From 544e17896eb52efea904be2bcd821185c6d1b4c9 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 19 Feb 2007 13:38:11 +0000 Subject: r21447: make handling of replying e_data more generic love: please merge this metze (This used to be commit 3e4ff2de9c57170d275adf54ffa00ac81253a714) --- source4/heimdal/kdc/kerberos5.c | 30 ++++++++++++------------------ 1 file changed, 12 insertions(+), 18 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index dbea7e32683..3d45c1099cb 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -915,6 +915,7 @@ _kdc_as_rep(krb5_context context, char *client_name = NULL, *server_name = NULL; krb5_error_code ret = 0; const char *e_text = NULL; + krb5_data e_data; krb5_crypto crypto; Key *ckey, *skey; EncryptionKey *reply_key; @@ -923,6 +924,7 @@ _kdc_as_rep(krb5_context context, #endif memset(&rep, 0, sizeof(rep)); + memset(&e_data, 0, sizeof(e_data)); if(b->sname == NULL){ ret = KRB5KRB_ERR_GENERIC; @@ -1208,7 +1210,6 @@ _kdc_as_rep(krb5_context context, PA_DATA *pa; unsigned char *buf; size_t len; - krb5_data foo_data; use_pa: method_data.len = 0; @@ -1248,25 +1249,17 @@ _kdc_as_rep(krb5_context context, ASN1_MALLOC_ENCODE(METHOD_DATA, buf, len, &method_data, &len, ret); free_METHOD_DATA(&method_data); - foo_data.data = buf; - foo_data.length = len; - + + e_data.data = buf; + e_data.length = len; + e_text ="Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ", ret = KRB5KDC_ERR_PREAUTH_REQUIRED; - krb5_mk_error(context, - ret, - "Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ", - &foo_data, - client_princ, - server_princ, - NULL, - NULL, - reply); - free(buf); + kdc_log(context, config, 0, "No preauth found, returning PREAUTH-REQUIRED -- %s", client_name); - ret = 0; - goto out2; + + goto out; } /* @@ -1615,7 +1608,7 @@ out: krb5_mk_error(context, ret, e_text, - NULL, + (e_data.data ? &e_data : NULL), client_princ, server_princ, NULL, @@ -1623,11 +1616,12 @@ out: reply); ret = 0; } -out2: #ifdef PKINIT if (pkp) _kdc_pk_free_client_param(context, pkp); #endif + if (e_data.data) + free(e_data.data); if (client_princ) krb5_free_principal(context, client_princ); free(client_name); -- cgit