krb5 commit: Use macro for IANA assigned PA-AS-CHECKSUM number
Zhanna A Tsitkova
tsitkova at MIT.EDU
Thu Apr 18 15:11:23 EDT 2013
https://github.com/krb5/krb5/commit/d7d74867952fdd7335f22981c66a67a61dc6e434
commit d7d74867952fdd7335f22981c66a67a61dc6e434
Author: Zhanna Tsitkov <tsitkova at mit.edu>
Date: Thu Apr 18 14:56:39 2013 -0400
Use macro for IANA assigned PA-AS-CHECKSUM number
Replace numeric value '132' by the macro KRB5_PADATA_AS_CHECKSUM
in preauth plugin.
src/include/krb5/krb5.hin | 1 +
src/plugins/preauth/pkinit/pkinit_clnt.c | 2 +-
src/plugins/preauth/pkinit/pkinit_srv.c | 7 ++++---
3 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
index 97810b5..757b621 100644
--- a/src/include/krb5/krb5.hin
+++ b/src/include/krb5/krb5.hin
@@ -1812,6 +1812,7 @@ krb5_verify_checksum(krb5_context context, krb5_cksumtype ctype,
#define KRB5_PADATA_PAC_REQUEST 128 /**< include Windows PAC */
#define KRB5_PADATA_FOR_USER 129 /**< username protocol transition request */
#define KRB5_PADATA_S4U_X509_USER 130 /**< certificate protocol transition request */
+#define KRB5_PADATA_AS_CHECKSUM 132 /**< AS checksum */
#define KRB5_PADATA_FX_COOKIE 133
#define KRB5_PADATA_FX_FAST 136
#define KRB5_PADATA_FX_ERROR 137
diff --git a/src/plugins/preauth/pkinit/pkinit_clnt.c b/src/plugins/preauth/pkinit/pkinit_clnt.c
index 75b97c6..ff564ff 100644
--- a/src/plugins/preauth/pkinit/pkinit_clnt.c
+++ b/src/plugins/preauth/pkinit/pkinit_clnt.c
@@ -198,7 +198,7 @@ pa_pkinit_gen_req(krb5_context context,
*/
if ((return_pa_data[0]->pa_type == KRB5_PADATA_PK_AS_REP_OLD
&& reqctx->opts->win2k_require_cksum) || (longhorn == 1)) {
- return_pa_data[1]->pa_type = 132;
+ return_pa_data[1]->pa_type = KRB5_PADATA_AS_CHECKSUM;
return_pa_data[1]->length = 0;
return_pa_data[1]->contents = NULL;
} else {
diff --git a/src/plugins/preauth/pkinit/pkinit_srv.c b/src/plugins/preauth/pkinit/pkinit_srv.c
index 0f5ab32..40ac8f9 100644
--- a/src/plugins/preauth/pkinit/pkinit_srv.c
+++ b/src/plugins/preauth/pkinit/pkinit_srv.c
@@ -863,13 +863,14 @@ pkinit_server_return_padata(krb5_context context,
goto cleanup;
}
- /* check if PA_TYPE of 132 is present which means the client is
- * requesting that a checksum is send back instead of the nonce
+ /* check if PA_TYPE of KRB5_PADATA_AS_CHECKSUM (132) is present which
+ * means the client is requesting that a checksum is send back instead
+ * of the nonce.
*/
for (i = 0; request->padata[i] != NULL; i++) {
pkiDebug("%s: Checking pa_type 0x%08x\n",
__FUNCTION__, request->padata[i]->pa_type);
- if (request->padata[i]->pa_type == 132)
+ if (request->padata[i]->pa_type == KRB5_PADATA_AS_CHECKSUM)
fixed_keypack = 1;
}
pkiDebug("%s: return checksum instead of nonce = %d\n",
More information about the cvs-krb5
mailing list