You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "scott.zhai (Jira)" <ji...@apache.org> on 2023/11/26 12:06:00 UTC
[jira] [Updated] (DIRKRB-772) Why hasn't it been implemented etype_info2
[ https://issues.apache.org/jira/browse/DIRKRB-772?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
scott.zhai updated DIRKRB-772:
------------------------------
Description:
{code}
/*
* If the client performed optimistic pre-authentication for a multi-round-trip
* mechanism, it may need key information to complete the exchange, so send it
* a PA-ETYPE-INFO2 element in addition to the pa-data from the module.
*/
static krb5_error_code
maybe_add_etype_info2(struct padata_state *state, krb5_error_code code)
{
krb5_context context = state->context;
krb5_kdcpreauth_rock rock = state->rock;
krb5_pa_data **list = state->pa_e_data;
size_t count;
/* Only add key information when requesting another preauth round trip. */
if (code != KRB5KDC_ERR_MORE_PREAUTH_DATA_REQUIRED)
return 0;
/* Don't try to add key information when there is no key. */
if (rock->client_key == NULL)
return 0;
/* If the client sent a cookie, it has already seen a KDC response with key
* information. */
if (krb5int_find_pa_data(context, state->request->padata,
KRB5_PADATA_FX_COOKIE) != NULL)
return 0;
/* Reallocate state->pa_e_data to make room for the etype-info2 element. */
for (count = 0; list != NULL && list[count] != NULL; count++);
list = realloc(list, (count + 2) * sizeof(*list));
if (list == NULL)
return ENOMEM;
list[count] = list[count + 1] = NULL;
state->pa_e_data = list;
/* Generate an etype-info2 element in the new slot. */
return make_etype_info(context, KRB5_PADATA_ETYPE_INFO2,
rock->client->princ, rock->client_key,
rock->client_keyblock->enctype, &list[count]);
}
{/code}
> Why hasn't it been implemented etype_info2
> -------------------------------------------
>
> Key: DIRKRB-772
> URL: https://issues.apache.org/jira/browse/DIRKRB-772
> Project: Directory Kerberos
> Issue Type: Improvement
> Reporter: scott.zhai
> Priority: Trivial
>
> {code}
> /*
> * If the client performed optimistic pre-authentication for a multi-round-trip
> * mechanism, it may need key information to complete the exchange, so send it
> * a PA-ETYPE-INFO2 element in addition to the pa-data from the module.
> */
> static krb5_error_code
> maybe_add_etype_info2(struct padata_state *state, krb5_error_code code)
> {
> krb5_context context = state->context;
> krb5_kdcpreauth_rock rock = state->rock;
> krb5_pa_data **list = state->pa_e_data;
> size_t count;
> /* Only add key information when requesting another preauth round trip. */
> if (code != KRB5KDC_ERR_MORE_PREAUTH_DATA_REQUIRED)
> return 0;
> /* Don't try to add key information when there is no key. */
> if (rock->client_key == NULL)
> return 0;
> /* If the client sent a cookie, it has already seen a KDC response with key
> * information. */
> if (krb5int_find_pa_data(context, state->request->padata,
> KRB5_PADATA_FX_COOKIE) != NULL)
> return 0;
> /* Reallocate state->pa_e_data to make room for the etype-info2 element. */
> for (count = 0; list != NULL && list[count] != NULL; count++);
> list = realloc(list, (count + 2) * sizeof(*list));
> if (list == NULL)
> return ENOMEM;
> list[count] = list[count + 1] = NULL;
> state->pa_e_data = list;
> /* Generate an etype-info2 element in the new slot. */
> return make_etype_info(context, KRB5_PADATA_ETYPE_INFO2,
> rock->client->princ, rock->client_key,
> rock->client_keyblock->enctype, &list[count]);
> }
> {/code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org