(get_pa_etype_info): sort ETYPE-INFOs by requested KDC-REQ etypes
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10926 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
109
kdc/kerberos5.c
109
kdc/kerberos5.c
@@ -247,10 +247,50 @@ realloc_method_data(METHOD_DATA *md)
|
|||||||
}
|
}
|
||||||
|
|
||||||
static krb5_error_code
|
static krb5_error_code
|
||||||
get_pa_etype_info(METHOD_DATA *md, hdb_entry *client)
|
make_etype_info_entry(ETYPE_INFO_ENTRY *ent, Key *key)
|
||||||
|
{
|
||||||
|
ent->etype = key->key.keytype;
|
||||||
|
if(key->salt){
|
||||||
|
ALLOC(ent->salttype);
|
||||||
|
#if 0
|
||||||
|
if(key->salt->type == hdb_pw_salt)
|
||||||
|
*ent->salttype = 0; /* or 1? or NULL? */
|
||||||
|
else if(key->salt->type == hdb_afs3_salt)
|
||||||
|
*ent->salttype = 2;
|
||||||
|
else {
|
||||||
|
kdc_log(0, "unknown salt-type: %d",
|
||||||
|
key->salt->type);
|
||||||
|
return KRB5KRB_ERR_GENERIC;
|
||||||
|
}
|
||||||
|
/* according to `the specs', we can't send a salt if
|
||||||
|
we have AFS3 salted key, but that requires that you
|
||||||
|
*know* what cell you are using (e.g by assuming
|
||||||
|
that the cell is the same as the realm in lower
|
||||||
|
case) */
|
||||||
|
#else
|
||||||
|
*ent->salttype = key->salt->type;
|
||||||
|
#endif
|
||||||
|
krb5_copy_data(context, &key->salt->salt,
|
||||||
|
&ent->salt);
|
||||||
|
} else {
|
||||||
|
/* we return no salt type at all, as that should indicate
|
||||||
|
* the default salt type and make everybody happy. some
|
||||||
|
* systems (like w2k) dislike being told the salt type
|
||||||
|
* here. */
|
||||||
|
|
||||||
|
ent->salttype = NULL;
|
||||||
|
ent->salt = NULL;
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static krb5_error_code
|
||||||
|
get_pa_etype_info(METHOD_DATA *md, hdb_entry *client,
|
||||||
|
ENCTYPE *etypes, unsigned int etypes_len)
|
||||||
{
|
{
|
||||||
krb5_error_code ret = 0;
|
krb5_error_code ret = 0;
|
||||||
int i;
|
int i, j;
|
||||||
|
unsigned int n = 0;
|
||||||
ETYPE_INFO pa;
|
ETYPE_INFO pa;
|
||||||
unsigned char *buf;
|
unsigned char *buf;
|
||||||
size_t len;
|
size_t len;
|
||||||
@@ -260,41 +300,39 @@ get_pa_etype_info(METHOD_DATA *md, hdb_entry *client)
|
|||||||
pa.val = malloc(pa.len * sizeof(*pa.val));
|
pa.val = malloc(pa.len * sizeof(*pa.val));
|
||||||
if(pa.val == NULL)
|
if(pa.val == NULL)
|
||||||
return ENOMEM;
|
return ENOMEM;
|
||||||
for(i = 0; i < client->keys.len; i++) {
|
|
||||||
pa.val[i].etype = client->keys.val[i].key.keytype;
|
|
||||||
if(client->keys.val[i].salt){
|
|
||||||
ALLOC(pa.val[i].salttype);
|
|
||||||
#if 0
|
|
||||||
if(client->keys.val[i].salt->type == hdb_pw_salt)
|
|
||||||
*pa.val[i].salttype = 0; /* or 1? or NULL? */
|
|
||||||
else if(client->keys.val[i].salt->type == hdb_afs3_salt)
|
|
||||||
*pa.val[i].salttype = 2;
|
|
||||||
else {
|
|
||||||
free_ETYPE_INFO(&pa);
|
|
||||||
kdc_log(0, "unknown salt-type: %d",
|
|
||||||
client->keys.val[i].salt->type);
|
|
||||||
return KRB5KRB_ERR_GENERIC;
|
|
||||||
}
|
|
||||||
/* according to `the specs', we can't send a salt if
|
|
||||||
we have AFS3 salted key, but that requires that you
|
|
||||||
*know* what cell you are using (e.g by assuming
|
|
||||||
that the cell is the same as the realm in lower
|
|
||||||
case) */
|
|
||||||
#else
|
|
||||||
*pa.val[i].salttype = client->keys.val[i].salt->type;
|
|
||||||
#endif
|
|
||||||
krb5_copy_data(context, &client->keys.val[i].salt->salt,
|
|
||||||
&pa.val[i].salt);
|
|
||||||
} else {
|
|
||||||
/* we return no salt type at all, as that should indicate
|
|
||||||
* the default salt type and make everybody happy. some
|
|
||||||
* systems (like w2k) dislike being told the salt type
|
|
||||||
* here. */
|
|
||||||
|
|
||||||
pa.val[i].salttype = NULL;
|
for(j = 0; j < etypes_len; j++) {
|
||||||
pa.val[i].salt = NULL;
|
for(i = 0; i < client->keys.len; i++) {
|
||||||
|
if(client->keys.val[i].key.keytype == etypes[j])
|
||||||
|
if((ret = make_etype_info_entry(&pa.val[n++],
|
||||||
|
&client->keys.val[i])) != 0) {
|
||||||
|
free_ETYPE_INFO(&pa);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
for(i = 0; i < client->keys.len; i++) {
|
||||||
|
for(j = 0; j < etypes_len; j++) {
|
||||||
|
if(client->keys.val[i].key.keytype == etypes[j])
|
||||||
|
goto skip;
|
||||||
|
}
|
||||||
|
if((ret = make_etype_info_entry(&pa.val[n++],
|
||||||
|
&client->keys.val[i])) != 0) {
|
||||||
|
free_ETYPE_INFO(&pa);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
skip:;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(n != pa.len) {
|
||||||
|
char *name;
|
||||||
|
krb5_unparse_name(context, client->principal, &name);
|
||||||
|
kdc_log(0, "internal error in get_pa_etype_info(%s): %d != %d",
|
||||||
|
name, n, pa.len);
|
||||||
|
free(name);
|
||||||
|
pa.len = n;
|
||||||
|
}
|
||||||
|
|
||||||
len = length_ETYPE_INFO(&pa);
|
len = length_ETYPE_INFO(&pa);
|
||||||
buf = malloc(len);
|
buf = malloc(len);
|
||||||
if (buf == NULL) {
|
if (buf == NULL) {
|
||||||
@@ -611,7 +649,8 @@ as_rep(KDC_REQ *req,
|
|||||||
pa->padata_value.length = 0;
|
pa->padata_value.length = 0;
|
||||||
pa->padata_value.data = NULL;
|
pa->padata_value.data = NULL;
|
||||||
|
|
||||||
ret = get_pa_etype_info(&method_data, client); /* XXX check ret */
|
ret = get_pa_etype_info(&method_data, client,
|
||||||
|
b->etype.val, b->etype.len); /* XXX check ret */
|
||||||
|
|
||||||
len = length_METHOD_DATA(&method_data);
|
len = length_METHOD_DATA(&method_data);
|
||||||
buf = malloc(len);
|
buf = malloc(len);
|
||||||
|
|||||||
Reference in New Issue
Block a user