+2000-02-06 Ken Raeburn <raeburn@mit.edu>
+
+ Patches from Frank Cusack for hw preauth.
+ * k5-int.h (krb5_predicted_sam_response): Add timestamp, client
+ principal, and per-mechanism data fields.
+ (krb5_enc_sam_response_enc): Change "passcode" field to "sad".
+
2000-02-01 Danilo Almeida <dalmeida@mit.edu>
* krb5.hin (krb5_decode_ticket): Declare.
typedef struct _krb5_predicted_sam_response {
krb5_magic magic;
krb5_keyblock sam_key;
+ krb5_timestamp stime; /* time on server, for replay detection */
+ krb5_int32 susec;
+ krb5_principal client;
+ krb5_data msd; /* mechanism specific data */
+
} krb5_predicted_sam_response;
typedef struct _krb5_sam_challenge {
krb5_int32 sam_nonce;
krb5_timestamp sam_timestamp;
krb5_int32 sam_usec;
- krb5_data sam_passcode;
+ krb5_data sam_sad;
} krb5_enc_sam_response_enc;
typedef struct _krb5_sam_response {
+2000-02-06 Ken Raeburn <raeburn@raeburn.org>
+
+ * asn1_k_decode.c (asn1_decode_enc_sam_response_enc): Update for
+ field name change.
+ * asn1_k_encode.c (asn1_encode_enc_sam_response_enc): Likewise.
+
2000-02-01 Danilo Almeida <dalmeida@mit.edu>
* krb5_decode.c (krb5_decode_ticket): Add function to provide
opt_field(val->sam_nonce,0,asn1_decode_int32,0);
opt_field(val->sam_timestamp,1,asn1_decode_kerberos_time,0);
opt_field(val->sam_usec,2,asn1_decode_int32,0);
- opt_string(val->sam_passcode,3,asn1_decode_charstring);
+ opt_string(val->sam_sad,3,asn1_decode_charstring);
end_structure();
val->magic = KV5M_ENC_SAM_RESPONSE_ENC;
}
int * retlen;
{
asn1_setup();
- add_optstring(val->sam_passcode,3,asn1_encode_charstring);
+ add_optstring(val->sam_sad,3,asn1_encode_charstring);
asn1_addfield(val->sam_usec,2,asn1_encode_integer);
asn1_addfield(val->sam_timestamp,1,asn1_encode_kerberos_time);
asn1_addfield(val->sam_nonce,0,asn1_encode_integer);
+2000-02-06 Ken Raeburn <raeburn@raeburn.org>
+
+ * kfree.c (krb5_free_predicted_sam_response_contents): Fix typo.
+ Free new data fields if needed.
+ (krb5_free_enc_sam_response_enc_contents): Update for field name
+ change.
+ * preauth.c (obtain_sam_padata): Update for field name change.
+ * preauth2.c (pa_sam): Likewise.
+
2000-01-27 Ken Raeburn <raeburn@raeburn.org>
* init_ctx.c (get_profile_etype_list): Discard DESONLY changes
{
if (!psr)
return;
- if (psr->sam_key.contents);
+ if (psr->sam_key.contents)
krb5_free_keyblock_contents(ctx, &psr->sam_key);
+ if (psr->client)
+ krb5_free_principal(ctx, psr->client);
+ if (psr->msd.data)
+ krb5_free_data_contents(ctx, &psr->msd);
}
KRB5_DLLIMP void KRB5_CALLCONV
{
if (!esre)
return;
- if (esre->sam_passcode.data)
- krb5_free_data_contents(ctx, &esre->sam_passcode);
+ if (esre->sam_sad.data)
+ krb5_free_data_contents(ctx, &esre->sam_sad);
}
KRB5_DLLIMP void KRB5_CALLCONV
free(passcode);
return retval;
}
- enc_sam_response_enc.sam_passcode.data = passcode;
- enc_sam_response_enc.sam_passcode.length = pcsize;
+ enc_sam_response_enc.sam_sad.data = passcode;
+ enc_sam_response_enc.sam_sad.length = pcsize;
} else if (sam_challenge->sam_flags & KRB5_SAM_USE_SAD_AS_KEY) {
prompt = handle_sam_labels(sam_challenge);
if (prompt == NULL)
free(prompt);
if (retval)
return retval;
- enc_sam_response_enc.sam_passcode.length = 0;
+ enc_sam_response_enc.sam_sad.length = 0;
} else {
/* what *was* it? */
return KRB5_SAM_UNSUPPORTED;
}
/* so at this point, either sam_use_key is generated from the passcode
- * or enc_sam_response_enc.sam_passcode is set to it, and we use
+ * or enc_sam_response_enc.sam_sad is set to it, and we use
* def_enc_key instead. */
/* encode the encoded part of the response */
if ((retval = encode_krb5_enc_sam_response_enc(&enc_sam_response_enc,
enc_sam_response_enc.sam_nonce = sam_challenge->sam_nonce;
if (sam_challenge->sam_flags & KRB5_SAM_SEND_ENCRYPTED_SAD) {
- enc_sam_response_enc.sam_passcode = response_data;
+ enc_sam_response_enc.sam_sad = response_data;
} else if (sam_challenge->sam_flags & KRB5_SAM_USE_SAD_AS_KEY) {
if (sam_challenge->sam_nonce == 0) {
if (ret = krb5_us_timeofday(context,
return(ret);
}
- enc_sam_response_enc.sam_passcode.length = 0;
+ enc_sam_response_enc.sam_sad.length = 0;
}
/* copy things from the challenge */
projects / krb5.git / commitdiff