kfree.c (krb5_free_sam_challenge, krb5_free_sam_challenge_contents,
authorTheodore Tso <tytso@mit.edu>
Sat, 10 Apr 1999 02:57:33 +0000 (02:57 +0000)
committerTheodore Tso <tytso@mit.edu>
Sat, 10 Apr 1999 02:57:33 +0000 (02:57 +0000)
krb5_free_sam_response, krb5_free_sam_response_contents,
krb5_free_predicted_sam_response,
krb5_free_predicted_sam_response_contents,
krb5_free_enc_sam_response_enc,
krb5_free_enc_sam_response_enc_contents, krb5_free_pa_enc_ts): Added
new functions.  Part of patches from [krb5-kdc/662]

gic_pwd.c (krb5_get_init_creds_password): Add new argument to calls to
the prompter function.  Part of patches from [krb5-kdc/662].

preauth2.c (pa_enc_timestamp, pa_sam): Update calls to new prompter
function.  [krb5-kdc/662].

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11349 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/krb5/krb/ChangeLog
src/lib/krb5/krb/gic_pwd.c
src/lib/krb5/krb/kfree.c
src/lib/krb5/krb/preauth2.c

index 7e0305c9f99f6b0ff9ce1d58fd26925f4db4ac49..b3e1a5a3f8bc347f67973a9a44c823046de0a17c 100644 (file)
@@ -1,3 +1,21 @@
+1999-04-09  Theodore Ts'o  <tytso@rsts-11.mit.edu>
+
+       * kfree.c (krb5_free_sam_challenge, krb5_free_sam_challenge_contents,
+               krb5_free_sam_response, krb5_free_sam_response_contents,
+               krb5_free_predicted_sam_response, 
+               krb5_free_predicted_sam_response_contents,
+               krb5_free_enc_sam_response_enc, 
+               krb5_free_enc_sam_response_enc_contents,
+               krb5_free_pa_enc_ts): Added new functions.  Part of
+               patches from [krb5-kdc/662]
+
+       * gic_pwd.c (krb5_get_init_creds_password): Add new argument to
+               calls to the prompter function.  Part of patches from
+               [krb5-kdc/662].
+
+       * preauth2.c (pa_enc_timestamp, pa_sam): Update calls to new
+               prompter function.   [krb5-kdc/662].
+
 1999-03-31  Theodore Ts'o  <tytso@rsts-11.mit.edu>
 
        * init_ctx.c (krb5_init_context): Call krb5_win_ccdll_load() to
index c517062f8648d826afe9814c4b4cc9aa01eea095..1706bce23f1bca98860f076ddcb8cea90e8d857c 100644 (file)
@@ -38,7 +38,7 @@ krb5_get_as_key_password(context, client, etype, prompter, prompter_data,
        if (prompter == NULL)
            return(EIO);
 
-       if (ret = krb5_unparse_name(context, client, &clientstr))
+       if ((ret = krb5_unparse_name(context, client, &clientstr)))
            return(ret);
 
        strcpy(promptstr, "Password for ");
@@ -51,12 +51,13 @@ krb5_get_as_key_password(context, client, etype, prompter, prompter_data,
        prompt.hidden = 1;
        prompt.reply = password;
 
-       if (ret = ((*prompter)(context, prompter_data, NULL, 1, &prompt)))
+       if (ret = (((*prompter)(context, prompter_data, NULL, NULL,
+                               1, &prompt))))
            return(ret);
     }
 
     if ((salt->length == -1) && (salt->data == NULL)) {
-       if (ret = krb5_principal2salt(context, client, &defsalt))
+       if ((ret = krb5_principal2salt(context, client, &defsalt)))
            return(ret);
 
        salt = &defsalt;
@@ -179,11 +180,11 @@ krb5_get_init_creds_password(context, creds, client, password, prompter, data,
    krb5_get_init_creds_opt_set_forwardable(&chpw_opts, 0);
    krb5_get_init_creds_opt_set_proxiable(&chpw_opts, 0);
 
-   if (ret = krb5_get_init_creds(context, &chpw_creds, client,
-                                prompter, data,
-                                start_time, "kadmin/changepw", &chpw_opts,
-                                krb5_get_as_key_password, (void *) &pw0,
-                                &master, NULL))
+   if ((ret = krb5_get_init_creds(context, &chpw_creds, client,
+                                 prompter, data,
+                                 start_time, "kadmin/changepw", &chpw_opts,
+                                 krb5_get_as_key_password, (void *) &pw0,
+                                 &master, NULL)))
       goto cleanup;
 
    prompt[0].prompt = "Enter new password";
@@ -200,7 +201,7 @@ krb5_get_init_creds_password(context, creds, client, password, prompter, data,
       pw0.length = sizeof(pw0array);
       pw1.length = sizeof(pw1array);
 
