0;
 #endif        
 
+	if ( pArgs->pSlaves[ iServer ].VersionCaps &
+	     GSMCAP_HAS_WRAPEX )
+	    /* Tentative - may be cleared below.  */
+	    ContextArgs.ContextFlags |= GSMFLAG_WRAPEX;
+	else
+	    ContextArgs.ContextFlags &= ~GSMFLAG_WRAPEX;
+
         if ( pDelegatingContext ) {
 
           /* Delegating from the previous server to this client. */
@@ -413,6 +419,9 @@
           ContextArgs.ClientPrincipal = (LPSTR) (DWORD_PTR) 0xdeadbeef;
           ContextArgs.ClientPassword  = ContextArgs.ClientPrincipal;
 
+	  if ( !(pDelegatingContext->ContextFlags & GSMFLAG_WRAPEX ) )
+	      ContextArgs.ContextFlags &= ~GSMFLAG_WRAPEX;
+
         } else {
 
           hActualClient               = pArgs->pSlaves[ iClient ].hServer;
@@ -433,6 +442,10 @@
 
             ContextArgs.ContextFlags |= GSMFLAG_MUTUAL_AUTH;
           }
+	  if ( !(pArgs->pSlaves[ iClient ].VersionCaps &
+		 GSMCAP_HAS_WRAPEX ) ) {
+	      ContextArgs.ContextFlags &= ~GSMFLAG_WRAPEX;
+	  }
 
         }
 

Modified: tools/gssmonger/trunk/gssmaster/interfere.c
===================================================================
--- tools/gssmonger/trunk/gssmaster/interfere.c	2009-03-11 22:14:24 UTC (rev 22079)
+++ tools/gssmonger/trunk/gssmaster/interfere.c	2009-03-12 02:07:26 UTC (rev 22080)
@@ -101,7 +101,8 @@
 
 ULONG iWhichMessages     = ( MESSAGETEST_ENCRYPT |
                              MESSAGETEST_WRAPPED |
-                             MESSAGETEST_SIGNED );
+                             MESSAGETEST_SIGNED |
+			     MESSAGETEST_WRAPEX );
 
 ////////////////////////////////////////////////////////////
 
@@ -753,8 +754,8 @@
         ServerSignBinary
       },
       { "WrapEx",
-        GSMFLAG_CONFIDENTIALITY,
-        MESSAGETEST_ENCRYPT,
+	GSMFLAG_WRAPEX,
+        MESSAGETEST_WRAPEX,
         EncodeIOVMessage,
         DecodeIOVMessage,
         "encrypting",
@@ -876,7 +877,7 @@
 
         if ( !( iWhichMessages &
                 MessageTests[ iMessage ].iMessageFlag ) ) continue;
-          
+
         // otherwise, run with it:
         // copy the glue for the API:
 

Modified: tools/gssmonger/trunk/include/mapvals.h
===================================================================
--- tools/gssmonger/trunk/include/mapvals.h	2009-03-11 22:14:24 UTC (rev 22079)
+++ tools/gssmonger/trunk/include/mapvals.h	2009-03-12 02:07:26 UTC (rev 22080)
@@ -122,6 +122,10 @@
 #define GSMSSPI_PACKAGE_NTLM   0x100
 #define GSMSSPI_PACKAGE_SPNEGO 0x200
 
+/* Set if both parties can support WrapEx tests.  */
+#define GSMFLAG_WRAPEX          0x400
+
+
 /*------------------------------------------------------------
   CAPABILITY FLAGS (returned by the eGetVersionAndCapabilities)
   ------------------------------------------------------------*/
@@ -163,8 +167,9 @@
                                    1.2.3.4 is as opposed to 1.3.2.4.
                                    Remembering "Windows Client" and
                                    "Unix Box" is much easier. */
-                                   
-  
+
+#define GSMCAP_HAS_WRAPEX  0x20 /* I can do GSSWrapEx. */
+
 /*------------------------------------------------------------
   ACQUIRE flags (passed to eAcquireCreds)
   ------------------------------------------------------------*/

More information about the cvs-krb5 mailing list