From ca9c1212fcb150c3514f8a9ef2f25709b5146de4 Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Fri, 6 Mar 2009 17:26:29 +0000 Subject: [PATCH] send_as_req re-encodes the request krb5_get_init_creds calls encode_krb5_as_req to produce an encoding for the preauth plugins, then passes the unencoded request structure into the static function send_as_req. That function re-encodes the request. This is an unnecessary call to the encoder. In addition, for the FAST project, it is desirable to encapsulate the unencoded outer request so that krb5_get_init_creds does not need it. * send_as_req is modified to take an encoded request and realm * Remove unused logic to fill in request nonce from send_as_req ticket: 6401 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22067 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/get_in_tkt.c | 31 ++++++++++++------------------- 1 file changed, 12 insertions(+), 19 deletions(-) diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index f3e6ddf23..5419f3723 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -136,36 +136,25 @@ gen_nonce(krb5_context context, */ static krb5_error_code send_as_request(krb5_context context, - krb5_kdc_req *request, + krb5_data *packet, const krb5_data *realm, krb5_error ** ret_err_reply, krb5_kdc_rep ** ret_as_reply, int *use_master) { krb5_kdc_rep *as_reply = 0; krb5_error_code retval; - krb5_data *packet = 0; krb5_data reply; char k4_version; /* same type as *(krb5_data::data) */ int tcp_only = 0; - krb5_timestamp time_now; reply.data = 0; /* set the nonce if the caller expects us to do it */ - if (request->nonce == 0) { - if ((retval = krb5_timeofday(context, &time_now))) - goto cleanup; - request->nonce = (krb5_int32) time_now; - } - - /* encode & send to KDC */ - if ((retval = encode_krb5_as_req(request, &packet)) != 0) - goto cleanup; k4_version = packet->data[0]; send_again: retval = krb5_sendto_kdc(context, packet, - krb5_princ_realm(context, request->client), + realm, &reply, use_master, tcp_only); #if APPLE_PKINIT inTktDebug("krb5_sendto_kdc returned %d\n", (int)retval); @@ -240,8 +229,6 @@ send_again: krb5_free_kdc_rep(context, as_reply); cleanup: - if (packet) - krb5_free_data(context, packet); if (reply.data) free(reply.data); return retval; @@ -517,6 +504,7 @@ krb5_get_in_tkt(krb5_context context, krb5_timestamp time_now; krb5_keyblock * decrypt_key = 0; krb5_kdc_req request; + krb5_data *encoded_request; krb5_pa_data **padata = 0; krb5_error * err_reply; krb5_kdc_rep * as_reply = 0; @@ -650,8 +638,13 @@ krb5_get_in_tkt(krb5_context context, */ request.nonce = (krb5_int32) time_now; - if ((retval = send_as_request(context, &request, &err_reply, - &as_reply, &use_master))) + if ((retval = encode_krb5_as_req(&request, &encoded_request)) != 0) + goto cleanup; + retval = send_as_request(context, encoded_request, + krb5_princ_realm(context, request.client), &err_reply, + &as_reply, &use_master); + krb5_free_data_contents(context, encoded_request); + if (retval != 0) goto cleanup; if (err_reply) { @@ -1156,7 +1149,6 @@ krb5_get_init_creds(krb5_context context, krb5_preauth_request_context_init(context); - /* nonce is filled in by send_as_request if we don't take care of it */ if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST)) { request.ktype = options->etype_list; @@ -1301,7 +1293,8 @@ krb5_get_init_creds(krb5_context context, err_reply = 0; local_as_reply = 0; - if ((ret = send_as_request(context, &request, &err_reply, + if ((ret = send_as_request(context, encoded_previous_request, + krb5_princ_realm(context, request.client), &err_reply, &local_as_reply, use_master))) goto cleanup; -- 2.26.2