part1 -> kdc_rep, part2 -> enc_part
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@4335 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
|
* Copyright (c) 1997, 1998 Kungliga Tekniska H<>gskolan
|
||||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||||
* All rights reserved.
|
* All rights reserved.
|
||||||
*
|
*
|
||||||
@@ -43,7 +43,7 @@ RCSID("$Id$");
|
|||||||
krb5_error_code
|
krb5_error_code
|
||||||
krb5_free_kdc_rep(krb5_context context, krb5_kdc_rep *rep)
|
krb5_free_kdc_rep(krb5_context context, krb5_kdc_rep *rep)
|
||||||
{
|
{
|
||||||
free_KDC_REP(&rep->part1);
|
free_KDC_REP(&rep->kdc_rep);
|
||||||
free_EncTGSRepPart(&rep->part2);
|
free_EncTGSRepPart(&rep->enc_part);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -259,20 +259,20 @@ decrypt_tkt_with_subkey (krb5_context context,
|
|||||||
size_t size;
|
size_t size;
|
||||||
krb5_data save;
|
krb5_data save;
|
||||||
|
|
||||||
ret = krb5_data_copy(&save, dec_rep->part1.enc_part.cipher.data,
|
ret = krb5_data_copy(&save, dec_rep->kdc_rep.enc_part.cipher.data,
|
||||||
dec_rep->part1.enc_part.cipher.length);
|
dec_rep->kdc_rep.enc_part.cipher.length);
|
||||||
if(ret)
|
if(ret)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
ret = krb5_decrypt (context,
|
ret = krb5_decrypt (context,
|
||||||
dec_rep->part1.enc_part.cipher.data,
|
dec_rep->kdc_rep.enc_part.cipher.data,
|
||||||
dec_rep->part1.enc_part.cipher.length,
|
dec_rep->kdc_rep.enc_part.cipher.length,
|
||||||
dec_rep->part1.enc_part.etype,
|
dec_rep->kdc_rep.enc_part.etype,
|
||||||
key,
|
key,
|
||||||
&data);
|
&data);
|
||||||
if(ret && subkey){
|
if(ret && subkey){
|
||||||
ret = krb5_decrypt (context, save.data, save.length,
|
ret = krb5_decrypt (context, save.data, save.length,
|
||||||
dec_rep->part1.enc_part.etype,
|
dec_rep->kdc_rep.enc_part.etype,
|
||||||
(krb5_keyblock*)subkey, /* local subkey */
|
(krb5_keyblock*)subkey, /* local subkey */
|
||||||
&data);
|
&data);
|
||||||
}
|
}
|
||||||
@@ -282,12 +282,12 @@ decrypt_tkt_with_subkey (krb5_context context,
|
|||||||
|
|
||||||
ret = decode_EncASRepPart(data.data,
|
ret = decode_EncASRepPart(data.data,
|
||||||
data.length,
|
data.length,
|
||||||
&dec_rep->part2,
|
&dec_rep->enc_part,
|
||||||
&size);
|
&size);
|
||||||
if (ret)
|
if (ret)
|
||||||
ret = decode_EncTGSRepPart(data.data,
|
ret = decode_EncTGSRepPart(data.data,
|
||||||
data.length,
|
data.length,
|
||||||
&dec_rep->part2,
|
&dec_rep->enc_part,
|
||||||
&size);
|
&size);
|
||||||
krb5_data_free (&data);
|
krb5_data_free (&data);
|
||||||
if (ret) return ret;
|
if (ret) return ret;
|
||||||
@@ -361,7 +361,7 @@ get_cred_kdc(krb5_context context,
|
|||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
memset(&rep, 0, sizeof(rep));
|
memset(&rep, 0, sizeof(rep));
|
||||||
if(decode_TGS_REP(resp.data, resp.length, &rep.part1, &len) == 0){
|
if(decode_TGS_REP(resp.data, resp.length, &rep.kdc_rep, &len) == 0){
|
||||||
ret = krb5_copy_principal(context,
|
