oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

break out the encrypt timestamp preauth to its function

Browse Source 
break out the pa_data_to_key_plain to its own function
make more variables const


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12766 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2003-09-04 05:30:48 +00:00
parent e44d866589
commit 646ee1b761
1 changed files with 118 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

182
lib/krb5/init_creds_pw.c
View File

@@ -610,8 +610,11 @@ set_paid(struct pa_info_data *paid, krb5_context context,
} }
static struct pa_info_data * static struct pa_info_data *
pa_etype_info2(krb5_context context, krb5_principal client, AS_REQ *asreq, pa_etype_info2(krb5_context context,
struct pa_info_data *paid, heim_octet_string *data) const krb5_principal client,
const AS_REQ *asreq,
struct pa_info_data *paid,
heim_octet_string *data)
{ {
krb5_error_code ret; krb5_error_code ret;
ETYPE_INFO2 e; ETYPE_INFO2 e;
@@ -657,8 +660,11 @@ pa_etype_info2(krb5_context context, krb5_principal client, AS_REQ *asreq,
} }
static struct pa_info_data * static struct pa_info_data *
pa_etype_info(krb5_context context, krb5_principal client, AS_REQ *asreq, pa_etype_info(krb5_context context,
struct pa_info_data *paid, heim_octet_string *data) const krb5_principal client,
const AS_REQ *asreq,
struct pa_info_data *paid,
heim_octet_string *data)
{ {
krb5_error_code ret; krb5_error_code ret;
ETYPE_INFO e; ETYPE_INFO e;
@@ -707,8 +713,11 @@ pa_etype_info(krb5_context context, krb5_principal client, AS_REQ *asreq,
} }
static struct pa_info_data * static struct pa_info_data *
pa_pw_or_afs3_salt(krb5_context context, krb5_principal client, AS_REQ *asreq, pa_pw_or_afs3_salt(krb5_context context,
struct pa_info_data *paid, heim_octet_string *data) const krb5_principal client,
const AS_REQ *asreq,
struct pa_info_data *paid,
heim_octet_string *data)
{ {
krb5_error_code ret; krb5_error_code ret;
if (paid->etype == ENCTYPE_NULL) if (paid->etype == ENCTYPE_NULL)
@@ -727,8 +736,11 @@ pa_pw_or_afs3_salt(krb5_context context, krb5_principal client, AS_REQ *asreq,
struct pa_info { struct pa_info {
krb5_preauthtype type; krb5_preauthtype type;
struct pa_info_data *(*process)(krb5_context, krb5_principal, AS_REQ *, struct pa_info_data *(*salt_info)(krb5_context,
struct pa_info_data *, heim_octet_string *); const krb5_principal,
const AS_REQ *,
struct pa_info_data *,
heim_octet_string *);
}; };
static struct pa_info preauth_prefs[] = { static struct pa_info preauth_prefs[] = {
@@ -739,8 +751,11 @@ static struct pa_info preauth_prefs[] = {
}; };
static struct pa_info_data * static struct pa_info_data *
process_pa(krb5_context context, krb5_principal client, AS_REQ *asreq, process_pa_info(krb5_context context,
struct pa_info_data *paid, METHOD_DATA *md) const krb5_principal client,
const AS_REQ *asreq,
struct pa_info_data *paid,
METHOD_DATA *md)
{ {
int i, j; int i, j;
struct pa_info *info; struct pa_info *info;
@@ -750,7 +765,7 @@ process_pa(krb5_context context, krb5_principal client, AS_REQ *asreq,
for (j = 0; j < md->len; j++) for (j = 0; j < md->len; j++)
if (info->type == md->val[j].padata_type) { if (info->type == md->val[j].padata_type) {
paid->salt.salttype = info->type; paid->salt.salttype = info->type;
return (*info->process)(context, client, asreq, return (*info->salt_info)(context, client, asreq,
paid, &md->val[j].padata_value); paid, &md->val[j].padata_value);
} }
} }
@@ -811,7 +826,7 @@ make_pa_enc_timestamp(krb5_context context, PA_DATA *pa,
} }
static krb5_error_code static krb5_error_code
add_padata(krb5_context context, add_enc_ts_padata(krb5_context context,
METHOD_DATA *md, METHOD_DATA *md,
krb5_principal client, krb5_principal client,
krb5_s2k_proc key_proc, krb5_s2k_proc key_proc,
@@ -865,51 +880,26 @@ add_padata(krb5_context context,
} }
static krb5_error_code static krb5_error_code
process_pa_data_to_md(krb5_context context, pa_data_to_md_ts_enc(krb5_context context,
const krb5_creds *creds, const AS_REQ *a,
AS_REQ *a, const krb5_principal client,
struct preauth_ctx *pa_ctx, struct preauth_ctx *pa_ctx,
METHOD_DATA *md, struct pa_info_data *ppaid,
krb5_prompter_fct prompter, METHOD_DATA *md)
void *prompter_data)
{ {
struct pa_info_data paid, *ppaid; if (pa_ctx->key_proc == NULL || pa_ctx->password == NULL)
a->padata = NULL;
memset(&paid, 0, sizeof(paid));
if (md->len == 0)
return 0; return 0;
paid.etype = ENCTYPE_NULL;
ppaid = process_pa(context, creds->client, a, &paid, md);
ALLOC(a->padata, 1);
if (a->padata == NULL) {
if (ppaid)
