/*
- * Copyright (c) 2010, JANET(UK)
+ * Copyright (c) 2011, JANET(UK)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
}
krb5_error_code
-krbEnctypeToString(krb5_context krbContext,
+krbEnctypeToString(
+#ifdef HAVE_HEIMDAL_VERSION
+ krb5_context krbContext,
+#else
+ krb5_context krbContext GSSEAP_UNUSED,
+#endif
krb5_enctype enctype,
const char *prefix,
gss_buffer_t string)
#ifdef HAVE_HEIMDAL_VERSION
KRB_CRED krbCred;
KrbCredInfo krbCredInfo;
+ EncKrbCredPart encKrbCredPart;
krb5_keyblock *key;
krb5_crypto krbCrypto = NULL;
- unsigned char *buf = NULL;
- size_t buf_size, len;
+ krb5_data encKrbCredPartData;
+ krb5_replay_data rdata;
+ size_t len;
#else
krb5_data *d = NULL;
#endif
memset(data, 0, sizeof(*data));
#ifdef HAVE_HEIMDAL_VERSION
- memset(&krbCred, 0, sizeof(krbCred));
- memset(&krbCredInfo, 0, sizeof(krbCredInfo));
-
- key = (authContext->local_subkey != NULL)
- ? authContext->local_subkey
- : authContext->keyblock;
+ memset(&krbCred, 0, sizeof(krbCred));
+ memset(&krbCredInfo, 0, sizeof(krbCredInfo));
+ memset(&encKrbCredPart, 0, sizeof(encKrbCredPart));
+ memset(&rdata, 0, sizeof(rdata));
+
+ if (authContext->local_subkey)
+ key = authContext->local_subkey;
+ else if (authContext->remote_subkey)
+ key = authContext->remote_subkey;
+ else
+ key = authContext->keyblock;
krbCred.pvno = 5;
krbCred.msg_type = krb_cred;
krbCredInfo.sname = &creds->server->name;
krbCredInfo.caddr = creds->addresses.len ? &creds->addresses : NULL;
- ASN1_MALLOC_ENCODE(KrbCredInfo, buf, buf_size, &krbCredInfo, &len, code);
+ encKrbCredPart.ticket_info.len = 1;
+ encKrbCredPart.ticket_info.val = &krbCredInfo;
+ if (authContext->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
+ rdata.seq = authContext->local_seqnumber;
+ encKrbCredPart.nonce = (int32_t *)&rdata.seq;
+ } else {
+ encKrbCredPart.nonce = NULL;
+ }
+ if (authContext->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
+ krb5_us_timeofday(krbContext, &rdata.timestamp, &rdata.usec);
+ encKrbCredPart.timestamp = &rdata.timestamp;
+ encKrbCredPart.usec = &rdata.usec;
+ } else {
+ encKrbCredPart.timestamp = NULL;
+ encKrbCredPart.usec = NULL;
+ }
+ encKrbCredPart.s_address = authContext->local_address;
+ encKrbCredPart.r_address = authContext->remote_address;
+
+ ASN1_MALLOC_ENCODE(EncKrbCredPart, encKrbCredPartData.data,
+ encKrbCredPartData.length, &encKrbCredPart,
+ &len, code);
if (code != 0)
goto cleanup;
code = krb5_encrypt_EncryptedData(krbContext,
krbCrypto,
KRB5_KU_KRB_CRED,
- buf,
- len,
+ encKrbCredPartData.data,
+ encKrbCredPartData.length,
0,
&krbCred.enc_part);
if (code != 0)
goto cleanup;
- GSSEAP_FREE(buf);
- buf = NULL;
-
- ASN1_MALLOC_ENCODE(KRB_CRED, buf, buf_size, &krbCred, &len, code);
+ ASN1_MALLOC_ENCODE(KRB_CRED, data->data, data->length,
+ &krbCred, &len, code);
if (code != 0)
goto cleanup;
+ if (authContext->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE)
+ authContext->local_seqnumber++;
+
cleanup:
- if (buf != NULL)
- GSSEAP_FREE(buf);
if (krbCrypto != NULL)
krb5_crypto_destroy(krbContext, krbCrypto);
free_KRB_CRED(&krbCred);
+ krb5_data_free(&encKrbCredPartData);
return code;
#else