From: Simo Sorce Date: Sat, 13 Jun 2015 22:02:45 +0000 (-0400) Subject: Actually store basic_hash in the session data X-Git-Tag: v1.3.0~26 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mod_auth_gssapi.git;a=commitdiff_plain;h=83930b81b95c3dbb650e5878ec4ecacde7947733 Actually store basic_hash in the session data Also fixes a segfault when mc->basic_hash.value is NULL Signed-off-by: Simo Sorce --- diff --git a/src/asn1c/GSSSessionData.c b/src/asn1c/GSSSessionData.c index 0f20581..12a98e3 100644 --- a/src/asn1c/GSSSessionData.c +++ b/src/asn1c/GSSSessionData.c @@ -53,6 +53,15 @@ static asn_TYPE_member_t asn_MBR_GSSSessionData_1[] = { 0, "gssname" }, + { ATF_NOFLAGS, 0, offsetof(struct GSSSessionData, basichash), + (ASN_TAG_CLASS_CONTEXT | (5 << 2)), + +1, /* EXPLICIT tag at current level */ + &asn_DEF_OCTET_STRING, + 0, /* Defer constraints checking to the member type */ + 0, /* PER is not compiled, use -gen-PER */ + 0, + "basichash" + }, }; static ber_tlv_tag_t asn_DEF_GSSSessionData_tags_1[] = { (ASN_TAG_CLASS_UNIVERSAL | (16 << 2)) @@ -62,13 +71,14 @@ static asn_TYPE_tag2member_t asn_MAP_GSSSessionData_tag2el_1[] = { { (ASN_TAG_CLASS_CONTEXT | (1 << 2)), 1, 0, 0 }, /* delegated */ { (ASN_TAG_CLASS_CONTEXT | (2 << 2)), 2, 0, 0 }, /* expiration */ { (ASN_TAG_CLASS_CONTEXT | (3 << 2)), 3, 0, 0 }, /* username */ - { (ASN_TAG_CLASS_CONTEXT | (4 << 2)), 4, 0, 0 } /* gssname */ + { (ASN_TAG_CLASS_CONTEXT | (4 << 2)), 4, 0, 0 }, /* gssname */ + { (ASN_TAG_CLASS_CONTEXT | (5 << 2)), 5, 0, 0 } /* basichash */ }; static asn_SEQUENCE_specifics_t asn_SPC_GSSSessionData_specs_1 = { sizeof(struct GSSSessionData), offsetof(struct GSSSessionData, _asn_ctx), asn_MAP_GSSSessionData_tag2el_1, - 5, /* Count of tags in the map */ + 6, /* Count of tags in the map */ 0, 0, 0, /* Optional elements (not needed) */ -1, /* Start extensions */ -1 /* Stop extensions */ @@ -93,7 +103,7 @@ asn_TYPE_descriptor_t asn_DEF_GSSSessionData = { /sizeof(asn_DEF_GSSSessionData_tags_1[0]), /* 1 */ 0, /* No PER visible constraints */ asn_MBR_GSSSessionData_1, - 5, /* Elements count */ + 6, /* Elements count */ &asn_SPC_GSSSessionData_specs_1 /* Additional specs */ }; diff --git a/src/asn1c/GSSSessionData.h b/src/asn1c/GSSSessionData.h index 423996f..53556d8 100644 --- a/src/asn1c/GSSSessionData.h +++ b/src/asn1c/GSSSessionData.h @@ -28,6 +28,7 @@ typedef struct GSSSessionData { Uint32_t expiration; OCTET_STRING_t username; OCTET_STRING_t gssname; + OCTET_STRING_t basichash; /* Context for parsing across buffer boundaries */ asn_struct_ctx_t _asn_ctx; diff --git a/src/asn1c/session.asn1 b/src/asn1c/session.asn1 index 8d7b4e5..1762812 100644 --- a/src/asn1c/session.asn1 +++ b/src/asn1c/session.asn1 @@ -7,6 +7,7 @@ GssapiSessionModule DEFINITIONS ::= BEGIN delegated [1] BOOLEAN, expiration [2] Uint32, username [3] OCTET STRING, - gssname [4] OCTET STRING + gssname [4] OCTET STRING, + basichash [5] OCTET STRING } END diff --git a/src/sessions.c b/src/sessions.c index 2653ccd..71e9dd5 100644 --- a/src/sessions.c +++ b/src/sessions.c @@ -176,6 +176,11 @@ void mag_check_session(request_rec *req, gsessdata->gssname.size); if (!mc->gss_name) goto done; + mc->basic_hash.length = gsessdata->basichash.size; + mc->basic_hash.value = apr_palloc(mc->parent, mc->basic_hash.length); + memcpy(mc->basic_hash.value, + gsessdata->basichash.buf, gsessdata->basichash.size); + /* OK we have a valid token */ mc->established = true; @@ -222,6 +227,10 @@ void mag_attempt_session(request_rec *req, goto done; if (OCTET_STRING_fromString(&gsessdata.gssname, mc->gss_name) != 0) goto done; + if (OCTET_STRING_fromBuf(&gsessdata.basichash, + (const char *)mc->basic_hash.value, + mc->basic_hash.length) != 0) + goto done; ret = encode_GSSSessionData(req->pool, &gsessdata, &plainbuf.value, &plainbuf.length); if (ret == false) { @@ -279,6 +288,7 @@ bool mag_basic_check(struct mag_config *cfg, struct mag_conn *mc, bool res = false; if (mac_size == 0) return false; + if (mc->basic_hash.value == NULL) return false; ret = mag_basic_hmac(cfg->mag_skey, mac, user, pwd); if (ret != 0) goto done;