diff options
author | Sam Hartman <hartmans@mit.edu> | 2009-11-24 01:13:36 +0000 |
---|---|---|
committer | Sam Hartman <hartmans@mit.edu> | 2009-11-24 01:13:36 +0000 |
commit | 104b2108a3532fb9dfb13b2265c9bde4f4cd35ae (patch) | |
tree | 3b145b2b3395533f75379e10633cb5315da9fd46 | |
parent | 4367ef76e1ad7be15d1ac7360e5f95e22562c48f (diff) | |
download | krb5-104b2108a3532fb9dfb13b2265c9bde4f4cd35ae.zip krb5-104b2108a3532fb9dfb13b2265c9bde4f4cd35ae.tar.gz krb5-104b2108a3532fb9dfb13b2265c9bde4f4cd35ae.tar.bz2 |
As and TGS path: cliam to support FAST negotiation in ticket flag; restructure enc_padata path to prepare for additional padata
git-svn-id: svn://anonsvn.mit.edu/krb5/users/hartmans/fast-negotiate@23328 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r-- | src/kdc/do_as_req.c | 3 | ||||
-rw-r--r-- | src/kdc/do_tgs_req.c | 3 | ||||
-rw-r--r-- | src/kdc/kdc_preauth.c | 23 | ||||
-rw-r--r-- | src/kdc/kdc_util.h | 7 |
4 files changed, 20 insertions, 16 deletions
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index 45ae496..6f2a1e1 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -310,6 +310,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, enc_tkt_reply.times.authtime = authtime; setflag(enc_tkt_reply.flags, TKT_FLG_INITIAL); + setflag(enc_tkt_reply.flags, TKT_FLG_ENC_PA_REP); /* * It should be noted that local policy may affect the @@ -556,7 +557,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, reply.client->realm.data, reply.client->data->data); #endif /* APPLE_PKINIT */ - errcode = return_svr_referral_data(kdc_context, + errcode = return_enc_padata(kdc_context, req_pkt, request, &server, &reply_encpart); if (errcode) { status = "KDC_RETURN_ENC_PADATA"; diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index 778a3e8..4bd24cf 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -454,6 +454,7 @@ tgt_again: */ if (!(header_enc_tkt->times.starttime)) header_enc_tkt->times.starttime = authtime; + setflag(enc_tkt_reply.flags, TKT_FLG_ENC_PA_REP); /* don't use new addresses unless forwarded, see below */ @@ -756,7 +757,7 @@ tgt_again: } if (is_referral && isflagset(s_flags, KRB5_KDB_FLAG_CANONICALIZE)) { - errcode = return_svr_referral_data(kdc_context, + errcode = return_enc_padata(kdc_context, pkt, request, &server, &reply_encpart); if (errcode) { status = "KDC_RETURN_ENC_PADATA"; diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c index 05b109b..5266012 100644 --- a/src/kdc/kdc_preauth.c +++ b/src/kdc/kdc_preauth.c @@ -3064,16 +3064,24 @@ include_pac_p(krb5_context context, krb5_kdc_req *request) } krb5_error_code -return_svr_referral_data(krb5_context context, - krb5_db_entry *server, +return_enc_padata(krb5_context context, + krb5_data *req_pkt, krb5_kdc_req *request, + krb5_db_entry *server, krb5_enc_kdc_rep_part *reply_encpart) { krb5_error_code code; krb5_tl_data tl_data; krb5_pa_data *pa_data; + int idx = 0; - /* This should be initialized and only used for Win2K compat */ + /* This should be initialized and only used for Win2K compat and other + * specific standardized uses such as FAST negotiation.*/ assert(reply_encpart->enc_padata == NULL); + reply_encpart->enc_padata = (krb5_pa_data **)calloc(4, sizeof(krb5_pa_data *)); + if (reply_encpart->enc_padata == NULL) { + return ENOMEM; + } + tl_data.tl_data_type = KRB5_TL_SVR_REFERRAL_DATA; @@ -3084,7 +3092,6 @@ return_svr_referral_data(krb5_context context, pa_data = (krb5_pa_data *)malloc(sizeof(*pa_data)); if (pa_data == NULL) return ENOMEM; - pa_data->magic = KV5M_PA_DATA; pa_data->pa_type = KRB5_PADATA_SVR_REFERRAL_INFO; pa_data->length = tl_data.tl_data_length; @@ -3095,14 +3102,8 @@ return_svr_referral_data(krb5_context context, } memcpy(pa_data->contents, tl_data.tl_data_contents, tl_data.tl_data_length); - reply_encpart->enc_padata = (krb5_pa_data **)calloc(2, sizeof(krb5_pa_data *)); - if (reply_encpart->enc_padata == NULL) { - free(pa_data->contents); - free(pa_data); - return ENOMEM; - } - reply_encpart->enc_padata[0] = pa_data; + reply_encpart->enc_padata[idx++] = pa_data; reply_encpart->enc_padata[1] = NULL; return 0; diff --git a/src/kdc/kdc_util.h b/src/kdc/kdc_util.h index a234720..289acd5 100644 --- a/src/kdc/kdc_util.h +++ b/src/kdc/kdc_util.h @@ -250,9 +250,10 @@ krb5_boolean include_pac_p(krb5_context context, krb5_kdc_req *request); krb5_error_code -return_svr_referral_data (krb5_context context, - krb5_db_entry *server, - krb5_enc_kdc_rep_part *reply_encpart); +return_enc_padata(krb5_context context, + krb5_data *req_pkt, krb5_kdc_req *request, + krb5_db_entry *server, + krb5_enc_kdc_rep_part *reply_encpart); krb5_error_code sign_db_authdata (krb5_context context, |