From 4bb50a0a01a30beb6d4cd5bdb1bc5bc7a41c67a2 Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Sat, 10 Apr 1999 02:57:33 +0000 Subject: [PATCH] kfree.c (krb5_free_sam_challenge, krb5_free_sam_challenge_contents, krb5_free_sam_response, krb5_free_sam_response_contents, krb5_free_predicted_sam_response, krb5_free_predicted_sam_response_contents, krb5_free_enc_sam_response_enc, krb5_free_enc_sam_response_enc_contents, krb5_free_pa_enc_ts): Added new functions. Part of patches from [krb5-kdc/662] gic_pwd.c (krb5_get_init_creds_password): Add new argument to calls to the prompter function. Part of patches from [krb5-kdc/662]. preauth2.c (pa_enc_timestamp, pa_sam): Update calls to new prompter function. [krb5-kdc/662]. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11349 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/ChangeLog | 18 +++++++ src/lib/krb5/krb/gic_pwd.c | 27 +++++----- src/lib/krb5/krb/kfree.c | 100 ++++++++++++++++++++++++++++++++++++ src/lib/krb5/krb/preauth2.c | 32 ++++++++---- 4 files changed, 154 insertions(+), 23 deletions(-) diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index 7e0305c9f..b3e1a5a3f 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,21 @@ +1999-04-09 Theodore Ts'o + + * kfree.c (krb5_free_sam_challenge, krb5_free_sam_challenge_contents, + krb5_free_sam_response, krb5_free_sam_response_contents, + krb5_free_predicted_sam_response, + krb5_free_predicted_sam_response_contents, + krb5_free_enc_sam_response_enc, + krb5_free_enc_sam_response_enc_contents, + krb5_free_pa_enc_ts): Added new functions. Part of + patches from [krb5-kdc/662] + + * gic_pwd.c (krb5_get_init_creds_password): Add new argument to + calls to the prompter function. Part of patches from + [krb5-kdc/662]. + + * preauth2.c (pa_enc_timestamp, pa_sam): Update calls to new + prompter function. [krb5-kdc/662]. + 1999-03-31 Theodore Ts'o * init_ctx.c (krb5_init_context): Call krb5_win_ccdll_load() to diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c index c517062f8..1706bce23 100644 --- a/src/lib/krb5/krb/gic_pwd.c +++ b/src/lib/krb5/krb/gic_pwd.c @@ -38,7 +38,7 @@ krb5_get_as_key_password(context, client, etype, prompter, prompter_data, if (prompter == NULL) return(EIO); - if (ret = krb5_unparse_name(context, client, &clientstr)) + if ((ret = krb5_unparse_name(context, client, &clientstr))) return(ret); strcpy(promptstr, "Password for "); @@ -51,12 +51,13 @@ krb5_get_as_key_password(context, client, etype, prompter, prompter_data, prompt.hidden = 1; prompt.reply = password; - if (ret = ((*prompter)(context, prompter_data, NULL, 1, &prompt))) + if (ret = (((*prompter)(context, prompter_data, NULL, NULL, + 1, &prompt)))) return(ret); } if ((salt->length == -1) && (salt->data == NULL)) { - if (ret = krb5_principal2salt(context, client, &defsalt)) + if ((ret = krb5_principal2salt(context, client, &defsalt))) return(ret); salt = &defsalt; @@ -179,11 +180,11 @@ krb5_get_init_creds_password(context, creds, client, password, prompter, data, krb5_get_init_creds_opt_set_forwardable(&chpw_opts, 0); krb5_get_init_creds_opt_set_proxiable(&chpw_opts, 0); - if (ret = krb5_get_init_creds(context, &chpw_creds, client, - prompter, data, - start_time, "kadmin/changepw", &chpw_opts, - krb5_get_as_key_password, (void *) &pw0, - &master, NULL)) + if ((ret = krb5_get_init_creds(context, &chpw_creds, client, + prompter, data, + start_time, "kadmin/changepw", &chpw_opts, + krb5_get_as_key_password, (void *) &pw0, + &master, NULL))) goto cleanup; prompt[0].prompt = "Enter new password"; @@ -200,7 +201,7 @@ krb5_get_init_creds_password(context, creds, client, password, prompter, data, pw0.length = sizeof(pw0array); pw1.length = sizeof(pw1array); - if (ret = ((*prompter)(context, data, banner, + if (ret = ((*prompter)(context, data, 0, banner, sizeof(prompt)/sizeof(prompt[0]), prompt))) goto cleanup; @@ -215,9 +216,9 @@ krb5_get_init_creds_password(context, creds, client, password, prompter, data, krb5_data code_string; krb5_data result_string; - if (ret = krb5_change_password(context, &chpw_creds, pw0array, - &result_code, &code_string, - &result_string)) + if ((ret = krb5_change_password(context, &chpw_creds, pw0array, + &result_code, &code_string, + &result_string))) goto cleanup; /* the change succeeded. go on */ @@ -296,7 +297,7 @@ cleanup: hours/24); /* ignore an error here */ - (*prompter)(context, data, banner, 0, 0); + (*prompter)(context, data, 0, banner, 0, 0); } } diff --git a/src/lib/krb5/krb/kfree.c b/src/lib/krb5/krb/kfree.c index 87eeca961..945bf5950 100644 --- a/src/lib/krb5/krb/kfree.c +++ b/src/lib/krb5/krb/kfree.c @@ -583,3 +583,103 @@ krb5_free_unparsed_name(context, val) return; } +KRB5_DLLIMP void KRB5_CALLCONV +krb5_free_sam_challenge(krb5_context ctx, krb5_sam_challenge FAR *sc) +{ + if (!sc) + return; + krb5_free_sam_challenge_contents(ctx, sc); + krb5_xfree(sc); +} + +KRB5_DLLIMP void KRB5_CALLCONV +krb5_free_sam_challenge_contents(krb5_context ctx, krb5_sam_challenge FAR *sc) +{ + if (!sc) + return; + if (sc->sam_type_name.data) + krb5_free_data_contents(ctx, &sc->sam_type_name); + if (sc->sam_track_id.data) + krb5_free_data_contents(ctx, &sc->sam_track_id); + if (sc->sam_challenge_label.data) + krb5_free_data_contents(ctx, &sc->sam_challenge_label); + if (sc->sam_challenge.data) + krb5_free_data_contents(ctx, &sc->sam_challenge); + if (sc->sam_response_prompt.data) + krb5_free_data_contents(ctx, &sc->sam_response_prompt); + if (sc->sam_pk_for_sad.data) + krb5_free_data_contents(ctx, &sc->sam_pk_for_sad); + if (sc->sam_cksum.contents) + krb5_xfree(sc->sam_cksum.contents); +} + +KRB5_DLLIMP void KRB5_CALLCONV +krb5_free_sam_response(krb5_context ctx, krb5_sam_response FAR *sr) +{ + if (!sr) + return; + krb5_free_sam_response_contents(ctx, sr); + krb5_xfree(sr); +} + +KRB5_DLLIMP void KRB5_CALLCONV +krb5_free_sam_response_contents(krb5_context ctx, krb5_sam_response FAR *sr) +{ + if (!sr) + return; + if (sr->sam_track_id.data) + krb5_free_data_contents(ctx, &sr->sam_track_id); + if (sr->sam_enc_key.ciphertext.data) + krb5_free_data_contents(ctx, &sr->sam_enc_key.ciphertext); + if (sr->sam_enc_nonce_or_ts.ciphertext.data) + krb5_free_data_contents(ctx, &sr->sam_enc_nonce_or_ts.ciphertext); +} + +KRB5_DLLIMP void KRB5_CALLCONV +krb5_free_predicted_sam_response(krb5_context ctx, + krb5_predicted_sam_response FAR *psr) +{ + if (!psr) + return; + krb5_free_predicted_sam_response_contents(ctx, psr); + krb5_xfree(psr); +} + +KRB5_DLLIMP