oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

(krb5_get_forwarded_creds): honor

Browse Source 
KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED and create unencrypted
(ENCTYPE_NULL) credentials. for use with old mit server and java based
ones as they can't handle encrypted KRB-CRED. Note that the option
needs to turned on because if the consumer sends the KRB-CRED in clear
bad things will happen.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15150 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2005-05-17 08:12:29 +00:00
parent 682ff3fef0
commit 2dd7796261
1 changed files with 33 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
lib/krb5/get_for_creds.c
View File

@@ -173,7 +173,6 @@ krb5_get_forwarded_creds (krb5_context context,
krb5_crypto crypto; krb5_crypto crypto;
struct addrinfo *ai; struct addrinfo *ai;
int save_errno; int save_errno;
krb5_keyblock *key;
krb5_creds *ticket; krb5_creds *ticket;
char *realm; char *realm;
@@ -216,7 +215,7 @@ krb5_get_forwarded_creds (krb5_context context,
return ret; return ret;
} }
kdc_flags.i = flags; kdc_flags.b = int2KDCOptions(flags);
ret = krb5_get_kdc_cred (context, ret = krb5_get_kdc_cred (context,
ccache, ccache,
@@ -373,31 +372,40 @@ krb5_get_forwarded_creds (krb5_context context,
if(buf_size != len) if(buf_size != len)
krb5_abortx(context, "internal error in ASN.1 encoder"); krb5_abortx(context, "internal error in ASN.1 encoder");
if (auth_context->local_subkey) if (auth_context->flags & KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED) {
key = auth_context->local_subkey; cred.enc_part.etype = ENCTYPE_NULL;
else if (auth_context->remote_subkey) cred.enc_part.kvno = NULL;
key = auth_context->remote_subkey; cred.enc_part.cipher.data = buf;
else cred.enc_part.cipher.length = buf_size;
key = auth_context->keyblock; } else {
krb5_keyblock *key;
ret = krb5_crypto_init(context, key, 0, &crypto); if (auth_context->local_subkey)
if (ret) { key = auth_context->local_subkey;
else if (auth_context->remote_subkey)
key = auth_context->remote_subkey;
else
key = auth_context->keyblock;
ret = krb5_crypto_init(context, key, 0, &crypto);
if (ret) {
free(buf);
free_KRB_CRED(&cred);
return ret;
}
ret = krb5_encrypt_EncryptedData (context,
crypto,
KRB5_KU_KRB_CRED,
buf,
len,
0,
&cred.enc_part);
free(buf); free(buf);
free_KRB_CRED(&cred); krb5_crypto_destroy(context, crypto);
return ret; if (ret) {
} free_KRB_CRED(&cred);
ret = krb5_encrypt_EncryptedData (context, return ret;
crypto, }
KRB5_KU_KRB_CRED,
buf,
len,
0,
&cred.enc_part);
free(buf);
krb5_crypto_destroy(context, crypto);
if (ret) {
free_KRB_CRED(&cred);
return ret;
} }
ASN1_MALLOC_ENCODE(KRB_CRED, buf, buf_size, &cred, &len, ret); ASN1_MALLOC_ENCODE(KRB_CRED, buf, buf_size, &cred, &len, ret);