svn rev #25320: trunk/src/ kdc/ lib/krb5/krb/
ghudson@MIT.EDU
ghudson at MIT.EDU
Fri Oct 7 10:44:15 EDT 2011
http://src.mit.edu/fisheye/changelog/krb5/?cs=25320
Commit By: ghudson
Log Message:
Minor cleanups to encrypted challenge.
Changed Files:
U trunk/src/kdc/kdc_preauth_ec.c
U trunk/src/lib/krb5/krb/preauth_ec.c
Modified: trunk/src/kdc/kdc_preauth_ec.c
===================================================================
--- trunk/src/kdc/kdc_preauth_ec.c 2011-10-07 14:26:25 UTC (rev 25319)
+++ trunk/src/kdc/kdc_preauth_ec.c 2011-10-07 14:44:15 UTC (rev 25320)
@@ -34,9 +34,9 @@
#include "kdc_util.h"
static krb5_error_code
-kdc_include_padata(krb5_context context, krb5_kdc_req *request,
- krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
- krb5_kdcpreauth_moddata moddata, krb5_pa_data *data)
+ec_edata(krb5_context context, krb5_kdc_req *request,
+ krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
+ krb5_kdcpreauth_moddata moddata, krb5_pa_data *data)
{
krb5_keyblock *armor_key = cb->fast_armor(context, rock);
@@ -44,12 +44,11 @@
}
static void
-kdc_verify_preauth(krb5_context context, krb5_data *req_pkt,
- krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply,
- krb5_pa_data *data, krb5_kdcpreauth_callbacks cb,
- krb5_kdcpreauth_rock rock, krb5_kdcpreauth_moddata moddata,
- krb5_kdcpreauth_verify_respond_fn respond,
- void *arg)
+ec_verify(krb5_context context, krb5_data *req_pkt, krb5_kdc_req *request,
+ krb5_enc_tkt_part *enc_tkt_reply, krb5_pa_data *data,
+ krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
+ krb5_kdcpreauth_moddata moddata,
+ krb5_kdcpreauth_verify_respond_fn respond, void *arg)
{
krb5_error_code retval = 0;
krb5_timestamp now;
@@ -67,7 +66,9 @@
if (armor_key == NULL) {
retval = ENOENT;
- krb5_set_error_message(context, ENOENT, "Encrypted Challenge used outside of FAST tunnel");
+ krb5_set_error_message(context, ENOENT,
+ _("Encrypted Challenge used outside of FAST "
+ "tunnel"));
}
scratch.data = (char *) data->contents;
scratch.length = data->length;
@@ -101,7 +102,9 @@
}
if (client_keys[i].enctype == 0) {
retval = KRB5KDC_ERR_PREAUTH_FAILED;
- krb5_set_error_message(context, retval, "Incorrect password in encrypted challenge");
+ krb5_set_error_message(context, retval,
+ _("Incorrect password in encrypted "
+ "challenge"));
}
}
if (retval == 0)
@@ -136,12 +139,11 @@
}
static krb5_error_code
-kdc_return_preauth(krb5_context context, krb5_pa_data *padata,
- krb5_data *req_pkt, krb5_kdc_req *request,
- krb5_kdc_rep *reply, krb5_keyblock *encrypting_key,
- krb5_pa_data **send_pa, krb5_kdcpreauth_callbacks cb,
- krb5_kdcpreauth_rock rock, krb5_kdcpreauth_moddata moddata,
- krb5_kdcpreauth_modreq modreq)
+ec_return(krb5_context context, krb5_pa_data *padata, krb5_data *req_pkt,
+ krb5_kdc_req *request, krb5_kdc_rep *reply,
+ krb5_keyblock *encrypting_key, krb5_pa_data **send_pa,
+ krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
+ krb5_kdcpreauth_moddata moddata, krb5_kdcpreauth_modreq modreq)
{
krb5_error_code retval = 0;
krb5_keyblock *challenge_key = (krb5_keyblock *)modreq;
@@ -188,7 +190,7 @@
return retval;
}
-krb5_preauthtype supported_pa_types[] = {
+static krb5_preauthtype ec_types[] = {
KRB5_PADATA_ENCRYPTED_CHALLENGE, 0};
krb5_error_code
@@ -201,9 +203,9 @@
return KRB5_PLUGIN_VER_NOTSUPP;
vt = (krb5_kdcpreauth_vtable)vtable;
vt->name = "encrypted_challenge";
- vt->pa_type_list = supported_pa_types;
- vt->edata = kdc_include_padata;
- vt->verify = kdc_verify_preauth;
- vt->return_padata = kdc_return_preauth;
+ vt->pa_type_list = ec_types;