void KRB5_CALLCONV +krb5_free_predicted_sam_response_contents(krb5_context ctx, + krb5_predicted_sam_response FAR *psr) +{ + if (!psr) + return; + if (psr->sam_key.contents); + krb5_free_keyblock_contents(ctx, &psr->sam_key); +} + +KRB5_DLLIMP void KRB5_CALLCONV +krb5_free_enc_sam_response_enc(krb5_context ctx, + krb5_enc_sam_response_enc FAR *esre) +{ + if (!esre) + return; + krb5_free_enc_sam_response_enc_contents(ctx, esre); + krb5_xfree(esre); +} + +KRB5_DLLIMP void KRB5_CALLCONV +krb5_free_enc_sam_response_enc_contents(krb5_context ctx, + krb5_enc_sam_response_enc FAR *esre) +{ + if (!esre) + return; + if (esre->sam_passcode.data) + krb5_free_data_contents(ctx, &esre->sam_passcode); +} + +KRB5_DLLIMP void KRB5_CALLCONV +krb5_free_pa_enc_ts(krb5_context ctx, krb5_pa_enc_ts FAR *pa_enc_ts) +{ + if (!pa_enc_ts) + return; + krb5_xfree(pa_enc_ts); +} + diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c index 86d325d7b..9ede43128 100644 --- a/src/lib/krb5/krb/preauth2.c +++ b/src/lib/krb5/krb/preauth2.c @@ -102,12 +102,17 @@ krb5_error_code pa_enc_timestamp(krb5_context context, krb5_enc_data enc_data; krb5_pa_data *pa; - /* if we haven't yet gotten a key, get it now. */ - - if (ret = ((*gak_fct)(context, request->client, - request->ktype[0], prompter, prompter_data, - salt, as_key, gak_data))) - return(ret); + /* + * We need to use the password as part or all of the key. + * If as_key contains info, it should be the users pass phrase. + * If not, get the password before issuing the challenge. + */ + if (as_key->length == 0) { + if (ret = ((*gak_fct)(context, request->client, + request->ktype[0], prompter, prompter_data, + salt, as_key, gak_data))) + return(ret); + } /* now get the time of day, and encrypt it accordingly */ @@ -194,9 +199,10 @@ char *sam_challenge_banner(sam_type) #define SAMDATA(kdata, str, maxsize) \ (kdata.length)? \ - ((((kdata.length)<=(maxsize))?(kdata.length):(maxsize))): \ + ((((kdata.length)<=(maxsize))?(kdata.length):(strlen(str)))): \ strlen(str), \ - (kdata.length)?(kdata.data):(str) + (kdata.length)? \ + ((((kdata.length)<=(maxsize))?(kdata.data):(str))):(str) /* XXX Danger! This code is not in sync with the kerberos-password-02 draft. This draft cannot be implemented as written. This code is @@ -216,7 +222,8 @@ krb5_error_code pa_sam(krb5_context context, { krb5_error_code ret; krb5_data tmpsam; - char banner[100], prompt[100], response[100]; + char name[100], banner[100]; + char prompt[100], response[100]; krb5_data response_data; krb5_prompt kprompt; krb5_data defsalt; @@ -238,6 +245,10 @@ krb5_error_code pa_sam(krb5_context context, return(KRB5_SAM_UNSUPPORTED); } + sprintf(name, "%.*s", + SAMDATA(sam_challenge->sam_type_name, "SAM Authentication", + sizeof(name) - 1)); + sprintf(banner, "%.*s", SAMDATA(sam_challenge->sam_challenge_label, sam_challenge_banner(sam_challenge->sam_type), @@ -257,7 +268,8 @@ krb5_error_code pa_sam(krb5_context context, kprompt.hidden = sam_challenge->sam_challenge.length?0:1; kprompt.reply = &response_data; - if (ret = ((*prompter)(context, prompter_data, banner, 1, &kprompt))) { + if (ret = ((*prompter)(context, prompter_data, name, + banner, 1, &kprompt))) { krb5_xfree(sam_challenge); return(ret); } -- 2.26.2