oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

remember the saltings we used in preauth in case the kdc doesn't sent

Browse Source 
it back with the ticket.
This commit is contained in:
Love Hornquist Astrand
2009-11-22 09:32:23 -08:00
parent 2c14216733
commit d6f5c959d6
1 changed files with 37 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
lib/krb5/init_creds_pw.c
View File

@@ -67,8 +67,25 @@ typedef struct krb5_get_init_creds_ctx {
krb5_prompter_fct prompter; krb5_prompter_fct prompter;
void *prompter_data; void *prompter_data;
struct pa_info_data *ppaid;
} krb5_get_init_creds_ctx; } krb5_get_init_creds_ctx;
struct pa_info_data {
krb5_enctype etype;
krb5_salt salt;
krb5_data *s2kparams;
};
static void
free_paid(krb5_context context, struct pa_info_data *ppaid)
{
krb5_free_salt(context, ppaid->salt);
if (ppaid->s2kparams)
krb5_free_data(context, ppaid->s2kparams);
}
static krb5_error_code static krb5_error_code
default_s2k_func(krb5_context context, krb5_enctype type, default_s2k_func(krb5_context context, krb5_enctype type,
krb5_const_pointer keyseed, krb5_const_pointer keyseed,
@@ -116,6 +133,10 @@ free_init_creds_ctx(krb5_context context, krb5_init_creds_context ctx)
free_EncKDCRepPart(&ctx->enc_part); free_EncKDCRepPart(&ctx->enc_part);
free_KRB_ERROR(&ctx->error); free_KRB_ERROR(&ctx->error);
free_AS_REQ(&ctx->as_req); free_AS_REQ(&ctx->as_req);
if (ctx->ppaid) {
free_paid(context, ctx->ppaid);
free(ctx->ppaid);
}
memset(ctx, 0, sizeof(*ctx)); memset(ctx, 0, sizeof(*ctx));
} }
@@ -677,20 +698,6 @@ init_as_req (krb5_context context,
return ret; return ret;
} }
struct pa_info_data {
krb5_enctype etype;
krb5_salt salt;
krb5_data *s2kparams;
};
static void
free_paid(krb5_context context, struct pa_info_data *ppaid)
{
krb5_free_salt(context, ppaid->salt);
if (ppaid->s2kparams)
krb5_free_data(context, ppaid->s2kparams);
}
static krb5_error_code static krb5_error_code
set_paid(struct pa_info_data *paid, krb5_context context, set_paid(struct pa_info_data *paid, krb5_context context,
@@ -1141,16 +1148,22 @@ process_pa_data_to_md(krb5_context context,
return ret; return ret;
} else if (in_md->len != 0) { } else if (in_md->len != 0) {
struct pa_info_data paid, *ppaid; struct pa_info_data *paid, *ppaid;
memset(&paid, 0, sizeof(paid)); paid = calloc(1, sizeof(*paid));
paid.etype = ENCTYPE_NULL; paid->etype = ENCTYPE_NULL;
ppaid = process_pa_info(context, creds->client, a, &paid, in_md); ppaid = process_pa_info(context, creds->client, a, paid, in_md);
pa_data_to_md_ts_enc(context, a, creds->client, ctx, ppaid, *out_md); pa_data_to_md_ts_enc(context, a, creds->client, ctx, ppaid, *out_md);
if (ppaid) if (ppaid) {
free_paid(context, ppaid); if (ctx->ppaid) {
free_paid(context, ctx->ppaid);
free(ctx->ppaid);
}
ctx->ppaid = ppaid;
} else
free(paid);
} }
pa_data_add_pac_request(context, ctx, *out_md); pa_data_add_pac_request(context, ctx, *out_md);
@@ -1186,12 +1199,15 @@ process_pa_data_to_key(krb5_context context,
ppaid = process_pa_info(context, creds->client, a, &paid, ppaid = process_pa_info(context, creds->client, a, &paid,
rep->padata); rep->padata);
} }
if (ppaid == NULL)
ppaid = ctx->ppaid;
if (ppaid == NULL) { if (ppaid == NULL) {
ret = krb5_get_pw_salt (context, creds->client, &paid.salt); ret = krb5_get_pw_salt (context, creds->client, &paid.salt);
if (ret) if (ret)
return ret; return ret;
paid.etype = etype; paid.etype = etype;
paid.s2kparams = NULL; paid.s2kparams = NULL;
ppaid = &paid;
} }
pa = NULL; pa = NULL;
@@ -1226,7 +1242,7 @@ process_pa_data_to_key(krb5_context context,
#endif #endif
} else if (ctx->keyseed) } else if (ctx->keyseed)
ret = pa_data_to_key_plain(context, creds->client, ctx, ret = pa_data_to_key_plain(context, creds->client, ctx,
paid.salt, paid.s2kparams, etype, key); ppaid->salt, ppaid->s2kparams, etype, key);
else { else {
ret = EINVAL; ret = EINVAL;
krb5_set_error_message(context, ret, N_("No usable pa data type", "")); krb5_set_error_message(context, ret, N_("No usable pa data type", ""));