Create a request structure

kdc/digest-service.c

@@ -44,6 +44,8 @@
 typedef struct pk_client_params pk_client_params;
 struct DigestREQ;
 struct Kx509Request;
+typedef struct kdc_request_desc *kdc_request_t;
+
 #include <kdc-private.h>
 
 krb5_kdc_configuration *config;

kdc/headers.h

@@ -106,6 +106,8 @@
 #include <kdc.h>
 #include <windc_plugin.h>
 
+#include <heimbase.h>
+
 #undef ALLOC
 #define ALLOC(X) ((X) = calloc(1, sizeof(*(X))))
 #undef ALLOC_SEQ

kdc/kdc_locl.h

@@ -43,8 +43,51 @@
 typedef struct pk_client_params pk_client_params;
 struct DigestREQ;
 struct Kx509Request;
+typedef struct kdc_request_desc *kdc_request_t;
+
 #include <kdc-private.h>
 
+struct kdc_request_desc {
+    krb5_context context;
+    krb5_kdc_configuration *config;
+
+    /* */
+
+    krb5_data request;
+    KDC_REQ req;
+    METHOD_DATA *padata;
+
+    /* out */
+
+    METHOD_DATA outpadata;
+    
+    KDC_REP rep;
+    EncTicketPart et;
+    EncKDCRepPart ek;
+
+    /* PA methods can affect both the reply key and the session key (pkinit) */
+    krb5_keyblock sessionetype;
+    krb5_keyblock reply_key;
+    krb5_keyblock session_key;
+
+    const char *e_text;
+
+    /* state */
+    krb5_principal client_princ;
+    char *client_name;
+    hdb_entry_ex *client;
+    HDB *clientdb;
+
+    krb5_principal server_princ;
+    char *server_name;
+    hdb_entry_ex *server;
+
+    krb5_crypto armor_crypto;
+
+    heim_dict_t pastate;
+};
+
+
 extern sig_atomic_t exit_flag;
 extern size_t max_request_udp;
 extern size_t max_request_tcp;

kdc/pkinit.c

@@ -1237,7 +1237,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
 		    krb5_enctype sessionetype,
 		    const KDC_REQ *req,
 		    const krb5_data *req_buffer,
-		    krb5_keyblock **reply_key,
+		    krb5_keyblock *reply_key,
 		    krb5_keyblock *sessionkey,
 		    METHOD_DATA *md)
 {
@@ -1563,7 +1563,7 @@ out:
 	hx509_cert_free(kdc_cert);
 
     if (ret == 0)
-	*reply_key = &cp->reply_key;
+	ret = krb5_copy_keyblock_contents(context, &cp->reply_key, reply_key);
     return ret;
 }
 

kdc/process.c

@@ -57,19 +57,25 @@ kdc_as_req(krb5_context context,
 	   int datagram_reply,
 	   int *claim)
 {
+    struct kdc_request_desc r;
     krb5_error_code ret;
-    KDC_REQ req;
     size_t len;
 
-    ret = decode_AS_REQ(req_buffer->data, req_buffer->length, &req, &len);
+    memset(&r, 0, sizeof(r));
+
+    ret = decode_AS_REQ(req_buffer->data, req_buffer->length, &r.req, &len);
     if (ret)
 	return ret;
 
+    r.context = context;
+    r.config = config;
+    r.request.data = req_buffer->data;
+    r.request.length = req_buffer->length;
+
     *claim = 1;
 
-    ret = _kdc_as_rep(context, config, &req, req_buffer,
-		      reply, from, addr, datagram_reply);
-    free_AS_REQ(&req);
+    ret = _kdc_as_rep(&r, reply, from, addr, datagram_reply);
+    free_AS_REQ(&r.req);
     return ret;
 }
 

tests/kdc/check-fast.in

@@ -43,7 +43,7 @@ export KRB5_CONFIG
 testfailed="echo test failed; cat messages.log; exit 1"
 
 # If there is no useful db support compile in, disable test
-${have_db} || exit 77
+#${have_db} || exit 77
 
 R=TEST.H5L.SE
 
@@ -139,6 +139,9 @@ if [ -f ${mit}/kinit ] ; then
    echo "Checking for FAST avail"
    ${klist} --hidden | grep fast_avail > /dev/null || { exit 1; }
 
+   echo "Getting service ticket"
+   ${mit}/kvno -c ${cache} ${server}@${R} || { exit 1; }
+
 fi