[ https://issues.apache.org/jira/browse/DIRKRB-772?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
scott.zhai updated DIRKRB-772: ------------------------------ Description: {code} /* * If the client performed optimistic pre-authentication for a multi-round-trip * mechanism, it may need key information to complete the exchange, so send it * a PA-ETYPE-INFO2 element in addition to the pa-data from the module. */ static krb5_error_code maybe_add_etype_info2(struct padata_state *state, krb5_error_code code) { krb5_context context = state->context; krb5_kdcpreauth_rock rock = state->rock; krb5_pa_data **list = state->pa_e_data; size_t count; /* Only add key information when requesting another preauth round trip. */ if (code != KRB5KDC_ERR_MORE_PREAUTH_DATA_REQUIRED) return 0; /* Don't try to add key information when there is no key. */ if (rock->client_key == NULL) return 0; /* If the client sent a cookie, it has already seen a KDC response with key * information. */ if (krb5int_find_pa_data(context, state->request->padata, KRB5_PADATA_FX_COOKIE) != NULL) return 0; /* Reallocate state->pa_e_data to make room for the etype-info2 element. */ for (count = 0; list != NULL && list[count] != NULL; count++); list = realloc(list, (count + 2) * sizeof(*list)); if (list == NULL) return ENOMEM; list[count] = list[count + 1] = NULL; state->pa_e_data = list; /* Generate an etype-info2 element in the new slot. */ return make_etype_info(context, KRB5_PADATA_ETYPE_INFO2, rock->client->princ, rock->client_key, rock->client_keyblock->enctype, &list[count]); } {code} was: {code} /* * If the client performed optimistic pre-authentication for a multi-round-trip * mechanism, it may need key information to complete the exchange, so send it * a PA-ETYPE-INFO2 element in addition to the pa-data from the module. */ static krb5_error_code maybe_add_etype_info2(struct padata_state *state, krb5_error_code code) { krb5_context context = state->context; krb5_kdcpreauth_rock rock = state->rock; krb5_pa_data **list = state->pa_e_data; size_t count; /* Only add key information when requesting another preauth round trip. */ if (code != KRB5KDC_ERR_MORE_PREAUTH_DATA_REQUIRED) return 0; /* Don't try to add key information when there is no key. */ if (rock->client_key == NULL) return 0; /* If the client sent a cookie, it has already seen a KDC response with key * information. */ if (krb5int_find_pa_data(context, state->request->padata, KRB5_PADATA_FX_COOKIE) != NULL) return 0; /* Reallocate state->pa_e_data to make room for the etype-info2 element. */ for (count = 0; list != NULL && list[count] != NULL; count++); list = realloc(list, (count + 2) * sizeof(*list)); if (list == NULL) return ENOMEM; list[count] = list[count + 1] = NULL; state->pa_e_data = list; /* Generate an etype-info2 element in the new slot. */ return make_etype_info(context, KRB5_PADATA_ETYPE_INFO2, rock->client->princ, rock->client_key, rock->client_keyblock->enctype, &list[count]); } {/code} > Why hasn't it been implemented etype_info2 > ------------------------------------------- > > Key: DIRKRB-772 > URL: https://issues.apache.org/jira/browse/DIRKRB-772 > Project: Directory Kerberos > Issue Type: Improvement > Reporter: scott.zhai > Priority: Trivial > > {code} > /* > * If the client performed optimistic pre-authentication for a > multi-round-trip > * mechanism, it may need key information to complete the exchange, so send it > * a PA-ETYPE-INFO2 element in addition to the pa-data from the module. > */ > static krb5_error_code > maybe_add_etype_info2(struct padata_state *state, krb5_error_code code) > { > krb5_context context = state->context; > krb5_kdcpreauth_rock rock = state->rock; > krb5_pa_data **list = state->pa_e_data; > size_t count; > /* Only add key information when requesting another preauth round trip. */ > if (code != KRB5KDC_ERR_MORE_PREAUTH_DATA_REQUIRED) > return 0; > /* Don't try to add key information when there is no key. */ > if (rock->client_key == NULL) > return 0; > /* If the client sent a cookie, it has already seen a KDC response with > key > * information. */ > if (krb5int_find_pa_data(context, state->request->padata, > KRB5_PADATA_FX_COOKIE) != NULL) > return 0; > /* Reallocate state->pa_e_data to make room for the etype-info2 element. > */ > for (count = 0; list != NULL && list[count] != NULL; count++); > list = realloc(list, (count + 2) * sizeof(*list)); > if (list == NULL) > return ENOMEM; > list[count] = list[count + 1] = NULL; > state->pa_e_data = list; > /* Generate an etype-info2 element in the new slot. */ > return make_etype_info(context, KRB5_PADATA_ETYPE_INFO2, > rock->client->princ, rock->client_key, > rock->client_keyblock->enctype, &list[count]); > } > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org