+Thu Apr 20 16:23:23 1995 Theodore Y. Ts'o (tytso@dcl)
+
+ * mk_req.c (krb5_mk_req): Use krb5_sname_to_principal() in order
+ to create the service principal from the service and
+ hostname pair. This allows for the host cannoncialization
+ to work correctly.
+
+ * mk_req_ext.c (krb5_mk_req_extended): Revamp checksum handling
+ code so that no checksum is performed in in_data is NULL,
+ and the special case handing of cksumtype == 0x8003 for
+ the GSSAPI library is handled correctly.
+
Wed Apr 19 13:39:34 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
* init_ctx.c: (krb5_init_context) initialize context default
krb5_creds creds;
char ** realm;
- /* get realm */
- if (retval = krb5_get_host_realm(context, hostname, &realm))
- return retval;
-
- /* build principal */
- if (retval = krb5_build_principal(context, &server, strlen(realm[0]),
- realm[0], service, hostname, NULL))
- goto cleanup_realm;
-
+ retval = krb5_sname_to_principal(context, hostname, service,
+ KRB5_NT_SRV_HST, &server);
+ if (retval)
+ return retval;
+
/* obtain ticket & session key */
memset((char *)&creds, 0, sizeof(creds));
if (retval = krb5_copy_principal(context, server, &creds.server))
cleanup_princ:
krb5_free_principal(context, server);
-cleanup_realm:
- krb5_free_host_realm(context, realm);
return retval;
}
{
krb5_error_code retval;
krb5_checksum checksum;
+ krb5_checksum *checksump = 0;
krb5_auth_context * new_auth_context;
krb5_ap_req request;
goto cleanup;
- /* Generate checksum, XXX What should the seed be? */
- if ((checksum.contents = (krb5_octet *)malloc(krb5_checksum_size(context,
- (*auth_context)->cksumtype))) == NULL) {
- retval = ENOMEM;
- goto cleanup;
+ if (in_data) {
+ if ((*auth_context)->cksumtype == 0x8003) {
+ /* XXX Special hack for GSSAPI */
+ checksum.checksum_type = 0x8003;
+ checksum.length = in_data->length;
+ checksum.contents = (krb5_octet *) in_data->data;
+ } else {
+ /* Generate checksum, XXX What should the seed be? */
+ if ((checksum.contents = (krb5_octet *)malloc(krb5_checksum_size(context,
+ (*auth_context)->cksumtype))) == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+ if (retval = krb5_calculate_checksum(context,
+ (*auth_context)->cksumtype,
+ in_data->data, in_data->length,
+ (*auth_context)->keyblock->contents,
+ (*auth_context)->keyblock->length,
+ &checksum))
+ goto cleanup_cksum;
+ }
+ checksump = &checksum;
}
- if (in_data == NULL) {
- if (retval = krb5_calculate_checksum(context,
- (*auth_context)->cksumtype, 0, 0,
- (*auth_context)->keyblock->contents,
- (*auth_context)->keyblock->length,
- &checksum))
- goto cleanup_cksum;
- } else
- if ((*auth_context)->cksumtype == 0x8003) {
- /* XXX Special hack for GSSAPI */
- checksum.checksum_type = 0x8003;
- checksum.length = in_data->length;
- checksum.contents = (krb5_octet *) in_data->data;
- } else
- if (retval = krb5_calculate_checksum(context,
- (*auth_context)->cksumtype,
- in_data->data, in_data->length,
- (*auth_context)->keyblock->contents,
- (*auth_context)->keyblock->length,
- &checksum))
- goto cleanup_cksum;
-
/* Generate authenticator */
if (((*auth_context)->authentp = (krb5_authenticator *)malloc(sizeof(
krb5_authenticator))) == NULL) {
}
if (retval = krb5_generate_authenticator(context, (*auth_context)->authentp,
- (in_creds)->client, &checksum,
+ (in_creds)->client, checksump,
(*auth_context)->local_subkey,
(*auth_context)->local_seq_number,
(in_creds)->authdata))
krb5_xfree(toutbuf);
cleanup_cksum:
- free(checksum.contents);
+ if (checksump && checksump->checksum_type != 0x8003)
+ free(checksump->contents);
cleanup:
if (request.ticket)