krb5 commit: Use macro for IANA assigned PA-AS-CHECKSUM number

Zhanna A Tsitkova tsitkova at MIT.EDU
Thu Apr 18 15:11:23 EDT 2013


https://github.com/krb5/krb5/commit/d7d74867952fdd7335f22981c66a67a61dc6e434
commit d7d74867952fdd7335f22981c66a67a61dc6e434
Author: Zhanna Tsitkov <tsitkova at mit.edu>
Date:   Thu Apr 18 14:56:39 2013 -0400

    Use macro for IANA assigned PA-AS-CHECKSUM number
    
    Replace numeric value '132' by the macro KRB5_PADATA_AS_CHECKSUM
    in preauth plugin.

 src/include/krb5/krb5.hin                |    1 +
 src/plugins/preauth/pkinit/pkinit_clnt.c |    2 +-
 src/plugins/preauth/pkinit/pkinit_srv.c  |    7 ++++---
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
index 97810b5..757b621 100644
--- a/src/include/krb5/krb5.hin
+++ b/src/include/krb5/krb5.hin
@@ -1812,6 +1812,7 @@ krb5_verify_checksum(krb5_context context, krb5_cksumtype ctype,
 #define KRB5_PADATA_PAC_REQUEST         128 /**< include Windows PAC */
 #define KRB5_PADATA_FOR_USER            129 /**< username protocol transition request */
 #define KRB5_PADATA_S4U_X509_USER       130 /**< certificate protocol transition request */
+#define KRB5_PADATA_AS_CHECKSUM         132 /**< AS checksum */
 #define KRB5_PADATA_FX_COOKIE           133
 #define KRB5_PADATA_FX_FAST             136
 #define KRB5_PADATA_FX_ERROR            137
diff --git a/src/plugins/preauth/pkinit/pkinit_clnt.c b/src/plugins/preauth/pkinit/pkinit_clnt.c
index 75b97c6..ff564ff 100644
--- a/src/plugins/preauth/pkinit/pkinit_clnt.c
+++ b/src/plugins/preauth/pkinit/pkinit_clnt.c
@@ -198,7 +198,7 @@ pa_pkinit_gen_req(krb5_context context,
      */
     if ((return_pa_data[0]->pa_type == KRB5_PADATA_PK_AS_REP_OLD
          && reqctx->opts->win2k_require_cksum) || (longhorn == 1)) {
-        return_pa_data[1]->pa_type = 132;
+        return_pa_data[1]->pa_type = KRB5_PADATA_AS_CHECKSUM;
         return_pa_data[1]->length = 0;
         return_pa_data[1]->contents = NULL;
     } else {
diff --git a/src/plugins/preauth/pkinit/pkinit_srv.c b/src/plugins/preauth/pkinit/pkinit_srv.c
index 0f5ab32..40ac8f9 100644
--- a/src/plugins/preauth/pkinit/pkinit_srv.c
+++ b/src/plugins/preauth/pkinit/pkinit_srv.c
@@ -863,13 +863,14 @@ pkinit_server_return_padata(krb5_context context,
             goto cleanup;
         }
 
-        /* check if PA_TYPE of 132 is present which means the client is
-         * requesting that a checksum is send back instead of the nonce
+        /* check if PA_TYPE of KRB5_PADATA_AS_CHECKSUM (132) is present which
+         * means the client is requesting that a checksum is send back instead
+         * of the nonce.
          */
         for (i = 0; request->padata[i] != NULL; i++) {
             pkiDebug("%s: Checking pa_type 0x%08x\n",
                      __FUNCTION__, request->padata[i]->pa_type);
-            if (request->padata[i]->pa_type == 132)
+            if (request->padata[i]->pa_type == KRB5_PADATA_AS_CHECKSUM)
                 fixed_keypack = 1;
         }
         pkiDebug("%s: return checksum instead of nonce = %d\n",


More information about the cvs-krb5 mailing list