diff options
| author | Russ Allbery <rra@stanford.edu> | 2006-06-14 20:31:52 +0000 |
|---|---|---|
| committer | Russ Allbery <rra@stanford.edu> | 2006-06-14 20:31:52 +0000 |
| commit | be90bd0175d48b2ef3685b7f120e52dad6c42822 (patch) | |
| tree | d824074ce38c09fb8df27169f8af15c6f88d90c1 /src/lib/krb4 | |
| parent | f038cc46f0746015f768bfaf3bb6b200a970cbb8 (diff) | |
| download | krb5-be90bd0175d48b2ef3685b7f120e52dad6c42822.tar.gz krb5-be90bd0175d48b2ef3685b7f120e52dad6c42822.tar.xz krb5-be90bd0175d48b2ef3685b7f120e52dad6c42822.zip | |
When NULL is passed into krb_get_in_pw_tkt, we only want to prompt once
for the password rather than passing NULL along to each string to key
function causing each to prompt independently. Modify krb_get_in_pw_tkt
to call des_read_pw_string directly and then pass the resulting password
into each string to key function as needed. Add a prototype of
des_read_pw_string to krb4int.h since it's an exported function of
libdes425 but isn't prototyped in des.h.
Ticket: 2648
Version_Reported: 1.3.3
Component: krb5-libs
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18129 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb4')
| -rw-r--r-- | src/lib/krb4/g_in_tkt.c | 20 | ||||
| -rw-r--r-- | src/lib/krb4/krb4int.h | 6 |
2 files changed, 26 insertions, 0 deletions
diff --git a/src/lib/krb4/g_in_tkt.c b/src/lib/krb4/g_in_tkt.c index 58a91b00df..cf4ebd15df 100644 --- a/src/lib/krb4/g_in_tkt.c +++ b/src/lib/krb4/g_in_tkt.c @@ -406,6 +406,8 @@ krb_get_in_tkt_preauth_creds(user, instance, realm, service, sinstance, life, CREDENTIALS *creds; KRB_UINT32 *laddrp; { + int ok; + char key_string[BUFSIZ]; KTEXT_ST cip_st; KTEXT cip = &cip_st; /* Returned Ciphertext */ int kerror; @@ -420,6 +422,23 @@ krb_get_in_tkt_preauth_creds(user, instance, realm, service, sinstance, life, cip, &byteorder, &local_addr); if (kerror) return kerror; + + /* If arg is null, we have to prompt for the password. decrypt_tkt, by + way of the *_passwd_to_key functions, will prompt if the password is + NULL, but that means that each separate encryption type will prompt + separately. Obtain the password first so that we can try multiple + encryption types without re-prompting. + + Don't, however, prompt on a Windows or Macintosh environment, since + that's harder. Rely on our caller to do it. */ +#if !(defined(_WIN32) || defined(USE_LOGIN_LIBRARY)) + if (arg == NULL) { + ok = des_read_pw_string(key_string, sizeof(key_string), "Password", 0); + if (ok != 0) + return ok; + arg = key_string; + } +#endif /* Attempt to decrypt the reply. Loop trying password_to_key algorithms until we succeed or we get an error other than "bad password" */ @@ -443,6 +462,7 @@ krb_get_in_tkt_preauth_creds(user, instance, realm, service, sinstance, life, } /* stomp stomp stomp */ + memset(key_string, 0, sizeof(key_string)); memset(cip->dat, 0, (size_t)cip->length); return kerror; } diff --git a/src/lib/krb4/krb4int.h b/src/lib/krb4/krb4int.h index 7125435f9e..15ea145647 100644 --- a/src/lib/krb4/krb4int.h +++ b/src/lib/krb4/krb4int.h @@ -117,3 +117,9 @@ int krb4int_save_credentials_addr( int krb4int_send_to_kdc_addr(KTEXT, KTEXT, char *, struct sockaddr *, socklen_t *); + +/* + * Exported by libdes425 and called by krb_get_in_pw_tkt, but not part of + * the standard DES interface and therefore not prototyped in des.h. + */ +int KRB5_CALLCONV des_read_pw_string(char *, int, char *, int); |