diff options
| author | Ken Raeburn <raeburn@mit.edu> | 2000-02-16 18:29:50 +0000 |
|---|---|---|
| committer | Ken Raeburn <raeburn@mit.edu> | 2000-02-16 18:29:50 +0000 |
| commit | f06921749014e39975e2a53b7324c75379ff9ea6 (patch) | |
| tree | d70eec05f0bbc0550595f9fc9c19fca3b38744be /src | |
| parent | 1eee430255be4011cb6b928a1201560c9ce0bad3 (diff) | |
| download | krb5-f06921749014e39975e2a53b7324c75379ff9ea6.tar.gz krb5-f06921749014e39975e2a53b7324c75379ff9ea6.tar.xz krb5-f06921749014e39975e2a53b7324c75379ff9ea6.zip | |
* preauth2.c (pa_sam): In send-encrypted-sad mode, check for magic salt length
and generate a salt from the principal name if found; use the password and salt
to generate a key. Provide timestamp if nonce is zero, regardless of preauth
mode. (Patch from Chas Williams.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12045 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/krb5/krb/ChangeLog | 8 | ||||
| -rw-r--r-- | src/lib/krb5/krb/preauth2.c | 50 |
2 files changed, 51 insertions, 7 deletions
diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index 19c8af799..4315b8b5c 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,11 @@ +2000-02-16 Ken Raeburn <raeburn@mit.edu> + + * preauth2.c (pa_sam): In send-encrypted-sad mode, check for magic + salt length and generate a salt from the principal name if found; + use the password and salt to generate a key. Provide timestamp if + nonce is zero, regardless of preauth mode. (Patch from Chas + Williams.) + 2000-02-07 Ken Raeburn <raeburn@mit.edu> * gic_pwd.c (krb5_get_as_key_password): If the as_key enctype is diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c index a942601a1..c9d361d8c 100644 --- a/src/lib/krb5/krb/preauth2.c +++ b/src/lib/krb5/krb/preauth2.c @@ -271,21 +271,57 @@ krb5_error_code pa_sam(krb5_context context, } enc_sam_response_enc.sam_nonce = sam_challenge->sam_nonce; + if (sam_challenge->sam_nonce == 0) { + if (ret = krb5_us_timeofday(context, + &enc_sam_response_enc.sam_timestamp, + &enc_sam_response_enc.sam_usec)) { + krb5_xfree(sam_challenge); + return(ret); + } + + sam_response.sam_patimestamp = enc_sam_response_enc.sam_timestamp; + } + /* XXX What if more than one flag is set? */ if (sam_challenge->sam_flags & KRB5_SAM_SEND_ENCRYPTED_SAD) { - enc_sam_response_enc.sam_sad = response_data; - } else if (sam_challenge->sam_flags & KRB5_SAM_USE_SAD_AS_KEY) { - if (sam_challenge->sam_nonce == 0) { - if (ret = krb5_us_timeofday(context, - &enc_sam_response_enc.sam_timestamp, - &enc_sam_response_enc.sam_usec)) { + + if (as_key->length) { + krb5_free_keyblock_contents(context, as_key); + as_key->length = 0; + } + + /* generate a salt using the requested principal */ + + if ((salt->length == -1) && (salt->data == NULL)) { + if (ret = krb5_principal2salt(context, request->client, + &defsalt)) { krb5_xfree(sam_challenge); return(ret); } - sam_response.sam_patimestamp = enc_sam_response_enc.sam_timestamp; + salt = &defsalt; + } else { + defsalt.length = 0; + } + + /* generate a key using the supplied password */ + + ret = krb5_c_string_to_key(context, ENCTYPE_DES_CBC_MD5, + (krb5_data *)gak_data, salt, as_key); + + if (defsalt.length) + krb5_xfree(defsalt.data); + + if (ret) { + krb5_xfree(sam_challenge); + return(ret); } + /* encrypt the passcode with the key from above */ + + enc_sam_response_enc.sam_sad = response_data; + } else if (sam_challenge->sam_flags & KRB5_SAM_USE_SAD_AS_KEY) { + /* process the key as password */ if (as_key->length) { |