Skip Menu |
 

From: "Frank Filz" <ffilzlnx@mindspring.com>
To: <krb5-bugs@mit.edu>
Subject: Issue with MIT Kerberos Documentation - Developing with GSSAPI
Date: Tue, 16 Apr 2019 16:42:49 -0700

From this page:

 

http://web.mit.edu/kerberos/krb5-1.15/doc/appdev/gssapi.html

 

The example for gss_get_mic_iov_length is actually just a repeat of the example for gss_wrap_iov_length.

 

I’m having troubles using gss_get_mic_iov_length and I’m wondering if I’m missing something.

 

Thanks

 

Frank Filz

Download (untitled) / with headers
text/plain 1.8KiB
Whoops. It's not a repeat of the gss_wrap_iov_length() function, but
it does call the wrong functions. I believe it should read:

OM_uint32 major, minor;
gss_iov_buffer_desc iov[2];
char data[1024];

iov[0].type = GSS_IOV_BUFFER_TYPE_MIC_TOKEN;
iov[1].type = GSS_IOV_BUFFER_TYPE_DATA;
iov[1].buffer.value = "message";
iov[1].buffer.length = 7;

major = gss_get_mic_iov_length(&minor, ctx, GSS_C_QOP_DEFAULT,
iov, 2);
if (GSS_ERROR(major))
handle_error(major, minor);
if (iov[0].buffer.length > sizeof(data))
handle_out_of_space_error();
iov[0].buffer.value = data;

major = gss_get_mic_iov(&minor, ctx, GSS_C_QOP_DEFAULT, iov, 2);
if (GSS_ERROR(major))
handle_error(major, minor);

I will fix it. If you'd like to see a working example of
gss_get_mic_iov_length() to help debug the problem you're running
into, src/tests/gssapi/t_iov.c contains code which is compiled and
run as part of "make check".
From: "Frank Filz" <ffilzlnx@mindspring.com>
To: <rt-comment@krbdev.mit.edu>
Subject: RE: [krbdev.mit.edu #8797] Issue with MIT Kerberos Documentation - Developing with GSSAPI
Date: Wed, 17 Apr 2019 11:47:34 -0700
RT-Send-Cc:
Download (untitled) / with headers
text/plain 1.1KiB
Show quoted text
> Whoops. It's not a repeat of the gss_wrap_iov_length() function, but it
does call
Show quoted text
> the wrong functions. I believe it should read:
>
> OM_uint32 major, minor;
> gss_iov_buffer_desc iov[2];
> char data[1024];
>
> iov[0].type = GSS_IOV_BUFFER_TYPE_MIC_TOKEN;
> iov[1].type = GSS_IOV_BUFFER_TYPE_DATA;
> iov[1].buffer.value = "message";
> iov[1].buffer.length = 7;
>
> major = gss_get_mic_iov_length(&minor, ctx, GSS_C_QOP_DEFAULT,
> iov, 2);
> if (GSS_ERROR(major))
> handle_error(major, minor);
> if (iov[0].buffer.length > sizeof(data))
> handle_out_of_space_error();
> iov[0].buffer.value = data;
>
> major = gss_get_mic_iov(&minor, ctx, GSS_C_QOP_DEFAULT, iov, 2);
> if (GSS_ERROR(major))
> handle_error(major, minor);
>
> I will fix it. If you'd like to see a working example of
> gss_get_mic_iov_length() to help debug the problem you're running into,
> src/tests/gssapi/t_iov.c contains code which is compiled and run as part
of
Show quoted text
> "make check".

I thought (and t_iov.c seems to confirm) that the
GSS_IOV_BUFFER_TYPE_MIC_TOKEN comes after the GSS_IOV_BUFFER_TYPE_DATA
buffer.

Thanks

Frank
[ffilzlnx@mindspring.com - Wed Apr 17 14:47:35 2019]:
Show quoted text
> I thought (and t_iov.c seems to confirm) that the
> GSS_IOV_BUFFER_TYPE_MIC_TOKEN comes after the
GSS_IOV_BUFFER_TYPE_DATA
Show quoted text
> buffer.

It shouldn't matter whether it comes before or after. The result
should appear in the first MIC_TOKEN iov, and all DATA and SIGN_ONLY
iovs should contribute to the data being signed.
From: ghudson@mit.edu
Subject: git commit

Fix gss_get_mic_iov() example code

The example code for gss_get_mic_iov() using a caller-provided buffer
calls gss_wrap_iov_length() and gss_wrap_iov() instead of
gss_get_mic_iov_length() and gss_get_mic_iov() as intended. Reported
by Frank Filz.

https://github.com/krb5/krb5/commit/bf4156db4f6c2e8cd420cd556bfa9e39f1a3d556
Author: Greg Hudson <ghudson@mit.edu>
Commit: bf4156db4f6c2e8cd420cd556bfa9e39f1a3d556
Branch: master
doc/appdev/gssapi.rst | 6 ++----
1 files changed, 2 insertions(+), 4 deletions(-)
Subject: git commit
From: ghudson@mit.edu

Fix gss_get_mic_iov() example code

The example code for gss_get_mic_iov() using a caller-provided buffer
calls gss_wrap_iov_length() and gss_wrap_iov() instead of
gss_get_mic_iov_length() and gss_get_mic_iov() as intended. Reported
by Frank Filz.

(cherry picked from commit bf4156db4f6c2e8cd420cd556bfa9e39f1a3d556)

https://github.com/krb5/krb5/commit/b72c491c85cc52c2dc5d1a77bebe840d0b871cf5
Author: Greg Hudson <ghudson@mit.edu>
Commit: b72c491c85cc52c2dc5d1a77bebe840d0b871cf5
Branch: krb5-1.17
doc/appdev/gssapi.rst | 6 ++----
1 files changed, 2 insertions(+), 4 deletions(-)