From 8eb256ea004ed94b3f7913cd3a9c683a3167e918 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Wed, 20 Jan 2010 08:34:08 +0000 Subject: [PATCH] send enc challange in KDC reply --- kdc/kerberos5.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 53 insertions(+), 2 deletions(-) diff --git a/kdc/kerberos5.c b/kdc/kerberos5.c index 1d790715e..e2c97135f 100644 --- a/kdc/kerberos5.c +++ b/kdc/kerberos5.c @@ -1001,6 +1001,54 @@ _kdc_is_anonymous(krb5_context context, krb5_principal principal) return 1; } +static krb5_error_code +make_pa_enc_challange(krb5_context context, METHOD_DATA *md, + krb5_crypto crypto) +{ + PA_ENC_TS_ENC p; + unsigned char *buf; + size_t buf_size; + size_t len; + EncryptedData encdata; + krb5_error_code ret; + int32_t usec; + int usec2; + + krb5_us_timeofday (context, &p.patimestamp, &usec); + usec2 = usec; + p.pausec = &usec2; + + ASN1_MALLOC_ENCODE(PA_ENC_TS_ENC, buf, buf_size, &p, &len, ret); + if (ret) + return ret; + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + + ret = krb5_encrypt_EncryptedData(context, + crypto, + KRB5_KU_ENC_CHALLENGE_KDC, + buf, + len, + 0, + &encdata); + free(buf); + if (ret) + return ret; + + ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_size, &encdata, &len, ret); + free_EncryptedData(&encdata); + if (ret) + return ret; + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + + ret = krb5_padata_add(context, md, KRB5_PADATA_ENCRYPTED_CHALLENGE, buf, len); + if (ret) + free(buf); + return ret; +} + + /* * */ @@ -1496,8 +1544,11 @@ _kdc_as_rep(krb5_context context, free_PA_ENC_TS_ENC(&p); et.flags.pre_authent = 1; - /* XXX add kdc reply */ - + ret = make_pa_enc_challange(context, rep.padata, + challangecrypto); + if (ret) + goto out; + set_salt_padata(rep.padata, k->salt); reply_key = &k->key;