lib/krb5: let krb5_init_creds_step() return an out_realm
This matches krb5_init_creds_step() from MIT. The only
difference is the type 'krb5_realm' (Heimdal) vs. 'krb5_data' (MIT).
krb5_error_code KRB5_CALLCONV
krb5_init_creds_step(krb5_context context,
krb5_init_creds_context ctx,
krb5_data *in,
krb5_data *out,
krb5_data *realm,
unsigned int *flags);
NOTE: commit 1cdc9d5f3c
"krb5: export krb5_init_creds_step()" exported
krb5_init_creds_step() the first time, but that's
not in any released version, so it should be fine
to fix up the prototype in order to make the
function actually useful for external callers.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Stefan Metzmacher
committed by
Jeffrey Altman
Jeffrey Altman
parent
b0bc54c921
commit
fd75c3e23c
@@ -856,7 +856,7 @@ _krb5_fast_anon_pkinit_step(krb5_context context,
|
||||
struct krb5_fast_state *state,
|
||||
krb5_data *in,
|
||||
krb5_data *out,
|
||||
const void *_unused,
|
||||
krb5_realm *out_realm,
|
||||
unsigned int *flags)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
@@ -867,6 +867,9 @@ _krb5_fast_anon_pkinit_step(krb5_context context,
|
||||
krb5_creds cred;
|
||||
krb5_data data = { 3, rk_UNCONST("yes") };
|
||||
|
||||
krb5_data_zero(out);
|
||||
*out_realm = NULL;
|
||||
|
||||
memset(&cred, 0, sizeof(cred));
|
||||
|
||||
if (state->anon_pkinit_opt == NULL) {
|
||||
@@ -902,7 +905,7 @@ _krb5_fast_anon_pkinit_step(krb5_context context,
|
||||
|
||||
anon_pk_ctx = state->anon_pkinit_ctx;
|
||||
|
||||
ret = krb5_init_creds_step(context, anon_pk_ctx, in, out, NULL, flags);
|
||||
ret = krb5_init_creds_step(context, anon_pk_ctx, in, out, out_realm, flags);
|
||||
if (ret ||
|
||||
(*flags & KRB5_INIT_CREDS_STEP_FLAG_CONTINUE))
|
||||
goto out;
|
||||
|
||||
@@ -2966,7 +2966,7 @@ init_creds_step(krb5_context context,
|
||||
krb5_init_creds_context ctx,
|
||||
krb5_data *in,
|
||||
krb5_data *out,
|
||||
const void *_unused,
|
||||
krb5_realm *out_realm,
|
||||
unsigned int *flags)
|
||||
{
|
||||
struct timeval start_time, end_time;
|
||||
@@ -2979,6 +2979,7 @@ init_creds_step(krb5_context context,
|
||||
gettimeofday(&start_time, NULL);
|
||||
|
||||
krb5_data_zero(out);
|
||||
*out_realm = NULL;
|
||||
krb5_data_zero(&checksum_data);
|
||||
|
||||
if (ctx->as_req.req_body.cname == NULL) {
|
||||
@@ -3417,6 +3418,13 @@ init_creds_step(krb5_context context,
|
||||
if (ret)
|
||||
goto out;
|
||||
|
||||
*out_realm = strdup(ctx->cred.client->realm);
|
||||
if (*out_realm == NULL) {
|
||||
krb5_data_free(out);
|
||||
ret = ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
|
||||
*flags = KRB5_INIT_CREDS_STEP_FLAG_CONTINUE;
|
||||
|
||||
gettimeofday(&end_time, NULL);
|
||||
@@ -3439,6 +3447,7 @@ init_creds_step(krb5_context context,
|
||||
* @param ctx ctx krb5_init_creds_context context.
|
||||
* @param in input data from KDC, first round it should be reset by krb5_data_zero().
|
||||
* @param out reply to KDC. The caller needs to call krb5_data_free()
|
||||
* @param out_realm the destination realm for 'out', free with krb5_xfree()
|
||||
* @param flags status of the round, if
|
||||
* KRB5_INIT_CREDS_STEP_FLAG_CONTINUE is set, continue one more round.
|
||||
*
|
||||
@@ -3453,18 +3462,20 @@ krb5_init_creds_step(krb5_context context,
|
||||
krb5_init_creds_context ctx,
|
||||
krb5_data *in,
|
||||
krb5_data *out,
|
||||
const void *_unused,
|
||||
krb5_realm *out_realm,
|
||||
unsigned int *flags)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
krb5_data empty;
|
||||
|
||||
krb5_data_zero(&empty);
|
||||
krb5_data_zero(out);
|
||||
*out_realm = NULL;
|
||||
|
||||
if ((ctx->fast_state.flags & KRB5_FAST_ANON_PKINIT_ARMOR) &&
|
||||
ctx->fast_state.armor_ccache == NULL) {
|
||||
ret = _krb5_fast_anon_pkinit_step(context, ctx, &ctx->fast_state,
|
||||
in, out, NULL, flags);
|
||||
in, out, out_realm, flags);
|
||||
if (ret && (ctx->fast_state.flags & KRB5_FAST_OPTIMISTIC)) {
|
||||
_krb5_debug(context, 5, "Preauth failed with optimistic "
|
||||
"FAST, trying w/o FAST");
|
||||
@@ -3478,7 +3489,7 @@ krb5_init_creds_step(krb5_context context,
|
||||
in = ∅
|
||||
}
|
||||
|
||||
return init_creds_step(context, ctx, in, out, NULL, flags);
|
||||
return init_creds_step(context, ctx, in, out, out_realm, flags);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -3690,9 +3701,10 @@ krb5_init_creds_get(krb5_context context, krb5_init_creds_context ctx)
|
||||
|
||||
while (1) {
|
||||
struct timeval nstart, nend;
|
||||
krb5_realm realm = NULL;
|
||||
|
||||
flags = 0;
|
||||
ret = krb5_init_creds_step(context, ctx, &in, &out, NULL, &flags);
|
||||
ret = krb5_init_creds_step(context, ctx, &in, &out, &realm, &flags);
|
||||
krb5_data_free(&in);
|
||||
if (ret)
|
||||
goto out;
|
||||
@@ -3702,9 +3714,9 @@ krb5_init_creds_get(krb5_context context, krb5_init_creds_context ctx)
|
||||
|
||||
gettimeofday(&nstart, NULL);
|
||||
|
||||
ret = krb5_sendto_context (context, stctx, &out,
|
||||
ctx->cred.client->realm, &in);
|
||||
ret = krb5_sendto_context (context, stctx, &out, realm, &in);
|
||||
krb5_data_free(&out);
|
||||
free(realm);
|
||||
if (ret)
|
||||
goto out;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user