oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Don't check oid's too closely, they change in Windows Vista.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16087 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2005-09-22 04:18:05 +00:00
parent 28d0ef8d96
commit defb6d5697
1 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
lib/krb5/pkinit.c
View File

@@ -1481,13 +1481,13 @@ pk_rd_pa_reply_enckey(krb5_context context,
goto out; goto out;
/* verify content type */ /*
if (type == COMPAT_WIN2K) { * Try to verify content type. We can't do this for W2K case
if (heim_oid_cmp(&ed.encryptedContentInfo.contentType, oid_id_pkcs7_data())) { * because W2K/W2K3 sends id-pkcs7-data, but Windows Vista sends
ret = KRB5KRB_AP_ERR_MSG_TYPE; * id-pkcs7-signedData to all versions, even W2K clients.
goto out; */
}
} else { if (type != COMPAT_WIN2K) {
if (heim_oid_cmp(&ed.encryptedContentInfo.contentType, oid_id_pkcs7_signedData())) { if (heim_oid_cmp(&ed.encryptedContentInfo.contentType, oid_id_pkcs7_signedData())) {
ret = KRB5KRB_AP_ERR_MSG_TYPE; ret = KRB5KRB_AP_ERR_MSG_TYPE;
goto out; goto out;
@@ -1563,7 +1563,7 @@ pk_rd_pa_reply_enckey(krb5_context context,
} }
p = ci.content->data; p = ci.content->data;
length = ci.content->length; length = ci.content->length;
} }
ret = _krb5_pk_verify_sign(context, ret = _krb5_pk_verify_sign(context,
p, p,
@@ -1582,6 +1582,7 @@ pk_rd_pa_reply_enckey(krb5_context context,
goto out; goto out;
} }
#if 0
if (type == COMPAT_WIN2K) { if (type == COMPAT_WIN2K) {
if (heim_oid_cmp(&contentType, oid_id_pkcs7_data()) != 0) { if (heim_oid_cmp(&contentType, oid_id_pkcs7_data()) != 0) {
krb5_set_error_string(context, "PKINIT: reply key, wrong oid"); krb5_set_error_string(context, "PKINIT: reply key, wrong oid");
@@ -1595,6 +1596,7 @@ pk_rd_pa_reply_enckey(krb5_context context,
goto out; goto out;
} }
} }
#endif
switch(type) { switch(type) {
case COMPAT_WIN2K: case COMPAT_WIN2K:
@@ -1880,6 +1882,7 @@ _krb5_pk_rd_pa_reply(krb5_context context,
&rep19, &rep19,
&size); &size);
if (ret == 0) { if (ret == 0) {
krb5_clear_error_string(context);
switch(rep19.element) { switch(rep19.element) {
case choice_PA_PK_AS_REP_19_dhSignedData: case choice_PA_PK_AS_REP_19_dhSignedData:
ret = pk_rd_pa_reply_dh(context, &rep19.u.dhSignedData, ctx, ret = pk_rd_pa_reply_dh(context, &rep19.u.dhSignedData, ctx,
@@ -1918,6 +1921,8 @@ _krb5_pk_rd_pa_reply(krb5_context context,
"pkinit reply %d", ret); "pkinit reply %d", ret);
return ret; return ret;
} }
krb5_clear_error_string(context);
switch (w2krep.element) { switch (w2krep.element) {
case choice_PA_PK_AS_REP_Win2k_encKeyPack: case choice_PA_PK_AS_REP_Win2k_encKeyPack: