From b87d9d3c376c2623ae9eb0cfc8da50985c7bb592 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Mon, 14 Nov 2011 21:45:33 +0000 Subject: Simplify and fix kdcpreauth request_body callback Alter the contract for the kdcpreauth request_body callback so that it returns an alias to the encoded body instead of a fresh copy. At the beginning of AS request processing, save a copy of the encoded request body, or the encoded inner request body for FAST requests. Previously the request_body callback would re-encode the request structure, which in some cases has been modified by the AS request code. No kdcpreauth modules currently use the request_body callback, but PKINIT will need to start using it in order to handle FAST requests correctly. ticket: 7017 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25473 dc483132-0cff-0310-8789-dd5450dbe970 --- src/plugins/preauth/cksum_body/cksum_body_main.c | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) (limited to 'src/plugins') diff --git a/src/plugins/preauth/cksum_body/cksum_body_main.c b/src/plugins/preauth/cksum_body/cksum_body_main.c index c0a438f75..ed2b5b4e0 100644 --- a/src/plugins/preauth/cksum_body/cksum_body_main.c +++ b/src/plugins/preauth/cksum_body/cksum_body_main.c @@ -403,17 +403,7 @@ server_verify(krb5_context kcontext, } cb->free_keys(kcontext, rock, keys); - /* Rebuild a copy of the client's request-body. If we were serious - * about doing this with any chance of working interoperability, we'd - * extract the structure directly from the req_pkt structure. This - * will probably work if it's us on both ends, though. */ - req_body = NULL; - if (cb->request_body(kcontext, rock, &req_body) != 0) { - krb5_free_keyblock(kcontext, key); - stats->failures++; - (*respond)(arg, KRB5KDC_ERR_PREAUTH_FAILED, NULL, NULL, NULL); - return; - } + req_body = cb->request_body(kcontext, rock); #ifdef DEBUG fprintf(stderr, "AS key type %d, checksum type %d, %d bytes.\n", @@ -428,7 +418,6 @@ server_verify(krb5_context kcontext, req_body, &checksum, &valid); /* Clean up. */ - krb5_free_data(kcontext, req_body); krb5_free_keyblock(kcontext, key); /* Evaluate our results. */ -- cgit