svn rev #22125: branches/fast/src/kdc/

hartmans@MIT.EDU hartmans at MIT.EDU
Thu Mar 26 01:36:41 EDT 2009 

http://src.mit.edu/fisheye/changelog/krb5/?cs=22125
Commit By: hartmans
Log Message:
Integrate FAST into AS and TGS

Integrate calls to lookup FAST padata into the AS and TGS paths.
kdc_util needs to return a pointer to the pa-tgs-req padata for the
fast checksum.

This code does not generate fast responses or errors yet.


Changed Files:
U   branches/fast/src/kdc/do_as_req.c
U   branches/fast/src/kdc/do_tgs_req.c
U   branches/fast/src/kdc/kdc_util.c
U   branches/fast/src/kdc/kdc_util.h
Modified: branches/fast/src/kdc/do_as_req.c
===================================================================
--- branches/fast/src/kdc/do_as_req.c	2009-03-26 05:36:38 UTC (rev 22124)
+++ branches/fast/src/kdc/do_as_req.c	2009-03-26 05:36:40 UTC (rev 22125)
@@ -117,6 +117,8 @@
     int did_log = 0;
     const char *emsg = 0;
     krb5_keylist_node *tmp_mkey_list;
+    struct kdc_request_state *state = NULL;
+    
 
 #if APPLE_PKINIT
     asReqDebug("process_as_req top realm %s name %s\n", 
@@ -133,6 +135,15 @@
     session_key.contents = 0;
     enc_tkt_reply.authorization_data = NULL;
 
+    errcode = kdc_make_rstate(&state);
+    if (errcode != 0) {
+	status = "constructing state";
+	goto errout;
+    }
+    errcode = kdc_find_fast(&request, req_pkt, NULL /*TGS key*/, state);
+    if (errcode)
+	goto errout;
+
     if (!request->client) {
 	status = "NULL_CLIENT";
 	errcode = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
@@ -679,6 +690,7 @@
     }
 
     krb5_free_data_contents(kdc_context, &e_data);
+    kdc_free_rstate(state);
     assert(did_log != 0);
     return errcode;
 }

Modified: branches/fast/src/kdc/do_tgs_req.c
===================================================================
--- branches/fast/src/kdc/do_tgs_req.c	2009-03-26 05:36:38 UTC (rev 22124)
+++ branches/fast/src/kdc/do_tgs_req.c	2009-03-26 05:36:40 UTC (rev 22125)
@@ -125,6 +125,9 @@
     krb5_data *tgs_1 =NULL, *server_1 = NULL;
     krb5_principal krbtgt_princ;
     krb5_kvno ticket_kvno = 0;
+    struct kdc_request_state *state = NULL;
+    krb5_pa_data *pa_tgs_req; /*points into request*/
+    krb5_data scratch;
 
     session_key.contents = NULL;
     
@@ -140,7 +143,7 @@
         return retval;
     }
     errcode = kdc_process_tgs_req(request, from, pkt, &header_ticket,
-                                  &krbtgt, &k_nprincs, &subkey);
+                                  &krbtgt, &k_nprincs, &subkey, &pa_tgs_req);
     if (header_ticket && header_ticket->enc_part2 &&
         (errcode2 = krb5_unparse_name(kdc_context, 
                                       header_ticket->enc_part2->client,
@@ -161,7 +164,15 @@
         status="UNEXPECTED NULL in header_ticket";
         goto cleanup;
     }
-
+    scratch.length = pa_tgs_req->length;
+    scratch.data = (char *) pa_tgs_req->contents;
+    errcode = kdc_find_fast(&request, &scratch, subkey, state);
+    if (errcode !=0) {
+	status = "kdc_find_fast";
+		goto cleanup;
+    }
+    
+    
     /*
      * Pointer to the encrypted part of the header ticket, which may be
      * replaced to point to the encrypted part of the evidence ticket
@@ -916,6 +927,8 @@
         krb5_free_ticket(kdc_context, header_ticket);
     if (request != NULL)
         krb5_free_kdc_req(kdc_context, request);
+    if (state)
+	kdc_free_rstate(state);
     if (cname != NULL)
         free(cname);
     if (sname != NULL)

Modified: branches/fast/src/kdc/kdc_util.c
===================================================================
--- branches/fast/src/kdc/kdc_util.c	2009-03-26 05:36:38 UTC (rev 22124)
+++ branches/fast/src/kdc/kdc_util.c	2009-03-26 05:36:40 UTC (rev 22125)
@@ -234,7 +234,8 @@
 kdc_process_tgs_req(krb5_kdc_req *request, const krb5_fulladdr *from,
 		    krb5_data *pkt, krb5_ticket **ticket,
 		    krb5_db_entry *krbtgt, int *nprincs,
-		    krb5_keyblock **subkey)
+		    krb5_keyblock **subkey,
+		    krb5_pa_data **pa_tgs_req)
 {
     krb5_pa_data        * tmppa;
     krb5_ap_req 	* apreq;
@@ -383,6 +384,8 @@
 	}
     }
 
+    if (retval == 0)
+      *pa_tgs_req = tmppa;
 cleanup_authenticator:
     krb5_free_authenticator(kdc_context, authenticator);
 

Modified: branches/fast/src/kdc/kdc_util.h
===================================================================
--- branches/fast/src/kdc/kdc_util.h	2009-03-26 05:36:38 UTC (rev 22124)
+++ branches/fast/src/kdc/kdc_util.h	2009-03-26 05:36:40 UTC (rev 22125)
@@ -66,7 +66,7 @@
 	           krb5_ticket **,
 		   krb5_db_entry *krbtgt,
 		   int *nprincs,
-	           krb5_keyblock **);
+	           krb5_keyblock **, krb5_pa_data **pa_tgs_req);
 
 krb5_error_code kdc_get_server_key (krb5_ticket *, unsigned int,
 				    krb5_boolean match_enctype,

More information about the cvs-krb5 mailing list