fixes to work with IBM GSSAPI

svn path=/trunk/mcs/; revision=52506
author: Konstantin Triger <kostat@mono-cvs.ximian.com> 2005-11-03 14:19:37 +0300
committer: Konstantin Triger <kostat@mono-cvs.ximian.com> 2005-11-03 14:19:37 +0300
commit: 6c7313a71183615acca84155a2b080fd8c87c0f9 (patch)
tree: e714da5c3c4c50b82ca723cf1222467014424b77 /mcs/class/Novell.Directory.Ldap
parent: 8dfd77486e611d9475724c7e3627cadebf53c931 (diff)
3 files changed, 15 insertions, 14 deletions
diff --git a/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/ChangeLog b/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/ChangeLog
index 7cba50782e6..97267527548 100644
--- a/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/ChangeLog
+++ b/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/ChangeLog
@@ -1,3 +1,10 @@
+2005-11-03  Konstantin Triger <kostat@mainsoft.com>
+
+	* CreateContextPrivilegedAction.cs: always require mutual auth;
+		require integrity by default.
+	* Krb5Helper.cs: for wrap/unwrap: always create MessageProp with 
+		pribState set.
+
 2005-14-08  Boris Kirzner <borisk@mainsoft.com>
 	* Krb5Helper.cs: ExchangeTokens does proper final handshaking. Wrap/Unwrap
 	perform no action if no integrity and encryption accured.
@@ -12,4 +19,4 @@
 	Novell.Directory.Ldap.Security.jvm/Krb5Helper.cs,
 	Novell.Directory.Ldap.Security.jvm/UnwrapPrivilegedAction.cs,
 	Novell.Directory.Ldap.Security.jvm/AuthenticationCallbackHandler.cs: added
-	new classes implementing kerberos authntication support.
-\ No newline at end of file
+	new classes implementing kerberos authntication support.
diff --git a/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/CreateContextPrivilegedAction.cs b/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/CreateContextPrivilegedAction.cs
index 847b8096304..e98fb9d4053 100644
--- a/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/CreateContextPrivilegedAction.cs
+++ b/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/CreateContextPrivilegedAction.cs
@@ -71,10 +71,10 @@ namespace Novell.Directory.Ldap.Security
 				GSSName serverName = manager.createName (_name, GSSName__Finals.NT_HOSTBASED_SERVICE, krb5Oid);
 				GSSContext context = manager.createContext (serverName, krb5Oid, null, GSSContext__Finals.INDEFINITE_LIFETIME);
 
-				//context.requestMutualAuth(true);  
+				context.requestMutualAuth(true);  
 				context.requestConf (_encryption);
-				if (_signing)
-					context.requestInteg (_signing); 
+				if (!_encryption || _signing)
+					context.requestInteg (!_encryption || _signing); 
 				context.requestCredDeleg (_delegation);
 
 				return context;
diff --git a/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/Krb5Helper.cs b/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/Krb5Helper.cs
index a83d2afe917..41889337d15 100644
--- a/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/Krb5Helper.cs
+++ b/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/Krb5Helper.cs
@@ -56,7 +56,6 @@ namespace Novell.Directory.Ldap.Security
 		private readonly bool _delegation;
 
 		private readonly GSSContext _context;
-		private readonly MessageProp _messageProperties; 
 
 		private readonly string _name;
 		private readonly Subject _subject;
@@ -78,9 +77,6 @@ namespace Novell.Directory.Ldap.Security
 
 			CreateContextPrivilegedAction action = new CreateContextPrivilegedAction (_name,_mech,_encryption,_signing,_delegation);
 			_context = (GSSContext) Subject.doAs (_subject,action);
-
-			// 0 is a default JGSS QoP
-			_messageProperties = new MessageProp (0, _encryption);
 		}
 
 		#endregion // Constructors
@@ -102,11 +98,9 @@ namespace Novell.Directory.Ldap.Security
 				if (clientToken == null || clientToken.Length == 0)
 					return Krb5Helper.EmptyToken;
 
-				MessageProp messageProp = new MessageProp (0, false);
-
 				//final handshake
 				byte [] challengeData = (byte []) TypeUtils.ToByteArray (clientToken);
-				byte [] gssOutToken = Unwrap (challengeData, 0, challengeData.Length, messageProp);
+				byte [] gssOutToken = Unwrap (challengeData, 0, challengeData.Length, new MessageProp (false));
 
 				QOP myCop = QOP.NO_PROTECTION;
 
@@ -127,7 +121,7 @@ namespace Novell.Directory.Ldap.Security
 
 				SecureStream.IntToNetworkByteOrder (srvMaxBufSize, gssInToken, 1, 3);
 
-				gssOutToken = Wrap (gssInToken, 0, gssInToken.Length, messageProp);
+				gssOutToken = Wrap (gssInToken, 0, gssInToken.Length, new MessageProp (true));
 
 				return TypeUtils.ToSByteArray (gssOutToken);
 			}
@@ -160,7 +154,7 @@ namespace Novell.Directory.Ldap.Security
 
 		public byte [] Wrap(byte [] outgoing, int start, int len) 
 		{
-			return Wrap (outgoing, start, len, _messageProperties);
+			return Wrap (outgoing, start, len, new MessageProp(true));
 		}
 
 		public byte [] Wrap(byte [] outgoing, int start, int len, MessageProp messageProp)
@@ -186,7 +180,7 @@ namespace Novell.Directory.Ldap.Security
 
 		public byte [] Unwrap(byte [] incoming, int start, int len) 
 		{
-			return Unwrap (incoming, start, len, _messageProperties);
+			return Unwrap (incoming, start, len, new MessageProp(true));
 		}
 
 		public byte [] Unwrap(byte [] incoming, int start, int len, MessageProp messageProp)
author	Konstantin Triger <kostat@mono-cvs.ximian.com>	2005-11-03 14:19:37 +0300
committer	Konstantin Triger <kostat@mono-cvs.ximian.com>	2005-11-03 14:19:37 +0300
commit	6c7313a71183615acca84155a2b080fd8c87c0f9 (patch)
tree	e714da5c3c4c50b82ca723cf1222467014424b77 /mcs/class/Novell.Directory.Ldap
parent	8dfd77486e611d9475724c7e3627cadebf53c931 (diff)