+1999-04-09 Theodore Ts'o <tytso@rsts-11.mit.edu>
+
+ * kfree.c (krb5_free_sam_challenge, krb5_free_sam_challenge_contents,
+ krb5_free_sam_response, krb5_free_sam_response_contents,
+ krb5_free_predicted_sam_response,
+ krb5_free_predicted_sam_response_contents,
+ krb5_free_enc_sam_response_enc,
+ krb5_free_enc_sam_response_enc_contents,
+ krb5_free_pa_enc_ts): Added new functions. Part of
+ patches from [krb5-kdc/662]
+
+ * gic_pwd.c (krb5_get_init_creds_password): Add new argument to
+ calls to the prompter function. Part of patches from
+ [krb5-kdc/662].
+
+ * preauth2.c (pa_enc_timestamp, pa_sam): Update calls to new
+ prompter function. [krb5-kdc/662].
+
1999-03-31 Theodore Ts'o <tytso@rsts-11.mit.edu>
* init_ctx.c (krb5_init_context): Call krb5_win_ccdll_load() to
if (prompter == NULL)
return(EIO);
- if (ret = krb5_unparse_name(context, client, &clientstr))
+ if ((ret = krb5_unparse_name(context, client, &clientstr)))
return(ret);
strcpy(promptstr, "Password for ");
prompt.hidden = 1;
prompt.reply = password;
- if (ret = ((*prompter)(context, prompter_data, NULL, 1, &prompt)))
+ if (ret = (((*prompter)(context, prompter_data, NULL, NULL,
+ 1, &prompt))))
return(ret);
}
if ((salt->length == -1) && (salt->data == NULL)) {
- if (ret = krb5_principal2salt(context, client, &defsalt))
+ if ((ret = krb5_principal2salt(context, client, &defsalt)))
return(ret);
salt = &defsalt;
krb5_get_init_creds_opt_set_forwardable(&chpw_opts, 0);
krb5_get_init_creds_opt_set_proxiable(&chpw_opts, 0);
- if (ret = krb5_get_init_creds(context, &chpw_creds, client,
- prompter, data,
- start_time, "kadmin/changepw", &chpw_opts,
- krb5_get_as_key_password, (void *) &pw0,
- &master, NULL))
+ if ((ret = krb5_get_init_creds(context, &chpw_creds, client,
+ prompter, data,
+ start_time, "kadmin/changepw", &chpw_opts,
+ krb5_get_as_key_password, (void *) &pw0,
+ &master, NULL)))
goto cleanup;
prompt[0].prompt = "Enter new password";
pw0.length = sizeof(pw0array);
pw1.length = sizeof(pw1array);
- if (ret = ((*prompter)(context, data, banner,
+ if (ret = ((*prompter)(context, data, 0, banner,
sizeof(prompt)/sizeof(prompt[0]), prompt)))
goto cleanup;
krb5_data code_string;
krb5_data result_string;
- if (ret = krb5_change_password(context, &chpw_creds, pw0array,
- &result_code, &code_string,
- &result_string))
+ if ((ret = krb5_change_password(context, &chpw_creds, pw0array,
+ &result_code, &code_string,
+ &result_string)))
goto cleanup;
/* the change succeeded. go on */
hours/24);
/* ignore an error here */
- (*prompter)(context, data, banner, 0, 0);
+ (*prompter)(context, data, 0, banner, 0, 0);
}
}
return;
}
+KRB5_DLLIMP void KRB5_CALLCONV
+krb5_free_sam_challenge(krb5_context ctx, krb5_sam_challenge FAR *sc)
+{
+ if (!sc)
+ return;
+ krb5_free_sam_challenge_contents(ctx, sc);
+ krb5_xfree(sc);
+}
+
+KRB5_DLLIMP void KRB5_CALLCONV
+krb5_free_sam_challenge_contents(krb5_context ctx, krb5_sam_challenge FAR *sc)
+{
+ if (!sc)
+ return;
+ if (sc->sam_type_name.data)
+ krb5_free_data_contents(ctx, &sc->sam_type_name);
+ if (sc->sam_track_id.data)
+ krb5_free_data_contents(ctx, &sc->sam_track_id);
+ if (sc->sam_challenge_label.data)
+ krb5_free_data_contents(ctx, &sc->sam_challenge_label);
+ if (sc->sam_challenge.data)
+ krb5_free_data_contents(ctx, &sc->sam_challenge);
+ if (sc->sam_response_prompt.data)
+ krb5_free_data_contents(ctx, &sc->sam_response_prompt);
+ if (sc->sam_pk_for_sad.data)
+ krb5_free_data_contents(ctx, &sc->sam_pk_for_sad);
+ if (sc->sam_cksum.contents)
+ krb5_xfree(sc->sam_cksum.contents);
+}
+
+KRB5_DLLIMP void KRB5_CALLCONV
