diff options
| author | Greg Hudson <ghudson@mit.edu> | 2011-11-14 21:45:33 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2011-11-14 21:45:33 +0000 |
| commit | b87d9d3c376c2623ae9eb0cfc8da50985c7bb592 (patch) | |
| tree | ecd9df8a753a5d129b9f3cdb3a5bb8d36aaebc06 /src/plugins/preauth | |
| parent | 6a1f05eb0fb5451c887e73406fb8fcf5a3716d1c (diff) | |
| download | krb5-b87d9d3c376c2623ae9eb0cfc8da50985c7bb592.tar.gz krb5-b87d9d3c376c2623ae9eb0cfc8da50985c7bb592.tar.xz krb5-b87d9d3c376c2623ae9eb0cfc8da50985c7bb592.zip | |
Simplify and fix kdcpreauth request_body callback
Alter the contract for the kdcpreauth request_body callback so that it
returns an alias to the encoded body instead of a fresh copy. At the
beginning of AS request processing, save a copy of the encoded request
body, or the encoded inner request body for FAST requests. Previously
the request_body callback would re-encode the request structure, which
in some cases has been modified by the AS request code.
No kdcpreauth modules currently use the request_body callback, but
PKINIT will need to start using it in order to handle FAST requests
correctly.
ticket: 7017
target_version: 1.10
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25473 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/plugins/preauth')
| -rw-r--r-- | src/plugins/preauth/cksum_body/cksum_body_main.c | 13 |
1 files changed, 1 insertions, 12 deletions
diff --git a/src/plugins/preauth/cksum_body/cksum_body_main.c b/src/plugins/preauth/cksum_body/cksum_body_main.c index c0a438f758..ed2b5b4e01 100644 --- a/src/plugins/preauth/cksum_body/cksum_body_main.c +++ b/src/plugins/preauth/cksum_body/cksum_body_main.c @@ -403,17 +403,7 @@ server_verify(krb5_context kcontext, } cb->free_keys(kcontext, rock, keys); - /* Rebuild a copy of the client's request-body. If we were serious - * about doing this with any chance of working interoperability, we'd - * extract the structure directly from the req_pkt structure. This - * will probably work if it's us on both ends, though. */ - req_body = NULL; - if (cb->request_body(kcontext, rock, &req_body) != 0) { - krb5_free_keyblock(kcontext, key); - stats->failures++; - (*respond)(arg, KRB5KDC_ERR_PREAUTH_FAILED, NULL, NULL, NULL); - return; - } + req_body = cb->request_body(kcontext, rock); #ifdef DEBUG fprintf(stderr, "AS key type %d, checksum type %d, %d bytes.\n", @@ -428,7 +418,6 @@ server_verify(krb5_context kcontext, req_body, &checksum, &valid); /* Clean up. */ - krb5_free_data(kcontext, req_body); krb5_free_keyblock(kcontext, key); /* Evaluate our results. */ |