diff options
| author | John Kohl <jtkohl@mit.edu> | 1991-02-14 14:51:38 +0000 |
|---|---|---|
| committer | John Kohl <jtkohl@mit.edu> | 1991-02-14 14:51:38 +0000 |
| commit | c309eee4533bef7e13fcf462bdd0b36d022c3dd1 (patch) | |
| tree | c44b0d3e47660158620a12cfc72e8dac6367490b /src | |
| parent | 1aaf6d5fe68fb019ea91a4ea9f06057f336333f0 (diff) | |
| download | krb5-c309eee4533bef7e13fcf462bdd0b36d022c3dd1.tar.gz krb5-c309eee4533bef7e13fcf462bdd0b36d022c3dd1.tar.xz krb5-c309eee4533bef7e13fcf462bdd0b36d022c3dd1.zip | |
add in padata salting support
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1698 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/kdc/do_as_req.c | 50 |
1 files changed, 49 insertions, 1 deletions
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index 17b546f52..4d4c46e23 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -67,6 +67,8 @@ krb5_data **response; /* filled in with a response packet */ krb5_keyblock *session_key; krb5_keyblock encrypting_key; krb5_enctype useetype; + krb5_pa_data *padat_tmp[2], padat_local; + register int i; krb5_timestamp until, rtime; @@ -272,7 +274,53 @@ krb5_data **response; /* filled in with a response packet */ reply.msg_type = KRB5_AS_REP; reply.padata = 0; - /* XXX put in padata salting stuff here*/ + if (client.salt_type != KRB5_KDB_SALTTYPE_NORMAL) { + padat_tmp[0] = &padat_local; + padat_tmp[1] = 0; + + padat_tmp[0]->pa_type = KRB5_PADATA_PW_SALT; + + /* WARNING: sharing substructure here, but it's not a real problem, + since nothing below will "pull out the rug" */ + + switch (client.salt_type) { + krb5_data *data_foo, data_bar; + case KRB5_KDB_SALTTYPE_V4: + /* send an empty (V4) salt */ + padat_tmp[0]->contents = 0; + padat_tmp[0]->length = 0; + break; + case KRB5_KDB_SALTTYPE_NOREALM: + if (retval = norealm_salt(request->client, &data_bar)) { + cleanup(); + return retval; + } + padat_tmp[0]->length = data_bar.length; + padat_tmp[0]->contents = (krb5_octet *)data_bar.data; + break; + case KRB5_KDB_SALTTYPE_ONLYREALM: + data_foo = krb5_princ_realm(request->client); + padat_tmp[0]->length = data_foo->length; + padat_tmp[0]->contents = (krb5_octet *)data_foo->data; + break; + case KRB5_KDB_SALTTYPE_SPECIAL: + padat_tmp[0]->length = client.salt_length; + padat_tmp[0]->contents = client.salt; + break; + } + reply.padata = padat_tmp; + } + +#undef cleanup +#define cleanup() {krb5_db_free_principal(&client, 1); \ + memset((char *)session_key->contents, 0, \ + session_key->length); \ + free((char *)session_key->contents); \ + session_key->contents = 0; \ + memset(ticket_reply.enc_part.ciphertext.data, 0, \ + ticket_reply.enc_part.ciphertext.length); \ + free(ticket_reply.enc_part.ciphertext.data); \ + if (client.salt_type == KRB5_KDB_SALTTYPE_NOREALM) xfree(padat_tmp[0]->contents);} reply.client = request->client; /* XXX need separate etypes for ticket encryption and kdc_rep encryption */ |