oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

(_krb5_pk_convert_rep): convert microsoft style answer to IETF, From

Browse Source 
Luke Howard <lukeh@padl.com>
(_krb5_pk_create_sign): ms handles NULL in param, so always send it
(_krb5_pk_mk_padata): look for [realms]REALM = { win2k_pkinit = bool }


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13760 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2004-04-24 13:15:01 +00:00
parent 76d1e32354
commit c9aac6c50e
1 changed files with 69 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

93
lib/krb5/pkinit.c
View File

@@ -183,7 +183,9 @@ set_digest_alg(DigestAlgorithmIdentifier *id,
return ENOMEM; return ENOMEM;
} }
memcpy(id->parameters->data, param, length); memcpy(id->parameters->data, param, length);
} id->parameters->length = length;
} else
id->parameters = NULL;
ret = copy_oid(oid, &id->algorithm); ret = copy_oid(oid, &id->algorithm);
if (ret) { if (ret) {
if (id->parameters) { if (id->parameters) {
@@ -301,14 +303,8 @@ _krb5_pk_create_sign(krb5_context context,
} }
} }
if ((context->pkinit_flags & KRB5_PKINIT_WIN2K) == 0) ret = set_digest_alg(&signer_info->digestAlgorithm,
ret = set_digest_alg(&signer_info->digestAlgorithm, &heim_sha1_oid, "\x05\x00", 2);
&heim_sha1_oid,
"\x05\x00", 2);
else
ret = set_digest_alg(&signer_info->digestAlgorithm,
&heim_sha1_oid,
NULL, 0);
if (ret) { if (ret) {
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_string(context, "malloc: out of memory");
goto out; goto out;
@@ -352,14 +348,8 @@ _krb5_pk_create_sign(krb5_context context,
goto out; goto out;
} }
if ((context->pkinit_flags & KRB5_PKINIT_WIN2K) == 0) ret = set_digest_alg(&sd.digestAlgorithms.val[0],
ret = set_digest_alg(&sd.digestAlgorithms.val[0], &heim_sha1_oid, "\x05\x00", 2);
&heim_sha1_oid,
"\x05\x00", 2);
else
ret = set_digest_alg(&sd.digestAlgorithms.val[0],
&heim_sha1_oid,
NULL, 0);
if (ret) { if (ret) {
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_string(context, "malloc: out of memory");
goto out; goto out;
@@ -593,6 +583,7 @@ _krb5_pk_mk_padata(krb5_context context,
krb5_data buf, sd_buf; krb5_data buf, sd_buf;
int pa_type; int pa_type;
const char *provisioning_server = NULL; const char *provisioning_server = NULL;
int win2k_compat;
if (context->pkinit_flags & KRB5_PKINIT_PACKET_CABLE) { if (context->pkinit_flags & KRB5_PKINIT_PACKET_CABLE) {
provisioning_server = provisioning_server =
@@ -606,7 +597,16 @@ _krb5_pk_mk_padata(krb5_context context,
krb5_data_zero(&buf); krb5_data_zero(&buf);
krb5_data_zero(&sd_buf); krb5_data_zero(&sd_buf);
memset(&req, 0, sizeof(req)); memset(&req, 0, sizeof(req));
win2k_compat = krb5_config_get_bool_default(context, NULL,
FALSE,
"realms",
req_body->realm,
"win2k_pkinit",
NULL);
if (win2k_compat)
context->pkinit_flags |= KRB5_PKINIT_WIN2K;
if (context->pkinit_flags & KRB5_PKINIT_WIN2K) { if (context->pkinit_flags & KRB5_PKINIT_WIN2K) {
AuthPack_Win2k ap; AuthPack_Win2k ap;
@@ -1544,6 +1544,53 @@ pk_rd_pa_reply_dh(krb5_context context,
return ret; return ret;
} }
static krb5_error_code
_krb5_pk_convert_rep(krb5_context context,
PA_PK_AS_REP_Win2k *r_win2k,
PA_PK_AS_REP *r)
{
krb5_error_code ret;
ContentInfo ci;
size_t size;
switch (r_win2k->element) {
case choice_PA_PK_AS_REP_Win2k_dhSignedData:
r->element = choice_PA_PK_AS_REP_dhSignedData;
ret = decode_ContentInfo(r_win2k->u.dhSignedData.data,
r_win2k->u.dhSignedData.length,
&ci,
&size);
if (ret) {
krb5_set_error_string(context,
"decoding failed ContentInfo: %d", ret);
return ret;
}
r->u.dhSignedData = ci;
break;
case choice_PA_PK_AS_REP_Win2k_encKeyPack:
r->element = choice_PA_PK_AS_REP_encKeyPack;
ret = decode_ContentInfo(r_win2k->u.encKeyPack.data,
r_win2k->u.encKeyPack.length,
&ci,
&size);
if (ret) {
krb5_set_error_string(context,
"decoding failed ContentInfo: %d", ret);
return ret;
}
r->u.encKeyPack = ci;
break;
default:
krb5_set_error_string(context, "pkinit reply invalid content type");
return EINVAL;
}
return ret;
}
krb5_error_code krb5_error_code
_krb5_pk_rd_pa_reply(krb5_context context, _krb5_pk_rd_pa_reply(krb5_context context,
void *c, void *c,
@@ -1567,6 +1614,7 @@ _krb5_pk_rd_pa_reply(krb5_context context,
PA_PK_AS_REP_Win2k w2krep; PA_PK_AS_REP_Win2k w2krep;
free_PA_PK_AS_REP(&rep); free_PA_PK_AS_REP(&rep);
memset(&rep, 0, sizeof(rep));
ret = decode_PA_PK_AS_REP_Win2k(pa->padata_value.data, ret = decode_PA_PK_AS_REP_Win2k(pa->padata_value.data,
pa->padata_value.length, pa->padata_value.length,
@@ -1577,13 +1625,10 @@ _krb5_pk_rd_pa_reply(krb5_context context,
"pkinit reply %d", ret); "pkinit reply %d", ret);
return ret; return ret;
} }
#if 0 ret = _krb5_pk_convert_rep(context, &w2krep, &rep);
convert_rep(&w2krep, &rep);
printf("decoing of win reply succeded\n");
#endif
krb5_set_error_string(context, "w2k pkinit support missing");
free_PA_PK_AS_REP_Win2k(&w2krep); free_PA_PK_AS_REP_Win2k(&w2krep);
return EINVAL; if (ret)
return ret;
} }
switch(rep.element) { switch(rep.element) {