send enc challange in KDC reply

2010-01-20 08:34:08 +00:00
parent 7151d4e66c
commit 8eb256ea00
1 changed files with 53 additions and 2 deletions
--- a/kdc/kerberos5.c
+++ b/kdc/kerberos5.c
@@ -1001,6 +1001,54 @@ _kdc_is_anonymous(krb5_context context, krb5_principal principal)
    return 1;
 }

+static krb5_error_code
+make_pa_enc_challange(krb5_context context, METHOD_DATA *md,
+		      krb5_crypto crypto)
+{
+    PA_ENC_TS_ENC p;
+    unsigned char *buf;
+    size_t buf_size;
+    size_t len;
+    EncryptedData encdata;
+    krb5_error_code ret;
+    int32_t usec;
+    int usec2;
+
+    krb5_us_timeofday (context, &p.patimestamp, &usec);
+    usec2         = usec;
+    p.pausec      = &usec2;
+
+    ASN1_MALLOC_ENCODE(PA_ENC_TS_ENC, buf, buf_size, &p, &len, ret);
+    if (ret)
+	return ret;
+    if(buf_size != len)
+	krb5_abortx(context, "internal error in ASN.1 encoder");
+
+    ret = krb5_encrypt_EncryptedData(context,
+				     crypto,
+				     KRB5_KU_ENC_CHALLENGE_KDC,
+				     buf,
+				     len,
+				     0,
+				     &encdata);
+    free(buf);
+    if (ret)
+	return ret;
+
+    ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_size, &encdata, &len, ret);
+    free_EncryptedData(&encdata);
+    if (ret)
+	return ret;
+    if(buf_size != len)
+	krb5_abortx(context, "internal error in ASN.1 encoder");
+
+    ret = krb5_padata_add(context, md, KRB5_PADATA_ENCRYPTED_CHALLENGE, buf, len);
+    if (ret)
+	free(buf);
+    return ret;
+}
+
+
 /*
 *
 */
@@ -1496,7 +1544,10 @@ _kdc_as_rep(krb5_context context,
 		free_PA_ENC_TS_ENC(&p);
 		et.flags.pre_authent = 1;

-		/* XXX add kdc reply */
+		ret = make_pa_enc_challange(context, rep.padata,
+					    challangecrypto);
+		if (ret)
+		    goto out;
 					    
 		set_salt_padata(rep.padata, k->salt);
 		reply_key = &k->key;