svn rev #22132: branches/fast/src/kdc/

hartmans@MIT.EDU hartmans at MIT.EDU
Thu Mar 26 01:37:01 EDT 2009 

http://src.mit.edu/fisheye/changelog/krb5/?cs=22132
Commit By: hartmans
Log Message:
Integrate fast in KDC AS errors

Call kdc_fast_handle_error from prepare_as_error Also, decode either
td or pa sequence in e_data and feed into fast's idea of a pa
sequence.


Changed Files:
U   branches/fast/src/kdc/do_as_req.c
Modified: branches/fast/src/kdc/do_as_req.c
===================================================================
--- branches/fast/src/kdc/do_as_req.c	2009-03-26 05:36:58 UTC (rev 22131)
+++ branches/fast/src/kdc/do_as_req.c	2009-03-26 05:37:01 UTC (rev 22132)
@@ -82,7 +82,7 @@
 #endif
 #endif /* APPLE_PKINIT */
 
-static krb5_error_code prepare_error_as (krb5_kdc_req *, int, krb5_data *, 
+static krb5_error_code prepare_error_as (struct kdc_request_state *, krb5_kdc_req *, int, krb5_data *, 
 					 krb5_principal, krb5_data **,
 					 const char *);
 
@@ -640,7 +640,7 @@
 	if (errcode < 0 || errcode > 128)
 	    errcode = KRB_ERR_GENERIC;
 	    
-	errcode = prepare_error_as(request, errcode, &e_data,
+	errcode = prepare_error_as(state, request, errcode, &e_data,
  				   c_nprincs ? client.princ : NULL,
 				   response, status);
 	status = 0;
@@ -697,13 +697,16 @@
 }
 
 static krb5_error_code
-prepare_error_as (krb5_kdc_req *request, int error, krb5_data *e_data,
+prepare_error_as (struct kdc_request_state *rstate, krb5_kdc_req *request, int error, krb5_data *e_data,
 		  krb5_principal canon_client, krb5_data **response,
 		  const char *status)
 {
     krb5_error errpkt;
     krb5_error_code retval;
     krb5_data *scratch;
+    krb5_pa_data **pa = NULL;
+    krb5_typed_data **td = NULL;
+    size_t size;
     
     errpkt.ctime = request->nonce;
     errpkt.cusec = 0;
@@ -732,13 +735,38 @@
 	errpkt.e_data.length = 0;
 	errpkt.e_data.data = NULL;
     }
-
+    /*We need to try and produce a padata sequence for FAST*/
+    retval = decode_krb5_padata_sequence(e_data, &pa);
+    if (retval != 0) {
+	retval = decode_krb5_typed_data(e_data, &td);
+	if (retval == 0) {
+	    for (size =0; td[size]; size++);
+	    pa = calloc(size+1, sizeof(*pa));
+	    if (pa == NULL)
+		retval = ENOMEM;
+	    else 		for (size = 0; td[size]; size++) {
+		krb5_pa_data *pad = malloc(sizeof(krb5_pa_data *));
+		if (pad == NULL) {
+		    retval = ENOMEM;
+		    break;
+		}
+		pad->pa_type = td[size]->type;
+		pad->contents = td[size]->data;
+		pad->length = td[size]->length;
+		pa[size] = pad;
+	    }
+	    krb5_free_typed_data(kdc_context, td);
+	}
+    }
+    retval = kdc_fast_handle_error(kdc_context, rstate,
+				   pa, &errpkt);
+    if (retval == 0)
     retval = krb5_mk_error(kdc_context, &errpkt, scratch);
     free(errpkt.text.data);
     if (retval)
 	free(scratch);
     else 
 	*response = scratch;
-
+    krb5_free_pa_data(kdc_context, pa);
     return retval;
 }

More information about the cvs-krb5 mailing list