mk_req.c (krb5_mk_req): Use krb5_sname_to_principal() in order
authorTheodore Tso <tytso@mit.edu>
Thu, 20 Apr 1995 21:40:03 +0000 (21:40 +0000)
committerTheodore Tso <tytso@mit.edu>
Thu, 20 Apr 1995 21:40:03 +0000 (21:40 +0000)
to create the service principal from the service and
hostname pair.  This allows for the host cannoncialization
to work correctly.

mk_req_ext.c (krb5_mk_req_extended): Revamp checksum handling
code so that no checksum is performed in in_data is NULL,
and the special case handing of cksumtype == 0x8003 for
the GSSAPI library is handled correctly.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5406 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/krb5/krb/ChangeLog
src/lib/krb5/krb/mk_req.c
src/lib/krb5/krb/mk_req_ext.c

index 3e5a5e3653a2dd913d70aa17273f66e12d9d856c..cbe035a7721f08d7a2d0a64cfb7338de7859cd5f 100644 (file)
@@ -1,3 +1,15 @@
+Thu Apr 20 16:23:23 1995  Theodore Y. Ts'o  (tytso@dcl)
+
+       * mk_req.c (krb5_mk_req): Use krb5_sname_to_principal() in order
+               to create the service principal from the service and
+               hostname pair.  This allows for the host cannoncialization
+               to work correctly.
+
+       * mk_req_ext.c (krb5_mk_req_extended): Revamp checksum handling
+               code so that no checksum is performed in in_data is NULL,
+               and the special case handing of cksumtype == 0x8003 for
+               the GSSAPI library is handled correctly.
+
 Wed Apr 19 13:39:34 1995  Ezra Peisach  <epeisach@kangaroo.mit.edu>
 
        * init_ctx.c: (krb5_init_context) initialize context default
index a9884a48b10637d21ca480bf1880925325a5a385..48b72c5af4225fe075a1e7074bb43ef690605b6d 100644 (file)
@@ -66,15 +66,11 @@ krb5_mk_req(context, auth_context, ap_req_options, service, hostname, in_data,
     krb5_creds                   creds;
     char              ** realm;
 
-    /* get realm */
-    if (retval = krb5_get_host_realm(context, hostname, &realm)) 
-       return retval;
-
-    /* build principal */
-    if (retval = krb5_build_principal(context, &server, strlen(realm[0]),
-                                     realm[0], service, hostname, NULL))
-       goto cleanup_realm;
-                                     
+    retval = krb5_sname_to_principal(context, hostname, service, 
+                                    KRB5_NT_SRV_HST, &server);
+    if (retval)
+      return retval;
+
     /* obtain ticket & session key */
     memset((char *)&creds, 0, sizeof(creds));
     if (retval = krb5_copy_principal(context, server, &creds.server))
@@ -98,7 +94,5 @@ cleanup_creds:
 cleanup_princ:
     krb5_free_principal(context, server);
 
-cleanup_realm:
-    krb5_free_host_realm(context, realm);
     return retval;
 }
index 1011574e4a95e49389a83ca540f7252cdd0f3780..f146d14832c949c30a3743a0bf79e4bde7f0996d 100644 (file)
@@ -79,6 +79,7 @@ krb5_mk_req_extended(context, auth_context, ap_req_options, in_data, in_creds,
 {
     krb5_error_code      retval;
     krb5_checksum        checksum;
+    krb5_checksum        *checksump = 0;
     krb5_auth_context  * new_auth_context;
 
     krb5_ap_req request;
@@ -131,35 +132,30 @@ krb5_mk_req_extended(context, auth_context, ap_req_options, in_data, in_creds,
            goto cleanup;
 
 
-    /* Generate checksum, XXX What should the seed be? */
-    if ((checksum.contents = (krb5_octet *)malloc(krb5_checksum_size(context,
-                            (*auth_context)->cksumtype))) == NULL) {
-       retval = ENOMEM;
-       goto cleanup;
+    if (in_data) {
+      if ((*auth_context)->cksumtype == 0x8003) {
+       /* XXX Special hack for GSSAPI */
+       checksum.checksum_type = 0x8003;
+       checksum.length = in_data->length;
+       checksum.contents = (krb5_octet *) in_data->data;
+      } else  {
+       /* Generate checksum, XXX What should the seed be? */
+       if ((checksum.contents = (krb5_octet *)malloc(krb5_checksum_size(context,
+                                (*auth_context)->cksumtype))) == NULL) {
+         retval = ENOMEM;
+         goto cleanup;
+       }
+       if (retval = krb5_calculate_checksum(context, 
+                                            (*auth_context)->cksumtype, 
+                                            in_data->data, in_data->length,
+                                            (*auth_context)->keyblock->contents,
+                                            (*auth_context)->keyblock->length,
+                                            &checksum))
+         goto cleanup_cksum;
+      }
+      checksump = &checksum;
     }
 
-    if (in_data == NULL) {
-       if (retval = krb5_calculate_checksum(context, 
-                                          (*auth_context)->cksumtype, 0, 0,
-                                          (*auth_context)->keyblock->contents,
-                                           (*auth_context)->keyblock->length,
-                                           &checksum))
-           goto cleanup_cksum;
-    } else 
-        if ((*auth_context)->cksumtype == 0x8003) {
-           /* XXX Special hack for GSSAPI */
-           checksum.checksum_type = 0x8003;
-           checksum.length = in_data->length;
-           checksum.contents = (krb5_octet *) in_data->data;
-        } else 
-           if (retval = krb5_calculate_checksum(context, 
-                                           (*auth_context)->cksumtype, 
-                                           in_data->data, in_data->length,
-                                           (*auth_context)->keyblock->contents,
-                                           (*auth_context)->keyblock->length,
-                                           &checksum))
-               goto cleanup_cksum;
-
     /* Generate authenticator */
     if (((*auth_context)->authentp = (krb5_authenticator *)malloc(sizeof(
                                        krb5_authenticator))) == NULL) {
@@ -168,7 +164,7 @@ krb5_mk_req_extended(context, auth_context, ap_req_options, in_data, in_creds,
     }
 
     if (retval = krb5_generate_authenticator(context, (*auth_context)->authentp,
-                                            (in_creds)->client, &checksum,
+                                            (in_creds)->client, checksump,
                                             (*auth_context)->local_subkey,
                                             (*auth_context)->local_seq_number,
                                             (in_creds)->authdata))
@@ -229,7 +225,8 @@ krb5_mk_req_extended(context, auth_context, ap_req_options, in_data, in_creds,
     krb5_xfree(toutbuf);
 
 cleanup_cksum:
-    free(checksum.contents);
+    if (checksump && checksump->checksum_type != 0x8003)
+      free(checksump->contents);
 
 cleanup:
     if (request.ticket)