oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Save DH group name and print it on success.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16139 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2005-10-07 10:40:00 +00:00
parent ff2f0da2df
commit b1fffa7079
1 changed files with 16 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
kdc/pkinit.c
View File

@@ -76,6 +76,7 @@ struct pk_client_params {
unsigned nonce; unsigned nonce;
DH *dh; DH *dh;
EncryptionKey reply_key; EncryptionKey reply_key;
char *dh_group_name;
}; };
struct pk_principal_mapping { struct pk_principal_mapping {
@@ -282,17 +283,12 @@ _kdc_pk_free_client_param(krb5_context context,
if (client_params->dh_public_key) if (client_params->dh_public_key)
BN_free(client_params->dh_public_key); BN_free(client_params->dh_public_key);
krb5_free_keyblock_contents(context, &client_params->reply_key); krb5_free_keyblock_contents(context, &client_params->reply_key);
if (client_params->dh_group_name)
free(client_params->dh_group_name);
memset(client_params, 0, sizeof(*client_params)); memset(client_params, 0, sizeof(*client_params));
free(client_params); free(client_params);
} }
static krb5_error_code
check_dh_params(DH *dh)
{
/* XXX check the DH parameters come from 1st or 2nd Oeakley Group */
return 0;
}
static krb5_error_code static krb5_error_code
generate_dh_keyblock(krb5_context context, pk_client_params *client_params, generate_dh_keyblock(krb5_context context, pk_client_params *client_params,
krb5_enctype enctype, krb5_keyblock *reply_key) krb5_enctype enctype, krb5_keyblock *reply_key)
@@ -411,7 +407,8 @@ get_dh_param(krb5_context context, SubjectPublicKeyInfo *dh_key_info,
ret = _krb5_dh_group_ok(context, 0, ret = _krb5_dh_group_ok(context, 0,
&dhparam.p, &dhparam.g, &dhparam.q, moduli); &dhparam.p, &dhparam.g, &dhparam.q, moduli,
&client_params->dh_group_name);
if (ret) if (ret)
goto out; goto out;
@@ -552,13 +549,12 @@ _kdc_pk_rd_padata(krb5_context context,
return 0; return 0;
} }
client_params = malloc(sizeof(*client_params)); client_params = calloc(1, sizeof(*client_params));
if (client_params == NULL) { if (client_params == NULL) {
krb5_clear_error_string(context); krb5_clear_error_string(context);
ret = ENOMEM; ret = ENOMEM;
goto out; goto out;
} }
memset(client_params, 0, sizeof(*client_params));
if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_WIN) { if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_WIN) {
PA_PK_AS_REQ_Win2k r; PA_PK_AS_REQ_Win2k r;
@@ -1278,6 +1274,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
if (client_params->type == PKINIT_COMPAT_27) { if (client_params->type == PKINIT_COMPAT_27) {
PA_PK_AS_REP rep; PA_PK_AS_REP rep;
const char *type, *other = "";
memset(&rep, 0, sizeof(rep)); memset(&rep, 0, sizeof(rep));
@@ -1286,6 +1283,8 @@ _kdc_pk_mk_pa_reply(krb5_context context,
if (client_params->dh == NULL) { if (client_params->dh == NULL) {
ContentInfo info; ContentInfo info;
type = "enckey";
rep.element = choice_PA_PK_AS_REP_encKeyPack; rep.element = choice_PA_PK_AS_REP_encKeyPack;
krb5_generate_random_keyblock(context, enctype, krb5_generate_random_keyblock(context, enctype,
@@ -1316,11 +1315,11 @@ _kdc_pk_mk_pa_reply(krb5_context context,
} else { } else {
ContentInfo info; ContentInfo info;
rep.element = choice_PA_PK_AS_REP_dhInfo; type = "dh";
if (client_params->dh_group_name)
other = client_params->dh_group_name;
ret = check_dh_params(client_params->dh); rep.element = choice_PA_PK_AS_REP_dhInfo;
if (ret)
return ret;
ret = generate_dh_keyblock(context, client_params, enctype, ret = generate_dh_keyblock(context, client_params, enctype,
&client_params->reply_key); &client_params->reply_key);
@@ -1361,6 +1360,8 @@ _kdc_pk_mk_pa_reply(krb5_context context,
if (len != size) if (len != size)
krb5_abortx(context, "Internal ASN.1 encoder error"); krb5_abortx(context, "Internal ASN.1 encoder error");
kdc_log(context, config, 0, "PK-INIT using %s %s", type, other);
} else if (client_params->type == PKINIT_COMPAT_19) { } else if (client_params->type == PKINIT_COMPAT_19) {
PA_PK_AS_REP_19 rep; PA_PK_AS_REP_19 rep;
@@ -1636,7 +1637,7 @@ _kdc_pk_initialize(krb5_context context,
file = krb5_config_get_string(context, NULL, file = krb5_config_get_string(context, NULL,
"libdefaults", "moduli", NULL); "libdefaults", "moduli", NULL);
ret = _krb5_parse_moduli(context, NULL, &moduli); ret = _krb5_parse_moduli(context, file, &moduli);
if (ret) if (ret)
krb5_err(context, 1, ret, "PKINIT: failed to load modidi file"); krb5_err(context, 1, ret, "PKINIT: failed to load modidi file");