oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Use more general etype functions.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2077 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
1997-07-09 00:40:27 +00:00
parent 6ed68a6e37
commit 628b7ae46d
1 changed files with 56 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
kdc/kerberos5.c
View File

@@ -7,23 +7,28 @@ RCSID("$Id$");
krb5_error_code krb5_error_code
as_rep(krb5_context context, as_rep(krb5_context context,
KDC_REQ *req, KDC_REQ *req,
krb5_data *data) krb5_data *reply)
{ {
KDC_REQ_BODY *b = &req->req_body; KDC_REQ_BODY *b = &req->req_body;
AS_REP rep; AS_REP rep;
KDCOptions f = b->kdc_options; KDCOptions f = b->kdc_options;
hdb_entry *client, *server; hdb_entry *client, *server;
int use_etype; int etype;
EncTicketPart *et = calloc(1, sizeof(*et)); EncTicketPart *et = calloc(1, sizeof(*et));
EncKDCRepPart *ek = calloc(1, sizeof(*ek)); EncKDCRepPart *ek = calloc(1, sizeof(*ek));
krb5_principal client_princ; krb5_principal client_princ;
krb5_error_code ret;
int e; int e;
int i;
krb5_keyblock *ckey, *skey;
client = db_fetch(context, b->cname, b->realm); client = db_fetch(context, b->cname, b->realm);
server = db_fetch(context, b->sname, b->realm);
if(client == NULL) if(client == NULL)
return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
server = db_fetch(context, b->sname, b->realm);
if(server == NULL){ if(server == NULL){
hdb_free_entry(context, client); hdb_free_entry(context, client);
free(client); free(client);
@@ -56,8 +61,8 @@ as_rep(krb5_context context,
KRB5KDC_ERR_PREAUTH_REQUIRED, KRB5KDC_ERR_PREAUTH_REQUIRED,
"Need to use PA-ENC-TIMESTAMP", "Need to use PA-ENC-TIMESTAMP",
&foo_data, &foo_data,
data); reply);
return 0; return 0;
} else { } else {
krb5_data ts_data; krb5_data ts_data;
@@ -74,7 +79,7 @@ as_rep(krb5_context context,
KRB5KRB_AP_ERR_BAD_INTEGRITY, KRB5KRB_AP_ERR_BAD_INTEGRITY,
"Couldn't decode", "Couldn't decode",
NULL, NULL,
data); reply);
return 0; return 0;
} }
@@ -93,24 +98,36 @@ as_rep(krb5_context context,
KRB5KRB_AP_ERR_BAD_INTEGRITY, KRB5KRB_AP_ERR_BAD_INTEGRITY,
"Couldn't decode", "Couldn't decode",
NULL, NULL,
data); reply);
return 0; return 0;
} }
if (kdc_time - p.patimestamp > 300) { if (abs(kdc_time - p.patimestamp) > 300) {
krb5_mk_error (client_princ, krb5_mk_error (client_princ,
KRB5KDC_ERR_PREAUTH_FAILED, KRB5KDC_ERR_PREAUTH_FAILED,
"Too large time skew", "Too large time skew",
NULL, NULL,
data); reply);
return 0; return 0;
} }
} }
if(b->etype.len == 0) /* Find appropriate key */
return KRB5KDC_ERR_ETYPE_NOSUPP; /* XXX */ for(i = 0; i < b->etype.len; i++){
use_etype = b->etype.val[0]; ret = hdb_etype2key(context, client, b->etype.val[i], &ckey);
if(ret)
continue;
ret = hdb_etype2key(context, client, b->etype.val[i], &skey);
if(ret)
continue;
break;
}
if(ret)
return KRB5KDC_ERR_ETYPE_NOSUPP;
etype = b->etype.val[i];
memset(&rep, 0, sizeof(rep)); memset(&rep, 0, sizeof(rep));
rep.pvno = 5; rep.pvno = 5;
rep.msg_type = krb_as_rep; rep.msg_type = krb_as_rep;
@@ -128,7 +145,7 @@ as_rep(krb5_context context,
et->flags.proxiable = f.proxiable; et->flags.proxiable = f.proxiable;
et->flags.may_postdate = f.allow_postdate; et->flags.may_postdate = f.allow_postdate;
mk_des_keyblock(&et->key); krb5_generate_random_keyblock(context, ckey->keytype, &et->key);
copy_PrincipalName(b->cname, &et->cname); copy_PrincipalName(b->cname, &et->cname);
copy_Realm(&b->realm, &et->crealm); copy_Realm(&b->realm, &et->crealm);
@@ -214,33 +231,39 @@ as_rep(krb5_context context,
if(e) if(e)
return e; return e;
rep.ticket.enc_part.etype = ETYPE_DES_CBC_CRC; krb5_encrypt_EncryptedData(context,
rep.ticket.enc_part.kvno = NULL; buf + sizeof(buf) - len,
krb5_encrypt(context, buf + sizeof(buf) - len, len, len,
rep.ticket.enc_part.etype, etype,
&server->keyblock, skey,
&rep.ticket.enc_part.cipher); &rep.ticket.enc_part);
#if 0
rep.ticket.enc_part.kvno = malloc(sizeof(*rep.ticket.enc_part.kvno));
*rep.ticket.enc_part.kvno = server.kvno;
#endif
e = encode_EncASRepPart(buf + sizeof(buf) - 1, sizeof(buf), ek, &len); e = encode_EncASRepPart(buf + sizeof(buf) - 1, sizeof(buf), ek, &len);
free_EncKDCRepPart(ek); free_EncKDCRepPart(ek);
free(ek); free(ek);
if(e) if(e)
return e; return e;
rep.enc_part.etype = ETYPE_DES_CBC_CRC; krb5_encrypt_EncryptedData(context,
rep.enc_part.kvno = NULL; buf + sizeof(buf) - len,
len,
krb5_encrypt(context, buf + sizeof(buf) - len, len, etype,
rep.enc_part.etype, ckey,
&client->keyblock, &rep.enc_part);
&rep.enc_part.cipher); #if 0
rep.enc_part.kvno = malloc(sizeof(*rep.enc_part.kvno));
*rep.enc_part.kvno = client.kvno;
#endif
e = encode_AS_REP(buf + sizeof(buf) - 1, sizeof(buf), &rep, &len); e = encode_AS_REP(buf + sizeof(buf) - 1, sizeof(buf), &rep, &len);
free_AS_REP(&rep);
if(e) if(e)
return e; return e;
free_AS_REP(&rep);
krb5_data_copy(data, buf + sizeof(buf) - len, len);
krb5_data_copy(reply, buf + sizeof(buf) - len, len);
} }
return 0; return 0;
@@ -434,7 +457,9 @@ tgs_rep(krb5_context context,
/* XXX Check enc-authorization-data */ /* XXX Check enc-authorization-data */
mk_des_keyblock(&et->key); krb5_generate_random_keyblock(context,
KEYTYPE_DES, /* XXX */
&et->key);
et->crealm = tgt->crealm; et->crealm = tgt->crealm;
et->cname = tgt->cname; et->cname = tgt->cname;
et->transited = tgt->transited; et->transited = tgt->transited;