ret = krb5_copy_principal(context,
|
||||||
in_creds->client,
|
in_creds->client,
|
||||||
&(*out_creds)->client);
|
&(*out_creds)->client);
|
||||||
|
|||||||
@@ -89,9 +89,9 @@ decrypt_tkt (krb5_context context,
|
|||||||
size_t size;
|
size_t size;
|
||||||
|
|
||||||
ret = krb5_decrypt (context,
|
ret = krb5_decrypt (context,
|
||||||
dec_rep->part1.enc_part.cipher.data,
|
dec_rep->kdc_rep.enc_part.cipher.data,
|
||||||
dec_rep->part1.enc_part.cipher.length,
|
dec_rep->kdc_rep.enc_part.cipher.length,
|
||||||
dec_rep->part1.enc_part.etype,
|
dec_rep->kdc_rep.enc_part.etype,
|
||||||
key,
|
key,
|
||||||
&data);
|
&data);
|
||||||
if (ret)
|
if (ret)
|
||||||
@@ -99,12 +99,12 @@ decrypt_tkt (krb5_context context,
|
|||||||
|
|
||||||
ret = decode_EncASRepPart(data.data,
|
ret = decode_EncASRepPart(data.data,
|
||||||
data.length,
|
data.length,
|
||||||
&dec_rep->part2,
|
&dec_rep->enc_part,
|
||||||
&size);
|
&size);
|
||||||
if (ret)
|
if (ret)
|
||||||
ret = decode_EncTGSRepPart(data.data,
|
ret = decode_EncTGSRepPart(data.data,
|
||||||
data.length,
|
data.length,
|
||||||
&dec_rep->part2,
|
&dec_rep->enc_part,
|
||||||
&size);
|
&size);
|
||||||
krb5_data_free (&data);
|
krb5_data_free (&data);
|
||||||
if (ret) return ret;
|
if (ret) return ret;
|
||||||
@@ -132,8 +132,8 @@ _krb5_extract_ticket(krb5_context context,
|
|||||||
/* compare client */
|
/* compare client */
|
||||||
|
|
||||||
err = principalname2krb5_principal (&tmp_principal,
|
err = principalname2krb5_principal (&tmp_principal,
|
||||||
rep->part1.cname,
|
rep->kdc_rep.cname,
|
||||||
rep->part1.crealm);
|
rep->kdc_rep.crealm);
|
||||||
if (err)
|
if (err)
|
||||||
goto out;
|
goto out;
|
||||||
tmp = krb5_principal_compare (context, tmp_principal, creds->client);
|
tmp = krb5_principal_compare (context, tmp_principal, creds->client);
|
||||||
@@ -148,7 +148,7 @@ _krb5_extract_ticket(krb5_context context,
|
|||||||
unsigned char buf[1024];
|
unsigned char buf[1024];
|
||||||
size_t len;
|
size_t len;
|
||||||
encode_Ticket(buf + sizeof(buf) - 1, sizeof(buf),
|
encode_Ticket(buf + sizeof(buf) - 1, sizeof(buf),
|
||||||
&rep->part1.ticket, &len);
|
&rep->kdc_rep.ticket, &len);
|
||||||
creds->ticket.data = malloc(len);
|
creds->ticket.data = malloc(len);
|
||||||
memcpy(creds->ticket.data, buf + sizeof(buf) - len, len);
|
memcpy(creds->ticket.data, buf + sizeof(buf) - len, len);
|
||||||
creds->ticket.length = len;
|
creds->ticket.length = len;
|
||||||
@@ -159,8 +159,8 @@ _krb5_extract_ticket(krb5_context context,
|
|||||||
/* compare server */
|
/* compare server */
|
||||||
|
|
||||||
err = principalname2krb5_principal (&tmp_principal,
|
err = principalname2krb5_principal (&tmp_principal,
|
||||||
rep->part1.ticket.sname,
|
rep->kdc_rep.ticket.sname,
|
||||||
rep->part1.ticket.realm);
|
rep->kdc_rep.ticket.realm);
|
||||||
if (err)
|
if (err)
|
||||||
goto out;
|
goto out;
|
||||||
if(allow_server_mismatch){
|
if(allow_server_mismatch){
|
||||||
