[3005] in Kerberos-V5-bugs
krb5-kdc/663: SAM preauth patch
daemon@ATHENA.MIT.EDU (fcusack@iconnet.net)
Wed Nov 25 13:33:12 1998
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: krb5-unassigned@RT-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, fcusack@iconnet.net
Date: Wed, 25 Nov 1998 13:33:46 -0500 (EST)
From: fcusack@iconnet.net
Reply-To: fcusack@iconnet.net
To: krb5-bugs@MIT.EDU
Cc: fcusack@iconnet.net
>Number: 663
>Category: krb5-kdc
>Synopsis: a structure field name change to align with passwords-04
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Nov 25 13:33:00 EST 1998
>Last-Modified:
>Originator: Frank Cusack
>Organization:
Icon CMT Corp.
>Release: krb5-current-19981119
>Environment:
N/A
System: SunOS ratbert 5.6 Generic_105181-09 sun4u sparc SUNW,Ultra-5_10
Architecture: sun4
>Description:
enc_sam_response_enc.sam_passcode -> .sam_sad to align with
draft-ietf-cat-kerberos-passwords-04.txt
This patch depends on krb5-kdc/662.
>How-To-Repeat:
>Fix:
Index: include/k5-int.h
===================================================================
RCS file: /icon/d04/cvsroot/3rd-party/krb5-19981119/include/k5-int.h,v
retrieving revision 1.2
diff -u -r1.2 k5-int.h
--- k5-int.h 1998/11/25 06:50:48 1.2
+++ k5-int.h 1998/11/25 18:28:31
@@ -379,7 +379,7 @@
krb5_int32 sam_nonce;
krb5_timestamp sam_timestamp;
krb5_int32 sam_usec;
- krb5_data sam_passcode;
+ krb5_data sam_sad;
} krb5_enc_sam_response_enc;
typedef struct _krb5_sam_response {
Index: kdc/preauth/pa_sam_securid.c
===================================================================
RCS file: /icon/d04/cvsroot/3rd-party/krb5-19981119/kdc/preauth/pa_sam_securid.c,v
retrieving revision 1.1
diff -u -r1.1 pa_sam_securid.c
--- pa_sam_securid.c 1998/11/25 04:06:18 1.1
+++ pa_sam_securid.c 1998/11/25 18:28:32
@@ -401,13 +401,13 @@
switch (securid_state.state) {
case SECURID_STATE_INITIAL:
- if (esre->sam_passcode.length > LENPRNST) {
+ if (esre->sam_sad.length > LENPRNST) {
/* User entered too much data, keep same state. */
retval = KRB5KDC_ERR_PREAUTH_FAILED;
goto cleanup;
}
- memcpy(&passcode, esre->sam_passcode.data, esre->sam_passcode.length);
- passcode[esre->sam_passcode.length] = '\0';
+ memcpy(&passcode, esre->sam_sad.data, esre->sam_sad.length);
+ passcode[esre->sam_sad.length] = '\0';
if (need_to_sd_init) {
if (sd_init(&sd_dat)) {
Index: lib/krb5/asn.1/asn1_k_decode.c
===================================================================
RCS file: /icon/d04/cvsroot/3rd-party/krb5-19981119/lib/krb5/asn.1/asn1_k_decode.c,v
retrieving revision 1.2
diff -u -r1.2 asn1_k_decode.c
--- asn1_k_decode.c 1998/11/25 06:50:49 1.2
+++ asn1_k_decode.c 1998/11/25 18:28:33
@@ -768,7 +768,7 @@
opt_field(val->sam_nonce,0,asn1_decode_int32,0);
opt_field(val->sam_timestamp,1,asn1_decode_kerberos_time,0);
opt_field(val->sam_usec,2,asn1_decode_int32,0);
- opt_string(val->sam_passcode,3,asn1_decode_charstring);
+ opt_string(val->sam_sad,3,asn1_decode_charstring);
end_structure();
val->magic = KV5M_ENC_SAM_RESPONSE_ENC;
}
Index: lib/krb5/asn.1/asn1_k_encode.c
===================================================================
RCS file: /icon/d04/cvsroot/3rd-party/krb5-19981119/lib/krb5/asn.1/asn1_k_encode.c,v
retrieving revision 1.2
diff -u -r1.2 asn1_k_encode.c
--- asn1_k_encode.c 1998/11/25 06:50:49 1.2
+++ asn1_k_encode.c 1998/11/25 18:28:33
@@ -909,7 +909,7 @@
int * retlen;
{
asn1_setup();
- add_optstring(val->sam_passcode,3,asn1_encode_charstring);
+ add_optstring(val->sam_sad,3,asn1_encode_charstring);
asn1_addfield(val->sam_usec,2,asn1_encode_integer);
asn1_addfield(val->sam_timestamp,1,asn1_encode_kerberos_time);
asn1_addfield(val->sam_nonce,0,asn1_encode_integer);
Index: lib/krb5/krb/preauth.c
===================================================================
RCS file: /icon/d04/cvsroot/3rd-party/krb5-19981119/lib/krb5/krb/preauth.c,v
retrieving revision 1.2
diff -u -r1.2 preauth.c
--- preauth.c 1998/11/25 06:50:50 1.2
+++ preauth.c 1998/11/25 18:28:33
@@ -568,8 +568,8 @@
free(passcode);
return retval;
}
- enc_sam_response_enc.sam_passcode.data = passcode;
- enc_sam_response_enc.sam_passcode.length = pcsize;
+ enc_sam_response_enc.sam_sad.data = passcode;
+ enc_sam_response_enc.sam_sad.length = pcsize;
} else if (sam_challenge->sam_flags & KRB5_SAM_USE_SAD_AS_KEY) {
prompt = handle_sam_labels(sam_challenge);
if (prompt == NULL)
@@ -580,14 +580,14 @@
free(prompt);
if (retval)
return retval;
- enc_sam_response_enc.sam_passcode.length = 0;
+ enc_sam_response_enc.sam_sad.length = 0;
} else {
/* what *was* it? */
return KRB5_SAM_UNSUPPORTED;
}
/* so at this point, either sam_use_key is generated from the passcode
- * or enc_sam_response_enc.sam_passcode is set to it, and we use
+ * or enc_sam_response_enc.sam_sad is set to it, and we use
* def_enc_key instead. */
/* encode the encoded part of the response */
if ((retval = encode_krb5_enc_sam_response_enc(&enc_sam_response_enc,
Index: lib/krb5/krb/preauth2.c
===================================================================
RCS file: /icon/d04/cvsroot/3rd-party/krb5-19981119/lib/krb5/krb/preauth2.c,v
retrieving revision 1.2
diff -u -r1.2 preauth2.c
--- preauth2.c 1998/11/25 06:50:50 1.2
+++ preauth2.c 1998/11/25 18:28:34
@@ -349,10 +349,10 @@
enc_sam_response_enc.sam_nonce = sam_challenge->sam_nonce;
if (sam_challenge->sam_flags & KRB5_SAM_SEND_ENCRYPTED_SAD) {
/* Add the passcode if required. */
- enc_sam_response_enc.sam_passcode = response_data;
+ enc_sam_response_enc.sam_sad = response_data;
} else {
/* We need to use the response as part or all of the key. */
- enc_sam_response_enc.sam_passcode.length = 0;
+ enc_sam_response_enc.sam_sad.length = 0;
#if 0
if ((salt->length == -1) && (salt->data == NULL)) {
>Audit-Trail:
>Unformatted:
