diff options
| author | John Kohl <jtkohl@mit.edu> | 1990-02-06 16:28:55 +0000 |
|---|---|---|
| committer | John Kohl <jtkohl@mit.edu> | 1990-02-06 16:28:55 +0000 |
| commit | 956680770c20479357d8686b722313bcda96f47d (patch) | |
| tree | 2471c974fcea53568c48c056b29bc740f54f3986 /src | |
| parent | f85a5593561a56acedade3a9e91a62a633a306b4 (diff) | |
add kdc_input_mkey
add checksum code (#ifdef'ed out for now...)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@289 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/kdc/kdc_util.c | 56 |
1 files changed, 55 insertions, 1 deletions
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index 4c5422c37..561ba0e64 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -19,12 +19,14 @@ static char rcsid_kdc_util_c[] = #include <krb5/krb5.h> #include <krb5/kdb.h> #include <krb5/krb5_err.h> +#include <krb5/kdb5_err.h> #include "kdc_util.h" #include "extern.h" #include <errno.h> #include <krb5/ext-proto.h> +#include <stdio.h> /* * concatenate first two authdata arrays, returning an allocated replacement. @@ -186,6 +188,7 @@ krb5_fulladdr *from; krb5_tkt_authent authdat; struct kparg who; krb5_error_code retval; + krb5_checksum our_cksum; if (isset(apreq->ap_options, AP_OPTS_USE_SESSION_KEY) || isset(apreq->ap_options, AP_OPTS_MUTUAL_REQUIRED)) @@ -233,7 +236,28 @@ krb5_fulladdr *from; /* now rearrange output from rd_req_decoded */ - /* don't need authenticator */ + + our_cksum.checksum_type = authdat.authenticator->checksum->checksum_type; + if (!valid_cksumtype(our_cksum.checksum_type)) { + krb5_free_authenticator(authdat.authenticator); + krb5_free_ticket(authdat.ticket); + return KRB5KDC_ERR_ETYPE_NOSUPP; /* XXX cktype nosupp */ + } + /* check application checksum vs. tgs request */ +#ifdef notdef + if (retval = (*krb5_cksumarray[our_cksum.checksum_type]-> + sum_func)(in, /* where to? */ + NULL, /* don't produce output */ + authdat.ticket->enc_part2->session->contents, /* seed */ + in_length, /* input length */ + authdat.ticket->enc_part2->session->length, /* seed length */ + &our_cksum)) { + krb5_free_authenticator(authdat.authenticator); + krb5_free_ticket(authdat.ticket); + return KRB5KRB_AP_ERR_BAD_INTEGRITY; /* XXX wrong code? */ + } +#endif + /* don't need authenticator anymore */ krb5_free_authenticator(authdat.authenticator); /* copy the ptr to enc_part2, then free remaining stuff */ @@ -256,3 +280,33 @@ int direction; } else return KRB5_KDB_ILLDIRECTION; } + +/* + * get the master key from somewhere, filling it into *key. + * + * key->keytype should be set to the desired type. + * + */ + +krb5_error_code +kdc_input_mkey(mname, key) +krb5_principal mname; +krb5_keyblock *key; +{ + krb5_error_code retval; + char password[BUFSIZ]; + krb5_data pwd; + int size = sizeof(password); + + /* XXX need a way to read from file */ + if (retval = krb5_read_password(krb5_mkey_pwd_prompt1, + krb5_mkey_pwd_prompt2, + password, + &size)) + return(retval); + + return (*master_encblock.crypto_entry->string_to_key)(key->keytype, + key, + &pwd, + mname); +} |