svn rev #23943: branches/iakerb/src/lib/gssapi/krb5/

ghudson@MIT.EDU ghudson at MIT.EDU
Mon Apr 26 14:55:10 EDT 2010 

http://src.mit.edu/fisheye/changelog/krb5/?cs=23943
Commit By: ghudson
Log Message:
On the iakerb branch, use krb5_auth_con_set_checksum_func for DES/DES3
enctypes as well as the modern ones.  It works fine and it makes the
subkey available for the IAKERB checksum.



Changed Files:
U   branches/iakerb/src/lib/gssapi/krb5/init_sec_context.c
Modified: branches/iakerb/src/lib/gssapi/krb5/init_sec_context.c
===================================================================
--- branches/iakerb/src/lib/gssapi/krb5/init_sec_context.c	2010-04-26 16:54:38 UTC (rev 23942)
+++ branches/iakerb/src/lib/gssapi/krb5/init_sec_context.c	2010-04-26 18:55:10 UTC (rev 23943)
@@ -414,7 +414,6 @@
     struct gss_checksum_data cksum_struct;
     krb5_checksum md5;
     krb5_data ap_req;
-    krb5_data *checksum_data = NULL;
     unsigned char *ptr;
     unsigned char *t;
     unsigned int tlen;
@@ -434,23 +433,9 @@
     cksum_struct.cred = cred;
     cksum_struct.checksum_data.data = NULL;
     cksum_struct.exts = exts;
-    switch (k_cred->keyblock.enctype) {
-    case ENCTYPE_DES_CBC_CRC:
-    case ENCTYPE_DES_CBC_MD4:
-    case ENCTYPE_DES_CBC_MD5:
-    case ENCTYPE_DES3_CBC_SHA1:
-        code = make_gss_checksum(context, ctx->auth_context, &cksum_struct,
-                                 &checksum_data);
-        if (code)
-            goto cleanup;
-        break;
-    default:
-        krb5_auth_con_set_checksum_func(context, ctx->auth_context,
-                                        make_gss_checksum, &cksum_struct);
-        break;
-    }
+    krb5_auth_con_set_checksum_func(context, ctx->auth_context,
+                                    make_gss_checksum, &cksum_struct);
 
-
     /* call mk_req.  subkey and ap_req need to be used or destroyed */
 
     mk_req_flags = AP_OPTS_USE_SUBKEY;
@@ -460,7 +445,7 @@
 
     krb5_auth_con_set_authdata_context(context, ctx->auth_context, ad_context);
     code = krb5_mk_req_extended(context, &ctx->auth_context, mk_req_flags,
-                                checksum_data, k_cred, &ap_req);
+                                NULL, k_cred, &ap_req);
     krb5_auth_con_set_authdata_context(context, ctx->auth_context, NULL);
     krb5_free_data_contents(context, &cksum_struct.checksum_data);
     if (code)
@@ -506,8 +491,6 @@
     code = 0;
 
 cleanup:
-    if (checksum_data && checksum_data->data)
-        krb5_free_data_contents(context, checksum_data);
     if (ap_req.data)
         krb5_free_data_contents(context, &ap_req);

More information about the cvs-krb5 mailing list