svn rev #22139: branches/fast/src/lib/krb5/krb/

hartmans@MIT.EDU hartmans at MIT.EDU
Thu Mar 26 01:37:23 EDT 2009 

http://src.mit.edu/fisheye/changelog/krb5/?cs=22139
Commit By: hartmans
Log Message:
Do not include cookie in outer padata on client

If the cookie is going to be present in the inner padata then
krb5int_fast_process_error is the wrong place to emit it.
Instead it should be added to the padata in the preauth loop.
This patch removes it from the outer padata.
In addition, it is easier if the cookie is stored as a pa_data on the client rather than a krb5_data.


Changed Files:
U   branches/fast/src/lib/krb5/krb/fast.c
U   branches/fast/src/lib/krb5/krb/fast.h
Modified: branches/fast/src/lib/krb5/krb/fast.c
===================================================================
--- branches/fast/src/lib/krb5/krb/fast.c	2009-03-26 05:37:18 UTC (rev 22138)
+++ branches/fast/src/lib/krb5/krb/fast.c	2009-03-26 05:37:23 UTC (rev 22139)
@@ -164,7 +164,7 @@
 		       krb5_data **encoded_request)
 {
     krb5_error_code retval = 0;
-    krb5_pa_data *pa_array[3];
+    krb5_pa_data *pa_array[2];
     krb5_pa_data pa[2];
     krb5_fast_req fast_req;
     krb5_fast_armored_req *armored_req = NULL;
@@ -175,6 +175,7 @@
     krb5_data random_data;
     char random_buf[4];
 
+
     assert(state != NULL);
     assert(state->fast_outer_request.padata == NULL);
     memset(pa_array, 0, sizeof pa_array);
@@ -224,12 +225,6 @@
 	pa[0].length = encoded_armored_req->length;
 	pa_array[0] = &pa[0];
     }
-    if (state->cookie_contents.data) {
-	pa[1].contents = (unsigned char *) state->cookie_contents.data;
-	pa[1].length = state->cookie_contents.length;
-	pa[1].pa_type = KRB5_PADATA_FX_COOKIE;
-	pa_array[1] = &pa[1];
-    }
     state->fast_outer_request.padata = pa_array;
     if(retval == 0)
 	retval = encoder(&state->fast_outer_request, &local_encoded_result);
@@ -381,7 +376,11 @@
     /*We are responsible for none of the store in the fast_outer_req*/
     krb5_free_keyblock(context, state->armor_key);
     krb5_free_fast_armor(context, state->armor);
-    krb5_free_data_contents(context, &state->cookie_contents);
+    if (state->cookie) {
+	free(state->cookie->contents);
+	free(state->cookie);
+	state->cookie = NULL;
+    }
 }
 
 krb5_pa_data * krb5int_find_pa_data

Modified: branches/fast/src/lib/krb5/krb/fast.h
===================================================================
--- branches/fast/src/lib/krb5/krb/fast.h	2009-03-26 05:37:18 UTC (rev 22138)
+++ branches/fast/src/lib/krb5/krb/fast.h	2009-03-26 05:37:23 UTC (rev 22139)
@@ -38,7 +38,7 @@
     krb5_fast_armor *armor;
     krb5_ui_4 fast_state_flags;
     krb5_ui_4 fast_options;
-    krb5_data cookie_contents;
+  krb5_pa_data *cookie;
     krb5_int32 nonce;
 };

More information about the cvs-krb5 mailing list