diff options
| author | Greg Hudson <ghudson@mit.edu> | 2012-01-08 21:54:29 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2012-01-08 21:54:29 +0000 |
| commit | 8cbd9cd9c5a9663f89f4be8a09efe1a5ad217747 (patch) | |
| tree | e3aff502a5e1990648e27ba2f952ddddbff2c077 | |
| parent | 94cfb9542c15bb54a786fa62c26f357d183cea41 (diff) | |
| download | krb5-8cbd9cd9c5a9663f89f4be8a09efe1a5ad217747.tar.gz krb5-8cbd9cd9c5a9663f89f4be8a09efe1a5ad217747.tar.xz krb5-8cbd9cd9c5a9663f89f4be8a09efe1a5ad217747.zip | |
Remove unneeded kdcRealm field in PKINIT structure
krb5_pk_authenticator_draft9 had a kdcRealm field which was set by the
client code but never encoded or decoded. Remove it. Eliminating this
field exposed a bug in auth_pack_draft9_optional; fix that.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25624 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | src/include/k5-int-pkinit.h | 1 | ||||
| -rw-r--r-- | src/lib/krb5/asn.1/asn1_k_decode.c | 1 | ||||
| -rw-r--r-- | src/lib/krb5/asn.1/asn1_k_encode.c | 2 | ||||
| -rw-r--r-- | src/plugins/preauth/pkinit/pkinit_clnt.c | 3 | ||||
| -rw-r--r-- | src/tests/asn.1/ktest.c | 2 |
5 files changed, 1 insertions, 8 deletions
diff --git a/src/include/k5-int-pkinit.h b/src/include/k5-int-pkinit.h index b5b0863d7c..7fbbc53ee1 100644 --- a/src/include/k5-int-pkinit.h +++ b/src/include/k5-int-pkinit.h @@ -47,7 +47,6 @@ typedef struct _krb5_pk_authenticator { /* PKAuthenticator draft9 */ typedef struct _krb5_pk_authenticator_draft9 { krb5_principal kdcName; - krb5_data kdcRealm; krb5_int32 cusec; /* (0..999999) */ krb5_timestamp ctime; krb5_int32 nonce; /* (0..4294967295) */ diff --git a/src/lib/krb5/asn.1/asn1_k_decode.c b/src/lib/krb5/asn.1/asn1_k_decode.c index f25126ebeb..b2471004aa 100644 --- a/src/lib/krb5/asn.1/asn1_k_decode.c +++ b/src/lib/krb5/asn.1/asn1_k_decode.c @@ -1370,7 +1370,6 @@ asn1_decode_pk_authenticator_draft9(asn1buf *buf, { setup(); val->kdcName = NULL; - val->kdcRealm.data = NULL; { begin_structure(); alloc_principal(val->kdcName); get_field(val->kdcName, 0, asn1_decode_principal_name); diff --git a/src/lib/krb5/asn.1/asn1_k_encode.c b/src/lib/krb5/asn.1/asn1_k_encode.c index a811e7e4cb..f149849a95 100644 --- a/src/lib/krb5/asn.1/asn1_k_encode.c +++ b/src/lib/krb5/asn.1/asn1_k_encode.c @@ -1428,7 +1428,7 @@ static unsigned int auth_pack_draft9_optional(const void *p) { unsigned int optional = 0; - const krb5_auth_pack *val = p; + const krb5_auth_pack_draft9 *val = p; if (val->clientPublicValue != NULL) optional |= (1u << 1); return optional; diff --git a/src/plugins/preauth/pkinit/pkinit_clnt.c b/src/plugins/preauth/pkinit/pkinit_clnt.c index cf406fd0ca..609cc9b009 100644 --- a/src/plugins/preauth/pkinit/pkinit_clnt.c +++ b/src/plugins/preauth/pkinit/pkinit_clnt.c @@ -260,9 +260,6 @@ pkinit_as_req_create(krb5_context context, auth_pack9->pkAuthenticator.cusec = cusec; auth_pack9->pkAuthenticator.nonce = nonce; auth_pack9->pkAuthenticator.kdcName = server; - auth_pack9->pkAuthenticator.kdcRealm.magic = 0; - auth_pack9->pkAuthenticator.kdcRealm.data = server->realm.data; - auth_pack9->pkAuthenticator.kdcRealm.length = server->realm.length; free(cksum->contents); break; case KRB5_PADATA_PK_AS_REQ: diff --git a/src/tests/asn.1/ktest.c b/src/tests/asn.1/ktest.c index a7cfd66b1b..27b1f624f9 100644 --- a/src/tests/asn.1/ktest.c +++ b/src/tests/asn.1/ktest.c @@ -630,7 +630,6 @@ static void ktest_make_sample_pk_authenticator_draft9(krb5_pk_authenticator_draft9 *p) { ktest_make_sample_principal(&p->kdcName); - ktest_make_sample_data(&p->kdcRealm); p->cusec = SAMPLE_USEC; p->ctime = SAMPLE_TIME; p->nonce = SAMPLE_NONCE; @@ -1443,7 +1442,6 @@ static void ktest_empty_pk_authenticator_draft9(krb5_pk_authenticator_draft9 *p) { ktest_destroy_principal(&p->kdcName); - ktest_empty_data(&p->kdcRealm); } static void |