state->reply.ticket = &state->ticket_reply;
state->reply_encpart.session = &state->session_key;
if ((errcode = fetch_last_req_info(state->client,
- &state->reply_encpart.last_req))) {
- state->status = "FETCH_LAST_REQ";
+ &state->reply_encpart.last_req)))
goto egress;
- }
state->reply_encpart.nonce = state->request->nonce;
state->reply_encpart.key_exp = get_key_exp(state->client);
state->reply_encpart.flags = state->enc_tkt_reply.flags;
errcode = krb5_encrypt_tkt_part(kdc_context, &state->server_keyblock,
&state->ticket_reply);
- if (errcode) {
- state->status = "ENCRYPT_TICKET";
+ if (errcode)
goto egress;
- }
errcode = kau_make_tkt_id(kdc_context, &state->ticket_reply,
&au_state->tkt_out_id);
- if (errcode) {
- state->status = "GENERATE_TICKET_ID";
+ if (errcode)
goto egress;
- }
state->ticket_reply.enc_part.kvno = server_key->key_data_kvno;
errcode = kdc_fast_response_handle_padata(state->rstate,
state->request,
&state->reply,
state->client_keyblock.enctype);
- if (errcode) {
- state->status = "MAKE_FAST_RESPONSE";
+ if (errcode)
goto egress;
- }
/* now encode/encrypt the response */
errcode = kdc_fast_handle_reply_key(state->rstate, &state->client_keyblock,
&as_encrypting_key);
- if (errcode) {
- state->status = "MAKE_FAST_REPLY_KEY";
+ if (errcode)
goto egress;
- }
errcode = return_enc_padata(kdc_context, state->req_pkt, state->request,
as_encrypting_key, state->server,
&state->reply_encpart, FALSE);
&state->reply, &response);
if (state->client_key != NULL)
state->reply.enc_part.kvno = state->client_key->key_data_kvno;
- if (errcode) {
- state->status = "ENCODE_KDC_REP";
+ if (errcode)
goto egress;
- }
/* these parts are left on as a courtesy from krb5_encode_kdc_rep so we
can use them in raw form if needed. But, we don't... */
if (fetch_asn1_field((unsigned char *) req_pkt->data,
1, 4, &encoded_req_body) != 0) {
errcode = ASN1_BAD_ID;
- state->status = "FETCH_REQ_BODY";
goto errout;
}
errcode = kdc_find_fast(&state->request, &encoded_req_body, NULL, NULL,
/* Not a FAST request; copy the encoded request body. */
errcode = krb5_copy_data(kdc_context, &encoded_req_body,
&state->inner_body);
- if (errcode) {
- state->status = "COPY_REQ_BODY";
+ if (errcode)
goto errout;
- }
}
au_state->request = state->request;
state->rock.request = state->request;
}
if ((errcode = krb5_unparse_name(kdc_context,
state->request->client,
- &state->cname))) {
- state->status = "UNPARSE_CLIENT";
+ &state->cname)))
goto errout;
- }
limit_string(state->cname);
if (!state->request->server) {
}
if ((errcode = krb5_unparse_name(kdc_context,
state->request->server,
- &state->sname))) {
- state->status = "UNPARSE_SERVER";
+ &state->sname)))
goto errout;
- }
limit_string(state->sname);
/*
au_state->stage = VALIDATE_POL;
- if ((errcode = krb5_timeofday(kdc_context, &state->kdc_time))) {
- state->status = "TIMEOFDAY";
+ if ((errcode = krb5_timeofday(kdc_context, &state->kdc_time)))
goto errout;
- }
state->authtime = state->kdc_time; /* for audit_as_request() */
if ((errcode = validate_as_request(kdc_active_realm,
state->request, *state->client,
*state->server, state->kdc_time,
&state->status, &state->e_data))) {
- if (!state->status)
- state->status = "UNKNOWN_REASON";
errcode += ERROR_TABLE_BASE_krb5;
goto errout;
}
}
if ((errcode = krb5_c_make_random_key(kdc_context, useenctype,
- &state->session_key))) {
- state->status = "MAKE_RANDOM_KEY";
+ &state->session_key)))
goto errout;
- }
/*
* Canonicalization is only effective if we are issuing a TGT
state->request->client = NULL;
errcode = krb5_copy_principal(kdc_context, krb5_anonymous_principal(),
