diff options
| author | Greg Hudson <ghudson@mit.edu> | 2009-01-12 18:29:42 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2009-01-12 18:29:42 +0000 |
| commit | 529e72785f09c36a9aa34fd7f3fc30fb41a1c92e (patch) | |
| tree | f3eabb982f7d8eb8cedf54fa4389d8ccc99ebd19 /src/include | |
| parent | 648e32a9034138369d52f9bb29d3d6293d5733e5 (diff) | |
| download | krb5-529e72785f09c36a9aa34fd7f3fc30fb41a1c92e.tar.gz krb5-529e72785f09c36a9aa34fd7f3fc30fb41a1c92e.tar.xz krb5-529e72785f09c36a9aa34fd7f3fc30fb41a1c92e.zip | |
Add message hash support to the replay interface, using extension
records (with an empty client string) to retain compatibility with old
code. For rd_req, the ciphertext of the authenticator (with no ASN.1
wrapping) is hashed; for other uses of the replay cache, no message
hash is used at this time.
This commit adds a command-line tool for testing the replay cache but
does not add any automated tests.
ticket: 1201
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21723 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/k5-int.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 43f1307109..9ad55694e3 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -2177,6 +2177,7 @@ typedef struct _krb5_donot_replay { krb5_ui_4 hash; char *server; /* null-terminated */ char *client; /* null-terminated */ + char *msghash; /* null-terminated */ krb5_int32 cusec; krb5_timestamp ctime; } krb5_donot_replay; @@ -2201,6 +2202,9 @@ krb5_error_code krb5_auth_to_rep (krb5_context, krb5_tkt_authent *, krb5_donot_replay *); +krb5_error_code krb5_rc_hash_message + (krb5_context context, + const krb5_data *message, char **out); krb5_error_code KRB5_CALLCONV krb5_rc_initialize |