oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

always send both win2k compat version and the ietf draft one, this is

Browse Source 
possible microsoft since they use wrong/diffrent PA number.  Make the
configuration flag boolean configuring if NOT to send the win2k compat
glue.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13780 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2004-04-25 15:34:29 +00:00
parent 8791dd6c6e
commit fe0d0505cf
1 changed files with 51 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
lib/krb5/pkinit.c
View File

@@ -566,43 +566,25 @@ _krb5_pk_mk_ContentInfo(krb5_context context,
return 0; return 0;
} }
krb5_error_code static krb5_error_code
_krb5_pk_mk_padata(krb5_context context, pk_mk_padata(krb5_context context,
void *c, int win2k_compat,
const KDC_REQ_BODY *req_body, krb5_pk_init_ctx ctx,
unsigned nonce, const KDC_REQ_BODY *req_body,
METHOD_DATA *md) unsigned nonce,
METHOD_DATA *md)
{ {
krb5_pk_init_ctx ctx = c;
krb5_error_code ret; krb5_error_code ret;
const heim_oid *oid; const heim_oid *oid;
PA_PK_AS_REQ req; PA_PK_AS_REQ req;
size_t size; size_t size;
krb5_data buf, sd_buf; krb5_data buf, sd_buf;
int pa_type; int pa_type;
const char *provisioning_server;
int win2k_compat;
provisioning_server =
krb5_config_get_string(context, NULL,
"realms",
req_body->realm,
"packet-cable-provisioning-server",
NULL);
krb5_data_zero(&buf); krb5_data_zero(&buf);
krb5_data_zero(&sd_buf); krb5_data_zero(&sd_buf);
memset(&req, 0, sizeof(req)); memset(&req, 0, sizeof(req));
win2k_compat = krb5_config_get_bool_default(context, NULL,
FALSE,
"realms",
req_body->realm,
"win2k_pkinit",
NULL);
if (context->pkinit_flags & KRB5_PKINIT_WIN2K)
win2k_compat = 1;
if (win2k_compat) { if (win2k_compat) {
AuthPack_Win2k ap; AuthPack_Win2k ap;
@@ -703,8 +685,51 @@ _krb5_pk_mk_padata(krb5_context context,
ret = krb5_padata_add(context, md, pa_type, buf.data, buf.length); ret = krb5_padata_add(context, md, pa_type, buf.data, buf.length);
if (ret) if (ret)
free(buf.data); free(buf.data);
out:
return ret;
}
if (ret == 0 && provisioning_server) {
krb5_error_code
_krb5_pk_mk_padata(krb5_context context,
void *c,
const KDC_REQ_BODY *req_body,
unsigned nonce,
METHOD_DATA *md)
{
krb5_pk_init_ctx ctx = c;
krb5_error_code ret;
size_t size;
krb5_data buf;
const char *provisioning_server;
int win2k_compat;
win2k_compat = krb5_config_get_bool_default(context, NULL,
TRUE,
"realms",
req_body->realm,
"win2k_pkinit",
NULL);
if (context->pkinit_flags & KRB5_PKINIT_WIN2K)
win2k_compat = 1;
if (win2k_compat) {
ret = pk_mk_padata(context, 1, ctx, req_body, nonce, md);
if (ret)
goto out;
}
ret = pk_mk_padata(context, 0, ctx, req_body, nonce, md);
if (ret)
goto out;
provisioning_server =
krb5_config_get_string(context, NULL,
"realms",
req_body->realm,
"packet-cable-provisioning-server",
NULL);
if (provisioning_server) {
/* PacketCable requires the PROV-SRV-LOCATION authenticator */ /* PacketCable requires the PROV-SRV-LOCATION authenticator */
const PROV_SRV_LOCATION prov_server = (char *)provisioning_server; const PROV_SRV_LOCATION prov_server = (char *)provisioning_server;
@@ -720,10 +745,7 @@ _krb5_pk_mk_padata(krb5_context context,
if (ret) if (ret)
free(buf.data); free(buf.data);
} }
out: out:
free_PA_PK_AS_REQ(&req);
return ret; return ret;
} }