From 9defb2b1cd529432dc1cf532c8c00e6ceb75a597 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Fri, 7 Oct 2011 14:44:15 +0000 Subject: [PATCH] Minor cleanups to encrypted challenge git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25320 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kdc/kdc_preauth_ec.c | 46 ++++++++++++++------------- src/lib/krb5/krb/preauth_ec.c | 60 +++++++++++++++-------------------- 2 files changed, 50 insertions(+), 56 deletions(-) diff --git a/src/kdc/kdc_preauth_ec.c b/src/kdc/kdc_preauth_ec.c index 9d93cf720..e5f5d6e58 100644 --- a/src/kdc/kdc_preauth_ec.c +++ b/src/kdc/kdc_preauth_ec.c @@ -34,9 +34,9 @@ #include "kdc_util.h" static krb5_error_code -kdc_include_padata(krb5_context context, krb5_kdc_req *request, - krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock, - krb5_kdcpreauth_moddata moddata, krb5_pa_data *data) +ec_edata(krb5_context context, krb5_kdc_req *request, + krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock, + krb5_kdcpreauth_moddata moddata, krb5_pa_data *data) { krb5_keyblock *armor_key = cb->fast_armor(context, rock); @@ -44,12 +44,11 @@ kdc_include_padata(krb5_context context, krb5_kdc_req *request, } static void -kdc_verify_preauth(krb5_context context, krb5_data *req_pkt, - krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply, - krb5_pa_data *data, krb5_kdcpreauth_callbacks cb, - krb5_kdcpreauth_rock rock, krb5_kdcpreauth_moddata moddata, - krb5_kdcpreauth_verify_respond_fn respond, - void *arg) +ec_verify(krb5_context context, krb5_data *req_pkt, krb5_kdc_req *request, + krb5_enc_tkt_part *enc_tkt_reply, krb5_pa_data *data, + krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock, + krb5_kdcpreauth_moddata moddata, + krb5_kdcpreauth_verify_respond_fn respond, void *arg) { krb5_error_code retval = 0; krb5_timestamp now; @@ -67,7 +66,9 @@ kdc_verify_preauth(krb5_context context, krb5_data *req_pkt, if (armor_key == NULL) { retval = ENOENT; - krb5_set_error_message(context, ENOENT, "Encrypted Challenge used outside of FAST tunnel"); + krb5_set_error_message(context, ENOENT, + _("Encrypted Challenge used outside of FAST " + "tunnel")); } scratch.data = (char *) data->contents; scratch.length = data->length; @@ -101,7 +102,9 @@ kdc_verify_preauth(krb5_context context, krb5_data *req_pkt, } if (client_keys[i].enctype == 0) { retval = KRB5KDC_ERR_PREAUTH_FAILED; - krb5_set_error_message(context, retval, "Incorrect password in encrypted challenge"); + krb5_set_error_message(context, retval, + _("Incorrect password in encrypted " + "challenge")); } } if (retval == 0) @@ -136,12 +139,11 @@ kdc_verify_preauth(krb5_context context, krb5_data *req_pkt, } static krb5_error_code -kdc_return_preauth(krb5_context context, krb5_pa_data *padata, - krb5_data *req_pkt, krb5_kdc_req *request, - krb5_kdc_rep *reply, krb5_keyblock *encrypting_key, - krb5_pa_data **send_pa, krb5_kdcpreauth_callbacks cb, - krb5_kdcpreauth_rock rock, krb5_kdcpreauth_moddata moddata, - krb5_kdcpreauth_modreq modreq) +ec_return(krb5_context context, krb5_pa_data *padata, krb5_data *req_pkt, + krb5_kdc_req *request, krb5_kdc_rep *reply, + krb5_keyblock *encrypting_key, krb5_pa_data **send_pa, + krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock, + krb5_kdcpreauth_moddata moddata, krb5_kdcpreauth_modreq modreq) { krb5_error_code retval = 0; krb5_keyblock *challenge_key = (krb5_keyblock *)modreq; @@ -188,7 +190,7 @@ kdc_return_preauth(krb5_context context, krb5_pa_data *padata, return retval; } -krb5_preauthtype supported_pa_types[] = { +static krb5_preauthtype ec_types[] = { KRB5_PADATA_ENCRYPTED_CHALLENGE, 0}; krb5_error_code @@ -201,9 +203,9 @@ kdcpreauth_encrypted_challenge_initvt(krb5_context context, int maj_ver, return KRB5_PLUGIN_VER_NOTSUPP; vt = (krb5_kdcpreauth_vtable)vtable; vt->name = "encrypted_challenge"; - vt->pa_type_list = supported_pa_types; - vt->edata = kdc_include_padata; - vt->verify = kdc_verify_preauth; - vt->return_padata = kdc_return_preauth; + vt->pa_type_list = ec_types; + vt->edata = ec_edata; + vt->verify = ec_verify; + vt->return_padata = ec_return; return 0; } diff --git a/src/lib/krb5/krb/preauth_ec.c b/src/lib/krb5/krb/preauth_ec.c index 6a9c76ad9..3fcea374b 100644 --- a/src/lib/krb5/krb/preauth_ec.c +++ b/src/lib/krb5/krb/preauth_ec.c @@ -34,22 +34,22 @@ #include "int-proto.h" static int -preauth_flags(krb5_context context, krb5_preauthtype pa_type) +ec_flags(krb5_context context, krb5_preauthtype pa_type) { return PA_REAL; } static krb5_error_code -process_preauth(krb5_context context, krb5_clpreauth_moddata moddata, - krb5_clpreauth_modreq modreq, krb5_get_init_creds_opt *opt, - krb5_clpreauth_callbacks cb, - krb5_clpreauth_rock rock, krb5_kdc_req *request, - krb5_data *encoded_request_body, - krb5_data *encoded_previous_request, krb5_pa_data *padata, - krb5_prompter_fct prompter, void *prompter_data, - krb5_clpreauth_get_as_key_fn gak_fct, void *gak_data, - krb5_data *salt, krb5_data *s2kparams, krb5_keyblock *as_key, - krb5_pa_data ***out_padata) +ec_process(krb5_context context, krb5_clpreauth_moddata moddata, + krb5_clpreauth_modreq modreq, krb5_get_init_creds_opt *opt, + krb5_clpreauth_callbacks cb, + krb5_clpreauth_rock rock, krb5_kdc_req *request, + krb5_data *encoded_request_body, + krb5_data *encoded_previous_request, krb5_pa_data *padata, + krb5_prompter_fct prompter, void *prompter_data, + krb5_clpreauth_get_as_key_fn gak_fct, void *gak_data, + krb5_data *salt, krb5_data *s2kparams, krb5_keyblock *as_key, + krb5_pa_data ***out_padata) { krb5_error_code retval = 0; krb5_enctype enctype; @@ -97,8 +97,7 @@ process_preauth(krb5_context context, krb5_clpreauth_moddata moddata, krb5_free_enc_data(context, enc); } else if (retval == 0) { /*No padata; we send*/ krb5_enc_data enc; - krb5_pa_data *pa = NULL; - krb5_pa_data **pa_array = NULL; + krb5_pa_data **pa = NULL; krb5_data *encoded_ts = NULL; krb5_pa_enc_ts ts; enc.ciphertext.data = NULL; @@ -122,32 +121,25 @@ process_preauth(krb5_context context, krb5_clpreauth_moddata moddata, krb5_free_data_contents(context, &enc.ciphertext); } if (retval == 0) { - pa = calloc(1, sizeof(krb5_pa_data)); + pa = calloc(2, sizeof(krb5_pa_data *)); if (pa == NULL) retval = ENOMEM; } if (retval == 0) { - pa_array = calloc(2, sizeof(krb5_pa_data *)); - if (pa_array == NULL) + pa[0] = calloc(1, sizeof(krb5_pa_data)); + if (pa[0] == NULL) retval = ENOMEM; } if (retval == 0) { - pa->length = encoded_ts->length; - pa->contents = (unsigned char *) encoded_ts->data; - pa->pa_type = KRB5_PADATA_ENCRYPTED_CHALLENGE; - free(encoded_ts); - encoded_ts = NULL; - pa_array[0] = pa; + pa[0]->length = encoded_ts->length; + pa[0]->contents = (unsigned char *) encoded_ts->data; + pa[0]->pa_type = KRB5_PADATA_ENCRYPTED_CHALLENGE; + encoded_ts->data = NULL; + *out_padata = pa; pa = NULL; - *out_padata = pa_array; - pa_array = NULL; } - if (pa) - free(pa); - if (encoded_ts) - krb5_free_data(context, encoded_ts); - if (pa_array) - free(pa_array); + free(pa); + krb5_free_data(context, encoded_ts); } if (challenge_key) krb5_free_keyblock(context, challenge_key); @@ -155,7 +147,7 @@ process_preauth(krb5_context context, krb5_clpreauth_moddata moddata, } -krb5_preauthtype supported_pa_types[] = { +static krb5_preauthtype ec_types[] = { KRB5_PADATA_ENCRYPTED_CHALLENGE, 0}; krb5_error_code @@ -168,8 +160,8 @@ clpreauth_encrypted_challenge_initvt(krb5_context context, int maj_ver, return KRB5_PLUGIN_VER_NOTSUPP; vt = (krb5_clpreauth_vtable)vtable; vt->name = "encrypted_challenge"; - vt->pa_type_list = supported_pa_types; - vt->flags = preauth_flags; - vt->process = process_preauth; + vt->pa_type_list = ec_types; + vt->flags = ec_flags; + vt->process = ec_process; return 0; } -- 2.26.2