oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Fill in asChecksum, we now implements -27 in the KDC.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15915 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2005-08-12 08:17:13 +00:00
parent 406caf3df5
commit d8b8b146cc
1 changed files with 28 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
kdc/pkinit.c
View File

@@ -66,7 +66,7 @@ struct krb5_pk_cert {
enum pkinit_type { enum pkinit_type {
PKINIT_COMPAT_WIN2K = 1, PKINIT_COMPAT_WIN2K = 1,
PKINIT_COMPAT_19 = 2, PKINIT_COMPAT_19 = 2,
PKINIT_COMPAT_25 = 3 PKINIT_COMPAT_27 = 3
}; };
struct pk_client_params { struct pk_client_params {
@@ -796,7 +796,7 @@ _kdc_pk_rd_padata(krb5_context context,
goto out; goto out;
} }
client_params->type = PKINIT_COMPAT_25; client_params->type = PKINIT_COMPAT_27;
client_params->nonce = ap.pkAuthenticator.nonce; client_params->nonce = ap.pkAuthenticator.nonce;
if (ap.clientPublicValue) { if (ap.clientPublicValue) {
@@ -851,6 +851,7 @@ static krb5_error_code
pk_mk_pa_reply_enckey(krb5_context context, pk_mk_pa_reply_enckey(krb5_context context,
pk_client_params *client_params, pk_client_params *client_params,
const KDC_REQ *req, const KDC_REQ *req,
const krb5_data *req_buffer,
krb5_keyblock *reply_key, krb5_keyblock *reply_key,
ContentInfo *content_info) ContentInfo *content_info)
{ {
@@ -945,7 +946,8 @@ pk_mk_pa_reply_enckey(krb5_context context,
&kp, &size,ret); &kp, &size,ret);
free_ReplyKeyPack_19(&kp); free_ReplyKeyPack_19(&kp);
} }
case PKINIT_COMPAT_25: { case PKINIT_COMPAT_27: {
krb5_crypto crypto;
ReplyKeyPack kp; ReplyKeyPack kp;
memset(&kp, 0, sizeof(kp)); memset(&kp, 0, sizeof(kp));
@@ -954,7 +956,26 @@ pk_mk_pa_reply_enckey(krb5_context context,
krb5_clear_error_string(context); krb5_clear_error_string(context);
goto out; goto out;
} }
/* XXX add whatever is the outcome of asChecksum discussion here */
ret = krb5_crypto_init(context, reply_key, 0, &crypto);
if (ret) {
krb5_clear_error_string(context);
goto out;
}
ret = krb5_create_checksum(context, crypto, 6,
req_buffer.data, req_buffer.length,
&kp.asChecksum);
if (ret) {
krb5_clear_error_string(context);
goto out;
}
ret = krb5_crypto_destroy(context, crypto);
if (ret) {
krb5_clear_error_string(context);
goto out;
}
ASN1_MALLOC_ENCODE(ReplyKeyPack, buf.data, buf.length, &kp, &size,ret); ASN1_MALLOC_ENCODE(ReplyKeyPack, buf.data, buf.length, &kp, &size,ret);
free_ReplyKeyPack(&kp); free_ReplyKeyPack(&kp);
} }
@@ -1194,6 +1215,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
pk_client_params *client_params, pk_client_params *client_params,
const hdb_entry *client, const hdb_entry *client,
const KDC_REQ *req, const KDC_REQ *req,
const krb5_data *req_buffer,
krb5_keyblock **reply_key, krb5_keyblock **reply_key,
METHOD_DATA *md) METHOD_DATA *md)
{ {
@@ -1223,7 +1245,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
} else } else
enctype = ETYPE_DES3_CBC_SHA1; enctype = ETYPE_DES3_CBC_SHA1;
if (client_params->type == PKINIT_COMPAT_25) { if (client_params->type == PKINIT_COMPAT_27) {
PA_PK_AS_REP rep; PA_PK_AS_REP rep;
pa_type = KRB5_PADATA_PK_AS_REP; pa_type = KRB5_PADATA_PK_AS_REP;
@@ -1239,6 +1261,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
ret = pk_mk_pa_reply_enckey(context, ret = pk_mk_pa_reply_enckey(context,
client_params, client_params,
req, req,
req_buffer,
&client_params->reply_key, &client_params->reply_key,
&info); &info);
if (ret) { if (ret) {