oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

re-shuffle to make c90 compatible

Browse Source
This commit is contained in:
Love Hornquist Astrand
2010-01-19 05:24:02 +00:00
committed by Love Hörnquist Åstrand
parent 1af9487bff
commit e372cc6b8a
1 changed files with 30 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
kdc/kerberos5.c
View File

@@ -998,13 +998,25 @@ _kdc_as_rep(krb5_context context,
*/ */
{ {
const PA_DATA *pa; const PA_DATA *pa;
size_t len;
int i = 0; int i = 0;
pa = _kdc_find_padata(req, &i, KRB5_PADATA_FX_FAST); pa = _kdc_find_padata(req, &i, KRB5_PADATA_FX_FAST);
if (pa != NULL) { if (pa != NULL) {
krb5_crypto crypto_subkey = NULL, crypto_session = NULL;
krb5_data pepper1, pepper2;
PA_FX_FAST_REQUEST fxreq; PA_FX_FAST_REQUEST fxreq;
krb5_principal armor_server;
krb5_auth_context ac = NULL;
krb5_ticket *ticket = NULL;
krb5_flags ap_req_options;
Key *armor_key = NULL;
krb5_keyblock armorkey; krb5_keyblock armorkey;
krb5_ap_req ap_req;
unsigned char *buf;
KrbFastReq fastreq;
size_t len, size;
krb5_data data;
ret = decode_PA_FX_FAST_REQUEST(pa->padata_value.data, ret = decode_PA_FX_FAST_REQUEST(pa->padata_value.data,
pa->padata_value.length, pa->padata_value.length,
@@ -1039,8 +1051,6 @@ _kdc_as_rep(krb5_context context,
goto out; goto out;
} }
krb5_ap_req ap_req;
ret = krb5_decode_ap_req(context, ret = krb5_decode_ap_req(context,
&fxreq.u.armored_data.armor->armor_value, &fxreq.u.armored_data.armor->armor_value,
&ap_req); &ap_req);
@@ -1049,8 +1059,6 @@ _kdc_as_rep(krb5_context context,
goto out; goto out;
} }
krb5_principal armor_server;
/* Save that principal that was in the request */ /* Save that principal that was in the request */
ret = _krb5_principalname2krb5_principal(context, ret = _krb5_principalname2krb5_principal(context,
&armor_server, &armor_server,
@@ -1061,13 +1069,10 @@ _kdc_as_rep(krb5_context context,
goto out; goto out;
} }
Key *armor_key = NULL;
krb5_ticket *ticket = NULL;
krb5_flags ap_req_options;
ret = _kdc_db_fetch(context, config, armor_server, ret = _kdc_db_fetch(context, config, armor_server,
HDB_F_GET_SERVER, NULL, &armor_user); HDB_F_GET_SERVER, NULL, &armor_user);
if(ret){ if(ret){
free_AP_REQ(&ap_req);
ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN; ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
goto out; goto out;
} }
@@ -1076,11 +1081,10 @@ _kdc_as_rep(krb5_context context,
ap_req.ticket.enc_part.etype, ap_req.ticket.enc_part.etype,
&armor_key); &armor_key);
if (ret) { if (ret) {
free_AP_REQ(&ap_req);
goto out; goto out;
} }
krb5_auth_context ac = NULL;
ret = krb5_verify_ap_req2(context, &ac, ret = krb5_verify_ap_req2(context, &ac,
&ap_req, &ap_req,
armor_server, armor_server,
@@ -1101,14 +1105,21 @@ _kdc_as_rep(krb5_context context,
goto out; goto out;
} }
krb5_crypto crypto_subkey, crypto_session; ret = krb5_crypto_init(context, ac->remote_subkey,
0, &crypto_subkey);
krb5_crypto_init(context, ac->remote_subkey, 0, &crypto_subkey); krb5_auth_con_free(context, ac);
krb5_crypto_init(context, &ticket->ticket.key, 0, &crypto_session); if (ret) {
krb5_free_ticket(context, ticket); krb5_free_ticket(context, ticket);
goto out;
}
ret = krb5_crypto_init(context, &ticket->ticket.key,
0, &crypto_session);
krb5_free_ticket(context, ticket);
if (ret) {
krb5_crypto_destroy(context, crypto_subkey);
goto out;
}
krb5_data pepper1, pepper2;
pepper1.data = "subkeyarmor"; pepper1.data = "subkeyarmor";
pepper1.length = strlen(pepper1.data); pepper1.length = strlen(pepper1.data);
pepper2.data = "ticketarmor"; pepper2.data = "ticketarmor";
@@ -1116,8 +1127,8 @@ _kdc_as_rep(krb5_context context,
ret = krb5_crypto_fx_cf2(context, crypto_subkey, crypto_session, ret = krb5_crypto_fx_cf2(context, crypto_subkey, crypto_session,
&pepper1, &pepper2, &pepper1, &pepper2,
ac->remote_subkey->keytype, &armorkey); ac->remote_subkey->keytype,
krb5_auth_con_free(context, ac); &armorkey);
krb5_crypto_destroy(context, crypto_subkey); krb5_crypto_destroy(context, crypto_subkey);
krb5_crypto_destroy(context, crypto_session); krb5_crypto_destroy(context, crypto_session);
@@ -1129,9 +1140,6 @@ _kdc_as_rep(krb5_context context,
/* verify req-checksum of the outer body */ /* verify req-checksum of the outer body */
unsigned char *buf;
size_t len, size;
ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, len, &req->req_body, &size, ret); ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, len, &req->req_body, &size, ret);
if (ret) if (ret)
goto out; goto out;
@@ -1148,8 +1156,6 @@ _kdc_as_rep(krb5_context context,
if (ret) if (ret)
goto out; goto out;
krb5_data data;
ret = krb5_decrypt_EncryptedData(context, armor_crypto, ret = krb5_decrypt_EncryptedData(context, armor_crypto,
KRB5_KU_FAST_ENC, KRB5_KU_FAST_ENC,
&fxreq.u.armored_data.enc_fast_req, &fxreq.u.armored_data.enc_fast_req,
@@ -1157,8 +1163,6 @@ _kdc_as_rep(krb5_context context,
if (ret) if (ret)
goto out; goto out;
KrbFastReq fastreq;
ret = decode_KrbFastReq(data.data, data.length, &fastreq, &size); ret = decode_KrbFastReq(data.data, data.length, &fastreq, &size);
if (ret) { if (ret) {
krb5_data_free(&data); krb5_data_free(&data);
@@ -1185,7 +1189,6 @@ _kdc_as_rep(krb5_context context,
} }
/* KDC MUST ignore outer pa data preauth-14 - 6.5.5 */ /* KDC MUST ignore outer pa data preauth-14 - 6.5.5 */
free_METHOD_DATA(req->padata); free_METHOD_DATA(req->padata);
ret = copy_METHOD_DATA(&fastreq.padata, req->padata); ret = copy_METHOD_DATA(&fastreq.padata, req->padata);
if (ret) if (ret)