+ vt->edata = ec_edata;
+ vt->verify = ec_verify;
+ vt->return_padata = ec_return;
return 0;
}
Modified: trunk/src/lib/krb5/krb/preauth_ec.c
===================================================================
--- trunk/src/lib/krb5/krb/preauth_ec.c 2011-10-07 14:26:25 UTC (rev 25319)
+++ trunk/src/lib/krb5/krb/preauth_ec.c 2011-10-07 14:44:15 UTC (rev 25320)
@@ -34,22 +34,22 @@
#include "int-proto.h"
static int
-preauth_flags(krb5_context context, krb5_preauthtype pa_type)
+ec_flags(krb5_context context, krb5_preauthtype pa_type)
{
return PA_REAL;
}
static krb5_error_code
-process_preauth(krb5_context context, krb5_clpreauth_moddata moddata,
- krb5_clpreauth_modreq modreq, krb5_get_init_creds_opt *opt,
- krb5_clpreauth_callbacks cb,
- krb5_clpreauth_rock rock, krb5_kdc_req *request,
- krb5_data *encoded_request_body,
- krb5_data *encoded_previous_request, krb5_pa_data *padata,
- krb5_prompter_fct prompter, void *prompter_data,
- krb5_clpreauth_get_as_key_fn gak_fct, void *gak_data,
- krb5_data *salt, krb5_data *s2kparams, krb5_keyblock *as_key,
- krb5_pa_data ***out_padata)
+ec_process(krb5_context context, krb5_clpreauth_moddata moddata,
+ krb5_clpreauth_modreq modreq, krb5_get_init_creds_opt *opt,
+ krb5_clpreauth_callbacks cb,
+ krb5_clpreauth_rock rock, krb5_kdc_req *request,
+ krb5_data *encoded_request_body,
+ krb5_data *encoded_previous_request, krb5_pa_data *padata,
+ krb5_prompter_fct prompter, void *prompter_data,
+ krb5_clpreauth_get_as_key_fn gak_fct, void *gak_data,
+ krb5_data *salt, krb5_data *s2kparams, krb5_keyblock *as_key,
+ krb5_pa_data ***out_padata)
{
krb5_error_code retval = 0;
krb5_enctype enctype;
@@ -97,8 +97,7 @@
krb5_free_enc_data(context, enc);
} else if (retval == 0) { /*No padata; we send*/
krb5_enc_data enc;
- krb5_pa_data *pa = NULL;
- krb5_pa_data **pa_array = NULL;
+ krb5_pa_data **pa = NULL;
krb5_data *encoded_ts = NULL;
krb5_pa_enc_ts ts;
enc.ciphertext.data = NULL;
@@ -122,32 +121,25 @@
krb5_free_data_contents(context, &enc.ciphertext);
}
if (retval == 0) {
- pa = calloc(1, sizeof(krb5_pa_data));
+ pa = calloc(2, sizeof(krb5_pa_data *));
if (pa == NULL)
retval = ENOMEM;
}
if (retval == 0) {
- pa_array = calloc(2, sizeof(krb5_pa_data *));
- if (pa_array == NULL)
+ pa[0] = calloc(1, sizeof(krb5_pa_data));
+ if (pa[0] == NULL)
retval = ENOMEM;
}
if (retval == 0) {
- pa->length = encoded_ts->length;
- pa->contents = (unsigned char *) encoded_ts->data;
- pa->pa_type = KRB5_PADATA_ENCRYPTED_CHALLENGE;
- free(encoded_ts);
- encoded_ts = NULL;
- pa_array[0] = pa;
+ pa[0]->length = encoded_ts->length;
+ pa[0]->contents = (unsigned char *) encoded_ts->data;
+ pa[0]->pa_type = KRB5_PADATA_ENCRYPTED_CHALLENGE;
+ encoded_ts->data = NULL;
+ *out_padata = pa;
pa = NULL;
- *out_padata = pa_array;
- pa_array = NULL;
}
- if (pa)
- free(pa);
- if (encoded_ts)
- krb5_free_data(context, encoded_ts);
- if (pa_array)
- free(pa_array);
+ free(pa);
+ krb5_free_data(context, encoded_ts);
}
if (challenge_key)
krb5_free_keyblock(context, challenge_key);
@@ -155,7 +147,7 @@
}
-krb5_preauthtype supported_pa_types[] = {
+static krb5_preauthtype ec_types[] = {
KRB5_PADATA_ENCRYPTED_CHALLENGE, 0};
krb5_error_code
@@ -168,8 +160,8 @@
return KRB5_PLUGIN_VER_NOTSUPP;
vt = (krb5_clpreauth_vtable)vtable;
vt->name = "encrypted_challenge";
- vt->pa_type_list = supported_pa_types;
- vt->flags = preauth_flags;
- vt->process = process_preauth;
+ vt->pa_type_list = ec_types;
+ vt->flags = ec_flags;
+ vt->process = ec_process;
return 0;
}
More information about the cvs-krb5
mailing list