&state->request->client);
- if (errcode) {
- state->status = "COPY_ANONYMOUS_PRINCIPAL";
+ if (errcode)
goto errout;
- }
state->enc_tkt_reply.client = state->request->client;
setflag(state->client->attributes, KRB5_KDB_REQUIRES_PRE_AUTH);
}
if (!header_ticket) {
errcode = KRB5_NO_TKT_SUPPLIED; /* XXX? */
- status="UNEXPECTED NULL in header_ticket";
goto cleanup;
}
errcode = kau_make_tkt_id(kdc_context, header_ticket,
&au_state->tkt_in_id);
- if (errcode) {
- status = "GENERATE_TICKET_ID";
+ if (errcode)
goto cleanup;
- }
scratch.length = pa_tgs_req->length;
scratch.data = (char *) pa_tgs_req->contents;
au_state->stage = VALIDATE_POL;
- if ((errcode = krb5_timeofday(kdc_context, &kdc_time))) {
- status = "TIME_OF_DAY";
+ if ((errcode = krb5_timeofday(kdc_context, &kdc_time)))
goto cleanup;
- }
if ((retval = validate_tgs_request(kdc_active_realm,
request, *server, header_ticket,
kdc_time, &status, &e_data))) {
- if (!status)
- status = "UNKNOWN_REASON";
if (retval == KDC_ERR_POLICY || retval == KDC_ERR_BADOPTION)
au_state->violation = PROT_CONSTRAINT;
errcode = retval + ERROR_TABLE_BASE_krb5;
retval = kau_make_tkt_id(kdc_context, request->second_ticket[st_idx],
&au_state->evid_tkt_id);
if (retval) {
- status = "GENERATE_TICKET_ID";
errcode = retval;
goto cleanup;
}
&ticket_reply);
if (!isflagset(request->kdc_options, KDC_OPT_ENC_TKT_IN_SKEY))
krb5_free_keyblock_contents(kdc_context, &encrypting_key);
- if (errcode) {
- status = "ENCRYPT_TICKET";
+ if (errcode)
goto cleanup;
- }
ticket_reply.enc_part.kvno = ticket_kvno;
/* Start assembling the response */
au_state->stage = ENCR_REP;
s4u_x509_user,
&reply,
&reply_encpart);
- if (errcode) {
- status = "MAKE_S4U2SELF_PADATA";
+ if (errcode)
au_state->status = status;
- }
kau_s4u2self(kdc_context, errcode ? FALSE : TRUE, au_state);
if (errcode)
goto cleanup;
header_ticket->enc_part2->session->enctype;
errcode = kdc_fast_response_handle_padata(state, request, &reply,
subkey ? subkey->enctype : header_ticket->enc_part2->session->enctype);
- if (errcode !=0 ) {
- status = "MAKE_FAST_RESPONSE";
+ if (errcode)
goto cleanup;
- }
errcode =kdc_fast_handle_reply_key(state,
subkey?subkey:header_ticket->enc_part2->session, &reply_key);
- if (errcode) {
- status = "MAKE_FAST_REPLY_KEY";
+ if (errcode)
goto cleanup;
- }
errcode = return_enc_padata(kdc_context, pkt, request,
reply_key, server, &reply_encpart,
is_referral &&
}
errcode = kau_make_tkt_id(kdc_context, &ticket_reply, &au_state->tkt_out_id);
- if (errcode) {
- status = "GENERATE_TICKET_ID";
+ if (errcode)
goto cleanup;
- }
if (kdc_fast_hide_client(state))
reply.client = (krb5_principal)krb5_anonymous_principal();
subkey ? 1 : 0,
reply_key,
&reply, response);
- if (errcode) {
- status = "ENCODE_KDC_REP";
- } else {
+ if (!errcode)
status = "ISSUE";
- }
memset(ticket_reply.enc_part.ciphertext.data, 0,
ticket_reply.enc_part.ciphertext.length);
retval = get_2ndtkt_enctype(kdc_active_realm, req, &useenctype,
status);
if (retval != 0)
- goto cleanup;
+ return retval;
}
if (useenctype == 0) {
useenctype = select_session_keytype(kdc_active_realm, server,
if (useenctype == 0) {
/* unsupported ktype */
*status = "BAD_ENCRYPTION_TYPE";
- retval = KRB5KDC_ERR_ETYPE_NOSUPP;
- goto cleanup;
- }
- retval = krb5_c_make_random_key(kdc_context, useenctype, skey);
- if (retval != 0) {
- /* random key failed */
- *status = "MAKE_RANDOM_KEY";
- goto cleanup;
+ return KRB5KDC_ERR_ETYPE_NOSUPP;
}
-cleanup:
- return retval;
+
+ return krb5_c_make_random_key(kdc_context, useenctype, skey);
}
/*
projects / thirdparty / krb5.git / commitdiff
