oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Use HX509_CMS_VS_ALLOW_ZERO_SIGNER for anonymous requests.

Browse Source 
Move the check client/anonoymous logic here

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24577 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2009-02-04 22:03:58 +00:00
parent afb2abb65d
commit 7f61137222
1 changed files with 17 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
kdc/pkinit.c
View File

@@ -531,10 +531,14 @@ _kdc_pk_rd_padata(krb5_context context,
{ {
hx509_certs signer_certs; hx509_certs signer_certs;
int flags = HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH; /* BTMM */
if (req->req_body.kdc_options.request_anonymous)
flags |= HX509_CMS_VS_ALLOW_ZERO_SIGNER;
ret = hx509_cms_verify_signed(kdc_identity->hx509ctx, ret = hx509_cms_verify_signed(kdc_identity->hx509ctx,
kdc_identity->verify_ctx, kdc_identity->verify_ctx,
HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH, flags,
signed_content.data, signed_content.data,
signed_content.length, signed_content.length,
NULL, NULL,
@@ -550,9 +554,11 @@ _kdc_pk_rd_padata(krb5_context context,
goto out; goto out;
} }
if (signer_certs) {
ret = hx509_get_one_cert(kdc_identity->hx509ctx, signer_certs, ret = hx509_get_one_cert(kdc_identity->hx509ctx, signer_certs,
&client_params->cert); &client_params->cert);
hx509_certs_free(&signer_certs); hx509_certs_free(&signer_certs);
}
if (ret) if (ret)
goto out; goto out;
} }
@@ -1414,6 +1420,13 @@ _kdc_pk_check_client(krb5_context context,
hx509_name name; hx509_name name;
int i; int i;
if (client_params->cert == NULL) {
*subject_name = strdup("anonymous client client");
if (*subject_name == NULL)
return ENOMEM;
return 0;
}
ret = hx509_cert_get_base_subject(kdc_identity->hx509ctx, ret = hx509_cert_get_base_subject(kdc_identity->hx509ctx,
client_params->cert, client_params->cert,
&name); &name);