oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Unseal keys from database before use.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2599 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
1997-07-24 07:43:56 +00:00
parent a008bcfa91
commit b07396da72
1 changed files with 19 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
kdc/kerberos5.c
View File

@@ -61,7 +61,7 @@ as_rep(krb5_context context,
const char *e_text = NULL; const char *e_text = NULL;
int i; int i;
Key *ckey, *skey; Key *ckey, *skey, *ekey;
if(b->sname == NULL){ if(b->sname == NULL){
server_name = "<unknown server>"; server_name = "<unknown server>";
@@ -162,12 +162,15 @@ as_rep(krb5_context context,
goto out; goto out;
} }
ekey = unseal_key(ckey);
ret = krb5_decrypt (context, ret = krb5_decrypt (context,
enc_data.cipher.data, enc_data.cipher.data,
enc_data.cipher.length, enc_data.cipher.length,
enc_data.etype, enc_data.etype,
&ckey->key, &ekey->key,
&ts_data); &ts_data);
free_key(ekey);
free_EncryptedData(&enc_data); free_EncryptedData(&enc_data);
if(ret){ if(ret){
e_text = "Failed to decrypt PA-DATA"; e_text = "Failed to decrypt PA-DATA";
@@ -391,12 +394,14 @@ as_rep(krb5_context context,
goto out; goto out;
} }
ekey = unseal_key(skey);
krb5_encrypt_EncryptedData(context, krb5_encrypt_EncryptedData(context,
buf + sizeof(buf) - len, buf + sizeof(buf) - len,
len, len,
etype, etype,
&skey->key, &ekey->key,
&rep.ticket.enc_part); &rep.ticket.enc_part);
free_key(ekey);
ret = encode_EncASRepPart(buf + sizeof(buf) - 1, sizeof(buf), ret = encode_EncASRepPart(buf + sizeof(buf) - 1, sizeof(buf),
&ek, &len); &ek, &len);
@@ -405,12 +410,14 @@ as_rep(krb5_context context,
kdc_log(0, "Failed to encode KDC-REP -- %s", client_name); kdc_log(0, "Failed to encode KDC-REP -- %s", client_name);
goto out; goto out;
} }
ekey = unseal_key(ckey);
krb5_encrypt_EncryptedData(context, krb5_encrypt_EncryptedData(context,
buf + sizeof(buf) - len, buf + sizeof(buf) - len,
len, len,
etype, etype,
&ckey->key, &ekey->key,
&rep.enc_part); &rep.enc_part);
free_key(ekey);
if(ckey->salt){ if(ckey->salt){
ALLOC(rep.padata); ALLOC(rep.padata);
rep.padata->len = 1; rep.padata->len = 1;
@@ -574,7 +581,7 @@ tgs_make_reply(krb5_context context, KDC_REQ_BODY *b, EncTicketPart *tgt,
krb5_error_code ret; krb5_error_code ret;
int i; int i;
krb5_enctype etype; krb5_enctype etype;
Key *skey; Key *skey, *ekey;
/* Find appropriate key */ /* Find appropriate key */
for(i = 0; i < b->etype.len; i++){ for(i = 0; i < b->etype.len; i++){
@@ -697,10 +704,12 @@ tgs_make_reply(krb5_context context, KDC_REQ_BODY *b, EncTicketPart *tgt,
krb5_get_err_text(context, ret)); krb5_get_err_text(context, ret));
goto out; goto out;
} }
ekey = unseal_key(skey);
krb5_encrypt_EncryptedData(context, buf + sizeof(buf) - len, len, krb5_encrypt_EncryptedData(context, buf + sizeof(buf) - len, len,
etype, etype,
&skey->key, &ekey->key,
&rep.ticket.enc_part); &rep.ticket.enc_part);
free_key(ekey);
ret = encode_EncTGSRepPart(buf + sizeof(buf) - 1, ret = encode_EncTGSRepPart(buf + sizeof(buf) - 1,
sizeof(buf), &ek, &len); sizeof(buf), &ek, &len);
@@ -815,6 +824,7 @@ tgs_rep2(krb5_context context,
hdb_entry *krbtgt; hdb_entry *krbtgt;
EncTicketPart *tgt; EncTicketPart *tgt;
Key *ekey;
ret = krb5_decode_ap_req(context, &pa_data->padata_value, &ap_req); ret = krb5_decode_ap_req(context, &pa_data->padata_value, &ap_req);
if(ret){ if(ret){
@@ -845,13 +855,15 @@ tgs_rep2(krb5_context context,
goto out; goto out;
} }
ekey = unseal_key(&krbtgt->keys.val[0]); /* XXX */
ret = krb5_verify_ap_req(context, ret = krb5_verify_ap_req(context,
&ac, &ac,
&ap_req, &ap_req,
princ, princ,
&krbtgt->keys.val[0].key, /* XXX */ &ekey->key,
&ap_req_options, &ap_req_options,
&ticket); &ticket);
free_key(ekey);
krb5_free_principal(context, princ); krb5_free_principal(context, princ);
if(ret) { if(ret) {