diff options
| author | Sam Hartman <hartmans@mit.edu> | 2009-04-03 04:03:45 +0000 |
|---|---|---|
| committer | Sam Hartman <hartmans@mit.edu> | 2009-04-03 04:03:45 +0000 |
| commit | 4e609bf313a80dbc2247a73d1303b2068eec9acd (patch) | |
| tree | 9ac56fbff02569ca272eff8d98227b3efbe92f39 /src/lib/krb5/krb/fast.c | |
| parent | 6d48a7deaeed3dcb5dce55d8e9730c47512a904e (diff) | |
| download | krb5-4e609bf313a80dbc2247a73d1303b2068eec9acd.tar.gz krb5-4e609bf313a80dbc2247a73d1303b2068eec9acd.tar.xz krb5-4e609bf313a80dbc2247a73d1303b2068eec9acd.zip | |
Merge fast branch at 22166 onto trunk
ticket: 6436
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22167 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5/krb/fast.c')
| -rw-r--r-- | src/lib/krb5/krb/fast.c | 42 |
1 files changed, 32 insertions, 10 deletions
diff --git a/src/lib/krb5/krb/fast.c b/src/lib/krb5/krb/fast.c index e9f54be788..ef57e6d832 100644 --- a/src/lib/krb5/krb/fast.c +++ b/src/lib/krb5/krb/fast.c @@ -299,6 +299,8 @@ static krb5_error_code decrypt_fast_reply free(scratch.data); if (encrypted_response) krb5_free_enc_data(context, encrypted_response); + if (local_resp) + krb5_free_fast_response(context, local_resp); return retval; } @@ -376,9 +378,11 @@ krb5int_fast_process_error(krb5_context context, struct krb5int_fast_request_sta fast_response->padata = NULL; /* * If there is more than the fx_error padata, then we want - * to retry the error + * to retry the error if a cookie is present */ *retry = (*out_padata)[1] != NULL; + if (krb5int_find_pa_data(context, *out_padata, KRB5_PADATA_FX_COOKIE) == NULL) + *retry = 0; } if (fx_error) krb5_free_error(context, fx_error); @@ -408,14 +412,14 @@ krb5int_fast_process_error(krb5_context context, struct krb5int_fast_request_sta krb5_error_code krb5int_fast_process_response (krb5_context context, struct krb5int_fast_request_state *state, krb5_kdc_rep *resp, - krb5_keyblock **as_key) + krb5_keyblock **strengthen_key) { krb5_error_code retval = 0; krb5_fast_response *fast_response = NULL; krb5_data *encoded_ticket = NULL; krb5_boolean cksum_valid; krb5_clear_error_message(context); - *as_key = NULL; + *strengthen_key = NULL; if (state->armor_key == 0) return 0; retval = decrypt_fast_reply(context, state, resp->padata, @@ -442,8 +446,8 @@ krb5_error_code krb5int_fast_process_response krb5_free_principal(context, resp->client); resp->client = fast_response->finished->client; fast_response->finished->client = NULL; - *as_key = fast_response->rep_key; - fast_response->rep_key = NULL; + *strengthen_key = fast_response->strengthen_key; + fast_response->strengthen_key = NULL; krb5_free_pa_data(context, resp->padata); resp->padata = fast_response->padata; fast_response->padata = NULL; @@ -454,6 +458,29 @@ krb5_error_code krb5int_fast_process_response krb5_free_data(context, encoded_ticket); return retval; } + +krb5_error_code krb5int_fast_reply_key(krb5_context context, + krb5_keyblock *strengthen_key, + krb5_keyblock *existing_key, + krb5_keyblock *out_key) +{ + krb5_keyblock *key = NULL; + krb5_error_code retval = 0; + krb5_free_keyblock_contents(context, out_key); + if (strengthen_key) { + retval = krb5_c_fx_cf2_simple(context, strengthen_key, + "strengthenkey", existing_key, "replykey", &key); + if (retval == 0) { + *out_key = *key; + free(key); + } + } else { + retval = krb5_copy_keyblock_contents(context, existing_key, out_key); + } + return retval; +} + + krb5_error_code krb5int_fast_make_state( krb5_context context, struct krb5int_fast_request_state **state) { @@ -473,11 +500,6 @@ krb5int_fast_free_state( krb5_context context, struct krb5int_fast_request_state /*We are responsible for none of the store in the fast_outer_req*/ krb5_free_keyblock(context, state->armor_key); krb5_free_fast_armor(context, state->armor); - if (state->cookie) { - free(state->cookie->contents); - free(state->cookie); - state->cookie = NULL; - } free(state); } |