4c190e2f91
When GSSAPI integrity signatures are in use, or when we're using GSSAPI privacy with the v2 token format, there is a trailing checksum on the xdr_buf that is returned. It's checked during the authentication stage, and afterward nothing cares about it. Ordinarily, it's not a problem since the XDR code generally ignores it, but it will be when we try to compute a checksum over the buffer to help prevent XID collisions in the duplicate reply cache. Fix the code to trim off the checksums after verifying them. Note that in unwrap_integ_data, we must avoid trying to reverify the checksum if the request was deferred since it will no longer be present when it's revisited. Signed-off-by: Jeff Layton <jlayton@redhat.com> |
||
|---|---|---|
| .. | ||
| auth_gss.c | ||
| gss_generic_token.c | ||
| gss_krb5_crypto.c | ||
| gss_krb5_keys.c | ||
| gss_krb5_mech.c | ||
| gss_krb5_seal.c | ||
| gss_krb5_seqnum.c | ||
| gss_krb5_unseal.c | ||
| gss_krb5_wrap.c | ||
| gss_mech_switch.c | ||
| Makefile | ||
| svcauth_gss.c | ||