oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Add some support for using enctypes instead of keytypes.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@4332 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
1998-01-21 01:00:51 +00:00
parent 2fca58fc2e
commit 46f727d295
1 changed files with 60 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
kdc/kerberos5.c
View File

@@ -92,7 +92,12 @@ find_etype(hdb_entry *princ, unsigned *etypes, unsigned len,
static krb5_error_code static krb5_error_code
find_keys(hdb_entry *client, hdb_entry *server, find_keys(hdb_entry *client, hdb_entry *server,
Key **ckey, krb5_enctype *cetype, Key **ckey, krb5_enctype *cetype,
Key **skey, krb5_enctype *setype, krb5_keytype *sess_ktype, Key **skey, krb5_enctype *setype,
#ifndef KTYPE_IS_ETYPE
krb5_keytype *sess_ktype,
#else
krb5_enctype *sess_ktype,
#endif
unsigned *etypes, unsigned num_etypes) unsigned *etypes, unsigned num_etypes)
{ {
int i; int i;
@@ -108,13 +113,17 @@ find_keys(hdb_entry *client, hdb_entry *server,
} }
if(server){ if(server){
/* find sesion key type */ /* find session key type */
ret = find_etype(server, etypes, num_etypes, skey, NULL); ret = find_etype(server, etypes, num_etypes, skey, NULL);
if(ret){ if(ret){
kdc_log(0, "Server has no support for etypes"); kdc_log(0, "Server has no support for etypes");
return KRB5KDC_ERR_ETYPE_NOSUPP; return KRB5KDC_ERR_ETYPE_NOSUPP;
} }
#ifndef KTYPE_IS_ETYPE
*sess_ktype = (*skey)->key.keytype; *sess_ktype = (*skey)->key.keytype;
#else
*sess_ktype = etypes[i];
#endif
} }
if(server){ if(server){
/* find server key */ /* find server key */
@@ -203,7 +212,11 @@ as_rep(KDC_REQ *req,
KDCOptions f = b->kdc_options; KDCOptions f = b->kdc_options;
hdb_entry *client = NULL, *server = NULL; hdb_entry *client = NULL, *server = NULL;
krb5_enctype cetype, setype; krb5_enctype cetype, setype;
#ifndef KTYPE_IS_ETYPE
krb5_keytype sess_ktype; krb5_keytype sess_ktype;
#else
krb5_enctype sess_ktype;
#endif
EncTicketPart et; EncTicketPart et;
EncKDCRepPart ek; EncKDCRepPart ek;
krb5_principal client_princ, server_princ; krb5_principal client_princ, server_princ;
@@ -398,15 +411,14 @@ as_rep(KDC_REQ *req,
e_text = NULL; e_text = NULL;
goto out; goto out;
} }
}else if (require_preauth || client->flags.require_preauth) { }else if (require_preauth || client->flags.require_preauth || server->flags.require_preauth) {
/* XXX check server->flags.require_preauth? */
METHOD_DATA method_data; METHOD_DATA method_data;
PA_DATA pa_data; PA_DATA pa_data;
u_char buf[16]; u_char buf[16];
size_t len; size_t len;
krb5_data foo_data; krb5_data foo_data;
use_pa: use_pa:
method_data.len = 1; method_data.len = 1;
method_data.val = &pa_data; method_data.val = &pa_data;
@@ -430,8 +442,8 @@ as_rep(KDC_REQ *req,
server_princ, server_princ,
0, 0,
reply); reply);
kdc_log(0, "No PA-ENC-TIMESTAMP -- %s", client_name); kdc_log(0, "No PA-ENC-TIMESTAMP -- %s", client_name);
ret = 0;
goto out2; goto out2;
} }
@@ -443,19 +455,33 @@ as_rep(KDC_REQ *req,
goto out; goto out;
{ {
char *cet, *set, *skt; char *cet, *set = NULL, *skt = NULL;
krb5_etype_to_string(context, cetype, &cet); krb5_etype_to_string(context, cetype, &cet);
if(cetype != setype) if(cetype != setype)
krb5_etype_to_string(context, setype, &set); krb5_etype_to_string(context, setype, &set);
#ifndef KTYPE_IS_ETYPE
krb5_keytype_to_string(context, sess_ktype, &skt); krb5_keytype_to_string(context, sess_ktype, &skt);
if(cetype != setype) #else
kdc_log(5, "Using %s/%s/%s", cet, set, skt); if(cetype != sess_ktype)
krb5_etype_to_string(context, sess_ktype, &skt);
#endif
if(set)
if(skt)
kdc_log(5, "Using %s/%s/%s", cet, set, skt);
else
kdc_log(5, "Using %s/%s", cet, set);
else else
kdc_log(5, "Using %s/%s", cet, skt); if(skt){
free(cet); #ifndef KTYPE_IS_ETYPE
if(cetype != setype) kdc_log(5, "Using %s/%s", cet, skt);
free(set); #else
kdc_log(5, "Using %s/%s/%s", cet, cet, skt);
#endif
}else
kdc_log(5, "Using %s", cet);
free(skt); free(skt);
free(set);
free(cet);
} }
@@ -505,7 +531,15 @@ as_rep(KDC_REQ *req,
goto out; goto out;
} }
#ifndef KTYPE_IS_ETYPE
krb5_generate_random_keyblock(context, sess_ktype, &et.key); krb5_generate_random_keyblock(context, sess_ktype, &et.key);
#else
{
krb5_keytype kt;
ret = krb5_etype_to_keytype(context, sess_ktype, &kt);
krb5_generate_random_keyblock(context, kt, &et.key);
}
#endif
copy_PrincipalName(b->cname, &et.cname); copy_PrincipalName(b->cname, &et.cname);
copy_Realm(&b->realm, &et.crealm); copy_Realm(&b->realm, &et.crealm);
@@ -841,7 +875,11 @@ tgs_make_reply(KDC_REQ_BODY *b,
krb5_enctype setype; krb5_enctype setype;
Key *skey; Key *skey;
EncryptionKey *ekey; EncryptionKey *ekey;
#ifndef KTYPE_IS_ETYPE
krb5_keytype sess_ktype; krb5_keytype sess_ktype;
#else
krb5_enctype sess_ktype;
#endif
ret = find_keys(NULL, server, NULL, NULL, &skey, &setype, ret = find_keys(NULL, server, NULL, NULL, &skey, &setype,
&sess_ktype, b->etype.val, b->etype.len); &sess_ktype, b->etype.val, b->etype.len);
@@ -941,7 +979,15 @@ tgs_make_reply(KDC_REQ_BODY *b,
/* XXX Check enc-authorization-data */ /* XXX Check enc-authorization-data */
et.authorization_data = auth_data; et.authorization_data = auth_data;
#ifndef KTYPE_IS_ETYPE
krb5_generate_random_keyblock(context, sess_ktype, &et.key); krb5_generate_random_keyblock(context, sess_ktype, &et.key);
#else
{
krb5_keytype kt;
ret = krb5_etype_to_keytype(context, sess_ktype, &kt);
krb5_generate_random_keyblock(context, kt, &et.key);
}
#endif
et.crealm = tgt->crealm; et.crealm = tgt->crealm;
et.cname = tgt->cname; et.cname = tgt->cname;