jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-18 23:10:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add support for deriving DES keys to klog.krb5

Browse Source 
(cherry picked from commit e79102e791)

Change-Id: Ia7ebfdd10dcfd6cd164b10275016147630748bac
This commit is contained in:
Ben Kaduk 2013-07-13 10:49:27 +01:00 committed by Simon Wilkinson
parent 4b7553600a
commit 9e1c24a583
1 changed files with 9 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/aklog/klog.c
View File

@ -667,9 +667,6 @@ CommandProc(struct cmd_syndesc *as, void *arock)
for (service = service_temp;;service = "afs") { for (service = service_temp;;service = "afs") {
memset(mcred, 0, sizeof *mcred); memset(mcred, 0, sizeof *mcred);
mcred->client = princ; mcred->client = princ;
/* Ask for DES since that is what rxkad understands */
if (service && !strncmp(service, "afs", 3))
get_creds_enctype(mcred) = ENCTYPE_DES_CBC_CRC;
code = krb5_parse_name(k5context, service, &mcred->server); code = krb5_parse_name(k5context, service, &mcred->server);
if (code) { if (code) {
afs_com_err(rn, code, "Unable to parse service <%s>\n", service); afs_com_err(rn, code, "Unable to parse service <%s>\n", service);
@ -713,13 +710,6 @@ CommandProc(struct cmd_syndesc *as, void *arock)
struct ktc_principal aserver[1], aclient[1]; struct ktc_principal aserver[1], aclient[1];
struct ktc_token atoken[1]; struct ktc_token atoken[1];
if (get_cred_keylen(afscred) != sizeof(atoken->sessionKey)) {
afs_com_err(rn, 0, "Invalid rxkad key length (%u != 8) key type (%u)",
get_cred_keylen(afscred),
get_creds_enctype(afscred));
KLOGEXIT(1);
}
memset(atoken, 0, sizeof *atoken); memset(atoken, 0, sizeof *atoken);
if (evil) { if (evil) {
size_t elen = enc_part->length; size_t elen = enc_part->length;
@ -737,8 +727,15 @@ CommandProc(struct cmd_syndesc *as, void *arock)
} }
atoken->startTime = afscred->times.starttime; atoken->startTime = afscred->times.starttime;
atoken->endTime = afscred->times.endtime; atoken->endTime = afscred->times.endtime;
memcpy(&atoken->sessionKey, get_cred_keydata(afscred), if (tkt_DeriveDesKey(get_creds_enctype(afscred),
get_cred_keylen(afscred)); get_cred_keydata(afscred),
get_cred_keylen(afscred), &atoken->sessionKey)) {
afs_com_err(rn, 0,
"Cannot derive DES key from enctype %i of length %u",
get_creds_enctype(afscred),
(unsigned)get_cred_keylen(afscred));
KLOGEXIT(1);
}
memcpy(atoken->ticket, enc_part->data, memcpy(atoken->ticket, enc_part->data,
atoken->ticketLen = enc_part->length); atoken->ticketLen = enc_part->length);
memset(aserver, 0, sizeof *aserver); memset(aserver, 0, sizeof *aserver);