You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Colm O hEigeartaigh (Jira)" <ji...@apache.org> on 2023/11/29 07:54:00 UTC

[jira] [Commented] (DIRKRB-772) Why hasn't it been implemented etype_info2

    [ https://issues.apache.org/jira/browse/DIRKRB-772?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17790954#comment-17790954 ] 

Colm O hEigeartaigh commented on DIRKRB-772:
--------------------------------------------

Hi,

If it hasn't been implemented, it's because no-one has needed it to be implemented :) We're an open source project and gratefully accept contributions, you can submit a pull request here [https://github.com/apache/directory-kerby/pulls]

Colm.

> Why hasn't it been implemented etype_info2 
> -------------------------------------------
>
>                 Key: DIRKRB-772
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-772
>             Project: Directory Kerberos
>          Issue Type: Improvement
>            Reporter: scott.zhai
>            Priority: Trivial
>
> {code}
> /*
>  * If the client performed optimistic pre-authentication for a multi-round-trip
>  * mechanism, it may need key information to complete the exchange, so send it
>  * a PA-ETYPE-INFO2 element in addition to the pa-data from the module.
>  */
> static krb5_error_code
> maybe_add_etype_info2(struct padata_state *state, krb5_error_code code)
> {
>     krb5_context context = state->context;
>     krb5_kdcpreauth_rock rock = state->rock;
>     krb5_pa_data **list = state->pa_e_data;
>     size_t count;
>     /* Only add key information when requesting another preauth round trip. */
>     if (code != KRB5KDC_ERR_MORE_PREAUTH_DATA_REQUIRED)
>         return 0;
>     /* Don't try to add key information when there is no key. */
>     if (rock->client_key == NULL)
>         return 0;
>     /* If the client sent a cookie, it has already seen a KDC response with key
>      * information. */
>     if (krb5int_find_pa_data(context, state->request->padata,
>                              KRB5_PADATA_FX_COOKIE) != NULL)
>         return 0;
>     /* Reallocate state->pa_e_data to make room for the etype-info2 element. */
>     for (count = 0; list != NULL && list[count] != NULL; count++);
>     list = realloc(list, (count + 2) * sizeof(*list));
>     if (list == NULL)
>         return ENOMEM;
>     list[count] = list[count + 1] = NULL;
>     state->pa_e_data = list;
>     /* Generate an etype-info2 element in the new slot. */
>     return make_etype_info(context, KRB5_PADATA_ETYPE_INFO2,
>                            rock->client->princ, rock->client_key,
>                            rock->client_keyblock->enctype, &list[count]);
> }
> {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org