oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

gsskrb5: Use optimistic anon PKINIT armored FAST

Browse Source
This commit is contained in:
Nicolas Williams
2021-12-29 16:56:53 -06:00
committed by Luke Howard
parent 554f375626
commit 09f3f96467
1 changed files with 29 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
lib/gssapi/krb5/acquire_cred.c
View File

@@ -203,7 +203,8 @@ acquire_cred_with_password(OM_uint32 *minor_status,
{ {
OM_uint32 ret = GSS_S_FAILURE; OM_uint32 ret = GSS_S_FAILURE;
krb5_creds cred; krb5_creds cred;
krb5_get_init_creds_opt *opt; krb5_init_creds_context ctx = NULL;
krb5_get_init_creds_opt *opt = NULL;
krb5_ccache ccache = NULL; krb5_ccache ccache = NULL;
krb5_error_code kret; krb5_error_code kret;
time_t now; time_t now;
@@ -236,13 +237,19 @@ acquire_cred_with_password(OM_uint32 *minor_status,
if (kret) if (kret)
goto end; goto end;
} }
kret = krb5_get_init_creds_opt_alloc(context, &opt);
if (kret)
goto end;
realm = krb5_principal_get_realm(context, handle->principal); realm = krb5_principal_get_realm(context, handle->principal);
krb5_get_init_creds_opt_set_default_flags(context, "gss_krb5", realm, opt); kret = krb5_get_init_creds_opt_alloc(context, &opt);
if (kret == 0) {
krb5_get_init_creds_opt_set_default_flags(context, "gss_krb5", realm,
opt);
kret = krb5_init_creds_init(context, handle->principal, NULL, NULL, 0,
opt, &ctx);
}
if (kret == 0)
kret = _krb5_init_creds_set_fast_anon_pkinit_optimistic(context, ctx);
if (kret == 0)
kret = krb5_init_creds_set_password(context, ctx, password);
/* /*
* Get the current time before the AS exchange so we don't * Get the current time before the AS exchange so we don't
@@ -256,21 +263,18 @@ acquire_cred_with_password(OM_uint32 *minor_status,
*/ */
krb5_timeofday(context, &now); krb5_timeofday(context, &now);
kret = krb5_get_init_creds_password(context, &cred, handle->principal, if (kret == 0)
password, NULL, NULL, 0, NULL, opt); kret = krb5_init_creds_get(context, ctx);
krb5_get_init_creds_opt_free(context, opt); if (kret == 0)
if (kret) kret = krb5_init_creds_get_creds(context, ctx, &cred);
goto end; if (kret == 0)
kret = krb5_cc_new_unique(context, krb5_cc_type_memory, NULL, &ccache);
kret = krb5_cc_new_unique(context, krb5_cc_type_memory, NULL, &ccache); if (kret == 0)
if (kret) kret = krb5_cc_initialize(context, ccache, cred.client);
goto end; if (kret == 0)
kret = krb5_init_creds_store(context, ctx, ccache);
kret = krb5_cc_initialize(context, ccache, cred.client); if (kret == 0)
if (kret) kret = krb5_cc_store_cred(context, ccache, &cred);
goto end;
kret = krb5_cc_store_cred(context, ccache, &cred);
if (kret) if (kret)
goto end; goto end;
@@ -284,14 +288,16 @@ acquire_cred_with_password(OM_uint32 *minor_status,
handle->ccache = ccache; handle->ccache = ccache;
ccache = NULL; ccache = NULL;
ret = GSS_S_COMPLETE; ret = GSS_S_COMPLETE;
kret = 0;
end: end:
krb5_get_init_creds_opt_free(context, opt);
if (ctx)
krb5_init_creds_free(context, ctx);
if (ccache != NULL) if (ccache != NULL)
krb5_cc_destroy(context, ccache); krb5_cc_destroy(context, ccache);
if (cred.client != NULL) if (cred.client != NULL)
krb5_free_cred_contents(context, &cred); krb5_free_cred_contents(context, &cred);
if (ret != GSS_S_COMPLETE && kret != 0) if (ret != GSS_S_COMPLETE)
*minor_status = kret; *minor_status = kret;
return (ret); return (ret);
} }