+krb5_free_sam_response(krb5_context ctx, krb5_sam_response FAR *sr)
+{
+ if (!sr)
+ return;
+ krb5_free_sam_response_contents(ctx, sr);
+ krb5_xfree(sr);
+}
+
+KRB5_DLLIMP void KRB5_CALLCONV
+krb5_free_sam_response_contents(krb5_context ctx, krb5_sam_response FAR *sr)
+{
+ if (!sr)
+ return;
+ if (sr->sam_track_id.data)
+ krb5_free_data_contents(ctx, &sr->sam_track_id);
+ if (sr->sam_enc_key.ciphertext.data)
+ krb5_free_data_contents(ctx, &sr->sam_enc_key.ciphertext);
+ if (sr->sam_enc_nonce_or_ts.ciphertext.data)
+ krb5_free_data_contents(ctx, &sr->sam_enc_nonce_or_ts.ciphertext);
+}
+
+KRB5_DLLIMP void KRB5_CALLCONV
+krb5_free_predicted_sam_response(krb5_context ctx,
+ krb5_predicted_sam_response FAR *psr)
+{
+ if (!psr)
+ return;
+ krb5_free_predicted_sam_response_contents(ctx, psr);
+ krb5_xfree(psr);
+}
+
+KRB5_DLLIMP void KRB5_CALLCONV
+krb5_free_predicted_sam_response_contents(krb5_context ctx,
+ krb5_predicted_sam_response FAR *psr)
+{
+ if (!psr)
+ return;
+ if (psr->sam_key.contents);
+ krb5_free_keyblock_contents(ctx, &psr->sam_key);
+}
+
+KRB5_DLLIMP void KRB5_CALLCONV
+krb5_free_enc_sam_response_enc(krb5_context ctx,
+ krb5_enc_sam_response_enc FAR *esre)
+{
+ if (!esre)
+ return;
+ krb5_free_enc_sam_response_enc_contents(ctx, esre);
+ krb5_xfree(esre);
+}
+
+KRB5_DLLIMP void KRB5_CALLCONV
+krb5_free_enc_sam_response_enc_contents(krb5_context ctx,
+ krb5_enc_sam_response_enc FAR *esre)
+{
+ if (!esre)
+ return;
+ if (esre->sam_passcode.data)
+ krb5_free_data_contents(ctx, &esre->sam_passcode);
+}
+
+KRB5_DLLIMP void KRB5_CALLCONV
+krb5_free_pa_enc_ts(krb5_context ctx, krb5_pa_enc_ts FAR *pa_enc_ts)
+{
+ if (!pa_enc_ts)
+ return;
+ krb5_xfree(pa_enc_ts);
+}
+
krb5_enc_data enc_data;
krb5_pa_data *pa;
- /* if we haven't yet gotten a key, get it now. */
-
- if (ret = ((*gak_fct)(context, request->client,
- request->ktype[0], prompter, prompter_data,
- salt, as_key, gak_data)))
- return(ret);
+ /*
+ * We need to use the password as part or all of the key.
+ * If as_key contains info, it should be the users pass phrase.
+ * If not, get the password before issuing the challenge.
+ */
+ if (as_key->length == 0) {
+ if (ret = ((*gak_fct)(context, request->client,
+ request->ktype[0], prompter, prompter_data,
+ salt, as_key, gak_data)))
+ return(ret);
+ }
/* now get the time of day, and encrypt it accordingly */
#define SAMDATA(kdata, str, maxsize) \
(kdata.length)? \
- ((((kdata.length)<=(maxsize))?(kdata.length):(maxsize))): \
+ ((((kdata.length)<=(maxsize))?(kdata.length):(strlen(str)))): \
strlen(str), \
- (kdata.length)?(kdata.data):(str)
+ (kdata.length)? \
+ ((((kdata.length)<=(maxsize))?(kdata.data):(str))):(str)
/* XXX Danger! This code is not in sync with the kerberos-password-02
draft. This draft cannot be implemented as written. This code is
{
krb5_error_code ret;
krb5_data tmpsam;
- char banner[100], prompt[100], response[100];
+ char name[100], banner[100];
+ char prompt[100], response[100];
krb5_data response_data;
krb5_prompt kprompt;
krb5_data defsalt;
return(KRB5_SAM_UNSUPPORTED);
}
+ sprintf(name, "%.*s",
+ SAMDATA(sam_challenge->sam_type_name, "SAM Authentication",
+ sizeof(name) - 1));
+
sprintf(banner, "%.*s",
SAMDATA(sam_challenge->sam_challenge_label,
sam_challenge_banner(sam_challenge->sam_type),
kprompt.hidden = sam_challenge->sam_challenge.length?0:1;
kprompt.reply = &response_data;
- if (ret = ((*prompter)(context, prompter_data, banner, 1, &kprompt))) {
+ if (ret = ((*prompter)(context, prompter_data, name,
+ banner, 1, &kprompt))) {
krb5_xfree(sam_challenge);
return(ret);
}