From 6c7313a71183615acca84155a2b080fd8c87c0f9 Mon Sep 17 00:00:00 2001 From: Konstantin Triger Date: Thu, 3 Nov 2005 11:19:37 +0000 Subject: fixes to work with IBM GSSAPI svn path=/trunk/mcs/; revision=52506 --- .../Novell.Directory.Ldap.Security.jvm/ChangeLog | 9 ++++++++- .../CreateContextPrivilegedAction.cs | 6 +++--- .../Novell.Directory.Ldap.Security.jvm/Krb5Helper.cs | 14 ++++---------- 3 files changed, 15 insertions(+), 14 deletions(-) (limited to 'mcs/class/Novell.Directory.Ldap') diff --git a/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/ChangeLog b/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/ChangeLog index 7cba50782e6..97267527548 100644 --- a/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/ChangeLog +++ b/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/ChangeLog @@ -1,3 +1,10 @@ +2005-11-03 Konstantin Triger + + * CreateContextPrivilegedAction.cs: always require mutual auth; + require integrity by default. + * Krb5Helper.cs: for wrap/unwrap: always create MessageProp with + pribState set. + 2005-14-08 Boris Kirzner * Krb5Helper.cs: ExchangeTokens does proper final handshaking. Wrap/Unwrap perform no action if no integrity and encryption accured. @@ -12,4 +19,4 @@ Novell.Directory.Ldap.Security.jvm/Krb5Helper.cs, Novell.Directory.Ldap.Security.jvm/UnwrapPrivilegedAction.cs, Novell.Directory.Ldap.Security.jvm/AuthenticationCallbackHandler.cs: added - new classes implementing kerberos authntication support. \ No newline at end of file + new classes implementing kerberos authntication support. diff --git a/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/CreateContextPrivilegedAction.cs b/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/CreateContextPrivilegedAction.cs index 847b8096304..e98fb9d4053 100644 --- a/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/CreateContextPrivilegedAction.cs +++ b/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/CreateContextPrivilegedAction.cs @@ -71,10 +71,10 @@ namespace Novell.Directory.Ldap.Security GSSName serverName = manager.createName (_name, GSSName__Finals.NT_HOSTBASED_SERVICE, krb5Oid); GSSContext context = manager.createContext (serverName, krb5Oid, null, GSSContext__Finals.INDEFINITE_LIFETIME); - //context.requestMutualAuth(true); + context.requestMutualAuth(true); context.requestConf (_encryption); - if (_signing) - context.requestInteg (_signing); + if (!_encryption || _signing) + context.requestInteg (!_encryption || _signing); context.requestCredDeleg (_delegation); return context; diff --git a/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/Krb5Helper.cs b/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/Krb5Helper.cs index a83d2afe917..41889337d15 100644 --- a/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/Krb5Helper.cs +++ b/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/Krb5Helper.cs @@ -56,7 +56,6 @@ namespace Novell.Directory.Ldap.Security private readonly bool _delegation; private readonly GSSContext _context; - private readonly MessageProp _messageProperties; private readonly string _name; private readonly Subject _subject; @@ -78,9 +77,6 @@ namespace Novell.Directory.Ldap.Security CreateContextPrivilegedAction action = new CreateContextPrivilegedAction (_name,_mech,_encryption,_signing,_delegation); _context = (GSSContext) Subject.doAs (_subject,action); - - // 0 is a default JGSS QoP - _messageProperties = new MessageProp (0, _encryption); } #endregion // Constructors @@ -102,11 +98,9 @@ namespace Novell.Directory.Ldap.Security if (clientToken == null || clientToken.Length == 0) return Krb5Helper.EmptyToken; - MessageProp messageProp = new MessageProp (0, false); - //final handshake byte [] challengeData = (byte []) TypeUtils.ToByteArray (clientToken); - byte [] gssOutToken = Unwrap (challengeData, 0, challengeData.Length, messageProp); + byte [] gssOutToken = Unwrap (challengeData, 0, challengeData.Length, new MessageProp (false)); QOP myCop = QOP.NO_PROTECTION; @@ -127,7 +121,7 @@ namespace Novell.Directory.Ldap.Security SecureStream.IntToNetworkByteOrder (srvMaxBufSize, gssInToken, 1, 3); - gssOutToken = Wrap (gssInToken, 0, gssInToken.Length, messageProp); + gssOutToken = Wrap (gssInToken, 0, gssInToken.Length, new MessageProp (true)); return TypeUtils.ToSByteArray (gssOutToken); } @@ -160,7 +154,7 @@ namespace Novell.Directory.Ldap.Security public byte [] Wrap(byte [] outgoing, int start, int len) { - return Wrap (outgoing, start, len, _messageProperties); + return Wrap (outgoing, start, len, new MessageProp(true)); } public byte [] Wrap(byte [] outgoing, int start, int len, MessageProp messageProp) @@ -186,7 +180,7 @@ namespace Novell.Directory.Ldap.Security public byte [] Unwrap(byte [] incoming, int start, int len) { - return Unwrap (incoming, start, len, _messageProperties); + return Unwrap (incoming, start, len, new MessageProp(true)); } public byte [] Unwrap(byte [] incoming, int start, int len, MessageProp messageProp) -- cgit v1.2.3