diff options
| author | Theodore Tso <tytso@mit.edu> | 1995-11-18 03:39:15 +0000 |
|---|---|---|
| committer | Theodore Tso <tytso@mit.edu> | 1995-11-18 03:39:15 +0000 |
| commit | 88b493e4b97e118c13eef58209ddf3cd058ca5e0 (patch) | |
| tree | 37cd8866223b0d2fe986fc758cefb1a42469632b /src | |
| parent | 18807359c9885fc7e1ca3aa37db1998364fb9d79 (diff) | |
| download | krb5-88b493e4b97e118c13eef58209ddf3cd058ca5e0.tar.gz krb5-88b493e4b97e118c13eef58209ddf3cd058ca5e0.tar.xz krb5-88b493e4b97e118c13eef58209ddf3cd058ca5e0.zip | |
get_in_tkt.c (decrypt_as_reply):
preauth.c (process_pw_salt): When fetching the key to decrypting the
encrypted kdc reply, use the etype associated with the etype
reply, not the etype associated with the included ticket.
encode_kdc.c: Remove eblock argument from krb5_encode_kdc_rep;
set the eblock type from the client_key's enctype.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7117 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/krb5/krb/ChangeLog | 11 | ||||
| -rw-r--r-- | src/lib/krb5/krb/encode_kdc.c | 17 | ||||
| -rw-r--r-- | src/lib/krb5/krb/get_in_tkt.c | 2 | ||||
| -rw-r--r-- | src/lib/krb5/krb/preauth.c | 2 |
4 files changed, 22 insertions, 10 deletions
diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index 7c307bf10..a85215426 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,14 @@ +Fri Nov 17 22:35:52 1995 Theodore Y. Ts'o <tytso@dcl> + + * get_in_tkt.c (decrypt_as_reply): + * preauth.c (process_pw_salt): When fetching the key to decrypting + the encrypted kdc reply, use the etype associated with the + etype reply, not the etype associated with the included + ticket. + + * encode_kdc.c: Remove eblock argument from krb5_encode_kdc_rep; + set the eblock type from the client_key's enctype. + Thu Nov 16 20:29:17 1995 Ezra Peisach <epeisach@kangaroo.mit.edu> * srv_rcache.c (krb5_get_server_rcache): Use krb5_rc_default_type diff --git a/src/lib/krb5/krb/encode_kdc.c b/src/lib/krb5/krb/encode_kdc.c index 502a87ecb..bb9311f6a 100644 --- a/src/lib/krb5/krb/encode_kdc.c +++ b/src/lib/krb5/krb/encode_kdc.c @@ -41,11 +41,10 @@ /* due to argument promotion rules, we need to use the DECLARG/OLDDECLARG stuff... */ krb5_error_code -krb5_encode_kdc_rep(context, type, encpart, eblock, client_key, dec_rep, enc_rep) +krb5_encode_kdc_rep(context, type, encpart, client_key, dec_rep, enc_rep) krb5_context context; const krb5_msgtype type; const krb5_enc_kdc_rep_part * encpart; - krb5_encrypt_block * eblock; const krb5_keyblock * client_key; krb5_kdc_rep * dec_rep; krb5_data ** enc_rep; @@ -53,6 +52,7 @@ krb5_encode_kdc_rep(context, type, encpart, eblock, client_key, dec_rep, enc_rep krb5_data *scratch; krb5_error_code retval; krb5_enc_kdc_rep_part tmp_encpart; + krb5_encrypt_block eblock; if (!valid_enctype(dec_rep->enc_part.enctype)) return KRB5_PROG_ETYPE_NOSUPP; @@ -89,8 +89,9 @@ krb5_encode_kdc_rep(context, type, encpart, eblock, client_key, dec_rep, enc_rep #define cleanup_scratch() { (void) memset(scratch->data, 0, scratch->length); \ krb5_free_data(context, scratch); } + krb5_use_enctype(context, &eblock, client_key->enctype); dec_rep->enc_part.ciphertext.length = - krb5_encrypt_size(scratch->length, eblock->crypto_entry); + krb5_encrypt_size(scratch->length, eblock.crypto_entry); /* add padding area, and zero it */ if (!(scratch->data = realloc(scratch->data, dec_rep->enc_part.ciphertext.length))) { @@ -113,26 +114,26 @@ free(dec_rep->enc_part.ciphertext.data); \ dec_rep->enc_part.ciphertext.length = 0; \ dec_rep->enc_part.ciphertext.data = 0;} - retval = krb5_process_key(context, eblock, client_key); + retval = krb5_process_key(context, &eblock, client_key); if (retval) { goto clean_encpart; } -#define cleanup_prockey() {(void) krb5_finish_key(context, eblock);} +#define cleanup_prockey() {(void) krb5_finish_key(context, &eblock);} retval = krb5_encrypt(context, (krb5_pointer) scratch->data, (krb5_pointer) dec_rep->enc_part.ciphertext.data, - scratch->length, eblock, 0); + scratch->length, &eblock, 0); if (retval) { goto clean_prockey; } - dec_rep->enc_part.enctype = krb5_eblock_enctype(context, eblock); + dec_rep->enc_part.enctype = krb5_eblock_enctype(context, &eblock); /* do some cleanup */ cleanup_scratch(); - retval = krb5_finish_key(context, eblock); + retval = krb5_finish_key(context, &eblock); if (retval) { cleanup_encpart(); return retval; diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index 58bc1225a..52b4dd813 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -197,7 +197,7 @@ decrypt_as_reply(context, request, as_reply, key_proc, keyseed, key, if ((retval = krb5_principal2salt(context, request->client, &salt))) return(retval); - retval = (*key_proc)(context, as_reply->ticket->enc_part.enctype, + retval = (*key_proc)(context, as_reply->enc_part.enctype, &salt, keyseed, &decrypt_key); krb5_xfree(salt.data); if (retval) diff --git a/src/lib/krb5/krb/preauth.c b/src/lib/krb5/krb/preauth.c index 4bfe9705a..86aa899b5 100644 --- a/src/lib/krb5/krb/preauth.c +++ b/src/lib/krb5/krb/preauth.c @@ -305,7 +305,7 @@ process_pw_salt(context, padata, request, as_reply, salt.data = (char *) padata->contents; salt.length = padata->length; - if ((retval = (*key_proc)(context, as_reply->ticket->enc_part.enctype, + if ((retval = (*key_proc)(context, as_reply->enc_part.enctype, &salt, keyseed, decrypt_key))) { *decrypt_key = 0; return retval; |