fix errors in error-generating code

author John Kohl <jtkohl@mit.edu>

Fri, 2 Feb 1990 15:58:41 +0000 (15:58 +0000)

committer John Kohl <jtkohl@mit.edu>

Fri, 2 Feb 1990 15:58:41 +0000 (15:58 +0000)
author John Kohl <jtkohl@mit.edu>
Fri, 2 Feb 1990 15:58:41 +0000 (15:58 +0000)
committer John Kohl <jtkohl@mit.edu>
Fri, 2 Feb 1990 15:58:41 +0000 (15:58 +0000)
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c

index f677933bbd588e06b76ab34d826fa4dfcca8e6b4..472af5621d517d4f2ab48b5db7f6bc03784c3b34 100644 (file)
--- a/src/kdc/do_as_req.c
+++ b/src/kdc/do_as_req.c
@@ -65,6 +65,7 @@ krb5_data **response;                 /* filled in with a response packet */
      krb5_boolean more;
      krb5_timestamp kdc_time;
      krb5_keyblock *session_key;
+    krb5_keyblock encrypting_key;
  
      krb5_timestamp until, rtime;
  
@@ -199,7 +200,18 @@ krb5_data **response;                      /* filled in with a response packet */
      /* XXX need separate etypes for ticket encryption and kdc_rep encryption */
  
      ticket_reply.enc_part2 = &enc_tkt_reply;
-    if (retval = krb5_encrypt_tkt_part(&server.key, &ticket_reply)) {
+
+    /* convert server.key into a real key (it may be encrypted
+       in the database) */
+    if (retval = kdc_convert_key(&server.key, &encrypting_key,
+                                CONVERT_OUTOF_DB)) {
+       cleanup();
+       return retval;
+    }
+    retval = krb5_encrypt_tkt_part(&encrypting_key, &ticket_reply);
+    bzero((char *)encrypting_key.contents, encrypting_key.length);
+    free((char *)encrypting_key.contents);
+    if (retval) {
         cleanup();
         return retval;
      }
@@ -236,8 +248,17 @@ krb5_data **response;                      /* filled in with a response packet */
  
      /* now encode/encrypt the response */
  
+    /* convert client.key into a real key (it may be encrypted
+       in the database) */
+    if (retval = kdc_convert_key(&client.key, &encrypting_key,
+                                CONVERT_OUTOF_DB)) {
+       cleanup();
+       return retval;
+    }
      retval = krb5_encode_kdc_rep(KRB5_AS_REP, &reply, &reply_encpart,
-                                &client.key, response);
+                                &encrypting_key, response);
+    bzero((char *)encrypting_key.contents, encrypting_key.length);
+    free((char *)encrypting_key.contents);
      cleanup();
      return retval;
  }
@@ -266,10 +287,10 @@ krb5_data **response;
      (void) strcpy(errpkt.text.data, error_message(error+KRB5KDC_ERR_NONE));
  
      if (!(scratch = (krb5_data *)malloc(sizeof(*scratch)))) {
-       free(errpkt.txt.data);
+       free(errpkt.text.data);
         return ENOMEM;
      }
-    retval = encode_krb5_error(&errpkt, scratch);
+    retval = krb5_mk_error(&errpkt, scratch);
      free(errpkt.text.data);
      *response = scratch;
      return retval;
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c

index 3fc58b1efd48ec0ceffadc5fa32b38271e2666cb..74b6a4e8f9c0dec2e40f5807aaa5e674e8d55074 100644 (file)
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -62,6 +62,7 @@ krb5_data **response;                 /* filled in with a response packet */
      krb5_keyblock *session_key;
      int newtransited = 0;
      krb5_timestamp until, rtime;
+    krb5_keyblock encrypting_key;
  
         
      /* assume that we've already dealt with the AP_REQ header, so
@@ -328,7 +329,20 @@ krb5_data **response;                      /* filled in with a response packet */
             return retval;
         }
      } else {
-       if (retval = krb5_encrypt_tkt_part(&server.key, &ticket_reply)) {
+       /* convert server.key into a real key (it may be encrypted
+          in the database) */
+       if (retval = kdc_convert_key(&server.key, &encrypting_key,
+                                    CONVERT_OUTOF_DB)) {
+           cleanup();
+           return retval;
+       }
+
+       retval = krb5_encrypt_tkt_part(&encrypting_key, &ticket_reply);
+
+       bzero((char *)encrypting_key.contents, encrypting_key.length);
+       free((char *)encrypting_key.contents);
+
+       if (retval) {
             cleanup();
             return retval;
         }
@@ -397,7 +411,7 @@ krb5_data **response;
      (void) strcpy(errpkt.text.data, error_message(error+KRB5KDC_ERR_NONE));
  
      if (!(scratch = (krb5_data *)malloc(sizeof(*scratch)))) {
-       free(errpkt.txt.data);
+       free(errpkt.text.data);
         return ENOMEM;
      }
      retval = krb5_mk_error(&errpkt, scratch);
author	John Kohl <jtkohl@mit.edu>
	Fri, 2 Feb 1990 15:58:41 +0000 (15:58 +0000)
committer	John Kohl <jtkohl@mit.edu>
	Fri, 2 Feb 1990 15:58:41 +0000 (15:58 +0000)
src/kdc/do_as_req.c		patch \| blob \| history
src/kdc/do_tgs_req.c		patch \| blob \| history