Removed unsed code. Changed semantics for out_creds (to better match
MIT). Add some error checking. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@1111 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
@@ -2,6 +2,8 @@
|
||||
#include <krb5_error.h>
|
||||
#include <md4.h>
|
||||
|
||||
RCSID("$Id$");
|
||||
|
||||
/*
|
||||
*
|
||||
*/
|
||||
@@ -28,7 +30,7 @@ key_proc (krb5_context context,
|
||||
int
|
||||
extract_ticket(krb5_context context,
|
||||
krb5_kdc_rep *rep,
|
||||
krb5_creds **creds,
|
||||
krb5_creds *creds,
|
||||
krb5_key_proc key_proc,
|
||||
krb5_const_pointer keyseed,
|
||||
krb5_decrypt_proc decrypt_proc,
|
||||
@@ -119,124 +121,7 @@ krb5_get_credentials (krb5_context context,
|
||||
krb5_build_authenticator (context, in_creds->client,
|
||||
&c, NULL, &authenticator);
|
||||
}
|
||||
|
||||
#if 0
|
||||
{
|
||||
struct timeval tv;
|
||||
auth.authenticator_vno = 5;
|
||||
krb5_cc_get_principal(context, ccache, &out_creds->client);
|
||||
|
||||
auth.crealm = malloc(out_creds->client->realm.length + 1);
|
||||
strncpy (auth.crealm, out_creds->client->realm.data,
|
||||
out_creds->client->realm.length);
|
||||
auth.crealm[out_creds->client->realm.length] = 0;
|
||||
krb5_principal2principalname(&auth.cname, out_creds->client);
|
||||
gettimeofday(&tv, NULL);
|
||||
{
|
||||
char buf[1024];
|
||||
int len;
|
||||
struct md4 m;
|
||||
len = encode_KDC_REQ_BODY(buf + sizeof(buf) - 1, sizeof(buf),
|
||||
&a.req_body);
|
||||
md4_init(&m);
|
||||
md4_update(&m, buf + sizeof(buf) - len, len);
|
||||
c.cksumtype = rsa_md4;
|
||||
c.checksum.length = 16;
|
||||
c.checksum.data = malloc(16);
|
||||
md4_finito(&m, c.checksum.data);
|
||||
auth.cksum = &c;
|
||||
}
|
||||
auth.cusec = tv.tv_usec;
|
||||
auth.ctime = tv.tv_sec;
|
||||
auth.subkey = NULL;
|
||||
auth.seq_number = NULL;
|
||||
auth.authorization_data = NULL;
|
||||
|
||||
}
|
||||
#endif
|
||||
|
||||
#if 0
|
||||
/*
|
||||
AP-REQ ::= [APPLICATION 14] SEQUENCE {
|
||||
pvno[0] INTEGER,
|
||||
msg-type[1] INTEGER,
|
||||
ap-options[2] APOptions,
|
||||
ticket[3] Ticket,
|
||||
authenticator[4] EncryptedData
|
||||
}
|
||||
*/
|
||||
{
|
||||
krb5_creds cred, mcred;
|
||||
ap.pvno = 5;
|
||||
ap.msg_type = krb_ap_req;
|
||||
memset(&ap.ap_options, 0, sizeof(ap.ap_options));
|
||||
/* ap.ap_options.use_session_key = 1;*/
|
||||
krb5_build_principal(context, &mcred.server,
|
||||
out_creds->client.realm.length,
|
||||
out_creds->client.realm.data,
|
||||
"krbtgt", a.req_body.realm, NULL);
|
||||
krb5_cc_retrieve_cred(context, ccache, 0, &mcred, &cred);
|
||||
|
||||
/*
|
||||
tkt-vno[0] INTEGER,
|
||||
realm[1] Realm,
|
||||
sname[2] PrincipalName,
|
||||
enc-part[3] EncryptedData
|
||||
*/
|
||||
ap.ticket.tkt_vno = 5;
|
||||
ap.ticket.realm = (char*)malloc(cred.server->realm.length + 1);
|
||||
strncpy(ap.ticket.realm, cred.server->realm.data,
|
||||
cred.server->realm.length);
|
||||
ap.ticket.realm[cred.server->realm.length] = 0;
|
||||
krb5_principal2principalname(&ap.ticket.sname, cred.server);
|
||||
|
||||
{
|
||||
Ticket t;
|
||||
decode_Ticket(cred.ticket.data,
|
||||
cred.ticket.length,
|
||||
&t);
|
||||
|
||||
