#include "write_bytes.h"
#include "context.h"
-extern OM_uint32 gss_export_lucid_sec_context(OM_uint32 *min_stat,
- gss_ctx_id_t *ctx,
- OM_uint32 version,
- void **kctx);
-extern OM_uint32 gss_free_lucid_sec_context(OM_uint32 *min_stat,
- gss_ctx_id_t ctx,
- void *kctx);
static int
write_lucid_keyblock(char **p, char *end, gss_krb5_lucid_key_t *key)
else
keyptr = &lctx->cfx_kd.ctx_key;
-#if 0
- if (lctx->initiate == 1) {
- sign_usage = KG_USAGE_INITIATOR_SIGN;
- seal_usage = KG_USAGE_INITIATOR_SEAL;
- } else {
- sign_usage = KG_USAGE_ACCEPTOR_SIGN;
- seal_usage = KG_USAGE_ACCEPTOR_SEAL;
- }
-#else
/* FIXME
- * These are from rfc4142, but I don't understand: if we supply
- * different 'usage' value for client & server, then the peers
- * will have different derived keys. How could this work?
+ * These are from rfc4142, but I don't understand:
+ * if we supply different 'usage' value for client &
+ * server, then the peers will have different derived
+ * keys. How could this work?
*
- * Here we simply use old SIGN/SEAL values until we find the
- * answer. --ericm
+ * Here we simply use old SIGN/SEAL values until we
+ * find the answer. --ericm
* FIXME
*/
sign_usage = KG_USAGE_SIGN;
seal_usage = KG_USAGE_SEAL;
-#endif
/* derive and send down: Ke, Ki, and Kc */
int retcode = 0;
printerr(3, "lucid version!\n");
- maj_stat = gss_export_lucid_sec_context(&min_stat, &ctx,
+ maj_stat = gss_krb5_export_lucid_sec_context(&min_stat, &ctx,
1, &return_ctx);
if (maj_stat != GSS_S_COMPLETE) {
- pgsserr("gss_export_lucid_sec_context",
+ pgsserr("gss_krb5_export_lucid_sec_context",
maj_stat, min_stat, &krb5oid);
goto out_err;
}
else
retcode = prepare_krb5_rfc4121_buffer(lctx, buf);
- maj_stat = gss_free_lucid_sec_context(&min_stat, ctx, return_ctx);
+ maj_stat = gss_krb5_free_lucid_sec_context(&min_stat, return_ctx);
if (maj_stat != GSS_S_COMPLETE) {
- pgsserr("gss_export_lucid_sec_context",
+ pgsserr("gss_krb5_export_lucid_sec_context",
maj_stat, min_stat, &krb5oid);
printerr(0, "WARN: failed to free lucid sec context\n");
}