diff options
Diffstat (limited to 'src/plugins/preauth')
| -rw-r--r-- | src/plugins/preauth/cksum_body/cksum_body_main.c | 44 | ||||
| -rw-r--r-- | src/plugins/preauth/pkinit/pkinit_clnt.c | 14 | ||||
| -rw-r--r-- | src/plugins/preauth/wpse/wpse_main.c | 6 |
3 files changed, 13 insertions, 51 deletions
diff --git a/src/plugins/preauth/cksum_body/cksum_body_main.c b/src/plugins/preauth/cksum_body/cksum_body_main.c index 6643e8e04..c0a438f75 100644 --- a/src/plugins/preauth/cksum_body/cksum_body_main.c +++ b/src/plugins/preauth/cksum_body/cksum_body_main.c @@ -91,21 +91,17 @@ client_process(krb5_context kcontext, krb5_pa_data *pa_data, krb5_prompter_fct prompter, void *prompter_data, - krb5_clpreauth_get_as_key_fn gak_fct, - void *gak_data, - krb5_data *salt, krb5_data *s2kparams, - krb5_keyblock *as_key, krb5_pa_data ***out_pa_data) { krb5_pa_data **send_pa; krb5_checksum checksum; - krb5_enctype enctype; krb5_cksumtype *cksumtypes; krb5_error_code status = 0; - krb5_int32 cksumtype, *enctypes; - unsigned int i, n_enctypes, cksumtype_count; + krb5_int32 cksumtype; + unsigned int i, cksumtype_count; int num_gic_info = 0; krb5_gic_opt_pa_data *gic_info; + krb5_keyblock *as_key; status = krb5_get_init_creds_opt_get_pa(kcontext, opt, &num_gic_info, &gic_info); @@ -128,37 +124,9 @@ client_process(krb5_context kcontext, memset(&checksum, 0, sizeof(checksum)); - /* Get the user's long-term key if we haven't asked for it yet. Try - * all of the encryption types which the server supports. */ - if (as_key->length == 0) { - if ((pa_data != NULL) && (pa_data->length >= 4)) { -#ifdef DEBUG - fprintf(stderr, "%d bytes of preauth data.\n", pa_data->length); -#endif - n_enctypes = pa_data->length / 4; - enctypes = (krb5_int32*) pa_data->contents; - } else { - n_enctypes = request->nktypes; - } - for (i = 0; i < n_enctypes; i++) { - if ((pa_data != NULL) && (pa_data->length >= 4)) { - memcpy(&enctype, pa_data->contents + 4 * i, 4); - enctype = ntohl(enctype); - } else { - enctype = request->ktype[i]; - } -#ifdef DEBUG - fprintf(stderr, "Asking for AS key (type = %d).\n", enctype); -#endif - status = (*gak_fct)(kcontext, request->client, enctype, - prompter, prompter_data, - salt, s2kparams, as_key, gak_data); - if (status == 0) - break; - } - if (status != 0) - return status; - } + status = cb->get_as_key(kcontext, rock, &as_key); + if (status != 0) + return status; #ifdef DEBUG fprintf(stderr, "Got AS key (type = %d).\n", as_key->enctype); #endif diff --git a/src/plugins/preauth/pkinit/pkinit_clnt.c b/src/plugins/preauth/pkinit/pkinit_clnt.c index 95a645c2b..6155b1063 100644 --- a/src/plugins/preauth/pkinit/pkinit_clnt.c +++ b/src/plugins/preauth/pkinit/pkinit_clnt.c @@ -1022,16 +1022,14 @@ pkinit_client_process(krb5_context context, krb5_clpreauth_moddata moddata, krb5_data *encoded_previous_request, krb5_pa_data *in_padata, krb5_prompter_fct prompter, void *prompter_data, - krb5_clpreauth_get_as_key_fn gak_fct, void *gak_data, - krb5_data *salt, krb5_data *s2kparams, - krb5_keyblock *as_key, krb5_pa_data ***out_padata) + krb5_pa_data ***out_padata) { krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED; krb5_enctype enctype = -1; int processing_request = 0; pkinit_context plgctx = (pkinit_context)moddata; pkinit_req_context reqctx = (pkinit_req_context)modreq; - krb5_keyblock *armor_key = cb->fast_armor(context, rock); + krb5_keyblock *armor_key = cb->fast_armor(context, rock), as_key; pkiDebug("pkinit_client_process %p %p %p %p\n", context, plgctx, reqctx, request); @@ -1094,8 +1092,10 @@ pkinit_client_process(krb5_context context, krb5_clpreauth_moddata moddata, */ enctype = cb->get_etype(context, rock); retval = pa_pkinit_parse_rep(context, plgctx, reqctx, request, - in_padata, enctype, as_key, + in_padata, enctype, &as_key, encoded_previous_request); + if (retval == 0) + retval = cb->set_as_key(context, rock, &as_key); } pkiDebug("pkinit_client_process: returning %d (%s)\n", @@ -1112,9 +1112,7 @@ pkinit_client_tryagain(krb5_context context, krb5_clpreauth_moddata moddata, krb5_data *encoded_previous_request, krb5_pa_data *in_padata, krb5_error *err_reply, krb5_prompter_fct prompter, void *prompter_data, - krb5_clpreauth_get_as_key_fn gak_fct, void *gak_data, - krb5_data *salt, krb5_data *s2kparams, - krb5_keyblock *as_key, krb5_pa_data ***out_padata) + krb5_pa_data ***out_padata) { krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED; pkinit_context plgctx = (pkinit_context)moddata; diff --git a/src/plugins/preauth/wpse/wpse_main.c b/src/plugins/preauth/wpse/wpse_main.c index 4f603474d..c14ec753d 100644 --- a/src/plugins/preauth/wpse/wpse_main.c +++ b/src/plugins/preauth/wpse/wpse_main.c @@ -98,10 +98,6 @@ client_process(krb5_context kcontext, krb5_pa_data *pa_data, krb5_prompter_fct prompter, void *prompter_data, - krb5_clpreauth_get_as_key_fn gak_fct, - void *gak_data, - krb5_data *salt, krb5_data *s2kparams, - krb5_keyblock *as_key, krb5_pa_data ***out_pa_data) { krb5_pa_data **send_pa; @@ -159,7 +155,7 @@ client_process(krb5_context kcontext, fprintf(stderr, "Recovered key type=%d, length=%d.\n", kb->enctype, kb->length); #endif - status = krb5_copy_keyblock_contents(kcontext, kb, as_key); + status = cb->set_as_key(kcontext, rock, kb); krb5_free_keyblock(kcontext, kb); return status; } |