r14635: - Remove lex.c from SVN (it is built anyway, and having it in SVN

confuses things) - Update Samba4 from lorikeet-heimdal - Remove generated symlink on make clean Andrew Bartlett (This used to be commit a5c2b4cc92e807d18cb8df99bebf004fa4252e1e)
author: Andrew Bartlett <abartlet@samba.org> 2006-03-22 10:16:59 +0000
committer: Gerald (Jerry) Carter <jerry@samba.org> 2007-10-10 13:59:02 -0500
commit: 864d9b531dc2fba94f5ea839b087e28d402c643a (patch)
tree: 91f72ed27956be3c0d536d725b0505cba35e3adb /source4/heimdal/lib/krb5/mk_req_ext.c
parent: 4fd82be1403f873f67eecb8fee457b8de9fc5cd1 (diff)
download: samba-864d9b531dc2fba94f5ea839b087e28d402c643a.tar.gz
samba-864d9b531dc2fba94f5ea839b087e28d402c643a.tar.bz2
samba-864d9b531dc2fba94f5ea839b087e28d402c643a.zip
1 files changed, 89 insertions, 106 deletions
diff --git a/source4/heimdal/lib/krb5/mk_req_ext.c b/source4/heimdal/lib/krb5/mk_req_ext.c
index ab83d912ea..18b0e3552f 100644
--- a/source4/heimdal/lib/krb5/mk_req_ext.c
+++ b/source4/heimdal/lib/krb5/mk_req_ext.c
@@ -33,7 +33,7 @@
 
 #include <krb5_locl.h>
 
-RCSID("$Id: mk_req_ext.c,v 1.30 2005/01/05 06:31:01 lukeh Exp $");
+RCSID("$Id: mk_req_ext.c,v 1.32 2006/03/19 20:33:13 lha Exp $");
 
 krb5_error_code
 _krb5_mk_req_internal(krb5_context context,
@@ -45,120 +45,103 @@ _krb5_mk_req_internal(krb5_context context,
 		      krb5_key_usage checksum_usage,
 		      krb5_key_usage encrypt_usage)
 {
-  krb5_error_code ret;
-  krb5_data authenticator;
-  Checksum c;
-  Checksum *c_opt;
-  krb5_auth_context ac;
+    krb5_error_code ret;
+    krb5_data authenticator;
+    Checksum c;
+    Checksum *c_opt;
+    krb5_auth_context ac;
 
-  if(auth_context) {
-      if(*auth_context == NULL)
-	  ret = krb5_auth_con_init(context, auth_context);
-      else
-	  ret = 0;
-      ac = *auth_context;
-  } else
-      ret = krb5_auth_con_init(context, &ac);
-  if(ret)
-      return ret;
+    if(auth_context) {
+	if(*auth_context == NULL)
+	    ret = krb5_auth_con_init(context, auth_context);
+	else
+	    ret = 0;
+	ac = *auth_context;
+    } else
+	ret = krb5_auth_con_init(context, &ac);
+    if(ret)
+	return ret;
       
-  if(ac->local_subkey == NULL && (ap_req_options & AP_OPTS_USE_SUBKEY)) {
-      ret = krb5_auth_con_generatelocalsubkey(context, ac, &in_creds->session);
-      if(ret)
-	  return ret;
-  }
+    if(ac->local_subkey == NULL && (ap_req_options & AP_OPTS_USE_SUBKEY)) {
+	ret = krb5_auth_con_generatelocalsubkey(context,
+						ac, 
+						&in_creds->session);
+	if(ret)
+	    goto out;
+    }
 
-#if 0
-  {
-      /* This is somewhat bogus since we're possibly overwriting a
-         value specified by the user, but it's the easiest way to make
-         the code use a compatible enctype */
-      Ticket ticket;
-      krb5_keytype ticket_keytype;
+    krb5_free_keyblock(context, ac->keyblock);
+    ret = krb5_copy_keyblock(context, &in_creds->session, &ac->keyblock);
+    if (ret)
+	goto out;
+  
+    /* it's unclear what type of checksum we can use.  try the best one, except:
+     * a) if it's configured differently for the current realm, or
+     * b) if the session key is des-cbc-crc
+     */
 
-      ret = decode_Ticket(in_creds->ticket.data, 
-			  in_creds->ticket.length, 
-			  &ticket, 
-			  NULL);
-      krb5_enctype_to_keytype (context,
-			       ticket.enc_part.etype,
-			       &ticket_keytype);
+    if (in_data) {
+	if(ac->keyblock->keytype == ETYPE_DES_CBC_CRC) {
+	    /* this is to make DCE secd (and older MIT kdcs?) happy */
+	    ret = krb5_create_checksum(context, 
+				       NULL,
+				       0,
+				       CKSUMTYPE_RSA_MD4,
+				       in_data->data,
+				       in_data->length,
+				       &c);
+	} else if(ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5 ||
+		  ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5_56) {
+	    /* this is to make MS kdc happy */ 
+	    ret = krb5_create_checksum(context, 
+				       NULL,
+				       0,
+				       CKSUMTYPE_RSA_MD5,
+				       in_data->data,
+				       in_data->length,
+				       &c);
+	} else {
+	    krb5_crypto crypto;
 
