From 0c57cc3e342602c965b751df1e30d5c55f6814d7 Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Thu, 20 Apr 1995 21:40:03 +0000 Subject: [PATCH] mk_req.c (krb5_mk_req): Use krb5_sname_to_principal() in order to create the service principal from the service and hostname pair. This allows for the host cannoncialization to work correctly. mk_req_ext.c (krb5_mk_req_extended): Revamp checksum handling code so that no checksum is performed in in_data is NULL, and the special case handing of cksumtype == 0x8003 for the GSSAPI library is handled correctly. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5406 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/ChangeLog | 12 ++++++++ src/lib/krb5/krb/mk_req.c | 16 ++++------ src/lib/krb5/krb/mk_req_ext.c | 55 +++++++++++++++++------------------ 3 files changed, 43 insertions(+), 40 deletions(-) diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index 3e5a5e365..cbe035a77 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,15 @@ +Thu Apr 20 16:23:23 1995 Theodore Y. Ts'o (tytso@dcl) + + * mk_req.c (krb5_mk_req): Use krb5_sname_to_principal() in order + to create the service principal from the service and + hostname pair. This allows for the host cannoncialization + to work correctly. + + * mk_req_ext.c (krb5_mk_req_extended): Revamp checksum handling + code so that no checksum is performed in in_data is NULL, + and the special case handing of cksumtype == 0x8003 for + the GSSAPI library is handled correctly. + Wed Apr 19 13:39:34 1995 Ezra Peisach * init_ctx.c: (krb5_init_context) initialize context default diff --git a/src/lib/krb5/krb/mk_req.c b/src/lib/krb5/krb/mk_req.c index a9884a48b..48b72c5af 100644 --- a/src/lib/krb5/krb/mk_req.c +++ b/src/lib/krb5/krb/mk_req.c @@ -66,15 +66,11 @@ krb5_mk_req(context, auth_context, ap_req_options, service, hostname, in_data, krb5_creds creds; char ** realm; - /* get realm */ - if (retval = krb5_get_host_realm(context, hostname, &realm)) - return retval; - - /* build principal */ - if (retval = krb5_build_principal(context, &server, strlen(realm[0]), - realm[0], service, hostname, NULL)) - goto cleanup_realm; - + retval = krb5_sname_to_principal(context, hostname, service, + KRB5_NT_SRV_HST, &server); + if (retval) + return retval; + /* obtain ticket & session key */ memset((char *)&creds, 0, sizeof(creds)); if (retval = krb5_copy_principal(context, server, &creds.server)) @@ -98,7 +94,5 @@ cleanup_creds: cleanup_princ: krb5_free_principal(context, server); -cleanup_realm: - krb5_free_host_realm(context, realm); return retval; } diff --git a/src/lib/krb5/krb/mk_req_ext.c b/src/lib/krb5/krb/mk_req_ext.c index 1011574e4..f146d1483 100644 --- a/src/lib/krb5/krb/mk_req_ext.c +++ b/src/lib/krb5/krb/mk_req_ext.c @@ -79,6 +79,7 @@ krb5_mk_req_extended(context, auth_context, ap_req_options, in_data, in_creds, { krb5_error_code retval; krb5_checksum checksum; + krb5_checksum *checksump = 0; krb5_auth_context * new_auth_context; krb5_ap_req request; @@ -131,35 +132,30 @@ krb5_mk_req_extended(context, auth_context, ap_req_options, in_data, in_creds, goto cleanup; - /* Generate checksum, XXX What should the seed be? */ - if ((checksum.contents = (krb5_octet *)malloc(krb5_checksum_size(context, - (*auth_context)->cksumtype))) == NULL) { - retval = ENOMEM; - goto cleanup; + if (in_data) { + if ((*auth_context)->cksumtype == 0x8003) { + /* XXX Special hack for GSSAPI */ + checksum.checksum_type = 0x8003; + checksum.length = in_data->length; + checksum.contents = (krb5_octet *) in_data->data; + } else { + /* Generate checksum, XXX What should the seed be? */ + if ((checksum.contents = (krb5_octet *)malloc(krb5_checksum_size(context, + (*auth_context)->cksumtype))) == NULL) { + retval = ENOMEM; + goto cleanup; + } + if (retval = krb5_calculate_checksum(context, + (*auth_context)->cksumtype, + in_data->data, in_data->length, + (*auth_context)->keyblock->contents, + (*auth_context)->keyblock->length, + &checksum)) + goto cleanup_cksum; + } + checksump = &checksum; } - if (in_data == NULL) { - if (retval = krb5_calculate_checksum(context, - (*auth_context)->cksumtype, 0, 0, - (*auth_context)->keyblock->contents, - (*auth_context)->keyblock->length, - &checksum)) - goto cleanup_cksum; - } else - if ((*auth_context)->cksumtype == 0x8003) { - /* XXX Special hack for GSSAPI */ - checksum.checksum_type = 0x8003; - checksum.length = in_data->length; - checksum.contents = (krb5_octet *) in_data->data; - } else - if (retval = krb5_calculate_checksum(context, - (*auth_context)->cksumtype, - in_data->data, in_data->length, - (*auth_context)->keyblock->contents, - (*auth_context)->keyblock->length, - &checksum)) - goto cleanup_cksum; - /* Generate authenticator */ if (((*auth_context)->authentp = (krb5_authenticator *)malloc(sizeof( krb5_authenticator))) == NULL) { @@ -168,7 +164,7 @@ krb5_mk_req_extended(context, auth_context, ap_req_options, in_data, in_creds, } if (retval = krb5_generate_authenticator(context, (*auth_context)->authentp, - (in_creds)->client, &checksum, + (in_creds)->client, checksump, (*auth_context)->local_subkey, (*auth_context)->local_seq_number, (in_creds)->authdata)) @@ -229,7 +225,8 @@ krb5_mk_req_extended(context, auth_context, ap_req_options, in_data, in_creds, krb5_xfree(toutbuf); cleanup_cksum: - free(checksum.contents); + if (checksump && checksump->checksum_type != 0x8003) + free(checksump->contents); cleanup: if (request.ticket) -- 2.26.2