Patches from Frank Cusack for hw preauth.
* k5-int.h (krb5_predicted_sam_response): Add timestamp, client
- principal, and per-mechanism data fields.
+ principal, flags, and per-mechanism data fields.
(krb5_enc_sam_response_enc): Change "passcode" field to "sad".
2000-02-01 Danilo Almeida <dalmeida@mit.edu>
typedef struct _krb5_predicted_sam_response {
krb5_magic magic;
krb5_keyblock sam_key;
+ krb5_flags sam_flags; /* Makes key munging easier */
krb5_timestamp stime; /* time on server, for replay detection */
krb5_int32 susec;
krb5_principal client;
krb5_data msd; /* mechanism specific data */
-
} krb5_predicted_sam_response;
typedef struct _krb5_sam_challenge {
2000-02-06 Ken Raeburn <raeburn@mit.edu>
Patches from Frank Cusack for helping in preauth replay
- detection.
+ detection and spec (passwd-04 draft) compliance.
* asn1_k_decode.c (asn1_decode_enc_sam_response_enc): Update for
field name change.
(asn1_decode_predicted_sam_response): Handle new fields.
setup();
{ begin_structure();
get_field(val->sam_key,0,asn1_decode_encryption_key);
- get_field(val->stime,1,asn1_decode_kerberos_time);
- get_field(val->susec,2,asn1_decode_int32);
+ get_field(val->sam_flags,1,asn1_decode_sam_flags);
+ get_field(val->stime,2,asn1_decode_kerberos_time);
+ get_field(val->susec,3,asn1_decode_int32);
alloc_field(val->client,krb5_principal_data);
- get_field(val->client,3,asn1_decode_realm);
- get_field(val->client,4,asn1_decode_principal_name);
- opt_string(val->msd,5,asn1_decode_octectstring);
+ get_field(val->client,4,asn1_decode_realm);
+ get_field(val->client,5,asn1_decode_principal_name);
+ opt_string(val->msd,6,asn1_decode_octetstring);
end_structure();
val->magic = KV5M_PREDICTED_SAM_RESPONSE;
}
{
asn1_setup();
- add_optstring(val->msd,5,asn1_encode_octetstring);
- asn1_addfield(val->client,4,asn1_encode_principal_name);
- asn1_addfield(val->client,3,asn1_encode_realm);
- asn1_addfield(val->susec,2,asn1_encode_integer);
- asn1_addfield(val->stime,1,asn1_encode_kerberos_time);
+ add_optstring(val->msd,6,asn1_encode_octetstring);
+ asn1_addfield(val->client,5,asn1_encode_principal_name);
+ asn1_addfield(val->client,4,asn1_encode_realm);
+ asn1_addfield(val->susec,3,asn1_encode_integer);
+ asn1_addfield(val->stime,2,asn1_encode_kerberos_time);
+ asn1_addfield(val->sam_flags,1,asn1_encode_sam_flags);
asn1_addfield(&(val->sam_key),0,asn1_encode_encryption_key);
asn1_makeseq();