diff options
3 files changed, 15 insertions, 14 deletions
diff --git a/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/ChangeLog b/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/ChangeLog index 7cba50782e6..97267527548 100644 --- a/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/ChangeLog +++ b/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/ChangeLog @@ -1,3 +1,10 @@ +2005-11-03 Konstantin Triger <kostat@mainsoft.com> + + * CreateContextPrivilegedAction.cs: always require mutual auth; + require integrity by default. + * Krb5Helper.cs: for wrap/unwrap: always create MessageProp with + pribState set. + 2005-14-08 Boris Kirzner <borisk@mainsoft.com> * Krb5Helper.cs: ExchangeTokens does proper final handshaking. Wrap/Unwrap perform no action if no integrity and encryption accured. @@ -12,4 +19,4 @@ Novell.Directory.Ldap.Security.jvm/Krb5Helper.cs, Novell.Directory.Ldap.Security.jvm/UnwrapPrivilegedAction.cs, Novell.Directory.Ldap.Security.jvm/AuthenticationCallbackHandler.cs: added - new classes implementing kerberos authntication support.
\ No newline at end of file + new classes implementing kerberos authntication support. diff --git a/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/CreateContextPrivilegedAction.cs b/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/CreateContextPrivilegedAction.cs index 847b8096304..e98fb9d4053 100644 --- a/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/CreateContextPrivilegedAction.cs +++ b/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/CreateContextPrivilegedAction.cs @@ -71,10 +71,10 @@ namespace Novell.Directory.Ldap.Security GSSName serverName = manager.createName (_name, GSSName__Finals.NT_HOSTBASED_SERVICE, krb5Oid);
GSSContext context = manager.createContext (serverName, krb5Oid, null, GSSContext__Finals.INDEFINITE_LIFETIME);
- //context.requestMutualAuth(true);
+ context.requestMutualAuth(true);
context.requestConf (_encryption);
- if (_signing)
- context.requestInteg (_signing);
+ if (!_encryption || _signing)
+ context.requestInteg (!_encryption || _signing);
context.requestCredDeleg (_delegation);
return context;
diff --git a/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/Krb5Helper.cs b/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/Krb5Helper.cs index a83d2afe917..41889337d15 100644 --- a/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/Krb5Helper.cs +++ b/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/Krb5Helper.cs @@ -56,7 +56,6 @@ namespace Novell.Directory.Ldap.Security private readonly bool _delegation;
private readonly GSSContext _context;
- private readonly MessageProp _messageProperties;
private readonly string _name;
private readonly Subject _subject;
@@ -78,9 +77,6 @@ namespace Novell.Directory.Ldap.Security CreateContextPrivilegedAction action = new CreateContextPrivilegedAction (_name,_mech,_encryption,_signing,_delegation);
_context = (GSSContext) Subject.doAs (_subject,action);
-
- // 0 is a default JGSS QoP
- _messageProperties = new MessageProp (0, _encryption);
}
#endregion // Constructors
@@ -102,11 +98,9 @@ namespace Novell.Directory.Ldap.Security if (clientToken == null || clientToken.Length == 0)
return Krb5Helper.EmptyToken;
- MessageProp messageProp = new MessageProp (0, false);
-
//final handshake
byte [] challengeData = (byte []) TypeUtils.ToByteArray (clientToken);
- byte [] gssOutToken = Unwrap (challengeData, 0, challengeData.Length, messageProp);
+ byte [] gssOutToken = Unwrap (challengeData, 0, challengeData.Length, new MessageProp (false));
QOP myCop = QOP.NO_PROTECTION;
@@ -127,7 +121,7 @@ namespace Novell.Directory.Ldap.Security SecureStream.IntToNetworkByteOrder (srvMaxBufSize, gssInToken, 1, 3);
- gssOutToken = Wrap (gssInToken, 0, gssInToken.Length, messageProp);
+ gssOutToken = Wrap (gssInToken, 0, gssInToken.Length, new MessageProp (true));
return TypeUtils.ToSByteArray (gssOutToken);
}
@@ -160,7 +154,7 @@ namespace Novell.Directory.Ldap.Security public byte [] Wrap(byte [] outgoing, int start, int len)
{
- return Wrap (outgoing, start, len, _messageProperties);
+ return Wrap (outgoing, start, len, new MessageProp(true));
}
public byte [] Wrap(byte [] outgoing, int start, int len, MessageProp messageProp)
@@ -186,7 +180,7 @@ namespace Novell.Directory.Ldap.Security public byte [] Unwrap(byte [] incoming, int start, int len)
{
- return Unwrap (incoming, start, len, _messageProperties);
+ return Unwrap (incoming, start, len, new MessageProp(true));
}
public byte [] Unwrap(byte [] incoming, int start, int len, MessageProp messageProp)
|