diff options
author | Sam Hartman <hartmans@mit.edu> | 2010-02-09 19:15:07 +0000 |
---|---|---|
committer | Sam Hartman <hartmans@mit.edu> | 2010-02-09 19:15:07 +0000 |
commit | 7a04b369aa71b0796f057cf5da57070a9c37c9c8 (patch) | |
tree | d520235b9e9fa1bb0a16fe9fd96ded188d1d7a22 /src/kdc/kdc_util.c | |
parent | f2dae95e426be79de906fcd2706d58333ed2e878 (diff) | |
download | krb5-7a04b369aa71b0796f057cf5da57070a9c37c9c8.tar.gz krb5-7a04b369aa71b0796f057cf5da57070a9c37c9c8.tar.xz krb5-7a04b369aa71b0796f057cf5da57070a9c37c9c8.zip |
enc_padata can include empty sequence
There are two issues with return_enc_padata.
1) It often will return an empty sequence of enc_padata rather than not including the field
2) FAST negotiation is double supported in the referral tgs path and not supported in the non-referral path
Rewrite the return_enc_padata logic to:
* Split out referral interactions with kdb into its own function
* Use add_pa_data_element
ticket: 6656
target_version: 1.8
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23712 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kdc/kdc_util.c')
-rw-r--r-- | src/kdc/kdc_util.c | 42 |
1 files changed, 15 insertions, 27 deletions
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index 281bcc8eef..95f495a820 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -2675,23 +2675,18 @@ kdc_get_ticket_endtime(krb5_context context, krb5_error_code kdc_handle_protected_negotiation(krb5_data *req_pkt, krb5_kdc_req *request, const krb5_keyblock *reply_key, - krb5_pa_data **out_enc_padata, int *idx) + krb5_pa_data ***out_enc_padata) { krb5_error_code retval = 0; krb5_checksum checksum; krb5_data *out = NULL; - krb5_pa_data *pa; - assert(out_enc_padata != NULL); - pa = krb5int_find_pa_data(kdc_context, request->padata, + krb5_pa_data pa, *pa_in; + pa_in = krb5int_find_pa_data(kdc_context, request->padata, KRB5_ENCPADATA_REQ_ENC_PA_REP); - if (pa == NULL) + if (pa_in == NULL) return 0; - checksum.contents = NULL; - pa = malloc(sizeof(krb5_pa_data)); - if (pa == NULL) - return ENOMEM; - pa->magic = KV5M_PA_DATA; - pa->pa_type = KRB5_ENCPADATA_REQ_ENC_PA_REP; + pa.magic = KV5M_PA_DATA; + pa.pa_type = KRB5_ENCPADATA_REQ_ENC_PA_REP; retval = krb5_c_make_checksum(kdc_context,0, reply_key, KRB5_KEYUSAGE_AS_REQ, req_pkt, &checksum); if (retval != 0) @@ -2699,29 +2694,22 @@ kdc_handle_protected_negotiation(krb5_data *req_pkt, krb5_kdc_req *request, retval = encode_krb5_checksum(&checksum, &out); if (retval != 0) goto cleanup; - pa->contents = (krb5_octet *) out->data; - pa->length = out->length; - out_enc_padata[(*idx)++] = pa; - pa = NULL; + pa.contents = (krb5_octet *) out->data; + pa.length = out->length; + retval = add_pa_data_element(kdc_context, &pa, out_enc_padata, FALSE); out->data = NULL; - pa = malloc(sizeof(krb5_pa_data)); - if (pa == NULL) { - retval = ENOMEM; + if (retval) goto cleanup; - } - pa->magic = KV5M_PA_DATA; - pa->pa_type = KRB5_PADATA_FX_FAST; - pa->length = 0; - pa->contents = NULL; - out_enc_padata[(*idx)++] = pa; - pa = NULL; + pa.magic = KV5M_PA_DATA; + pa.pa_type = KRB5_PADATA_FX_FAST; + pa.length = 0; + pa.contents = NULL; + retval = add_pa_data_element(kdc_context, &pa, out_enc_padata, FALSE); cleanup: if (checksum.contents) krb5_free_checksum_contents(kdc_context, &checksum); if (out != NULL) krb5_free_data(kdc_context, out); - if (pa != NULL) - free(pa); return retval; } |