oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Add better support for pre-authentication, by looking at hints from

Browse Source 
the KDC.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@4349 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
1998-01-22 22:34:12 +00:00
parent 1d3d76d40e
commit 82efb9b371
1 changed files with 48 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
lib/krb5/init_creds_pw.c
View File

@@ -386,6 +386,7 @@ krb5_get_init_creds_password(krb5_context context,
krb5_addresses *addrs = NULL; krb5_addresses *addrs = NULL;
krb5_enctype *etypes = NULL; krb5_enctype *etypes = NULL;
krb5_preauthtype *pre_auth_types = NULL; krb5_preauthtype *pre_auth_types = NULL;
krb5_preauthdata *preauth = NULL, preauth2;
krb5_creds this_cred; krb5_creds this_cred;
krb5_kdc_rep kdc_reply; krb5_kdc_rep kdc_reply;
char buf[BUFSIZ]; char buf[BUFSIZ];
@@ -428,6 +429,7 @@ krb5_get_init_creds_password(krb5_context context,
addrs, addrs,
etypes, etypes,
pre_auth_types, pre_auth_types,
preauth,
krb5_password_key_proc, krb5_password_key_proc,
password, password,
NULL, NULL,
@@ -451,7 +453,38 @@ krb5_get_init_creds_password(krb5_context context,
goto out; goto out;
password = buf; password = buf;
break; break;
case KRB5KDC_ERR_PREAUTH_REQUIRED : case KRB5KDC_ERR_PREAUTH_REQUIRED : {
if(kdc_reply.error.e_data){
METHOD_DATA md;
int i;
krb5_preauthtype *pt = pre_auth_types;
decode_METHOD_DATA(kdc_reply.error.e_data->data,
kdc_reply.error.e_data->length,
&md,
NULL);
for(i = 0; i < md.len; i++){
switch(md.val[i].padata_type){
case pa_enc_timestamp:
if (pre_auth_types)
free (pre_auth_types);
ALLOC(pre_auth_types, 2);
if (pre_auth_types == NULL)
goto out;
pre_auth_types[0] = KRB5_PADATA_ENC_TIMESTAMP;
pre_auth_types[1] = 0;
break;
case pa_key_info:
preauth = &preauth2;
ALLOC_SEQ(preauth, 1);
preauth->val[0].type = KRB5_PADATA_ENC_TIMESTAMP;
decode_PA_KEY_INFO(md.val[i].padata_value.data,
md.val[i].padata_value.length,
&preauth->val[0].info,
NULL);
break;
}
}
}else{
if (pre_auth_types) if (pre_auth_types)
free (pre_auth_types); free (pre_auth_types);
pre_auth_types = malloc(2 * sizeof(*pre_auth_types)); pre_auth_types = malloc(2 * sizeof(*pre_auth_types));
@@ -459,7 +492,9 @@ krb5_get_init_creds_password(krb5_context context,
goto out; goto out;
pre_auth_types[0] = KRB5_PADATA_ENC_TIMESTAMP; pre_auth_types[0] = KRB5_PADATA_ENC_TIMESTAMP;
pre_auth_types[1] = 0; pre_auth_types[1] = 0;
}
break; break;
}
default: default:
goto out; goto out;
} }
@@ -484,6 +519,10 @@ krb5_get_init_creds_password(krb5_context context,
out: out:
memset (buf, 0, sizeof(buf)); memset (buf, 0, sizeof(buf));
free (pre_auth_types); free (pre_auth_types);
if(preauth) {
free_PA_KEY_INFO(&preauth->val[0].info);
free(preauth->val);
}
free (etypes); free (etypes);
krb5_free_creds_contents (context, &this_cred); krb5_free_creds_contents (context, &this_cred);
return ret; return ret;
@@ -537,6 +576,7 @@ krb5_get_init_creds_keytab(krb5_context context,
addrs, addrs,
etypes, etypes,
pre_auth_types, pre_auth_types,
NULL,
krb5_keyblock_key_proc, krb5_keyblock_key_proc,
&kt_ent.keyblock, &kt_ent.keyblock,
NULL, NULL,