svn rev #22213: branches/krb5-1-7/src/lib/krb5/krb/

tlyu@MIT.EDU tlyu at MIT.EDU
Tue Apr 14 15:53:54 EDT 2009


http://src.mit.edu/fisheye/changelog/krb5/?cs=22213
Commit By: tlyu
Log Message:
ticket: 6401
version_fixed: 1.7

pull up r22067 from trunk

 ------------------------------------------------------------------------
 r22067 | hartmans | 2009-03-06 12:26:29 -0500 (Fri, 06 Mar 2009) | 12 lines
 Changed paths:
    M /trunk/src/lib/krb5/krb/get_in_tkt.c

 ticket: 6401
 Subject: send_as_req re-encodes the request

 krb5_get_init_creds calls encode_krb5_as_req to produce an encoding
 for the preauth plugins, then passes the unencoded request structure
 into the static function send_as_req.  That function re-encodes the
 request.  This is an unnecessary call to the encoder.  In addition,
 for the FAST project, it is desirable to encapsulate the unencoded
 outer request so that krb5_get_init_creds does not need it.

 * send_as_req is modified to take an encoded request and realm
 * Remove unused logic to fill in request nonce from send_as_req
 ------------------------------------------------------------------------


Changed Files:
U   branches/krb5-1-7/src/lib/krb5/krb/get_in_tkt.c
Modified: branches/krb5-1-7/src/lib/krb5/krb/get_in_tkt.c
===================================================================
--- branches/krb5-1-7/src/lib/krb5/krb/get_in_tkt.c	2009-04-14 19:53:49 UTC (rev 22212)
+++ branches/krb5-1-7/src/lib/krb5/krb/get_in_tkt.c	2009-04-14 19:53:53 UTC (rev 22213)
@@ -136,36 +136,25 @@
  */
 static krb5_error_code
 send_as_request(krb5_context 		context,
-		krb5_kdc_req		*request,
+		krb5_data *packet, const krb5_data *realm,
 		krb5_error ** 		ret_err_reply,
 		krb5_kdc_rep ** 	ret_as_reply,
 		int 			    *use_master)
 {
     krb5_kdc_rep *as_reply = 0;
     krb5_error_code retval;
-    krb5_data *packet = 0;
     krb5_data reply;
     char k4_version;		/* same type as *(krb5_data::data) */
     int tcp_only = 0;
-    krb5_timestamp time_now;
 
     reply.data = 0;
 
     /* set the nonce if the caller expects us to do it */
-    if (request->nonce == 0) {
-        if ((retval = krb5_timeofday(context, &time_now)))
-	    goto cleanup;
-        request->nonce = (krb5_int32) time_now;
-    }
 
-    /* encode & send to KDC */
-    if ((retval = encode_krb5_as_req(request, &packet)) != 0)
-	goto cleanup;
-
     k4_version = packet->data[0];
 send_again:
     retval = krb5_sendto_kdc(context, packet, 
-			     krb5_princ_realm(context, request->client),
+			     realm,
 			     &reply, use_master, tcp_only);
 #if APPLE_PKINIT
     inTktDebug("krb5_sendto_kdc returned %d\n", (int)retval);
@@ -240,8 +229,6 @@
 	krb5_free_kdc_rep(context, as_reply);
 
 cleanup:
-    if (packet)
-	krb5_free_data(context, packet);
     if (reply.data)
 	free(reply.data);
     return retval;
@@ -517,6 +504,7 @@
     krb5_timestamp	time_now;
     krb5_keyblock *	decrypt_key = 0;
     krb5_kdc_req	request;
+    krb5_data *encoded_request;
     krb5_pa_data	**padata = 0;
     krb5_error *	err_reply;
     krb5_kdc_rep *	as_reply = 0;
@@ -650,9 +638,14 @@
          */
 	request.nonce = (krb5_int32) time_now;
 
-	if ((retval = send_as_request(context, &request, &err_reply,
-				      &as_reply, &use_master)))
+	if ((retval = encode_krb5_as_req(&request, &encoded_request)) != 0)
 	    goto cleanup;
+	retval = send_as_request(context, encoded_request,
+				 krb5_princ_realm(context, request.client), &err_reply,
+				 &as_reply, &use_master);
+	krb5_free_data_contents(context, encoded_request);
+	if (retval != 0)
+	    goto cleanup;
 
 	if (err_reply) {
 	    if (err_reply->error == KDC_ERR_PREAUTH_REQUIRED &&
@@ -1156,7 +1149,6 @@
 
     krb5_preauth_request_context_init(context);
 
-    /* nonce is filled in by send_as_request if we don't take care of it */
 
     if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST)) {
 	request.ktype = options->etype_list;
@@ -1301,7 +1293,8 @@
 
 	err_reply = 0;
 	local_as_reply = 0;
-	if ((ret = send_as_request(context, &request, &err_reply,
+	if ((ret = send_as_request(context, encoded_previous_request,
+				   krb5_princ_realm(context, request.client), &err_reply,
 				   &local_as_reply, use_master)))
 	    goto cleanup;
 




More information about the cvs-krb5 mailing list