@@ -187,7 +187,7 @@ _krb5_extract_ticket(krb5_context context,
|
|||||||
|
|
||||||
/* compare nonces */
|
/* compare nonces */
|
||||||
|
|
||||||
if (nonce != rep->part2.nonce) {
|
if (nonce != rep->enc_part.nonce) {
|
||||||
err = KRB5KRB_AP_ERR_MODIFIED;
|
err = KRB5KRB_AP_ERR_MODIFIED;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
@@ -200,16 +200,16 @@ _krb5_extract_ticket(krb5_context context,
|
|||||||
"libdefaults",
|
"libdefaults",
|
||||||
"kdc_timesync",
|
"kdc_timesync",
|
||||||
NULL)) {
|
NULL)) {
|
||||||
context->kdc_sec_offset = rep->part2.authtime - sec_now;
|
context->kdc_sec_offset = rep->enc_part.authtime - sec_now;
|
||||||
krb5_timeofday (context, &sec_now);
|
krb5_timeofday (context, &sec_now);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* check all times */
|
/* check all times */
|
||||||
|
|
||||||
if (rep->part2.starttime) {
|
if (rep->enc_part.starttime) {
|
||||||
tmp_time = *rep->part2.starttime;
|
tmp_time = *rep->enc_part.starttime;
|
||||||
} else
|
} else
|
||||||
tmp_time = rep->part2.authtime;
|
tmp_time = rep->enc_part.authtime;
|
||||||
|
|
||||||
if (creds->times.starttime == 0
|
if (creds->times.starttime == 0
|
||||||
&& abs(tmp_time - sec_now) > context->max_skew) {
|
&& abs(tmp_time - sec_now) > context->max_skew) {
|
||||||
@@ -225,8 +225,8 @@ _krb5_extract_ticket(krb5_context context,
|
|||||||
|
|
||||||
creds->times.starttime = tmp_time;
|
creds->times.starttime = tmp_time;
|
||||||
|
|
||||||
if (rep->part2.renew_till) {
|
if (rep->enc_part.renew_till) {
|
||||||
tmp_time = *rep->part2.renew_till;
|
tmp_time = *rep->enc_part.renew_till;
|
||||||
} else
|
} else
|
||||||
tmp_time = 0;
|
tmp_time = 0;
|
||||||
|
|
||||||
@@ -238,38 +238,38 @@ _krb5_extract_ticket(krb5_context context,
|
|||||||
|
|
||||||
creds->times.renew_till = tmp_time;
|
creds->times.renew_till = tmp_time;
|
||||||
|
|
||||||
creds->times.authtime = rep->part2.authtime;
|
creds->times.authtime = rep->enc_part.authtime;
|
||||||
|
|
||||||
if (creds->times.endtime != 0
|
if (creds->times.endtime != 0
|
||||||
&& rep->part2.endtime > creds->times.endtime) {
|
&& rep->enc_part.endtime > creds->times.endtime) {
|
||||||
err = KRB5KRB_AP_ERR_MODIFIED;
|
err = KRB5KRB_AP_ERR_MODIFIED;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
creds->times.endtime = rep->part2.endtime;
|
creds->times.endtime = rep->enc_part.endtime;
|
||||||
|
|
||||||
if(rep->part2.caddr)
|
if(rep->enc_part.caddr)
|
||||||
krb5_copy_addresses (context, rep->part2.caddr, &creds->addresses);
|
krb5_copy_addresses (context, rep->enc_part.caddr, &creds->addresses);
|
||||||
else if(addrs)
|
else if(addrs)
|
||||||
krb5_copy_addresses (context, addrs, &creds->addresses);
|
krb5_copy_addresses (context, addrs, &creds->addresses);
|
||||||
else {
|
else {
|
||||||
creds->addresses.len = 0;
|
creds->addresses.len = 0;
|
||||||
creds->addresses.val = NULL;
|
creds->addresses.val = NULL;
|
||||||
}
|
}
|
||||||
creds->flags.b = rep->part2.flags;
|
