diff options
| author | Hiroki Sato <hrs@FreeBSD.org> | 2018-04-04 04:21:19 +0000 |
|---|---|---|
| committer | Hiroki Sato <hrs@FreeBSD.org> | 2018-04-04 04:21:19 +0000 |
| commit | d684f11da759490a8d98d7b790796106285f4084 (patch) | |
| tree | 27b7356df710fdf1440fe2c23154b8121e99f2ab /lib/kafs/afskrb5.c | |
| parent | f52d4664e3f68828c06f85bfc1afa271e3e04713 (diff) | |
Import Heimdal 7.5.0.vendor/heimdal/7.5.0
Notes
Notes:
svn path=/vendor-crypto/heimdal/dist/; revision=331978
svn path=/vendor-crypto/heimdal/7.5.0/; revision=331979; tag=vendor/heimdal/7.5.0
Diffstat (limited to 'lib/kafs/afskrb5.c')
| -rw-r--r-- | lib/kafs/afskrb5.c | 26 |
1 files changed, 12 insertions, 14 deletions
diff --git a/lib/kafs/afskrb5.c b/lib/kafs/afskrb5.c index c04f43abbc25..6033f2958b45 100644 --- a/lib/kafs/afskrb5.c +++ b/lib/kafs/afskrb5.c @@ -51,10 +51,6 @@ v5_to_kt(krb5_creds *cred, uid_t uid, struct kafs_token *kt, int local524) kt->ticket = NULL; - /* check if des key */ - if (cred->session.keyvalue.length != 8) - return EINVAL; - if (local524) { Ticket t; unsigned char *buf; @@ -98,8 +94,16 @@ v5_to_kt(krb5_creds *cred, uid_t uid, struct kafs_token *kt, int local524) * Build a struct ClearToken */ + ret = _kafs_derive_des_key(cred->session.keytype, + cred->session.keyvalue.data, + cred->session.keyvalue.length, + kt->ct.HandShakeKey); + if (ret) { + free(kt->ticket); + kt->ticket = NULL; + return ret; + } kt->ct.AuthHandle = kvno; - memcpy(kt->ct.HandShakeKey, cred->session.keyvalue.data, 8); kt->ct.ViceId = uid; kt->ct.BeginTimestamp = cred->times.starttime; kt->ct.EndTimestamp = cred->times.endtime; @@ -163,21 +167,15 @@ get_cred(struct kafs_data *data, const char *name, const char *inst, return ret; } - in_creds.session.keytype = ETYPE_DES_CBC_CRC; - /* check if des is disable, and in that case enable it for afs */ - invalid = krb5_enctype_valid(d->context, in_creds.session.keytype); + invalid = krb5_enctype_valid(d->context, ETYPE_DES_CBC_CRC); if (invalid) - krb5_enctype_enable(d->context, in_creds.session.keytype); + krb5_enctype_enable(d->context, ETYPE_DES_CBC_CRC); ret = krb5_get_credentials(d->context, 0, d->id, &in_creds, &out_creds); - if (ret) { - in_creds.session.keytype = ETYPE_DES_CBC_MD5; - ret = krb5_get_credentials(d->context, 0, d->id, &in_creds, &out_creds); - } if (invalid) - krb5_enctype_disable(d->context, in_creds.session.keytype); + krb5_enctype_disable(d->context, ETYPE_DES_CBC_CRC); krb5_free_principal(d->context, in_creds.server); krb5_free_principal(d->context, in_creds.client); |