oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

removed all unsealing, now done by the hdb layer

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@3629 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
1997-10-16 04:24:29 +00:00
parent ae31038985
commit 6b919c6819
4 changed files with 28 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
kdc/524.c
View File

@@ -48,7 +48,7 @@ do_524(Ticket *t, krb5_data *reply, const char *from)
krb5_error_code ret;
krb5_principal sprinc = NULL;
hdb_entry *server;
Key *skey, *ekey = NULL;
Key *skey;
krb5_data et_data;
EncTicketPart et;
EncryptedData ticket;
@@ -71,14 +71,12 @@ do_524(Ticket *t, krb5_data *reply, const char *from)
"when converting ticket from ", spn, from);
goto out;
}
ekey = unseal_key(skey);
ret = krb5_decrypt (context,
t->enc_part.cipher.data,
t->enc_part.cipher.length,
t->enc_part.etype,
&ekey->key,
&skey->key,
&et_data);
hdb_free_key(ekey);
if(ret){
kdc_log(0, "Failed to decrypt ticket from %s for %s", from, spn);
goto out;
@@ -124,10 +122,8 @@ do_524(Ticket *t, krb5_data *reply, const char *from)
kdc_log(0, "No DES key for server (%s)", spn);
goto out;
}
ekey = unseal_key(skey);
ret = encrypt_v4_ticket(buf + sizeof(buf) - len, len,
ekey->key.keyvalue.data, &ticket);
hdb_free_key(ekey);
skey->key.keyvalue.data, &ticket);
if(ret){
kdc_log(0, "Failed to encrypt v4 ticket (%s)", spn);
goto out;

34
kdc/kaserver.c
View File

@@ -257,7 +257,6 @@ create_reply_ticket (struct rx_header *hdr,
krb5_data *reply)
{
KTEXT_ST ticket;
Key *ekey = NULL;
des_cblock session;
krb5_storage *sp;
krb5_data enc_data;
@@ -267,15 +266,13 @@ create_reply_ticket (struct rx_header *hdr,
size_t pad;
/* create the ticket */
ekey = unseal_key(skey);
des_new_random_key(&session);
krb_create_ticket (&ticket, 0, name, instance, realm,
addr->sin_addr.s_addr,
&session, life, kdc_time,
sname, sinstance, ekey->key.keyvalue.data);
hdb_free_key (ekey);
sname, sinstance, skey->key.keyvalue.data);
/* create the encrypted part of the reply */
sp = krb5_storage_emem ();
@@ -435,20 +432,15 @@ do_authenticate (struct rx_header *hdr,
}
/* try to decode the `request' */
{
Key *ekey = unseal_key(ckey);
memcpy (&key, ekey->key.keyvalue.data, sizeof(key));
hdb_free_key(ekey);
des_set_key (&key, schedule);
des_pcbc_encrypt ((des_cblock *)request.data,
(des_cblock *)request.data,
request.length,
schedule,
&key,
DES_DECRYPT);
memset (&schedule, 0, sizeof(schedule));
}
memcpy (&key, ckey->key.keyvalue.data, sizeof(key));
des_set_key (&key, schedule);
des_pcbc_encrypt ((des_cblock *)request.data,
(des_cblock *)request.data,
request.length,
schedule,
&key,
DES_DECRYPT);
memset (&schedule, 0, sizeof(schedule));
/* check for the magic label */
if (memcmp ((char *)request.data + 4, "gTGS", 4) != 0) {
@@ -613,11 +605,7 @@ do_getticket (struct rx_header *hdr,
}
/* decrypt the incoming ticket */
{
Key *ekey = unseal_key(kkey);
memcpy (&key, ekey->key.keyvalue.data, sizeof(key));
hdb_free_key(ekey);
}
memcpy (&key, kkey->key.keyvalue.data, sizeof(key));
/* unpack the ticket */
{

