implement `krb5_init_etype'
Change encryption type of pa_enc_timestamp to DES-CBC-MD5 git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2336 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
@@ -2,6 +2,38 @@
|
|||||||
|
|
||||||
RCSID("$Id$");
|
RCSID("$Id$");
|
||||||
|
|
||||||
|
krb5_error_code
|
||||||
|
krb5_init_etype (krb5_context context,
|
||||||
|
unsigned *len,
|
||||||
|
unsigned **val,
|
||||||
|
const krb5_enctype *etypes)
|
||||||
|
{
|
||||||
|
int i;
|
||||||
|
krb5_error_code ret;
|
||||||
|
const krb5_enctype *tmp;
|
||||||
|
|
||||||
|
if (etypes)
|
||||||
|
tmp = etypes;
|
||||||
|
else {
|
||||||
|
ret = krb5_get_default_in_tkt_etypes(context,
|
||||||
|
&tmp);
|
||||||
|
if (ret)
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
for (i = 0; tmp[i]; ++i)
|
||||||
|
;
|
||||||
|
*len = i;
|
||||||
|
*val = malloc(i * sizeof(unsigned));
|
||||||
|
memmove (*val,
|
||||||
|
tmp,
|
||||||
|
i * sizeof(*tmp));
|
||||||
|
if (etypes == NULL)
|
||||||
|
free (tmp);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
static krb5_error_code
|
static krb5_error_code
|
||||||
decrypt_tkt (krb5_context context,
|
decrypt_tkt (krb5_context context,
|
||||||
const krb5_keyblock *key,
|
const krb5_keyblock *key,
|
||||||
@@ -165,16 +197,11 @@ krb5_get_in_tkt(krb5_context context,
|
|||||||
|
|
||||||
a.req_body.till = creds->times.endtime;
|
a.req_body.till = creds->times.endtime;
|
||||||
krb5_generate_random_block (&a.req_body.nonce, sizeof(a.req_body.nonce));
|
krb5_generate_random_block (&a.req_body.nonce, sizeof(a.req_body.nonce));
|
||||||
if (etypes)
|
krb5_init_etype (context,
|
||||||
abort ();
|
&a.req_body.etype.len,
|
||||||
else {
|
&a.req_body.etype.val,
|
||||||
ret = krb5_get_default_in_tkt_etypes (context,
|
etypes);
|
||||||
(krb5_enctype**)&a.req_body.etype.val);
|
|
||||||
if (ret)
|
|
||||||
return ret;
|
|
||||||
a.req_body.etype.len = 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
a.req_body.addresses = malloc(sizeof(*a.req_body.addresses));
|
a.req_body.addresses = malloc(sizeof(*a.req_body.addresses));
|
||||||
|
|
||||||
if (addrs)
|
if (addrs)
|
||||||
@@ -236,7 +263,13 @@ krb5_get_in_tkt(krb5_context context,
|
|||||||
a.padata->val->padata_type = pa_enc_timestamp;
|
a.padata->val->padata_type = pa_enc_timestamp;
|
||||||
a.padata->val->padata_value.length = 0;
|
a.padata->val->padata_value.length = 0;
|
||||||
|
|
||||||
encdata.etype = ETYPE_DES_CBC_CRC;
|
/*
|
||||||
|
* According to the spec this is the only encryption method
|
||||||
|
* that must be supported so it's the safest choice. On the
|
||||||
|
* other hand, old KDCs might not support it.
|
||||||
|
*/
|
||||||
|
|
||||||
|
encdata.etype = ETYPE_DES_CBC_MD5;
|
||||||
encdata.kvno = NULL;
|
encdata.kvno = NULL;
|
||||||
ret = krb5_encrypt (context,
|
ret = krb5_encrypt (context,
|
||||||
buf + sizeof(buf) - len,
|
buf + sizeof(buf) - len,
|
||||||
|
|||||||
Reference in New Issue
Block a user