From 8cbd9cd9c5a9663f89f4be8a09efe1a5ad217747 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Sun, 8 Jan 2012 21:54:29 +0000 Subject: [PATCH] Remove unneeded kdcRealm field in PKINIT structure krb5_pk_authenticator_draft9 had a kdcRealm field which was set by the client code but never encoded or decoded. Remove it. Eliminating this field exposed a bug in auth_pack_draft9_optional; fix that. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25624 dc483132-0cff-0310-8789-dd5450dbe970 --- src/include/k5-int-pkinit.h | 1 - src/lib/krb5/asn.1/asn1_k_decode.c | 1 - src/lib/krb5/asn.1/asn1_k_encode.c | 2 +- src/plugins/preauth/pkinit/pkinit_clnt.c | 3 --- src/tests/asn.1/ktest.c | 2 -- 5 files changed, 1 insertion(+), 8 deletions(-) diff --git a/src/include/k5-int-pkinit.h b/src/include/k5-int-pkinit.h index b5b0863d7..7fbbc53ee 100644 --- a/src/include/k5-int-pkinit.h +++ b/src/include/k5-int-pkinit.h @@ -47,7 +47,6 @@ typedef struct _krb5_pk_authenticator { /* PKAuthenticator draft9 */ typedef struct _krb5_pk_authenticator_draft9 { krb5_principal kdcName; - krb5_data kdcRealm; krb5_int32 cusec; /* (0..999999) */ krb5_timestamp ctime; krb5_int32 nonce; /* (0..4294967295) */ diff --git a/src/lib/krb5/asn.1/asn1_k_decode.c b/src/lib/krb5/asn.1/asn1_k_decode.c index f25126ebe..b2471004a 100644 --- a/src/lib/krb5/asn.1/asn1_k_decode.c +++ b/src/lib/krb5/asn.1/asn1_k_decode.c @@ -1370,7 +1370,6 @@ asn1_decode_pk_authenticator_draft9(asn1buf *buf, { setup(); val->kdcName = NULL; - val->kdcRealm.data = NULL; { begin_structure(); alloc_principal(val->kdcName); get_field(val->kdcName, 0, asn1_decode_principal_name); diff --git a/src/lib/krb5/asn.1/asn1_k_encode.c b/src/lib/krb5/asn.1/asn1_k_encode.c index a811e7e4c..f149849a9 100644 --- a/src/lib/krb5/asn.1/asn1_k_encode.c +++ b/src/lib/krb5/asn.1/asn1_k_encode.c @@ -1428,7 +1428,7 @@ static unsigned int auth_pack_draft9_optional(const void *p) { unsigned int optional = 0; - const krb5_auth_pack *val = p; + const krb5_auth_pack_draft9 *val = p; if (val->clientPublicValue != NULL) optional |= (1u << 1); return optional; diff --git a/src/plugins/preauth/pkinit/pkinit_clnt.c b/src/plugins/preauth/pkinit/pkinit_clnt.c index cf406fd0c..609cc9b00 100644 --- a/src/plugins/preauth/pkinit/pkinit_clnt.c +++ b/src/plugins/preauth/pkinit/pkinit_clnt.c @@ -260,9 +260,6 @@ pkinit_as_req_create(krb5_context context, auth_pack9->pkAuthenticator.cusec = cusec; auth_pack9->pkAuthenticator.nonce = nonce; auth_pack9->pkAuthenticator.kdcName = server; - auth_pack9->pkAuthenticator.kdcRealm.magic = 0; - auth_pack9->pkAuthenticator.kdcRealm.data = server->realm.data; - auth_pack9->pkAuthenticator.kdcRealm.length = server->realm.length; free(cksum->contents); break; case KRB5_PADATA_PK_AS_REQ: diff --git a/src/tests/asn.1/ktest.c b/src/tests/asn.1/ktest.c index a7cfd66b1..27b1f624f 100644 --- a/src/tests/asn.1/ktest.c +++ b/src/tests/asn.1/ktest.c @@ -630,7 +630,6 @@ static void ktest_make_sample_pk_authenticator_draft9(krb5_pk_authenticator_draft9 *p) { ktest_make_sample_principal(&p->kdcName); - ktest_make_sample_data(&p->kdcRealm); p->cusec = SAMPLE_USEC; p->ctime = SAMPLE_TIME; p->nonce = SAMPLE_NONCE; @@ -1443,7 +1442,6 @@ static void ktest_empty_pk_authenticator_draft9(krb5_pk_authenticator_draft9 *p) { ktest_destroy_principal(&p->kdcName); - ktest_empty_data(&p->kdcRealm); } static void -- 2.26.2