/* To keep happy libraries which are (for now) accessing internal stuff */
/* Make sure to increment by one when changing the struct */
-#define KRB5INT_ACCESS_STRUCT_VERSION 17
+#define KRB5INT_ACCESS_STRUCT_VERSION 18
#ifndef ANAME_SZ
struct ktext; /* from krb.h, for krb524 support */
(*asn1_ldap_decode_sequence_of_keys)(krb5_data *in,
ldap_seqof_key_data **);
- /* Used for encrypted challenge fast factor*/
- krb5_error_code (*encode_enc_data)(const krb5_enc_data *, krb5_data **);
- krb5_error_code (*decode_enc_data)(const krb5_data *, krb5_enc_data **);
- void (KRB5_CALLCONV *free_enc_data)(krb5_context, krb5_enc_data *);
- krb5_error_code (*encode_enc_ts)(const krb5_pa_enc_ts *, krb5_data **);
- krb5_error_code (*decode_enc_ts)(const krb5_data *, krb5_pa_enc_ts **);
- void (KRB5_CALLCONV *free_enc_ts)(krb5_context, krb5_pa_enc_ts *);
- krb5_error_code
- (*encrypt_helper)(krb5_context, const krb5_keyblock *, krb5_keyusage,
- const krb5_data *, krb5_enc_data *);
-
/*
* pkinit asn.1 encode/decode functions
*/
krb5_data scratch, plain;
krb5_keyblock *armor_key = NULL;
krb5_pa_enc_ts *ts = NULL;
- krb5int_access kaccess;
krb5_keyblock *client_keys = NULL;
krb5_data *client_data = NULL;
krb5_keyblock *challenge_key = NULL;
int i = 0;
plain.data = NULL;
- if (krb5int_accessor(&kaccess, KRB5INT_ACCESS_VERSION) != 0)
- return 0;
retval = fast_kdc_get_armor_key(context, get_entry_proc, request, client, &armor_key);
if (retval == 0 &&armor_key == NULL) {
scratch.data = (char *) data->contents;
scratch.length = data->length;
if (retval == 0)
- retval = kaccess.decode_enc_data(&scratch, &enc);
+ retval = decode_krb5_enc_data(&scratch, &enc);
if (retval == 0) {
plain.data = malloc(enc->ciphertext.length);
plain.length = enc->ciphertext.length;
}
if (retval == 0)
- retval = kaccess.decode_enc_ts(&plain, &ts);
+ retval = decode_krb5_pa_enc_ts(&plain, &ts);
if (retval == 0)
retval = krb5_timeofday(context, &now);
if (retval == 0) {
if (plain.data)
free(plain.data);
if (enc)
- kaccess.free_enc_data(context, enc);
+ krb5_free_enc_data(context, enc);
if (ts)
- kaccess.free_enc_ts(context, ts);
+ krb5_free_pa_enc_ts(context, ts);
return retval;
}
krb5_enc_data enc;
krb5_data *encoded = NULL;
krb5_pa_data *pa = NULL;
- krb5int_access kaccess;
- if (krb5int_accessor(&kaccess, KRB5INT_ACCESS_VERSION) != 0)
- return 0;
if (challenge_key == NULL)
return 0;
enc.ciphertext.data = NULL; /* In case of error pass through */
retval = krb5_us_timeofday(context, &ts.patimestamp, &ts.pausec);
if (retval == 0)
- retval = kaccess.encode_enc_ts(&ts, &plain);
+ retval = encode_krb5_pa_enc_ts(&ts, &plain);
if (retval == 0)
- retval = kaccess.encrypt_helper(context, challenge_key,
- KRB5_KEYUSAGE_ENC_CHALLENGE_KDC,
- plain, &enc);
+ retval = krb5_encrypt_helper(context, challenge_key,
+ KRB5_KEYUSAGE_ENC_CHALLENGE_KDC,
+ plain, &enc);
if (retval == 0)
- retval = kaccess.encode_enc_data(&enc, &encoded);
+ retval = encode_krb5_enc_data(&enc, &encoded);
if (retval == 0) {
pa = calloc(1, sizeof(krb5_pa_data));
if (pa == NULL)
krb5_enctype enctype = 0;
krb5_keyblock *challenge_key = NULL, *armor_key = NULL;
krb5_data *etype_data = NULL;
- krb5int_access kaccess;
- if (krb5int_accessor(&kaccess, KRB5INT_ACCESS_VERSION) != 0)
- return 0;
retval = fast_get_armor_key(context, get_data_proc, rock, &armor_key);
if (retval || armor_key == NULL)
return 0;
as_key, "challengelongterm",
&challenge_key);
if (retval == 0)
- retval =kaccess.decode_enc_data(&scratch, &enc);
+ retval = decode_krb5_enc_data(&scratch, &enc);
scratch.data = NULL;
if (retval == 0) {
scratch.data = malloc(enc->ciphertext.length);
if (retval == 0)
fast_set_kdc_verified(context, get_data_proc, rock);
if (enc)
- kaccess.free_enc_data(context, enc);
+ krb5_free_enc_data(context, enc);
} else if (retval == 0) { /*No padata; we send*/
krb5_enc_data enc;
krb5_pa_data *pa = NULL;
enc.ciphertext.data = NULL;
retval = krb5_us_timeofday(context, &ts.patimestamp, &ts.pausec);
if (retval == 0)
- retval = kaccess.encode_enc_ts(&ts, &encoded_ts);
+ retval = encode_krb5_pa_enc_ts(&ts, &encoded_ts);
if (retval == 0)
retval = krb5_c_fx_cf2_simple(context,
armor_key, "clientchallengearmor",
as_key, "challengelongterm",
&challenge_key);
if (retval == 0)
- retval = kaccess.encrypt_helper(context, challenge_key,
- KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT,
- encoded_ts, &enc);
+ retval = krb5_encrypt_helper(context, challenge_key,
+ KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT,
+ encoded_ts, &enc);
if (encoded_ts)
krb5_free_data(context, encoded_ts);
encoded_ts = NULL;
if (retval == 0) {
- retval = kaccess.encode_enc_data(&enc, &encoded_ts);
+ retval = encode_krb5_enc_data(&enc, &encoded_ts);
krb5_free_data_contents(context, &enc.ciphertext);
}
if (retval == 0) {
S (encode_krb5_sam_response_2, encode_krb5_sam_response_2),
S (encode_krb5_enc_sam_response_enc_2, encode_krb5_enc_sam_response_enc_2),
- S (encode_enc_ts, encode_krb5_pa_enc_ts),
- S (decode_enc_ts, decode_krb5_pa_enc_ts),
- S (encode_enc_data, encode_krb5_enc_data),
- S(decode_enc_data, decode_krb5_enc_data),
- S(free_enc_ts, krb5_free_pa_enc_ts),
- S(free_enc_data, krb5_free_enc_data),
- S(encrypt_helper, krb5_encrypt_helper),
#if DESIGNATED_INITIALIZERS
};