errcode = ASN1_BAD_ID;
status = "Finding req_body";
}
- errcode = kdc_find_fast(&request, &encoded_req_body, NULL /*TGS key*/, state);
+ errcode = kdc_find_fast(&request, &encoded_req_body, NULL /*TGS key*/, NULL, state);
if (errcode) {
status = "error decoding FAST";
goto errout;
krb5_boolean *,int *);
static krb5_error_code
-prepare_error_tgs(krb5_kdc_req *,krb5_ticket *,int,
+prepare_error_tgs(struct kdc_request_state *, krb5_kdc_req *,krb5_ticket *,int,
krb5_principal,krb5_data **,const char *);
static krb5_int32
}
scratch.length = pa_tgs_req->length;
scratch.data = (char *) pa_tgs_req->contents;
- errcode = kdc_find_fast(&request, &scratch, subkey, state);
+ errcode = kdc_find_fast(&request, &scratch, subkey, header_ticket->enc_part2->session, state);
if (errcode !=0) {
status = "kdc_find_fast";
goto cleanup;
reply.enc_part.enctype = subkey ? subkey->enctype :
header_ticket->enc_part2->session->enctype;
- errcode = krb5_encode_kdc_rep(kdc_context, KRB5_TGS_REP, &reply_encpart,
+ errcode = kdc_fast_response_handle_padata(state, request, &reply);
+ if (errcode !=0 ) {
+ status = "Preparing FAST padata";
+ goto cleanup;
+ }
+ errcode = krb5_encode_kdc_rep(kdc_context, KRB5_TGS_REP, &reply_encpart,
subkey ? 1 : 0,
subkey ? subkey :
header_ticket->enc_part2->session,
if (errcode < 0 || errcode > 128)
errcode = KRB_ERR_GENERIC;
- retval = prepare_error_tgs(request, header_ticket, errcode,
+ retval = prepare_error_tgs(state, request, header_ticket, errcode,
nprincs ? server.princ : NULL,
response, status);
if (got_err) {
}
static krb5_error_code
-prepare_error_tgs (krb5_kdc_req *request, krb5_ticket *ticket, int error,
+prepare_error_tgs (struct kdc_request_state *state,
+ krb5_kdc_req *request, krb5_ticket *ticket, int error,
krb5_principal canon_server,
krb5_data **response, const char *status)
{
errpkt.text.length = strlen(status) + 1;
if (!(errpkt.text.data = strdup(status)))
return ENOMEM;
-
+
if (!(scratch = (krb5_data *)malloc(sizeof(*scratch)))) {
free(errpkt.text.data);
return ENOMEM;
}
errpkt.e_data.length = 0;
errpkt.e_data.data = NULL;
-
+ retval = kdc_fast_handle_error(kdc_context, state, request, NULL, &errpkt);
+ if (retval) {
+ free(scratch);
+ free(errpkt.text.data);
+ return retval;
+ }
retval = krb5_mk_error(kdc_context, &errpkt, scratch);
free(errpkt.text.data);
if (retval)
krb5_error_code kdc_find_fast
(krb5_kdc_req **requestptr, krb5_data *checksummed_data,
krb5_keyblock *tgs_subkey,
+ krb5_keyblock *tgs_session,
struct kdc_request_state *state)
{
krb5_error_code retval = 0;
}
if (retval == 0 && !state->armor_key) {
if (tgs_subkey)
- retval =krb5_copy_keyblock(kdc_context, tgs_subkey, &state->armor_key);
+ retval = krb5_c_fx_cf2_simple(kdc_context,
+ tgs_subkey, "subkeyarmor",
+ tgs_session, "ticketarmor",
+ &state->armor_key);
else {
krb5_set_error_message(kdc_context, KRB5KDC_ERR_PREAUTH_FAILED,
"No armor key but FAST armored request present");
krb5_data *encrypted_reply = NULL;
krb5_pa_data *pa = NULL, **pa_array;
krb5_cksumtype cksumtype = CKSUMTYPE_RSA_MD5;
+ krb5_pa_data *empty_padata[] = {NULL};
if (!state->armor_key)
return 0;
memset(&finish, 0, sizeof(finish));
fast_response.padata = rep->padata;
- fast_response.rep_key = state->reply_key;
+ if (fast_response.padata == NULL)
+ fast_response.padata = &empty_padata[0];
+ fast_response.rep_key = state->reply_key;
fast_response.nonce = request->nonce;
fast_response.finished = &finish;
finish.client = rep->client;
retval = krb5_us_timeofday(kdc_context, &finish.timestamp, &finish.usec);
if (retval == 0)
retval = encode_krb5_ticket(rep->ticket, &encoded_ticket);
+ if (retval == 0)
+ retval = krb5int_c_mandatory_cksumtype(kdc_context, state->armor_key->enctype, &cksumtype);
if (retval == 0)
retval = krb5_c_make_checksum(kdc_context, cksumtype,
state->armor_key, KRB5_KEYUSAGE_FAST_FINISHED,
krb5_error_code kdc_find_fast
(krb5_kdc_req **requestptr, krb5_data *checksummed_data,
- krb5_keyblock *tgs_subkey,
+ krb5_keyblock *tgs_subkey, krb5_keyblock *tgs_session,
struct kdc_request_state *state);
krb5_error_code kdc_fast_response_handle_padata
projects / thirdparty / krb5.git / commitdiff