18
kdc/kerberos4.c
View File

@@ -121,7 +121,7 @@ do_version4(unsigned char *buf,
krb5_storage *sp;
krb5_error_code ret;
hdb_entry *client = NULL, *server = NULL;
Key *ckey, *skey, *ekey;
Key *ckey, *skey;
int8_t pvno;
int8_t msg_type;
int lsb;
@@ -216,18 +216,14 @@ do_version4(unsigned char *buf,
des_cblock session;
des_new_random_key(&session);
ekey = unseal_key(skey);
krb_create_ticket(&ticket, 0, name, inst, v4_realm,
addr->sin_addr.s_addr, session, life, kdc_time,
sname, sinst, ekey->key.keyvalue.data);
hdb_free_key(ekey);
sname, sinst, skey->key.keyvalue.data);
ekey = unseal_key(ckey);
create_ciph(&cipher, session, sname, sinst, v4_realm,
life, server->kvno, &ticket, kdc_time,
ekey->key.keyvalue.data);
hdb_free_key(ekey);
ckey->key.keyvalue.data);
memset(&session, 0, sizeof(session));
r = create_auth_reply(name, inst, realm, req_time, 0,
client->pw_end ? *client->pw_end : 0,
@@ -295,9 +291,7 @@ do_version4(unsigned char *buf,
memset(&auth, 0, sizeof(auth));
memcpy(&auth.dat, buf, pos);
auth.length = pos;
ekey = unseal_key(tkey);
krb_set_key(ekey->key.keyvalue.data, 0);
hdb_free_key(ekey);
krb_set_key(tkey->key.keyvalue.data, 0);
{
int e;
e = krb_rd_req(&auth, "krbtgt", realm,
@@ -379,11 +373,9 @@ do_version4(unsigned char *buf,
KTEXT r;
des_cblock session;
des_new_random_key(&session);
ekey = unseal_key(skey);
krb_create_ticket(&ticket, 0, ad.pname, ad.pinst, ad.prealm,
addr->sin_addr.s_addr, &session, life, kdc_time,
sname, sinst, ekey->key.keyvalue.data);
hdb_free_key(ekey);
sname, sinst, skey->key.keyvalue.data);
create_ciph(&cipher, session, sname, sinst, v4_realm,
life, server->kvno, &ticket,

31
kdc/kerberos5.c
View File

@@ -84,7 +84,7 @@ as_rep(KDC_REQ *req,
const char *e_text = NULL;
int i;
Key *ckey, *skey, *ekey;
Key *ckey, *skey;
if(b->sname == NULL){
server_name = "<unknown server>";
@@ -223,15 +223,12 @@ as_rep(KDC_REQ *req,
continue;
}
ekey = unseal_key(pa_key);
ret = krb5_decrypt (context,
enc_data.cipher.data,
enc_data.cipher.length,
enc_data.etype,
&ekey->key,
&pa_key->key,
&ts_data);
hdb_free_key(ekey);
free_EncryptedData(&enc_data);
if(ret){
e_text = "Failed to decrypt PA-DATA";
@@ -551,15 +548,13 @@ as_rep(KDC_REQ *req,
goto out;
}
ekey = unseal_key(skey);
krb5_encrypt_EncryptedData(context,
buf + sizeof(buf) - len,
len,
setype,
server->kvno,
&ekey->key,
&skey->key,
&rep.ticket.enc_part);
hdb_free_key(ekey);
ret = encode_EncASRepPart(buf + sizeof(buf) - 1, sizeof(buf),
&ek, &len);
@@ -568,15 +563,13 @@ as_rep(KDC_REQ *req,
kdc_log(0, "Failed to encode KDC-REP -- %s", client_name);
goto out;
}
ekey = unseal_key(ckey);
krb5_encrypt_EncryptedData(context,
buf + sizeof(buf) - len,
len,
cetype,
client->kvno,
&ekey->key,
&ckey->key,
&rep.enc_part);
hdb_free_key(ekey);
set_salt_padata (&rep.padata, ckey->salt);
ret = encode_AS_REP(buf + sizeof(buf) - 1, sizeof(buf), &rep, &len);
@@ -790,7 +783,7 @@ tgs_make_reply(KDC_REQ_BODY *b, EncTicketPart *tgt,
krb5_error_code ret;
int i;
krb5_enctype setype;
Key *skey, *ekey;
Key *skey;
krb5_keytype sess_ktype;
/* Find appropriate key */
@@ -934,13 +927,11 @@ tgs_make_reply(KDC_REQ_BODY *b, EncTicketPart *tgt,
krb5_get_err_text(context, ret));
goto out;
}
ekey = unseal_key(skey);
krb5_encrypt_EncryptedData(context, buf + sizeof(buf) - len, len,
setype,
server->kvno,
&ekey->key,
&skey->key,
&rep.ticket.enc_part);
hdb_free_key(ekey);
ret = encode_EncTGSRepPart(buf + sizeof(buf) - 1,
sizeof(buf), &ek, &len);
@@ -1072,7 +1063,7 @@ tgs_rep2(KDC_REQ_BODY *b,
hdb_entry *krbtgt;
EncTicketPart *tgt;
Key *tkey, *ekey;
Key *tkey;
krb5_enctype cetype;
krb5_principal cp = NULL;
krb5_principal sp = NULL;
@@ -1116,15 +1107,13 @@ tgs_rep2(KDC_REQ_BODY *b,
goto out2;
}
ekey = unseal_key(tkey);
ret = krb5_verify_ap_req(context,
&ac,
&ap_req,
princ,
&ekey->key,
&tkey->key,
&ap_req_options,
&ticket);
hdb_free_key(ekey);
krb5_free_principal(context, princ);
if(ret) {
@@ -1181,10 +1170,8 @@ tgs_rep2(KDC_REQ_BODY *b,
ret = KRB5KDC_ERR_ETYPE_NOSUPP; /* XXX */
goto out;
}
ekey = unseal_key(tkey);
ret = krb5_decrypt_EncryptedData(context, &t->enc_part,
&ekey->key, &result);
&tkey->key, &result);
if(ret){
/* XXX */