diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2007-01-10 01:57:32 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:37:20 -0500 |
| commit | f7242f643763ccb6e10801af4ce53d0873e2d3e1 (patch) | |
| tree | cd06665f49d12795e23699e6666d85da1f64d7bd /source4/heimdal/lib/krb5/init_creds_pw.c | |
| parent | 08976cb3d2adfe5ea90ed53e6aa6fa8161649f7a (diff) | |
| download | samba-f7242f643763ccb6e10801af4ce53d0873e2d3e1.tar.gz samba-f7242f643763ccb6e10801af4ce53d0873e2d3e1.tar.bz2 samba-f7242f643763ccb6e10801af4ce53d0873e2d3e1.zip | |
r20640: Commit part 2/2
Update Heimdal to match current lorikeet-heimdal. This includes
integrated PAC hooks, so Samba doesn't have to handle this any more.
This also brings in the PKINIT code, hence so many new files.
Andrew Bartlett
(This used to be commit 351f7040f7bb73b9a60b22b564686f7c2f98a729)
Diffstat (limited to 'source4/heimdal/lib/krb5/init_creds_pw.c')
| -rw-r--r-- | source4/heimdal/lib/krb5/init_creds_pw.c | 36 |
1 files changed, 22 insertions, 14 deletions
diff --git a/source4/heimdal/lib/krb5/init_creds_pw.c b/source4/heimdal/lib/krb5/init_creds_pw.c index d43ae0ae6f..f6f6eac7d5 100644 --- a/source4/heimdal/lib/krb5/init_creds_pw.c +++ b/source4/heimdal/lib/krb5/init_creds_pw.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds_pw.c,v 1.101 2006/10/02 12:00:59 lha Exp $"); +RCSID("$Id: init_creds_pw.c,v 1.105 2007/01/09 10:44:59 lha Exp $"); typedef struct krb5_get_init_creds_ctx { KDCOptions flags; @@ -656,7 +656,7 @@ free_paid(krb5_context context, struct pa_info_data *ppaid) { krb5_free_salt(context, ppaid->salt); if (ppaid->s2kparams) - krb5_data_free(ppaid->s2kparams); + krb5_free_data(context, ppaid->s2kparams); } @@ -729,8 +729,8 @@ pa_etype_info2(krb5_context context, if (e.val[i].salt == NULL) krb5_free_salt(context, salt); if (ret == 0) { - free_ETYPE_INFO2(&e); - return paid; + free_ETYPE_INFO2(&e); + return paid; } } } @@ -1092,23 +1092,31 @@ process_pa_data_to_md(krb5_context context, (*out_md)->len = 0; (*out_md)->val = NULL; - if (in_md->len != 0) { - struct pa_info_data paid, *ppaid; + /* + * Make sure we don't sent both ENC-TS and PK-INIT pa data, no + * need to expose our password protecting our PKCS12 key. + */ - memset(&paid, 0, sizeof(paid)); + if (ctx->pk_init_ctx) { + + ret = pa_data_to_md_pkinit(context, a, creds->client, ctx, *out_md); + if (ret) + return ret; + } else if (in_md->len != 0) { + struct pa_info_data paid, *ppaid; + + memset(&paid, 0, sizeof(paid)); + paid.etype = ENCTYPE_NULL; ppaid = process_pa_info(context, creds->client, a, &paid, in_md); - + pa_data_to_md_ts_enc(context, a, creds->client, ctx, ppaid, *out_md); if (ppaid) free_paid(context, ppaid); } pa_data_add_pac_request(context, ctx, *out_md); - ret = pa_data_to_md_pkinit(context, a, creds->client, ctx, *out_md); - if (ret) - return ret; if ((*out_md)->len == 0) { free(*out_md); @@ -1503,7 +1511,7 @@ krb5_get_init_creds_password(krb5_context context, free (q); if (ret) { memset (buf, 0, sizeof(buf)); - krb5_get_init_creds_opt_free(options); + krb5_get_init_creds_opt_free(context, options); ret = KRB5_LIBOS_PWDINTR; krb5_clear_error_string (context); return ret; @@ -1515,7 +1523,7 @@ krb5_get_init_creds_password(krb5_context context, ret = krb5_get_init_creds_opt_set_pa_password(context, options, password, NULL); if (ret) { - krb5_get_init_creds_opt_free(options); + krb5_get_init_creds_opt_free(context, options); memset(buf, 0, sizeof(buf)); return ret; } @@ -1523,7 +1531,7 @@ krb5_get_init_creds_password(krb5_context context, ret = krb5_get_init_creds(context, creds, client, prompter, data, start_time, in_tkt_service, options); - krb5_get_init_creds_opt_free(options); + krb5_get_init_creds_opt_free(context, options); memset(buf, 0, sizeof(buf)); return ret; } |