[torquedev] patch: gssapi: support integrity protection on authenticated connections

Garrick Staples garrick at usc.edu
Mon Jun 4 16:35:45 MDT 2007


On Wed, May 30, 2007 at 03:07:02PM +0200, Sergio Gelato alleged:
> The patches below add integrity (and optional confidentiality)
> protection to authenticated GSSAPI connections. They've passed
> my initial testing.
> 
> The first patch is not GSSAPI-specific and may be also of interest for
> the trunk. It adds a function DIS_tcp_release(fd) to be called when a
> TCP connection is closed. In the GSSAPI case this will be extended to
> release the security context as soon as it is no longer needed. I'm not
> yet entirely confident that this new function is called from *all* the
> right places; please audit.
> 
> The second patch adds the machinery to wrap and unwrap messages that
> are sent on the wire. It depends on the first patch. Sorry if it doesn't
> look elegant, but for a first cut I wanted to keep the code changes as
> localised as possible.
> 
> The third patch makes use of the new machinery to actually wrap traffic
> after authentication. Only integrity protection (GSS_C_INTEG_FLAG) is
> explicitly required; confidentiality (GSS_C_CONF_FLAG) is used if
> the security context supports it (that was the case in my tests).

Can non-gssapi builds still talk to gssapi builds with these patches?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.supercluster.org/pipermail/torquedev/attachments/20070604/96621a3e/attachment.bin


More information about the torquedev mailing list