From: Tom Yu Date: Tue, 14 Apr 2009 19:53:53 +0000 (+0000) Subject: pull up r22067 from trunk X-Git-Tag: krb5-1.7-beta1~54 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=db9321695193712502cd7350fc25aff0c215268c;p=krb5.git pull up r22067 from trunk ------------------------------------------------------------------------ r22067 | hartmans | 2009-03-06 12:26:29 -0500 (Fri, 06 Mar 2009) | 12 lines Changed paths: M /trunk/src/lib/krb5/krb/get_in_tkt.c ticket: 6401 Subject: send_as_req re-encodes the request krb5_get_init_creds calls encode_krb5_as_req to produce an encoding for the preauth plugins, then passes the unencoded request structure into the static function send_as_req. That function re-encodes the request. This is an unnecessary call to the encoder. In addition, for the FAST project, it is desirable to encapsulate the unencoded outer request so that krb5_get_init_creds does not need it. * send_as_req is modified to take an encoded request and realm * Remove unused logic to fill in request nonce from send_as_req ------------------------------------------------------------------------ ticket: 6401 version_fixed: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22213 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index cacf37846..c14c26857 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -136,36 +136,25 @@ gen_nonce(krb5_context context, */ static krb5_error_code send_as_request(krb5_context context, - krb5_kdc_req *request, + krb5_data *packet, const krb5_data *realm, krb5_error ** ret_err_reply, krb5_kdc_rep ** ret_as_reply, int *use_master) { krb5_kdc_rep *as_reply = 0; krb5_error_code retval; - krb5_data *packet = 0; krb5_data reply; char k4_version; /* same type as *(krb5_data::data) */ int tcp_only = 0; - krb5_timestamp time_now; reply.data = 0; /* set the nonce if the caller expects us to do it */ - if (request->nonce == 0) { - if ((retval = krb5_timeofday(context, &time_now))) - goto cleanup; - request->nonce = (krb5_int32) time_now; - } - - /* encode & send to KDC */ - if ((retval = encode_krb5_as_req(request, &packet)) != 0) - goto cleanup; k4_version = packet->data[0]; send_again: retval = krb5_sendto_kdc(context, packet, - krb5_princ_realm(context, request->client), + realm, &reply, use_master, tcp_only); #if APPLE_PKINIT inTktDebug("krb5_sendto_kdc returned %d\n", (int)retval); @@ -240,8 +229,6 @@ send_again: krb5_free_kdc_rep(context, as_reply); cleanup: - if (packet) - krb5_free_data(context, packet); if (reply.data) free(reply.data); return retval; @@ -517,6 +504,7 @@ krb5_get_in_tkt(krb5_context context, krb5_timestamp time_now; krb5_keyblock * decrypt_key = 0; krb5_kdc_req request; + krb5_data *encoded_request; krb5_pa_data **padata = 0; krb5_error * err_reply; krb5_kdc_rep * as_reply = 0; @@ -650,8 +638,13 @@ krb5_get_in_tkt(krb5_context context, */ request.nonce = (krb5_int32) time_now; - if ((retval = send_as_request(context, &request, &err_reply, - &as_reply, &use_master))) + if ((retval = encode_krb5_as_req(&request, &encoded_request)) != 0) + goto cleanup; + retval = send_as_request(context, encoded_request, + krb5_princ_realm(context, request.client), &err_reply, + &as_reply, &use_master); + krb5_free_data_contents(context, encoded_request); + if (retval != 0) goto cleanup; if (err_reply) { @@ -1156,7 +1149,6 @@ krb5_get_init_creds(krb5_context context, krb5_preauth_request_context_init(context); - /* nonce is filled in by send_as_request if we don't take care of it */ if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST)) { request.ktype = options->etype_list; @@ -1301,7 +1293,8 @@ krb5_get_init_creds(krb5_context context, err_reply = 0; local_as_reply = 0; - if ((ret = send_as_request(context, &request, &err_reply, + if ((ret = send_as_request(context, encoded_previous_request, + krb5_princ_realm(context, request.client), &err_reply, &local_as_reply, use_master))) goto cleanup;