-      if (ret = ((*prompter)(context, data, banner,
+      if (ret = ((*prompter)(context, data, 0, banner,
                             sizeof(prompt)/sizeof(prompt[0]), prompt)))
         goto cleanup;
 
@@ -215,9 +216,9 @@ krb5_get_init_creds_password(context, creds, client, password, prompter, data,
         krb5_data code_string;
         krb5_data result_string;
 
-        if (ret = krb5_change_password(context, &chpw_creds, pw0array,
-                                       &result_code, &code_string,
-                                       &result_string))
+        if ((ret = krb5_change_password(context, &chpw_creds, pw0array,
+                                        &result_code, &code_string,
+                                        &result_string)))
            goto cleanup;
 
         /* the change succeeded.  go on */
@@ -296,7 +297,7 @@ cleanup:
                    hours/24);
 
         /* ignore an error here */
-        (*prompter)(context, data, banner, 0, 0);
+        (*prompter)(context, data, 0, banner, 0, 0);
       }
    }
 
index 87eeca961953a4e04da5e3ae1f711ad2a256c269..945bf5950b6b0891e501222c4c0edf826069401e 100644 (file)
@@ -583,3 +583,103 @@ krb5_free_unparsed_name(context, val)
     return;
 }
 
+KRB5_DLLIMP void KRB5_CALLCONV
+krb5_free_sam_challenge(krb5_context ctx, krb5_sam_challenge FAR *sc)
+{
+    if (!sc)
+       return;
+    krb5_free_sam_challenge_contents(ctx, sc);
+    krb5_xfree(sc);
+}
+
+KRB5_DLLIMP void KRB5_CALLCONV
+krb5_free_sam_challenge_contents(krb5_context ctx, krb5_sam_challenge FAR *sc)
+{
+    if (!sc)
+       return;
+    if (sc->sam_type_name.data)
+       krb5_free_data_contents(ctx, &sc->sam_type_name);
+    if (sc->sam_track_id.data)
+       krb5_free_data_contents(ctx, &sc->sam_track_id);
+    if (sc->sam_challenge_label.data)
+       krb5_free_data_contents(ctx, &sc->sam_challenge_label);
+    if (sc->sam_challenge.data)
+       krb5_free_data_contents(ctx, &sc->sam_challenge);
+    if (sc->sam_response_prompt.data)
+       krb5_free_data_contents(ctx, &sc->sam_response_prompt);
+    if (sc->sam_pk_for_sad.data)
+       krb5_free_data_contents(ctx, &sc->sam_pk_for_sad);
+    if (sc->sam_cksum.contents)
+       krb5_xfree(sc->sam_cksum.contents);
+}
+
+KRB5_DLLIMP void KRB5_CALLCONV
+krb5_free_sam_response(krb5_context ctx, krb5_sam_response FAR *sr)
+{
+    if (!sr)
+       return;
+    krb5_free_sam_response_contents(ctx, sr);
+    krb5_xfree(sr);
+}
+
+KRB5_DLLIMP void KRB5_CALLCONV
+krb5_free_sam_response_contents(krb5_context ctx, krb5_sam_response FAR *sr)
+{
+    if (!sr)
+       return;
+    if (sr->sam_track_id.data)
+       krb5_free_data_contents(ctx, &sr->sam_track_id);
+    if (sr->sam_enc_key.ciphertext.data)
+       krb5_free_data_contents(ctx, &sr->sam_enc_key.ciphertext);
+    if (sr->sam_enc_nonce_or_ts.ciphertext.data)
+       krb5_free_data_contents(ctx, &sr->sam_enc_nonce_or_ts.ciphertext);
+}
+
+KRB5_DLLIMP void KRB5_CALLCONV
+krb5_free_predicted_sam_response(krb5_context ctx,
+                                krb5_predicted_sam_response FAR *psr)
+{
+    if (!psr)
+       return;
+    krb5_free_predicted_sam_response_contents(ctx, psr);
+    krb5_xfree(psr);
+}
+
+KRB5_DLLIMP void KRB5_CALLCONV
+krb5_free_predicted_sam_response_contents(krb5_context ctx,
+                                krb5_predicted_sam_response FAR *psr)
+{
+    if (!psr)
+       return;
+    if (psr->sam_key.contents);
+       krb5_free_keyblock_contents(ctx, &psr->sam_key);
+}
+
+KRB5_DLLIMP void KRB5_CALLCONV
+krb5_free_enc_sam_response_enc(krb5_context ctx,
+                              krb5_enc_sam_response_enc FAR *esre)
+{
+    if (!esre)
+       return;
+    krb5_free_enc_sam_response_enc_contents(ctx, esre);
+    krb5_xfree(esre);
+}
+
+KRB5_DLLIMP void KRB5_CALLCONV
+krb5_free_enc_sam_response_enc_contents(krb5_context ctx,
+                              krb5_enc_sam_response_enc FAR *esre)
+{
+    if (!esre)
+       return;
+    if (esre->sam_passcode.data)
+       krb5_free_data_contents(ctx, &esre->sam_passcode);
+}
+
+KRB5_DLLIMP void KRB5_CALLCONV
+krb5_free_pa_enc_ts(krb5_context ctx, krb5_pa_enc_ts FAR *pa_enc_ts)
+{
+    if (!pa_enc_ts)
+       return;
+    krb5_xfree(pa_enc_ts);
+}
+
index 86d325d7b9a7a21a51ad2fcd8b15e4730aafbb47..9ede4312858be46a143a374e9e53d8f5d96a3293 100644 (file)
@@ -102,12 +102,17 @@ krb5_error_code pa_enc_timestamp(krb5_context context,
     krb5_enc_data enc_data;
     krb5_pa_data *pa;
    
