diff options
| author | John Kohl <jtkohl@mit.edu> | 1990-03-09 09:32:40 +0000 |
|---|---|---|
| committer | John Kohl <jtkohl@mit.edu> | 1990-03-09 09:32:40 +0000 |
| commit | b41034d50235980722188c7f1283e7765d599ec2 (patch) | |
| tree | 4b81f0798b7605137989483c628a66f9dd8a500d /src/lib | |
| parent | ae3c9fc5ffcdad749d59985ae8dc51d8559c2021 (diff) | |
| download | krb5-b41034d50235980722188c7f1283e7765d599ec2.zip krb5-b41034d50235980722188c7f1283e7765d599ec2.tar.gz krb5-b41034d50235980722188c7f1283e7765d599ec2.tar.bz2 | |
more cleanup code
need to encrypt the authenticator!
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@375 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/krb5/krb/mk_req_ext.c | 74 |
1 files changed, 67 insertions, 7 deletions
diff --git a/src/lib/krb5/krb/mk_req_ext.c b/src/lib/krb5/krb/mk_req_ext.c index c0ec7ec..23115f9 100644 --- a/src/lib/krb5/krb/mk_req_ext.c +++ b/src/lib/krb5/krb/mk_req_ext.c @@ -25,6 +25,7 @@ static char mk_req_ext_c[] = #include <krb5/libos-proto.h> #include <krb5/ext-proto.h> +#include <errno.h> /* Formats a KRB_AP_REQ message into outbuf, with more complete options than @@ -73,6 +74,8 @@ krb5_data *outbuf; krb5_ap_req request; krb5_authenticator authent; krb5_data *scratch; + krb5_enctype etype; + krb5_encrypt_block eblock; if ((ap_req_options & AP_OPTS_USE_SESSION_KEY) && !creds->ticket.length) @@ -86,22 +89,79 @@ krb5_data *outbuf; creds)) return(retval); } + /* verify a valid etype is available */ + etype = keytype_to_etype(creds->keyblock.keytype); /* XXX */ + + if (!valid_etype(etype)) + return KRB5KDC_ERR_ETYPE_NOSUPP; + request.ap_options = ap_req_options; /* we need a native ticket */ if (retval = krb5_decode_ticket(&creds->ticket, &request.ticket)) return(retval); /* XXX who cleans up creds? */ - if (retval = generate_authenticator(&authent, creds, checksum)) +#define cleanup_ticket() krb5_free_ticket(request.ticket) + if (retval = generate_authenticator(&authent, creds, checksum)) { + cleanup_ticket(); return retval; - if (retval = encode_krb5_authenticator(&authent, &scratch)) + } + /* encode it before encrypting */ + retval = encode_krb5_authenticator(&authent, &scratch); + cleanup_ticket(); + if (retval) + return(retval); + +#define cleanup_scratch() { (void) bzero(scratch->data, scratch->length); krb5_free_data(scratch); } + + /* put together an eblock for this encryption */ + + eblock.crypto_entry = krb5_csarray[etype]->system; + request.authenticator.length = krb5_encrypt_size(scratch->length, + eblock.crypto_entry); + if (!(request.authenticator.data = malloc(request.authenticator.length))) { + retval = ENOMEM; + goto clean_scratch; + } + +#define cleanup_encpart() {(void) bzero(request.authenticator.data, request.authenticator.length); free(request.authenticator.data); request.authenticator.length = 0; request.authenticator.data = 0;} + + /* do any necessary key pre-processing */ + if (retval = (*eblock.crypto_entry->process_key)(&eblock, + &creds->keyblock)) { + goto clean_encpart; + } + +#define cleanup_prockey() {(void) (*eblock.crypto_entry->finish_key)(&eblock);} + + /* call the encryption routine */ + if (retval = + (*eblock.crypto_entry->encrypt_func)((krb5_pointer) scratch->data, + (krb5_pointer) request.authenticator.data, + scratch->length, &eblock)) { + goto clean_prockey; + } + + /* authenticator now assembled-- do some cleanup */ + cleanup_scratch(); + + if (retval = (*eblock.crypto_entry->finish_key)(&eblock)) { + cleanup_encpart(); + return retval; + } + + retval = encode_krb5_ap_req(&request, &outbuf); + cleanup_encpart(); + if (retval) return(retval); - request.authenticator = *scratch; - free((char *)scratch); - /* now request is the output */ + clean_prockey: + cleanup_prockey(); + clean_encpart: + cleanup_encpart(); + clean_scratch: + cleanup_scratch(); + cleanup_ticket(); - if (retval = encode_krb5_ap_req(&request, &outbuf)) - free(request.authenticator.data); return retval; } |