From: Theodore Tso Date: Wed, 1 Sep 1993 19:03:28 +0000 (+0000) Subject: Modifications supplied by Ari Medvinsky to include the authorization X-Git-Tag: krb5-1.0-beta3~199 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=c8bb9b555b490e594a458b3d71fb6dbb783b34db;p=krb5.git Modifications supplied by Ari Medvinsky to include the authorization data field in the authenticator. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2639 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/include/krb5/func-proto.h b/src/include/krb5/func-proto.h index 468e83e20..a1f3bc211 100644 --- a/src/include/krb5/func-proto.h +++ b/src/include/krb5/func-proto.h @@ -442,6 +442,12 @@ krb5_error_code krb5_recvauth PROTOTYPE((krb5_pointer, krb5_authenticator **)); +krb5_error_code +krb5_generate_authenticator PROTOTYPE(( krb5_authenticator *, + const krb5_creds *, + const krb5_checksum *, krb5_keyblock *, + krb5_int32, krb5_authdata ** )); + #ifdef NARROW_PROTOTYPES krb5_error_code krb5_walk_realm_tree PROTOTYPE((const krb5_data *, diff --git a/src/include/krb5/krb5.h b/src/include/krb5/krb5.h index 86eda61a2..c7c082cc9 100644 --- a/src/include/krb5/krb5.h +++ b/src/include/krb5/krb5.h @@ -95,6 +95,7 @@ typedef struct _krb5_authenticator { krb5_timestamp ctime; /* client sec portion */ krb5_keyblock *subkey; /* true session key, optional */ krb5_int32 seq_number; /* sequence #, optional */ + krb5_authdata **authorization_data; /* New add by Ari, auth data */ } krb5_authenticator; typedef struct _krb5_tkt_authent { diff --git a/src/lib/krb5/asn.1/auth2kauth.c b/src/lib/krb5/asn.1/auth2kauth.c index 50cf1662a..5b44441a6 100644 --- a/src/lib/krb5/asn.1/auth2kauth.c +++ b/src/lib/krb5/asn.1/auth2kauth.c @@ -86,5 +86,14 @@ register int *error; if (val->optionals & opt_KRB5_Authenticator_seq__number) { retval->seq_number = val->seq__number; } + if (val->authorization__data) { + retval->authorization_data = + KRB5_AuthorizationData2krb5_authdata(val->authorization__data, + error); + if (!retval->authorization_data) { + krb5_free_authenticator(retval); + return(0); + } + } return(retval); } diff --git a/src/lib/krb5/asn.1/kauth2auth.c b/src/lib/krb5/asn.1/kauth2auth.c index a6f0d0da7..c3e94dc2f 100644 --- a/src/lib/krb5/asn.1/kauth2auth.c +++ b/src/lib/krb5/asn.1/kauth2auth.c @@ -87,5 +87,12 @@ register int *error; retval->seq__number = val->seq_number; retval->optionals |= opt_KRB5_Authenticator_seq__number; } + if (val->authorization_data && *val->authorization_data) { + retval->authorization__data = + krb5_authdata2KRB5_AuthorizationData(val->authorization_data, error); + if (!retval->authorization__data) { + goto errout; + } + } return(retval); } diff --git a/src/lib/krb5/free/f_authent.c b/src/lib/krb5/free/f_authent.c index 90f3dad58..4e399b567 100644 --- a/src/lib/krb5/free/f_authent.c +++ b/src/lib/krb5/free/f_authent.c @@ -44,6 +44,8 @@ krb5_authenticator *val; krb5_free_principal(val->client); if (val->subkey) krb5_free_keyblock(val->subkey); + if (val->authorization_data) + krb5_free_authdata(val->authorization_data); xfree(val); return; } diff --git a/src/lib/krb5/krb/copy_athctr.c b/src/lib/krb5/krb/copy_athctr.c index f2fa627d0..28a513873 100644 --- a/src/lib/krb5/krb/copy_athctr.c +++ b/src/lib/krb5/krb/copy_athctr.c @@ -70,6 +70,19 @@ krb5_authenticator **authto; } } + if (authfrom->authorization_data) { + retval = krb5_copy_authdata(authfrom->authorization_data, + &tempto->authorization_data); + if (retval) { + xfree(tempto->subkey); + krb5_free_checksum(tempto->checksum); + krb5_free_principal(tempto->client); + krb5_free_authdata(tempto->authorization_data); + xfree(tempto); + return retval; + } + } + *authto = tempto; return 0; } diff --git a/src/lib/krb5/krb/mk_req_ext.c b/src/lib/krb5/krb/mk_req_ext.c index a9fe8a2d4..eed4df7d7 100644 --- a/src/lib/krb5/krb/mk_req_ext.c +++ b/src/lib/krb5/krb/mk_req_ext.c @@ -70,11 +70,6 @@ static char rcsid_mk_req_ext_c[] = returns system errors */ -static krb5_error_code generate_authenticator PROTOTYPE((krb5_authenticator *, - const krb5_creds *, - const krb5_checksum *, - krb5_keyblock *, - krb5_int32 )); krb5_error_code krb5_mk_req_extended(ap_req_options, checksum, kdc_options, @@ -130,9 +125,9 @@ krb5_data *outbuf; } } #define cleanup_key() {if (newkey) krb5_free_keyblock(*newkey);} - if (retval = generate_authenticator(&authent, creds, checksum, - newkey ? *newkey : 0, - sequence)) { + if (retval = krb5_generate_authenticator(&authent, creds, checksum, + newkey ? *newkey : 0, + sequence, creds->authdata)) { cleanup_key(); cleanup_ticket(); return retval; @@ -231,17 +226,19 @@ request.authenticator.ciphertext.data = 0;} } static krb5_error_code -generate_authenticator(authent, creds, cksum, key, seq_number) +krb5_generate_authenticator(authent, creds, cksum, key, seq_number, authorization) krb5_authenticator *authent; const krb5_creds *creds; const krb5_checksum *cksum; krb5_keyblock *key; krb5_int32 seq_number; +krb5_authdata **authorization; { authent->client = creds->client; authent->checksum = (krb5_checksum *)cksum; authent->subkey = key; authent->seq_number = seq_number; + authent->authorization_data = authorization; return(krb5_us_timeofday(&authent->ctime, &authent->cusec)); }