ap.ticket.enc_part.etype = t.enc_part.etype;
|
||||
ap.ticket.enc_part.kvno = NULL;
|
||||
ap.ticket.enc_part.cipher = t.enc_part.cipher;
|
||||
}
|
||||
memcpy(&key, cred.session.contents.data, sizeof(key));
|
||||
des_set_key(cred.session.contents.data, schedule);
|
||||
}
|
||||
#endif
|
||||
|
||||
#if 0
|
||||
{
|
||||
u_int32_t crc;
|
||||
unsigned char *p;
|
||||
|
||||
memset(data, 0, sizeof(data));
|
||||
len = encode_Authenticator(data + sizeof(data) - 9,
|
||||
sizeof(data) - 8 - 12, &auth);
|
||||
p = data + sizeof(data) - 8 - len;
|
||||
|
||||
p -= 12;
|
||||
len += 12;
|
||||
len = (len + 7) & ~7;
|
||||
crc_init_table();
|
||||
crc = crc_update(p, len, 0);
|
||||
/* crc = htonl(crc); */
|
||||
memcpy(p + 8, &crc, 4);
|
||||
#if 0
|
||||
des_cbc_encrypt((void*)p, (void*)p, len, schedule, &key, DES_ENCRYPT);
|
||||
#endif
|
||||
#if 0
|
||||
ap.authenticator.etype = ap.ticket.enc_part.etype;
|
||||
ap.authenticator.kvno = NULL;
|
||||
ap.authenticator.cipher.data = p; /* p */
|
||||
ap.authenticator.cipher.length = len; /* len */
|
||||
#endif
|
||||
|
||||
authenticator.data = p;
|
||||
authenticator.length = len;
|
||||
}
|
||||
#endif
|
||||
|
||||
{
|
||||
krb5_creds cred, mcred;
|
||||
|
||||
@@ -259,16 +144,6 @@ AP-REQ ::= [APPLICATION 14] SEQUENCE {
|
||||
a.padata = malloc(sizeof(*a.padata));
|
||||
a.padata->len = 1;
|
||||
a.padata->val = &foo;
|
||||
|
||||
|
||||
#if 0
|
||||
foo.padata_value.length = encode_AP_REQ(buf2 + sizeof(buf2) - 1,
|
||||
sizeof(buf2), &ap);
|
||||
foo.padata_value.data = buf2 + sizeof(buf2) - foo.padata_value.length;
|
||||
a.padata = malloc(sizeof(*a.padata));
|
||||
a.padata->len = 1;
|
||||
a.padata->val = &foo;
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Encode
|
||||
@@ -296,21 +171,31 @@ AP-REQ ::= [APPLICATION 14] SEQUENCE {
|
||||
return err;
|
||||
}
|
||||
switch(((unsigned char*)resp.data)[0] & 0x1f){
|
||||
case krb_error:
|
||||
len = decode_TGS_REP(resp.data, resp.length, &error);
|
||||
case krb_error:{
|
||||
krb5_principal princ;
|
||||
char *name;
|
||||
len = decode_KRB_ERROR(resp.data, resp.length, &error);
|
||||
if(len < 0)
|
||||
return ASN1_PARSE_ERROR;
|
||||
principalname2krb5_principal(&princ, error.sname, error.realm);
|
||||
krb5_unparse_name(context, princ, &name);
|
||||
fprintf(stderr, "Error: %s", name);
|
||||
if(error.e_text)
|
||||
fprintf(stderr, " \"%s\"", *error.e_text);
|
||||
fprintf(stderr, " (code %d)\n", error.error_code);
|
||||
abort();
|
||||
break;
|
||||
}
|
||||
case krb_tgs_rep:
|
||||
len = decode_TGS_REP(resp.data, resp.length, &rep.part1);
|
||||
if(len < 0)
|
||||
return ASN1_PARSE_ERROR;
|
||||
out_creds = malloc(sizeof(*out_creds));
|
||||
*out_creds = NULL;
|
||||
*out_creds = malloc(sizeof(**out_creds));
|
||||
memset(*out_creds, 0, sizeof(**out_creds));
|
||||
err = extract_ticket(context, &rep, *out_creds, key_proc, key, NULL, NULL);
|
||||
if(err)
|
||||
return err;
|
||||
return krb5_cc_store_cred (context, ccache, out_creds);
|
||||
return krb5_cc_store_cred (context, ccache, *out_creds);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
Reference in New Issue
Block a user