From: Greg Hudson Date: Sat, 24 Sep 2011 12:19:14 +0000 (+0000) Subject: Don't use accessor in encrypted challenge X-Git-Tag: krb5-1.10-alpha1~146 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=b99d59f7118476cdeb6707b2315eb9b536be556f;p=krb5.git Don't use accessor in encrypted challenge Now that the encrypted challenge code is linked into libkrb5 and the KDC, it's unnecessary to use the accessor there. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25229 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 075cec8c7..0bb4c164d 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -2127,7 +2127,7 @@ void krb5int_free_srv_dns_data(struct srv_dns_entry *); /* To keep happy libraries which are (for now) accessing internal stuff */ /* Make sure to increment by one when changing the struct */ -#define KRB5INT_ACCESS_STRUCT_VERSION 17 +#define KRB5INT_ACCESS_STRUCT_VERSION 18 #ifndef ANAME_SZ struct ktext; /* from krb.h, for krb524 support */ @@ -2163,17 +2163,6 @@ typedef struct _krb5int_access { (*asn1_ldap_decode_sequence_of_keys)(krb5_data *in, ldap_seqof_key_data **); - /* Used for encrypted challenge fast factor*/ - krb5_error_code (*encode_enc_data)(const krb5_enc_data *, krb5_data **); - krb5_error_code (*decode_enc_data)(const krb5_data *, krb5_enc_data **); - void (KRB5_CALLCONV *free_enc_data)(krb5_context, krb5_enc_data *); - krb5_error_code (*encode_enc_ts)(const krb5_pa_enc_ts *, krb5_data **); - krb5_error_code (*decode_enc_ts)(const krb5_data *, krb5_pa_enc_ts **); - void (KRB5_CALLCONV *free_enc_ts)(krb5_context, krb5_pa_enc_ts *); - krb5_error_code - (*encrypt_helper)(krb5_context, const krb5_keyblock *, krb5_keyusage, - const krb5_data *, krb5_enc_data *); - /* * pkinit asn.1 encode/decode functions */ diff --git a/src/kdc/kdc_preauth_ec.c b/src/kdc/kdc_preauth_ec.c index 3419c831a..02446ad3b 100644 --- a/src/kdc/kdc_preauth_ec.c +++ b/src/kdc/kdc_preauth_ec.c @@ -68,7 +68,6 @@ kdc_verify_preauth(krb5_context context, struct _krb5_db_entry_new *client, krb5_data scratch, plain; krb5_keyblock *armor_key = NULL; krb5_pa_enc_ts *ts = NULL; - krb5int_access kaccess; krb5_keyblock *client_keys = NULL; krb5_data *client_data = NULL; krb5_keyblock *challenge_key = NULL; @@ -76,8 +75,6 @@ kdc_verify_preauth(krb5_context context, struct _krb5_db_entry_new *client, int i = 0; plain.data = NULL; - if (krb5int_accessor(&kaccess, KRB5INT_ACCESS_VERSION) != 0) - return 0; retval = fast_kdc_get_armor_key(context, get_entry_proc, request, client, &armor_key); if (retval == 0 &&armor_key == NULL) { @@ -87,7 +84,7 @@ kdc_verify_preauth(krb5_context context, struct _krb5_db_entry_new *client, scratch.data = (char *) data->contents; scratch.length = data->length; if (retval == 0) - retval = kaccess.decode_enc_data(&scratch, &enc); + retval = decode_krb5_enc_data(&scratch, &enc); if (retval == 0) { plain.data = malloc(enc->ciphertext.length); plain.length = enc->ciphertext.length; @@ -129,7 +126,7 @@ kdc_verify_preauth(krb5_context context, struct _krb5_db_entry_new *client, } if (retval == 0) - retval = kaccess.decode_enc_ts(&plain, &ts); + retval = decode_krb5_pa_enc_ts(&plain, &ts); if (retval == 0) retval = krb5_timeofday(context, &now); if (retval == 0) { @@ -159,9 +156,9 @@ kdc_verify_preauth(krb5_context context, struct _krb5_db_entry_new *client, if (plain.data) free(plain.data); if (enc) - kaccess.free_enc_data(context, enc); + krb5_free_enc_data(context, enc); if (ts) - kaccess.free_enc_ts(context, ts); + krb5_free_pa_enc_ts(context, ts); return retval; } @@ -182,23 +179,20 @@ kdc_return_preauth(krb5_context context, krb5_pa_data *padata, krb5_enc_data enc; krb5_data *encoded = NULL; krb5_pa_data *pa = NULL; - krb5int_access kaccess; - if (krb5int_accessor(&kaccess, KRB5INT_ACCESS_VERSION) != 0) - return 0; if (challenge_key == NULL) return 0; enc.ciphertext.data = NULL; /* In case of error pass through */ retval = krb5_us_timeofday(context, &ts.patimestamp, &ts.pausec); if (retval == 0) - retval = kaccess.encode_enc_ts(&ts, &plain); + retval = encode_krb5_pa_enc_ts(&ts, &plain); if (retval == 0) - retval = kaccess.encrypt_helper(context, challenge_key, - KRB5_KEYUSAGE_ENC_CHALLENGE_KDC, - plain, &enc); + retval = krb5_encrypt_helper(context, challenge_key, + KRB5_KEYUSAGE_ENC_CHALLENGE_KDC, + plain, &enc); if (retval == 0) - retval = kaccess.encode_enc_data(&enc, &encoded); + retval = encode_krb5_enc_data(&enc, &encoded); if (retval == 0) { pa = calloc(1, sizeof(krb5_pa_data)); if (pa == NULL) diff --git a/src/lib/krb5/krb/preauth_ec.c b/src/lib/krb5/krb/preauth_ec.c index e56807a3a..94c928461 100644 --- a/src/lib/krb5/krb/preauth_ec.c +++ b/src/lib/krb5/krb/preauth_ec.c @@ -56,10 +56,7 @@ process_preauth(krb5_context context, krb5_clpreauth_moddata moddata, krb5_enctype enctype = 0; krb5_keyblock *challenge_key = NULL, *armor_key = NULL; krb5_data *etype_data = NULL; - krb5int_access kaccess; - if (krb5int_accessor(&kaccess, KRB5INT_ACCESS_VERSION) != 0) - return 0; retval = fast_get_armor_key(context, get_data_proc, rock, &armor_key); if (retval || armor_key == NULL) return 0; @@ -82,7 +79,7 @@ process_preauth(krb5_context context, krb5_clpreauth_moddata moddata, as_key, "challengelongterm", &challenge_key); if (retval == 0) - retval =kaccess.decode_enc_data(&scratch, &enc); + retval = decode_krb5_enc_data(&scratch, &enc); scratch.data = NULL; if (retval == 0) { scratch.data = malloc(enc->ciphertext.length); @@ -104,7 +101,7 @@ process_preauth(krb5_context context, krb5_clpreauth_moddata moddata, if (retval == 0) fast_set_kdc_verified(context, get_data_proc, rock); if (enc) - kaccess.free_enc_data(context, enc); + krb5_free_enc_data(context, enc); } else if (retval == 0) { /*No padata; we send*/ krb5_enc_data enc; krb5_pa_data *pa = NULL; @@ -114,21 +111,21 @@ process_preauth(krb5_context context, krb5_clpreauth_moddata moddata, enc.ciphertext.data = NULL; retval = krb5_us_timeofday(context, &ts.patimestamp, &ts.pausec); if (retval == 0) - retval = kaccess.encode_enc_ts(&ts, &encoded_ts); + retval = encode_krb5_pa_enc_ts(&ts, &encoded_ts); if (retval == 0) retval = krb5_c_fx_cf2_simple(context, armor_key, "clientchallengearmor", as_key, "challengelongterm", &challenge_key); if (retval == 0) - retval = kaccess.encrypt_helper(context, challenge_key, - KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT, - encoded_ts, &enc); + retval = krb5_encrypt_helper(context, challenge_key, + KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT, + encoded_ts, &enc); if (encoded_ts) krb5_free_data(context, encoded_ts); encoded_ts = NULL; if (retval == 0) { - retval = kaccess.encode_enc_data(&enc, &encoded_ts); + retval = encode_krb5_enc_data(&enc, &encoded_ts); krb5_free_data_contents(context, &enc.ciphertext); } if (retval == 0) { diff --git a/src/lib/krb5/os/accessor.c b/src/lib/krb5/os/accessor.c index 532cd38d0..5914e2b3f 100644 --- a/src/lib/krb5/os/accessor.c +++ b/src/lib/krb5/os/accessor.c @@ -113,13 +113,6 @@ krb5int_accessor(krb5int_access *internals, krb5_int32 version) S (encode_krb5_sam_response_2, encode_krb5_sam_response_2), S (encode_krb5_enc_sam_response_enc_2, encode_krb5_enc_sam_response_enc_2), - S (encode_enc_ts, encode_krb5_pa_enc_ts), - S (decode_enc_ts, decode_krb5_pa_enc_ts), - S (encode_enc_data, encode_krb5_enc_data), - S(decode_enc_data, decode_krb5_enc_data), - S(free_enc_ts, krb5_free_pa_enc_ts), - S(free_enc_data, krb5_free_enc_data), - S(encrypt_helper, krb5_encrypt_helper), #if DESIGNATED_INITIALIZERS };