diff options
| author | Tom Yu <tlyu@mit.edu> | 2012-09-07 20:18:41 -0400 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2012-10-15 19:41:14 -0400 |
| commit | 0a2f14f752c32a24200363cc6b6ae64a92f81379 (patch) | |
| tree | 707f1dce91dfbe42df0eead38b33cbf7728d9703 /src/kdc/fast_util.c | |
| parent | 1a3f548db030b764f46820c342fb2abb226dc43b (diff) | |
| download | krb5-0a2f14f752c32a24200363cc6b6ae64a92f81379.tar.gz krb5-0a2f14f752c32a24200363cc6b6ae64a92f81379.tar.xz krb5-0a2f14f752c32a24200363cc6b6ae64a92f81379.zip | |
Eliminate some KDC globals
Make kdc_active_realm a local variable in every function that needs
it. Pass it around in various state structures as needed. Keep the
macros that reference its members remain for now.
Diffstat (limited to 'src/kdc/fast_util.c')
| -rw-r--r-- | src/kdc/fast_util.c | 32 |
1 files changed, 25 insertions, 7 deletions
diff --git a/src/kdc/fast_util.c b/src/kdc/fast_util.c index f3e037d53..1ce27d689 100644 --- a/src/kdc/fast_util.c +++ b/src/kdc/fast_util.c @@ -46,6 +46,7 @@ static krb5_error_code armor_ap_request krb5_auth_context authcontext = NULL; krb5_ticket *ticket = NULL; krb5_keyblock *subkey = NULL; + kdc_realm_t *kdc_active_realm = state->realm_data; assert(armor->armor_type == KRB5_FAST_ARMOR_AP_REQUEST); krb5_clear_error_message(kdc_context); @@ -103,6 +104,8 @@ encrypt_fast_reply(struct kdc_request_state *state, krb5_error_code retval = 0; krb5_enc_data encrypted_reply; krb5_data *encoded_response = NULL; + kdc_realm_t *kdc_active_realm = state->realm_data; + assert(state->armor_key); retval = encode_krb5_fast_response(response, &encoded_response); if (retval== 0) @@ -138,14 +141,15 @@ kdc_find_fast(krb5_kdc_req **requestptr, krb5_checksum *cksum; krb5_boolean cksum_valid; krb5_keyblock empty_keyblock; + kdc_realm_t *kdc_active_realm = state->realm_data; if (inner_body_out != NULL) *inner_body_out = NULL; scratch.data = NULL; krb5_clear_error_message(kdc_context); memset(&empty_keyblock, 0, sizeof(krb5_keyblock)); - fast_padata = find_pa_data(request->padata, - KRB5_PADATA_FX_FAST); + fast_padata = krb5int_find_pa_data(kdc_context, + request->padata, KRB5_PADATA_FX_FAST); if (fast_padata != NULL){ scratch.length = fast_padata->length; scratch.data = (char *) fast_padata->contents; @@ -230,8 +234,9 @@ kdc_find_fast(krb5_kdc_req **requestptr, retval = KRB5KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTION; } if (retval == 0) - cookie_padata = find_pa_data(fast_req->req_body->padata, - KRB5_PADATA_FX_COOKIE); + cookie_padata = krb5int_find_pa_data(kdc_context, + fast_req->req_body->padata, + KRB5_PADATA_FX_COOKIE); if (retval == 0) { state->fast_options = fast_req->fast_options; krb5_free_kdc_req( kdc_context, request); @@ -239,7 +244,11 @@ kdc_find_fast(krb5_kdc_req **requestptr, fast_req->req_body = NULL; } } - else cookie_padata = find_pa_data(request->padata, KRB5_PADATA_FX_COOKIE); + else { + cookie_padata = krb5int_find_pa_data(kdc_context, + request->padata, + KRB5_PADATA_FX_COOKIE); + } if (retval == 0 && cookie_padata != NULL) { krb5_pa_data *new_padata = malloc(sizeof (krb5_pa_data)); if (new_padata == NULL) { @@ -272,12 +281,13 @@ kdc_find_fast(krb5_kdc_req **requestptr, krb5_error_code -kdc_make_rstate(struct kdc_request_state **out) +kdc_make_rstate(kdc_realm_t *active_realm, struct kdc_request_state **out) { struct kdc_request_state *state = malloc( sizeof(struct kdc_request_state)); if (state == NULL) return ENOMEM; memset( state, 0, sizeof(struct kdc_request_state)); + state->realm_data = active_realm; *out = state; return 0; } @@ -285,6 +295,8 @@ kdc_make_rstate(struct kdc_request_state **out) void kdc_free_rstate (struct kdc_request_state *s) { + kdc_realm_t *kdc_active_realm = s->realm_data; + if (s == NULL) return; if (s->armor_key) @@ -312,6 +324,7 @@ kdc_fast_response_handle_padata(struct kdc_request_state *state, krb5_cksumtype cksumtype = CKSUMTYPE_RSA_MD5; krb5_pa_data *empty_padata[] = {NULL}; krb5_keyblock *strengthen_key = NULL; + kdc_realm_t *kdc_active_realm = state->realm_data; if (!state->armor_key) return 0; @@ -401,6 +414,7 @@ kdc_fast_handle_error(krb5_context context, krb5_pa_data *outer_pa[3], *cookie = NULL; krb5_pa_data **inner_pa = NULL; size_t size = 0; + kdc_realm_t *kdc_active_realm = state->realm_data; *fast_edata_out = NULL; memset(outer_pa, 0, sizeof(outer_pa)); @@ -424,7 +438,8 @@ kdc_fast_handle_error(krb5_context context, pa[0].length = encoded_fx_error->length; pa[0].contents = (unsigned char *) encoded_fx_error->data; inner_pa[size++] = &pa[0]; - if (find_pa_data(inner_pa, KRB5_PADATA_FX_COOKIE) == NULL) + if (krb5int_find_pa_data(kdc_context, + inner_pa, KRB5_PADATA_FX_COOKIE) == NULL) retval = kdc_preauth_get_cookie(state, &cookie); } if (cookie != NULL) @@ -464,6 +479,8 @@ kdc_fast_handle_reply_key(struct kdc_request_state *state, krb5_keyblock **out_key) { krb5_error_code retval = 0; + kdc_realm_t *kdc_active_realm = state->realm_data; + if (state->armor_key) retval = krb5_c_fx_cf2_simple(kdc_context, state->strengthen_key, "strengthenkey", @@ -481,6 +498,7 @@ kdc_preauth_get_cookie(struct kdc_request_state *state, { char *contents; krb5_pa_data *pa = NULL; + /* In our current implementation, the only purpose served by * returning a cookie is to indicate that a conversation should * continue on error. Thus, the cookie can have a constant |