From 4ca13eba5ac80d575b74ffb1b22f3eea4a603f33 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Fri, 30 Apr 2010 21:08:11 +0000 Subject: Merge trunk changes from r23937 to r23957 to iakerb branch git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23958 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/crypto/krb/old_api_glue.c | 62 +++++++++++++-------------------------- src/lib/krb5/krb/get_creds.c | 6 ++-- 2 files changed, 23 insertions(+), 45 deletions(-) diff --git a/src/lib/crypto/krb/old_api_glue.c b/src/lib/crypto/krb/old_api_glue.c index c705ff5..49f554d 100644 --- a/src/lib/crypto/krb/old_api_glue.c +++ b/src/lib/crypto/krb/old_api_glue.c @@ -60,13 +60,11 @@ krb5_encrypt(krb5_context context, krb5_const_pointer inptr, if (ret) return ret; - ivecd.length = blocksize; - ivecd.data = ivec; + ivecd = make_data(ivec, blocksize); } /* size is the length of the input cleartext data. */ - inputd.length = size; - inputd.data = inptr; + inputd = make_data((void *) inptr, size); /* * The size of the output buffer isn't part of the old api. Not too @@ -76,8 +74,7 @@ krb5_encrypt(krb5_context context, krb5_const_pointer inptr, if (ret) return ret; - outputd.ciphertext.length = outlen; - outputd.ciphertext.data = outptr; + outputd.ciphertext = make_data(outptr, outlen); return krb5_c_encrypt(context, eblock->key, 0, ivec ? &ivecd : 0, &inputd, &outputd); @@ -98,20 +95,17 @@ krb5_decrypt(krb5_context context, krb5_const_pointer inptr, if (ret) return ret; - ivecd.length = blocksize; - ivecd.data = ivec; + ivecd = make_data(ivec, blocksize); } /* size is the length of the input ciphertext data */ inputd.enctype = eblock->key->enctype; - inputd.ciphertext.length = size; - inputd.ciphertext.data = inptr; + inputd.ciphertext = make_data((void *) inptr, size); /* we don't really know how big this is, but the code tends to assume that the output buffer size should be the same as the input buffer size */ - outputd.length = size; - outputd.data = outptr; + outputd = make_data(outptr, size); return krb5_c_decrypt(context, eblock->key, 0, ivec ? &ivecd : 0, &inputd, &outputd); @@ -145,10 +139,7 @@ krb5_error_code KRB5_CALLCONV krb5_init_random_key(krb5_context context, const krb5_encrypt_block *eblock, const krb5_keyblock *keyblock, krb5_pointer *ptr) { - krb5_data data; - - data.length = keyblock->length; - data.data = (char *) keyblock->contents; + krb5_data data = make_data(keyblock->contents, keyblock->length); return krb5_c_random_seed(context, &data); } @@ -226,17 +217,14 @@ krb5_calculate_checksum(krb5_context context, krb5_cksumtype ctype, krb5_const_pointer seed, size_t seed_length, krb5_checksum *outcksum) { - krb5_data input; + krb5_data input = make_data((void *) in, in_length); krb5_keyblock key; krb5_error_code ret; krb5_checksum cksum; - input.data = in; - input.length = in_length; - key.enctype = ENCTYPE_NULL; key.length = seed_length; - key.contents = seed; + key.contents = (unsigned char *) seed; ret = krb5_c_make_checksum(context, ctype, &key, 0, &input, &cksum); if (ret) @@ -264,16 +252,13 @@ krb5_verify_checksum(krb5_context context, krb5_cksumtype ctype, size_t in_length, krb5_const_pointer seed, size_t seed_length) { - krb5_data input; + krb5_data input = make_data((void *) in, in_length); krb5_keyblock key; krb5_error_code ret; krb5_boolean valid; - input.data = in; - input.length = in_length; - key.length = seed_length; - key.contents = seed; + key.contents = (unsigned char *) seed; ret = krb5_c_verify_checksum(context, &key, 0, &input, cksum, &valid); if (ret) @@ -288,10 +273,7 @@ krb5_verify_checksum(krb5_context context, krb5_cksumtype ctype, krb5_error_code KRB5_CALLCONV krb5_random_confounder(size_t size, krb5_pointer ptr) { - krb5_data random_data; - - random_data.length = size; - random_data.data = ptr; + krb5_data random_data = make_data(ptr, size); return krb5_c_random_make_octets(NULL, &random_data); } @@ -313,17 +295,15 @@ krb5_error_code krb5_encrypt_data(krb5_context context, krb5_keyblock *key, if (ret) return ret; - ivecd.length = blocksize; - ivecd.data = ivec; + ivecd = make_data(ivec, blocksize); } enc_data->magic = KV5M_ENC_DATA; enc_data->kvno = 0; enc_data->enctype = key->enctype; - enc_data->ciphertext.length = enclen; - enc_data->ciphertext.data = malloc(enclen); - if (enc_data->ciphertext.data == NULL) - return ENOMEM; + ret = alloc_data(&enc_data->ciphertext, enclen); + if (ret) + return ret; ret = krb5_c_encrypt(context, key, 0, ivec ? &ivecd : 0, data, enc_data); if (ret) @@ -345,14 +325,12 @@ krb5_error_code krb5_decrypt_data(krb5_context context, krb5_keyblock *key, if (ret) return ret; - ivecd.length = blocksize; - ivecd.data = ivec; + ivecd = make_data(ivec, blocksize); } - data->length = enc_data->ciphertext.length; - data->data = malloc(data->length); - if (data->data == NULL) - return ENOMEM; + ret = alloc_data(data, enc_data->ciphertext.length); + if (ret) + return ret; ret = krb5_c_decrypt(context, key, 0, ivec ? &ivecd : 0, enc_data, data); if (ret) diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c index 6099c6d..0e4956e 100644 --- a/src/lib/krb5/krb/get_creds.c +++ b/src/lib/krb5/krb/get_creds.c @@ -733,14 +733,14 @@ get_cached_tgt(krb5_context context, krb5_tkt_creds_context ctx, *tgt = NULL; /* Construct the principal krbtgt/@. The realm - * won't matter unless we're getting the local TGT. */ + * won't matter if we're getting a foreign TGT. */ code = krb5int_tgtname(context, realm, &ctx->client->realm, &tgtname); if (code != 0) goto cleanup; - /* Match the TGT realm only if we're getting the local TGT. */ + /* Don't match the TGT realm if we're getting a foreign TGT. */ flags = KRB5_TC_SUPPORTED_KTYPES; - if (local_realm) + if (!local_realm) flags |= KRB5_TC_MATCH_SRV_NAMEONLY; /* Construct a matching cred for the ccache query. */ -- cgit v1.1