svn rev #23409: branches/fast-negotiate/src/kdc/

hartmans@MIT.EDU hartmans at MIT.EDU
Wed Dec 2 11:16:09 EST 2009 

http://src.mit.edu/fisheye/changelog/krb5/?cs=23409
Commit By: hartmans
Log Message:
As and TGS path: cliam to support FAST negotiation in ticket flag; restructure enc_padata path to prepare for additional padata


Changed Files:
U   branches/fast-negotiate/src/kdc/do_as_req.c
U   branches/fast-negotiate/src/kdc/do_tgs_req.c
U   branches/fast-negotiate/src/kdc/kdc_preauth.c
U   branches/fast-negotiate/src/kdc/kdc_util.h
Modified: branches/fast-negotiate/src/kdc/do_as_req.c
===================================================================
--- branches/fast-negotiate/src/kdc/do_as_req.c	2009-12-02 16:16:06 UTC (rev 23408)
+++ branches/fast-negotiate/src/kdc/do_as_req.c	2009-12-02 16:16:09 UTC (rev 23409)
@@ -310,6 +310,7 @@
     enc_tkt_reply.times.authtime = authtime;
 
     setflag(enc_tkt_reply.flags, TKT_FLG_INITIAL);
+    setflag(enc_tkt_reply.flags, TKT_FLG_ENC_PA_REP);
 
     /*
      * It should be noted that local policy may affect the
@@ -556,7 +557,7 @@
                reply.client->realm.data, reply.client->data->data);
 #endif /* APPLE_PKINIT */
 
-    errcode = return_svr_referral_data(kdc_context,
+    errcode = return_enc_padata(kdc_context, req_pkt, request,
                                        &server, &reply_encpart);
     if (errcode) {
         status = "KDC_RETURN_ENC_PADATA";

Modified: branches/fast-negotiate/src/kdc/do_tgs_req.c
===================================================================
--- branches/fast-negotiate/src/kdc/do_tgs_req.c	2009-12-02 16:16:06 UTC (rev 23408)
+++ branches/fast-negotiate/src/kdc/do_tgs_req.c	2009-12-02 16:16:09 UTC (rev 23409)
@@ -454,6 +454,7 @@
      */
     if (!(header_enc_tkt->times.starttime))
         header_enc_tkt->times.starttime = authtime;
+    setflag(enc_tkt_reply.flags, TKT_FLG_ENC_PA_REP);
 
     /* don't use new addresses unless forwarded, see below */
 
@@ -756,7 +757,7 @@
     }
 
     if (is_referral && isflagset(s_flags, KRB5_KDB_FLAG_CANONICALIZE)) {
-        errcode = return_svr_referral_data(kdc_context,
+        errcode = return_enc_padata(kdc_context, pkt, request,
                                            &server, &reply_encpart);
         if (errcode) {
             status = "KDC_RETURN_ENC_PADATA";

Modified: branches/fast-negotiate/src/kdc/kdc_preauth.c
===================================================================
--- branches/fast-negotiate/src/kdc/kdc_preauth.c	2009-12-02 16:16:06 UTC (rev 23408)
+++ branches/fast-negotiate/src/kdc/kdc_preauth.c	2009-12-02 16:16:09 UTC (rev 23409)
@@ -3064,17 +3064,25 @@
 }
 
 krb5_error_code
-return_svr_referral_data(krb5_context context,
-                         krb5_db_entry *server,
+return_enc_padata(krb5_context context,
+                  krb5_data *req_pkt, krb5_kdc_req *request,
+                  krb5_db_entry *server,
                          krb5_enc_kdc_rep_part *reply_encpart)
 {
     krb5_error_code             code;
     krb5_tl_data                tl_data;
     krb5_pa_data                *pa_data;
+    int idx = 0;
 
-    /* This should be initialized and only used for Win2K compat */
+    /* This should be initialized and only used for Win2K compat  and other
+     * specific standardized uses such as  FAST negotiation.*/
     assert(reply_encpart->enc_padata == NULL);
+    reply_encpart->enc_padata = (krb5_pa_data **)calloc(4, sizeof(krb5_pa_data *));
+    if (reply_encpart->enc_padata == NULL) {
+        return ENOMEM;
+    }
 
+
     tl_data.tl_data_type = KRB5_TL_SVR_REFERRAL_DATA;
 
     code = krb5_dbe_lookup_tl_data(context, server, &tl_data);
@@ -3084,7 +3092,6 @@
     pa_data = (krb5_pa_data *)malloc(sizeof(*pa_data));
     if (pa_data == NULL)
         return ENOMEM;
-
     pa_data->magic = KV5M_PA_DATA;
     pa_data->pa_type = KRB5_PADATA_SVR_REFERRAL_INFO;
     pa_data->length = tl_data.tl_data_length;
@@ -3095,14 +3102,8 @@
     }
     memcpy(pa_data->contents, tl_data.tl_data_contents, tl_data.tl_data_length);
 
-    reply_encpart->enc_padata = (krb5_pa_data **)calloc(2, sizeof(krb5_pa_data *));
-    if (reply_encpart->enc_padata == NULL) {
-        free(pa_data->contents);
-        free(pa_data);
-        return ENOMEM;
-    }
 
-    reply_encpart->enc_padata[0] = pa_data;
+    reply_encpart->enc_padata[idx++] = pa_data;
     reply_encpart->enc_padata[1] = NULL;
 
     return 0;

Modified: branches/fast-negotiate/src/kdc/kdc_util.h
===================================================================
--- branches/fast-negotiate/src/kdc/kdc_util.h	2009-12-02 16:16:06 UTC (rev 23408)
+++ branches/fast-negotiate/src/kdc/kdc_util.h	2009-12-02 16:16:09 UTC (rev 23409)
@@ -250,9 +250,10 @@
 include_pac_p(krb5_context context, krb5_kdc_req *request);
 
 krb5_error_code
-return_svr_referral_data (krb5_context context,
-                          krb5_db_entry *server,
-                          krb5_enc_kdc_rep_part *reply_encpart);
+return_enc_padata(krb5_context context,
+                  krb5_data *req_pkt, krb5_kdc_req *request,
+                  krb5_db_entry *server,
+                  krb5_enc_kdc_rep_part *reply_encpart);
 
 krb5_error_code
 sign_db_authdata (krb5_context context,

More information about the cvs-krb5 mailing list