From 480aff7f9bb87a46c67c96d1d2e49a178c0840b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Sun, 26 Nov 2006 16:38:51 +0000 Subject: [PATCH] (_kdc_pk_rd_padata): Pick up supportedCMSTypes and pass in into hx509_cms_create_signed_1 via hx509_peer_info blob. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19125 ec53bebd-3082-4978-b11e-865c3cabbd6b --- kdc/pkinit.c | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/kdc/pkinit.c b/kdc/pkinit.c index 3c0c33418..691bb2544 100644 --- a/kdc/pkinit.c +++ b/kdc/pkinit.c @@ -68,6 +68,7 @@ struct pk_client_params { DH *dh; EncryptionKey reply_key; char *dh_group_name; + hx509_peer_info peer; }; struct pk_principal_mapping { @@ -180,6 +181,8 @@ _kdc_pk_free_client_param(krb5_context context, krb5_free_keyblock_contents(context, &client_params->reply_key); if (client_params->dh_group_name) free(client_params->dh_group_name); + if (client_params->peer) + hx509_peer_info_free(client_params->peer); memset(client_params, 0, sizeof(*client_params)); free(client_params); } @@ -611,6 +614,23 @@ _kdc_pk_rd_padata(krb5_context context, goto out; } } + + if (ap.supportedCMSTypes) { + ret = hx509_peer_info_alloc(kdc_identity->hx509ctx, + &client_params->peer); + if (ret) { + free_AuthPack(&ap); + goto out; + } + ret = hx509_peer_info_set_cms_algs(kdc_identity->hx509ctx, + client_params->peer, + ap.supportedCMSTypes->val, + ap.supportedCMSTypes->len); + if (ret) { + free_AuthPack(&ap); + goto out; + } + } free_AuthPack(&ap); } else krb5_abortx(context, "internal pkinit error"); @@ -752,7 +772,7 @@ pk_mk_pa_reply_enckey(krb5_context context, buf.length, NULL, cert, - NULL, + client_params->peer, kdc_identity->anchors, kdc_identity->certpool, &signed_data); @@ -865,7 +885,7 @@ pk_mk_pa_reply_dh(krb5_context context, buf.length, NULL, cert, - NULL, + client_params->peer, kdc_identity->anchors, kdc_identity->certpool, &signed_data);