the correct type, do continue and ask for the password anyways. (Patch from
Chas Williams, PR krb5-libs/730.)
* preauth2.c (pa_sam): If no sam_flags were set, return KRB5_PREAUTH_BAD_TYPE,
because we don't currently handle that case.
* preauth2.c (pa_sam): Remove unused variable use_sam_key.
(SAMDATA): Cast first result to int, which is what sprintf needs.
(pa_salt): Delete unused variable ret.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12012
dc483132-0cff-0310-8789-
dd5450dbe970
-2000-02-06 Ken Raeburn <raeburn@raeburn.org>
+2000-02-07 Ken Raeburn <raeburn@mit.edu>
+
+ * gic_pwd.c (krb5_get_as_key_password): If the as_key enctype is
+ already set to the correct type, do continue and ask for the
+ password anyways. (Patch from Chas Williams, PR krb5-libs/730.)
+
+ * preauth2.c (pa_sam): If no sam_flags were set, return
+ KRB5_PREAUTH_BAD_TYPE, because we don't currently handle that
+ case.
+
+2000-02-06 Ken Raeburn <raeburn@mit.edu>
+
+ * preauth2.c (pa_sam): Remove unused variable use_sam_key.
+ (SAMDATA): Cast first result to int, which is what sprintf needs.
+ (pa_salt): Delete unused variable ret.
Patches from Frank Cusack:
* kfree.c (krb5_free_predicted_sam_response_contents): Fix typo.
* preauth.c (obtain_sam_padata): Update for field name change.
* preauth2.c (pa_sam): Likewise.
-2000-01-27 Ken Raeburn <raeburn@raeburn.org>
+2000-01-27 Ken Raeburn <raeburn@mit.edu>
* init_ctx.c (get_profile_etype_list): Discard DESONLY changes
from 1999-09-01, and revert call sites.
password = (krb5_data *) gak_data;
- /* if there's already a key of the correct etype, we're done.
- if the etype is wrong, free the existing key, and make
- a new one. */
+ /* If there's already a key of the correct etype, we're done.
+ If the etype is wrong, free the existing key, and make
+ a new one.
- if (as_key->length) {
- if (as_key->enctype == etype)
- return(0);
+ XXX This was the old behavior, and was wrong in hw preauth
+ cases. Is this new behavior -- always asking -- correct in all
+ cases? */
- krb5_free_keyblock_contents(context, as_key);
- as_key->length = 0;
+ if (as_key->length) {
+ if (as_key->enctype != etype) {
+ krb5_free_keyblock_contents (context, as_key);
+ as_key->length = 0;
+ }
}
if (password->data[0] == '\0') {
krb5_prompter_fct prompter, void *prompter_data,
krb5_gic_get_as_key_fct gak_fct, void *gak_data)
{
- krb5_error_code ret;
krb5_data tmp;
/* screw the abstraction. If there was a *reasonable* copy_data,
/* this macro expands to the int,ptr necessary for "%.*s" in an sprintf */
#define SAMDATA(kdata, str, maxsize) \
- (kdata.length)? \
- ((((kdata.length)<=(maxsize))?(kdata.length):(strlen(str)))): \
- strlen(str), \
+ (int)((kdata.length)? \
+ ((((kdata.length)<=(maxsize))?(kdata.length):strlen(str))): \
+ strlen(str)), \
(kdata.length)? \
((((kdata.length)<=(maxsize))?(kdata.data):(str))):(str)
krb5_sam_response sam_response;
/* these two get encrypted and stuffed in to sam_response */
krb5_enc_sam_response_enc enc_sam_response_enc;
- krb5_keyblock * sam_use_key = 0;
krb5_data * scratch;
krb5_pa_data * pa;
}
enc_sam_response_enc.sam_nonce = sam_challenge->sam_nonce;
+ /* XXX What if more than one flag is set? */
if (sam_challenge->sam_flags & KRB5_SAM_SEND_ENCRYPTED_SAD) {
enc_sam_response_enc.sam_sad = response_data;
} else if (sam_challenge->sam_flags & KRB5_SAM_USE_SAD_AS_KEY) {
}
enc_sam_response_enc.sam_sad.length = 0;
+ } else {
+ /* Eventually, combine SAD with long-term key to get
+ encryption key. */
+ return KRB5_PREAUTH_BAD_TYPE;
}
/* copy things from the challenge */