oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

got fetch armor key

Browse Source
This commit is contained in:
Love Hornquist Astrand
2010-01-19 04:41:46 +00:00
committed by Love Hörnquist Åstrand
parent a1feab396e
commit 1af9487bff
1 changed files with 23 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
kdc/kerberos5.c
View File

@@ -965,7 +965,7 @@ _kdc_as_rep(krb5_context context,
KDC_REQ_BODY *b = NULL; KDC_REQ_BODY *b = NULL;
AS_REP rep; AS_REP rep;
KDCOptions f; KDCOptions f;
hdb_entry_ex *client = NULL, *server = NULL; hdb_entry_ex *client = NULL, *server = NULL, *armor_user = NULL;
HDB *clientdb; HDB *clientdb;
krb5_enctype setype, sessionetype; krb5_enctype setype, sessionetype;
EncTicketPart et; EncTicketPart et;
@@ -1049,11 +1049,11 @@ _kdc_as_rep(krb5_context context,
goto out; goto out;
} }
krb5_principal server; krb5_principal armor_server;
/* Save that principal that was in the request */ /* Save that principal that was in the request */
ret = _krb5_principalname2krb5_principal(context, ret = _krb5_principalname2krb5_principal(context,
&server, &armor_server,
ap_req.ticket.sname, ap_req.ticket.sname,
ap_req.ticket.realm); ap_req.ticket.realm);
if (ret) { if (ret) {
@@ -1061,18 +1061,30 @@ _kdc_as_rep(krb5_context context,
goto out; goto out;
} }
krb5_keyblock *keyblock = NULL; Key *armor_key = NULL;
krb5_ticket *ticket = NULL; krb5_ticket *ticket = NULL;
krb5_flags ap_req_options; krb5_flags ap_req_options;
/* XXX get keyblock */ ret = _kdc_db_fetch(context, config, armor_server,
HDB_F_GET_SERVER, NULL, &armor_user);
if(ret){
ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
goto out;
}
ret = hdb_enctype2key(context, &armor_user->entry,
ap_req.ticket.enc_part.etype,
&armor_key);
if (ret) {
goto out;
}
krb5_auth_context ac = NULL; krb5_auth_context ac = NULL;
ret = krb5_verify_ap_req2(context, &ac, ret = krb5_verify_ap_req2(context, &ac,
&ap_req, &ap_req,
server, armor_server,
keyblock, &armor_key->key,
0, 0,
&ap_req_options, &ap_req_options,
&ticket, &ticket,
@@ -2132,8 +2144,6 @@ out:
krb5_data_free(&e_data); krb5_data_free(&e_data);
} }
out2: out2:
if (armor_crypto)
krb5_crypto_destroy(context, armor_crypto);
#ifdef PKINIT #ifdef PKINIT
if (pkp) if (pkp)
_kdc_pk_free_client_param(context, pkp); _kdc_pk_free_client_param(context, pkp);
@@ -2150,6 +2160,10 @@ out2:
_kdc_free_ent(context, client); _kdc_free_ent(context, client);
if(server) if(server)
_kdc_free_ent(context, server); _kdc_free_ent(context, server);
if(armor_user)
_kdc_free_ent(context, armor_user);
if (armor_crypto)
krb5_crypto_destroy(context, armor_crypto);
return ret; return ret;
} }