aboutsummaryrefslogtreecommitdiff
path: root/src/lib/krb5/krb/mk_req_ext.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/krb5/krb/mk_req_ext.c')
-rw-r--r--src/lib/krb5/krb/mk_req_ext.c58
1 files changed, 39 insertions, 19 deletions
diff --git a/src/lib/krb5/krb/mk_req_ext.c b/src/lib/krb5/krb/mk_req_ext.c
index 1ed14a9..cdb8f69 100644
--- a/src/lib/krb5/krb/mk_req_ext.c
+++ b/src/lib/krb5/krb/mk_req_ext.c
@@ -68,7 +68,39 @@ static krb5_error_code
krb5_generate_authenticator (krb5_context,
krb5_authenticator *, krb5_principal,
krb5_checksum *, krb5_keyblock *,
- krb5_int32, krb5_authdata ** );
+ krb5_ui_4, krb5_authdata ** );
+
+krb5_error_code
+krb5int_generate_and_save_subkey (krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_keyblock *keyblock)
+{
+ /* Provide some more fodder for random number code.
+ This isn't strong cryptographically; the point here is not
+ to guarantee randomness, but to make it less likely that multiple
+ sessions could pick the same subkey. */
+ struct {
+ krb5_int32 sec, usec;
+ } rnd_data;
+ krb5_data d;
+ krb5_error_code retval;
+
+ krb5_crypto_us_timeofday (&rnd_data.sec, &rnd_data.usec);
+ d.length = sizeof (rnd_data);
+ d.data = (char *) &rnd_data;
+ (void) krb5_c_random_add_entropy (context, KRB5_C_RANDSOURCE_TIMING, &d);
+
+ if ((retval = krb5_generate_subkey(context, keyblock, &auth_context->send_subkey)))
+ return retval;
+ retval = krb5_copy_keyblock(context, auth_context->send_subkey,
+ &auth_context->recv_subkey);
+ if (retval) {
+ krb5_free_keyblock(context, auth_context->send_subkey);
+ auth_context->send_subkey = NULL;
+ return retval;
+ }
+ return 0;
+}
krb5_error_code KRB5_CALLCONV
krb5_mk_req_extended(krb5_context context, krb5_auth_context *auth_context,
@@ -130,22 +162,10 @@ krb5_mk_req_extended(krb5_context context, krb5_auth_context *auth_context,
goto cleanup;
}
- if ((ap_req_options & AP_OPTS_USE_SUBKEY)&&(!(*auth_context)->local_subkey)) {
- /* Provide some more fodder for random number code.
- This isn't strong cryptographically; the point here is not
- to guarantee randomness, but to make it less likely that multiple
- sessions could pick the same subkey. */
- struct {
- krb5_int32 sec, usec;
- } rnd_data;
- krb5_data d;
- krb5_crypto_us_timeofday (&rnd_data.sec, &rnd_data.usec);
- d.length = sizeof (rnd_data);
- d.data = (char *) &rnd_data;
- (void) krb5_c_random_add_entropy (context, KRB5_C_RANDSOURCE_TIMING, &d);
-
- if ((retval = krb5_generate_subkey(context, &(in_creds)->keyblock,
- &(*auth_context)->local_subkey)))
+ if ((ap_req_options & AP_OPTS_USE_SUBKEY)&&(!(*auth_context)->send_subkey)) {
+ retval = krb5int_generate_and_save_subkey (context, *auth_context,
+ &in_creds->keyblock);
+ if (retval)
goto cleanup;
}
@@ -178,7 +198,7 @@ krb5_mk_req_extended(krb5_context context, krb5_auth_context *auth_context,
if ((retval = krb5_generate_authenticator(context,
(*auth_context)->authentp,
(in_creds)->client, checksump,
- (*auth_context)->local_subkey,
+ (*auth_context)->send_subkey,
(*auth_context)->local_seq_number,
(in_creds)->authdata)))
goto cleanup_cksum;
@@ -232,7 +252,7 @@ cleanup:
}
static krb5_error_code
-krb5_generate_authenticator(krb5_context context, krb5_authenticator *authent, krb5_principal client, krb5_checksum *cksum, krb5_keyblock *key, krb5_int32 seq_number, krb5_authdata **authorization)
+krb5_generate_authenticator(krb5_context context, krb5_authenticator *authent, krb5_principal client, krb5_checksum *cksum, krb5_keyblock *key, krb5_ui_4 seq_number, krb5_authdata **authorization)
{
krb5_error_code retval;
generated by cgit v1.1 at 2024-08-01 10:07:47 +0000