free_paid(context, ppaid);
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
a->padata->len = 0;
a->padata->val = NULL;
/*
* here is where we should check for other pre-auth types then
* KRB5_PADATA_ENC_TIMESTAMP
*/
if (ppaid) { if (ppaid) {
add_padata(context, a->padata, creds->client, add_enc_ts_padata(context, md, client,
pa_ctx->key_proc, pa_ctx->password, pa_ctx->key_proc, pa_ctx->password,
&paid.etype, 1, &ppaid->etype, 1,
&paid.salt, paid.s2kparams); &ppaid->salt, ppaid->s2kparams);
free_paid(context, ppaid);
} else { } else {
krb5_salt salt; krb5_salt salt;
/* make a v5 salted pa-data */ /* make a v5 salted pa-data */
add_padata(context, a->padata, creds->client, add_enc_ts_padata(context, md, client,
pa_ctx->key_proc, pa_ctx->password, pa_ctx->key_proc, pa_ctx->password,
a->req_body.etype.val, a->req_body.etype.len, a->req_body.etype.val, a->req_body.etype.len,
NULL, NULL); NULL, NULL);
@@ -917,13 +907,69 @@ process_pa_data_to_md(krb5_context context,
/* make a v4 salted pa-data */ /* make a v4 salted pa-data */
salt.salttype = KRB5_PW_SALT; salt.salttype = KRB5_PW_SALT;
krb5_data_zero(&salt.saltvalue); krb5_data_zero(&salt.saltvalue);
add_padata(context, a->padata, creds->client, add_enc_ts_padata(context, md, client,
pa_ctx->key_proc, pa_ctx->password, pa_ctx->key_proc, pa_ctx->password,
a->req_body.etype.val, a->req_body.etype.len, a->req_body.etype.val, a->req_body.etype.len,
&salt, NULL); &salt, NULL);
} }
return 0;
}
static krb5_error_code
pa_data_to_key_plain(krb5_context context,
const krb5_principal client,
struct preauth_ctx *pa_ctx,
krb5_salt salt,
krb5_data *s2kparams,
krb5_enctype etype,
krb5_keyblock **key)
{
krb5_error_code ret;
ret = (*pa_ctx->key_proc)(context, etype, pa_ctx->password,
salt, s2kparams, key);
return ret;
}
static krb5_error_code
process_pa_data_to_md(krb5_context context,
const krb5_creds *creds,
const AS_REQ *a,
struct preauth_ctx *pa_ctx,
METHOD_DATA *in_md,
METHOD_DATA **out_md,
krb5_prompter_fct prompter,
void *prompter_data)
{
struct pa_info_data paid, *ppaid;
memset(&paid, 0, sizeof(paid));
if (in_md->len == 0)
return 0;
paid.etype = ENCTYPE_NULL;
ppaid = process_pa_info(context, creds->client, a, &paid, in_md);
ALLOC(*out_md, 1);
if (*out_md == NULL) {
if (ppaid)
free_paid(context, ppaid);
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
(*out_md)->len = 0;
(*out_md)->val = NULL;
/*
* here is where we should check for other pre-auth types then
* KRB5_PADATA_ENC_TIMESTAMP
*/
pa_data_to_md_ts_enc(context, a, creds->client, pa_ctx, ppaid, *out_md);
if (ppaid)
free_paid(context, ppaid);
return 0; return 0;
} }
@@ -935,7 +981,7 @@ process_pa_data_to_key(krb5_context context,
krb5_kdc_rep *rep, krb5_kdc_rep *rep,
krb5_keyblock **key) krb5_keyblock **key)
{ {
struct pa_info_data paid, *ppaid; struct pa_info_data paid, *ppaid = NULL;
krb5_error_code ret; krb5_error_code ret;
krb5_enctype etype; krb5_enctype etype;
@@ -943,34 +989,27 @@ process_pa_data_to_key(krb5_context context,
etype = rep->kdc_rep.enc_part.etype; etype = rep->kdc_rep.enc_part.etype;
if (rep->kdc_rep.padata) {
paid.etype = etype; paid.etype = etype;
if (rep->kdc_rep.padata) ppaid = process_pa_info(context, creds->client, a, &paid,
ppaid = process_pa(context, creds->client, a, &paid,
rep->kdc_rep.padata); rep->kdc_rep.padata);
else }
ppaid = NULL; if (ppaid == NULL) {
ret = krb5_get_pw_salt (context, creds->client, &paid.salt);
if (ret)
return ret;
paid.etype = etype;
paid.s2kparams = NULL;
}
/* /*
* Here is the second place we want to add hook when we support * Here is the second place we want to add hook when we support
* other preauth mechs then KRB5_PA_ENC_TIMESTAMP. * other preauth mechs then KRB5_PA_ENC_TIMESTAMP.
*/ */
if(ppaid) { ret = pa_data_to_key_plain(context, creds->client, pa_ctx,
ret = (*pa_ctx->key_proc)(context, etype, pa_ctx->password, paid.salt, paid.s2kparams, etype, key);
paid.salt, paid.s2kparams, key); free_paid(context, &paid);
free_paid(context, ppaid);
} else {
krb5_salt salt;
/* make a v5 salted pa-data */
ret = krb5_get_pw_salt (context, creds->client, &salt);
if (ret)
return ret;
ret = (*pa_ctx->key_proc)(context, etype, pa_ctx->password,
salt, NULL, key);
krb5_free_salt(context, salt);
}
return ret; return ret;
} }
@@ -1079,7 +1118,8 @@ init_cred_loop(krb5_context context,
} }
/* fill_in_md_data */ /* fill_in_md_data */
ret = process_pa_data_to_md(context, creds, &a, pa_ctx, &md, ret = process_pa_data_to_md(context, creds, &a, pa_ctx,
&md, &a.padata,
prompter, prompter_data); prompter, prompter_data);
if (ret) if (ret)
goto out; goto out;