-      if (ticket_keytype == in_creds->session.keytype)
-	  krb5_auth_setenctype(context, 
-			       ac,
-			       ticket.enc_part.etype);
-      free_Ticket(&ticket);
-  }
-#endif
+	    ret = krb5_crypto_init(context, ac->keyblock, 0, &crypto);
+	    if (ret)
+		goto out;
+	    ret = krb5_create_checksum(context, 
+				       crypto,
+				       checksum_usage,
+				       0,
+				       in_data->data,
+				       in_data->length,
+				       &c);
+	    krb5_crypto_destroy(context, crypto);
+	}
+	c_opt = &c;
+    } else {
+	c_opt = NULL;
+    }
 
-  krb5_free_keyblock(context, ac->keyblock);
-  krb5_copy_keyblock(context, &in_creds->session, &ac->keyblock);
+    if (ret)
+	goto out;
   
-  /* it's unclear what type of checksum we can use.  try the best one, except:
-   * a) if it's configured differently for the current realm, or
-   * b) if the session key is des-cbc-crc
-   */
-
-  if (in_data) {
-      if(ac->keyblock->keytype == ETYPE_DES_CBC_CRC) {
-	  /* this is to make DCE secd (and older MIT kdcs?) happy */
-	  ret = krb5_create_checksum(context, 
-				     NULL,
-				     0,
-				     CKSUMTYPE_RSA_MD4,
-				     in_data->data,
-				     in_data->length,
-				     &c);
-      } else if(ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5 ||
-		ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5_56) {
-	  /* this is to make MS kdc happy */ 
-	  ret = krb5_create_checksum(context, 
-				     NULL,
-				     0,
-				     CKSUMTYPE_RSA_MD5,
-				     in_data->data,
-				     in_data->length,
-				     &c);
-      } else {
-	  krb5_crypto crypto;
+    ret = krb5_build_authenticator (context,
+				    ac,
+				    ac->keyblock->keytype,
+				    in_creds,
+				    c_opt,
+				    NULL,
+				    &authenticator,
+				    encrypt_usage);
+    if (c_opt)
+	free_Checksum (c_opt);
+    if (ret)
+	goto out;
 
-	  ret = krb5_crypto_init(context, ac->keyblock, 0, &crypto);
-	  if (ret)
-	      return ret;
-	  ret = krb5_create_checksum(context, 
-				     crypto,
-				     checksum_usage,
-				     0,
-				     in_data->data,
-				     in_data->length,
-				     &c);
-      
-	  krb5_crypto_destroy(context, crypto);
-      }
-      c_opt = &c;
-  } else {
-      c_opt = NULL;
-  }
-  
-  ret = krb5_build_authenticator (context,
-				  ac,
-				  ac->keyblock->keytype,
-				  in_creds,
-				  c_opt,
-				  NULL,
-				  &authenticator,
-				  encrypt_usage);
-  if (c_opt)
-      free_Checksum (c_opt);
-  if (ret)
+    ret = krb5_build_ap_req (context, ac->keyblock->keytype, 
+			     in_creds, ap_req_options, authenticator, outbuf);
+out:
+    if(auth_context == NULL)
+	krb5_auth_con_free(context, ac);
     return ret;
-
-  ret = krb5_build_ap_req (context, ac->keyblock->keytype, 
-			   in_creds, ap_req_options, authenticator, outbuf);
-  if(auth_context == NULL)
-      krb5_auth_con_free(context, ac);
-  return ret;
 }
 
 krb5_error_code KRB5_LIB_FUNCTION
author	Andrew Bartlett <abartlet@samba.org>	2006-03-22 10:16:59 +0000
committer	Gerald (Jerry) Carter <jerry@samba.org>	2007-10-10 13:59:02 -0500
commit	864d9b531dc2fba94f5ea839b087e28d402c643a (patch)
tree	91f72ed27956be3c0d536d725b0505cba35e3adb /source4/heimdal/lib/krb5/mk_req_ext.c
parent	4fd82be1403f873f67eecb8fee457b8de9fc5cd1 (diff)
download	samba-864d9b531dc2fba94f5ea839b087e28d402c643a.tar.gz samba-864d9b531dc2fba94f5ea839b087e28d402c643a.tar.bz2 samba-864d9b531dc2fba94f5ea839b087e28d402c643a.zip