-    /* if we haven't yet gotten a key, get it now.  */
-
-    if (ret = ((*gak_fct)(context, request->client,
-                         request->ktype[0], prompter, prompter_data,
-                         salt, as_key, gak_data)))
-       return(ret);
+    /*
+     * We need to use the password as part or all of the key.
+     * If as_key contains info, it should be the users pass phrase.
+     * If not, get the password before issuing the challenge.
+     */
+    if (as_key->length == 0) {
+       if (ret = ((*gak_fct)(context, request->client,
+                            request->ktype[0], prompter, prompter_data,
+                            salt, as_key, gak_data)))
+           return(ret);
+    }
 
     /* now get the time of day, and encrypt it accordingly */
 
@@ -194,9 +199,10 @@ char *sam_challenge_banner(sam_type)
 
 #define SAMDATA(kdata, str, maxsize) \
        (kdata.length)? \
-       ((((kdata.length)<=(maxsize))?(kdata.length):(maxsize))): \
+       ((((kdata.length)<=(maxsize))?(kdata.length):(strlen(str)))): \
        strlen(str), \
-       (kdata.length)?(kdata.data):(str)
+       (kdata.length)? \
+       ((((kdata.length)<=(maxsize))?(kdata.data):(str))):(str)
 
 /* XXX Danger! This code is not in sync with the kerberos-password-02
    draft.  This draft cannot be implemented as written.  This code is
@@ -216,7 +222,8 @@ krb5_error_code pa_sam(krb5_context context,
 {
     krb5_error_code            ret;
     krb5_data                  tmpsam;
-    char                       banner[100], prompt[100], response[100];
+    char                       name[100], banner[100];
+    char                       prompt[100], response[100];
     krb5_data                  response_data;
     krb5_prompt                        kprompt;
     krb5_data                  defsalt;
@@ -238,6 +245,10 @@ krb5_error_code pa_sam(krb5_context context,
        return(KRB5_SAM_UNSUPPORTED);
     }
 
+    sprintf(name, "%.*s",
+           SAMDATA(sam_challenge->sam_type_name, "SAM Authentication",
+                   sizeof(name) - 1));
+
     sprintf(banner, "%.*s",
            SAMDATA(sam_challenge->sam_challenge_label,
                    sam_challenge_banner(sam_challenge->sam_type),
@@ -257,7 +268,8 @@ krb5_error_code pa_sam(krb5_context context,
     kprompt.hidden = sam_challenge->sam_challenge.length?0:1;
     kprompt.reply = &response_data;
 
-    if (ret = ((*prompter)(context, prompter_data, banner, 1, &kprompt))) {
+    if (ret = ((*prompter)(context, prompter_data, name,
+                          banner, 1, &kprompt))) {
        krb5_xfree(sam_challenge);
        return(ret);
     }