From 0d55ad7285d5d52e9c8133213a9614afe2431d65 Mon Sep 17 00:00:00 2001 From: Ken Raeburn Date: Mon, 7 Feb 2000 00:18:02 +0000 Subject: [PATCH] Frank Cusack changes, set 1, diffs 1-3 of 4 Rename "sam_passcode" field to "sam_sad". Add data to predicted-sam-response structure, in part to (prepare to) help with replay detection. Fix some memory allocation problems. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12005 dc483132-0cff-0310-8789-dd5450dbe970 --- src/include/ChangeLog | 7 +++++++ src/include/k5-int.h | 7 ++++++- src/lib/krb5/asn.1/ChangeLog | 6 ++++++ src/lib/krb5/asn.1/asn1_k_decode.c | 2 +- src/lib/krb5/asn.1/asn1_k_encode.c | 2 +- src/lib/krb5/krb/ChangeLog | 9 +++++++++ src/lib/krb5/krb/kfree.c | 10 +++++++--- src/lib/krb5/krb/preauth.c | 8 ++++---- src/lib/krb5/krb/preauth2.c | 4 ++-- 9 files changed, 43 insertions(+), 12 deletions(-) diff --git a/src/include/ChangeLog b/src/include/ChangeLog index 52948ae7b..bbc0bf9b5 100644 --- a/src/include/ChangeLog +++ b/src/include/ChangeLog @@ -1,3 +1,10 @@ +2000-02-06 Ken Raeburn + + Patches from Frank Cusack for hw preauth. + * k5-int.h (krb5_predicted_sam_response): Add timestamp, client + principal, and per-mechanism data fields. + (krb5_enc_sam_response_enc): Change "passcode" field to "sad". + 2000-02-01 Danilo Almeida * krb5.hin (krb5_decode_ticket): Declare. diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 419946d6c..41a588b32 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -356,6 +356,11 @@ typedef krb5_etype_info_entry ** krb5_etype_info; typedef struct _krb5_predicted_sam_response { krb5_magic magic; krb5_keyblock sam_key; + krb5_timestamp stime; /* time on server, for replay detection */ + krb5_int32 susec; + krb5_principal client; + krb5_data msd; /* mechanism specific data */ + } krb5_predicted_sam_response; typedef struct _krb5_sam_challenge { @@ -382,7 +387,7 @@ typedef struct _krb5_enc_sam_response_enc { krb5_int32 sam_nonce; krb5_timestamp sam_timestamp; krb5_int32 sam_usec; - krb5_data sam_passcode; + krb5_data sam_sad; } krb5_enc_sam_response_enc; typedef struct _krb5_sam_response { diff --git a/src/lib/krb5/asn.1/ChangeLog b/src/lib/krb5/asn.1/ChangeLog index ff5ca5661..c75e244dd 100644 --- a/src/lib/krb5/asn.1/ChangeLog +++ b/src/lib/krb5/asn.1/ChangeLog @@ -1,3 +1,9 @@ +2000-02-06 Ken Raeburn + + * asn1_k_decode.c (asn1_decode_enc_sam_response_enc): Update for + field name change. + * asn1_k_encode.c (asn1_encode_enc_sam_response_enc): Likewise. + 2000-02-01 Danilo Almeida * krb5_decode.c (krb5_decode_ticket): Add function to provide diff --git a/src/lib/krb5/asn.1/asn1_k_decode.c b/src/lib/krb5/asn.1/asn1_k_decode.c index 0c14e94f0..788dbf575 100644 --- a/src/lib/krb5/asn.1/asn1_k_decode.c +++ b/src/lib/krb5/asn.1/asn1_k_decode.c @@ -784,7 +784,7 @@ asn1_error_code asn1_decode_enc_sam_response_enc(buf, val) opt_field(val->sam_nonce,0,asn1_decode_int32,0); opt_field(val->sam_timestamp,1,asn1_decode_kerberos_time,0); opt_field(val->sam_usec,2,asn1_decode_int32,0); - opt_string(val->sam_passcode,3,asn1_decode_charstring); + opt_string(val->sam_sad,3,asn1_decode_charstring); end_structure(); val->magic = KV5M_ENC_SAM_RESPONSE_ENC; } diff --git a/src/lib/krb5/asn.1/asn1_k_encode.c b/src/lib/krb5/asn.1/asn1_k_encode.c index 0bd3107a7..8b02aa29a 100644 --- a/src/lib/krb5/asn.1/asn1_k_encode.c +++ b/src/lib/krb5/asn.1/asn1_k_encode.c @@ -912,7 +912,7 @@ asn1_error_code asn1_encode_enc_sam_response_enc(buf, val, retlen) int * retlen; { asn1_setup(); - add_optstring(val->sam_passcode,3,asn1_encode_charstring); + add_optstring(val->sam_sad,3,asn1_encode_charstring); asn1_addfield(val->sam_usec,2,asn1_encode_integer); asn1_addfield(val->sam_timestamp,1,asn1_encode_kerberos_time); asn1_addfield(val->sam_nonce,0,asn1_encode_integer); diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index be1b18041..054f69f94 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,12 @@ +2000-02-06 Ken Raeburn + + * kfree.c (krb5_free_predicted_sam_response_contents): Fix typo. + Free new data fields if needed. + (krb5_free_enc_sam_response_enc_contents): Update for field name + change. + * preauth.c (obtain_sam_padata): Update for field name change. + * preauth2.c (pa_sam): Likewise. + 2000-01-27 Ken Raeburn * init_ctx.c (get_profile_etype_list): Discard DESONLY changes diff --git a/src/lib/krb5/krb/kfree.c b/src/lib/krb5/krb/kfree.c index f3745dca9..24d8aaff9 100644 --- a/src/lib/krb5/krb/kfree.c +++ b/src/lib/krb5/krb/kfree.c @@ -654,8 +654,12 @@ krb5_free_predicted_sam_response_contents(krb5_context ctx, { if (!psr) return; - if (psr->sam_key.contents); + if (psr->sam_key.contents) krb5_free_keyblock_contents(ctx, &psr->sam_key); + if (psr->client) + krb5_free_principal(ctx, psr->client); + if (psr->msd.data) + krb5_free_data_contents(ctx, &psr->msd); } KRB5_DLLIMP void KRB5_CALLCONV @@ -674,8 +678,8 @@ krb5_free_enc_sam_response_enc_contents(krb5_context ctx, { if (!esre) return; - if (esre->sam_passcode.data) - krb5_free_data_contents(ctx, &esre->sam_passcode); + if (esre->sam_sad.data) + krb5_free_data_contents(ctx, &esre->sam_sad); } KRB5_DLLIMP void KRB5_CALLCONV diff --git a/src/lib/krb5/krb/preauth.c b/src/lib/krb5/krb/preauth.c index 74de4dc6d..9f301dafd 100644 --- a/src/lib/krb5/krb/preauth.c +++ b/src/lib/krb5/krb/preauth.c @@ -565,8 +565,8 @@ obtain_sam_padata(context, in_padata, etype_info, def_enc_key, free(passcode); return retval; } - enc_sam_response_enc.sam_passcode.data = passcode; - enc_sam_response_enc.sam_passcode.length = pcsize; + enc_sam_response_enc.sam_sad.data = passcode; + enc_sam_response_enc.sam_sad.length = pcsize; } else if (sam_challenge->sam_flags & KRB5_SAM_USE_SAD_AS_KEY) { prompt = handle_sam_labels(sam_challenge); if (prompt == NULL) @@ -577,14 +577,14 @@ obtain_sam_padata(context, in_padata, etype_info, def_enc_key, free(prompt); if (retval) return retval; - enc_sam_response_enc.sam_passcode.length = 0; + enc_sam_response_enc.sam_sad.length = 0; } else { /* what *was* it? */ return KRB5_SAM_UNSUPPORTED; } /* so at this point, either sam_use_key is generated from the passcode - * or enc_sam_response_enc.sam_passcode is set to it, and we use + * or enc_sam_response_enc.sam_sad is set to it, and we use * def_enc_key instead. */ /* encode the encoded part of the response */ if ((retval = encode_krb5_enc_sam_response_enc(&enc_sam_response_enc, diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c index f3da763a2..5771170c3 100644 --- a/src/lib/krb5/krb/preauth2.c +++ b/src/lib/krb5/krb/preauth2.c @@ -279,7 +279,7 @@ krb5_error_code pa_sam(krb5_context context, enc_sam_response_enc.sam_nonce = sam_challenge->sam_nonce; if (sam_challenge->sam_flags & KRB5_SAM_SEND_ENCRYPTED_SAD) { - enc_sam_response_enc.sam_passcode = response_data; + enc_sam_response_enc.sam_sad = response_data; } else if (sam_challenge->sam_flags & KRB5_SAM_USE_SAD_AS_KEY) { if (sam_challenge->sam_nonce == 0) { if (ret = krb5_us_timeofday(context, @@ -329,7 +329,7 @@ krb5_error_code pa_sam(krb5_context context, return(ret); } - enc_sam_response_enc.sam_passcode.length = 0; + enc_sam_response_enc.sam_sad.length = 0; } /* copy things from the challenge */ -- 2.26.2