From 22e3cd04b19e0b766977dd3474ecbe14d88f7743 Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Tue, 24 Nov 2009 01:14:01 +0000 Subject: Store configuration information about whether FAST is available in the ccache based on FAST negotiation git-svn-id: svn://anonsvn.mit.edu/krb5/users/hartmans/fast-negotiate@23336 dc483132-0cff-0310-8789-dd5450dbe970 --- src/include/k5-int.h | 2 ++ src/lib/krb5/krb/fast.c | 7 ++++--- src/lib/krb5/krb/fast.h | 3 ++- src/lib/krb5/krb/get_in_tkt.c | 14 ++++++++++++-- 4 files changed, 20 insertions(+), 6 deletions(-) diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 0773e64..d520da5 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -257,6 +257,8 @@ typedef INT64_TYPE krb5_int64; #define KRB5_CONF_V4_INSTANCE_CONVERT "v4_instance_convert" #define KRB5_CONF_V4_REALM "v4_realm" #define KRB5_CONF_ASTERISK "*" +#define KRB5_CCCONF_FAST_AVAIL "fast_avail" + /* Error codes used in KRB_ERROR protocol messages. Return values of library routines are based on a different error table diff --git a/src/lib/krb5/krb/fast.c b/src/lib/krb5/krb/fast.c index f25fc87..d1db099 100644 --- a/src/lib/krb5/krb/fast.c +++ b/src/lib/krb5/krb/fast.c @@ -533,7 +533,7 @@ krb5int_find_pa_data(krb5_context context, krb5_pa_data *const *padata, krb5_error_code krb5int_fast_verify_nego (krb5_context context, struct krb5int_fast_request_state *state, krb5_kdc_rep *rep, krb5_data *request, - krb5_keyblock *decrypting_key) + krb5_keyblock *decrypting_key, krb5_boolean *fast_avail) { krb5_error_code retval = 0; krb5_checksum *checksum = NULL; @@ -559,8 +559,9 @@ krb5_error_code krb5int_fast_verify_nego if (retval == 0) { pa = krb5int_find_pa_data(context, rep->enc_part2->enc_padata, KRB5_PADATA_FX_FAST); - /*if (pa) - printf("FAST enabled on KDC\n");*/ + if (pa) + *fast_avail = 1; + else *fast_avail = 0; } } if (checksum) diff --git a/src/lib/krb5/krb/fast.h b/src/lib/krb5/krb/fast.h index 3f03ae7..74b4136 100644 --- a/src/lib/krb5/krb/fast.h +++ b/src/lib/krb5/krb/fast.h @@ -82,7 +82,8 @@ krb5_error_code krb5int_fast_reply_key(krb5_context context, krb5_error_code krb5int_fast_verify_nego (krb5_context context, struct krb5int_fast_request_state *state, krb5_kdc_rep *rep, krb5_data *request, - krb5_keyblock *decrypting_key); + krb5_keyblock *decrypting_key, krb5_boolean *fast_avail); + diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index dd6f545..6d310cb 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -1116,6 +1116,7 @@ krb5_get_init_creds(krb5_context context, int canon_flag = 0; krb5_principal_data referred_client; krb5_boolean retry = 0; + krb5_boolean fast_avail = 0; /*The KDC for this realm supports fast; output of negotiation*/ struct krb5int_fast_request_state *fast_state = NULL; krb5_pa_data **out_padata = NULL; @@ -1595,7 +1596,7 @@ krb5_get_init_creds(krb5_context context, } ret = krb5int_fast_verify_nego(context, fast_state, local_as_reply, encoded_previous_request, - &encrypting_key); + &encrypting_key, &fast_avail); if (ret) goto cleanup; if ((ret = verify_as_reply(context, time_now, &request, local_as_reply))) @@ -1614,11 +1615,20 @@ krb5_get_init_creds(krb5_context context, ret = 0; if (options&&options->opt_private->out_ccache) { krb5_ccache out_ccache = options->opt_private->out_ccache; + krb5_data config_data; ret = krb5_cc_initialize(context, out_ccache, creds->client); if (ret != 0) goto cc_cleanup; ret = krb5_cc_store_cred(context, out_ccache, creds); - cc_cleanup: + if (ret != 0) + goto cc_cleanup; + if (fast_avail) { + config_data.data = "yes"; + config_data.length = strlen(config_data.data); + ret = krb5_cc_set_config(context, out_ccache, creds->server, + KRB5_CCCONF_FAST_AVAIL, &config_data); + } + cc_cleanup: if (ret !=0) { const char *msg; msg = krb5_get_error_message(context, ret); -- cgit v1.1