diff options
| author | Greg Hudson <ghudson@mit.edu> | 2011-11-14 21:45:33 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2011-11-14 21:45:33 +0000 |
| commit | b87d9d3c376c2623ae9eb0cfc8da50985c7bb592 (patch) | |
| tree | ecd9df8a753a5d129b9f3cdb3a5bb8d36aaebc06 /src/include/krb5 | |
| parent | 6a1f05eb0fb5451c887e73406fb8fcf5a3716d1c (diff) | |
| download | krb5-b87d9d3c376c2623ae9eb0cfc8da50985c7bb592.tar.gz krb5-b87d9d3c376c2623ae9eb0cfc8da50985c7bb592.tar.xz krb5-b87d9d3c376c2623ae9eb0cfc8da50985c7bb592.zip | |
Simplify and fix kdcpreauth request_body callback
Alter the contract for the kdcpreauth request_body callback so that it
returns an alias to the encoded body instead of a fresh copy. At the
beginning of AS request processing, save a copy of the encoded request
body, or the encoded inner request body for FAST requests. Previously
the request_body callback would re-encode the request structure, which
in some cases has been modified by the AS request code.
No kdcpreauth modules currently use the request_body callback, but
PKINIT will need to start using it in order to handle FAST requests
correctly.
ticket: 7017
target_version: 1.10
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25473 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/include/krb5')
| -rw-r--r-- | src/include/krb5/preauth_plugin.h | 13 |
1 files changed, 5 insertions, 8 deletions
diff --git a/src/include/krb5/preauth_plugin.h b/src/include/krb5/preauth_plugin.h index 869ebd5cd..cbc57f147 100644 --- a/src/include/krb5/preauth_plugin.h +++ b/src/include/krb5/preauth_plugin.h @@ -351,15 +351,12 @@ typedef struct krb5_kdcpreauth_callbacks_st { krb5_keyblock *keys); /* - * Get the request structure, re-encoded using DER. Unless the client - * implementation is the same as the server implementation, there's a good - * chance that the result will not match what the client sent, so don't - * create any fatal errors if it doesn't match up. Free the resulting data - * object with krb5_free_data. + * Get the encoded request body, which is sometimes needed for checksums. + * For a FAST request this is the encoded inner request body. The returned + * pointer is an alias and should not be freed. */ - krb5_error_code (*request_body)(krb5_context context, - krb5_kdcpreauth_rock rock, - krb5_data **body_out); + krb5_data *(*request_body)(krb5_context context, + krb5_kdcpreauth_rock rock); /* Get a pointer to the FAST armor key, or NULL if the request did not use * FAST. The returned pointer is an alias and should not be freed. */ |