creds->flags.b = rep->enc_part.flags;
|
||||||
|
|
||||||
creds->authdata.len = 0;
|
creds->authdata.len = 0;
|
||||||
creds->authdata.val = NULL;
|
creds->authdata.val = NULL;
|
||||||
creds->session.keyvalue.length = 0;
|
creds->session.keyvalue.length = 0;
|
||||||
creds->session.keyvalue.data = NULL;
|
creds->session.keyvalue.data = NULL;
|
||||||
creds->session.keytype = rep->part2.key.keytype;
|
creds->session.keytype = rep->enc_part.key.keytype;
|
||||||
err = krb5_data_copy (&creds->session.keyvalue,
|
err = krb5_data_copy (&creds->session.keyvalue,
|
||||||
rep->part2.key.keyvalue.data,
|
rep->enc_part.key.keyvalue.data,
|
||||||
rep->part2.key.keyvalue.length);
|
rep->enc_part.key.keyvalue.length);
|
||||||
|
|
||||||
out:
|
out:
|
||||||
memset (rep->part2.key.keyvalue.data, 0,
|
memset (rep->enc_part.key.keyvalue.data, 0,
|
||||||
rep->part2.key.keyvalue.length);
|
rep->enc_part.key.keyvalue.length);
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -539,7 +539,7 @@ krb5_get_in_cred(krb5_context context,
|
|||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
memset (&rep, 0, sizeof(rep));
|
memset (&rep, 0, sizeof(rep));
|
||||||
if((ret = decode_AS_REP(resp.data, resp.length, &rep.part1, &size))){
|
if((ret = decode_AS_REP(resp.data, resp.length, &rep.kdc_rep, &size))){
|
||||||
/* let's try to parse it as a KRB-ERROR */
|
/* let's try to parse it as a KRB-ERROR */
|
||||||
KRB_ERROR error;
|
KRB_ERROR error;
|
||||||
int ret2;
|
int ret2;
|
||||||
@@ -558,15 +558,15 @@ krb5_get_in_cred(krb5_context context,
|
|||||||
krb5_data_free(&resp);
|
krb5_data_free(&resp);
|
||||||
|
|
||||||
pa = NULL;
|
pa = NULL;
|
||||||
etype = rep.part1.enc_part.etype;
|
etype = rep.kdc_rep.enc_part.etype;
|
||||||
if(rep.part1.padata){
|
if(rep.kdc_rep.padata){
|
||||||
int index = 0;
|
int index = 0;
|
||||||
pa = krb5_find_padata(rep.part1.padata->val, rep.part1.padata->len,
|
pa = krb5_find_padata(rep.kdc_rep.padata->val, rep.kdc_rep.padata->len,
|
||||||
pa_pw_salt, &index);
|
pa_pw_salt, &index);
|
||||||
if(pa == NULL) {
|
if(pa == NULL) {
|
||||||
index = 0;
|
index = 0;
|
||||||
pa = krb5_find_padata(rep.part1.padata->val,
|
pa = krb5_find_padata(rep.kdc_rep.padata->val,
|
||||||
rep.part1.padata->len,
|
rep.kdc_rep.padata->len,
|
||||||
pa_afs3_salt, &index);
|
pa_afs3_salt, &index);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -168,7 +168,7 @@ print_expire (krb5_context context,
|
|||||||
krb5_data *data)
|
krb5_data *data)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
LastReq *lr = &rep->part2.last_req;
|
LastReq *lr = &rep->enc_part.last_req;
|
||||||
int32_t sec;
|
int32_t sec;
|
||||||
time_t t;
|
time_t t;
|
||||||
|
|
||||||
@@ -192,12 +192,12 @@ print_expire (krb5_context context,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (rep->part2.key_expiration
|
if (rep->enc_part.key_expiration
|
||||||
&& *rep->part2.key_expiration <= t) {
|
&& *rep->enc_part.key_expiration <= t) {
|
||||||
char *p;
|
char *p;
|
||||||
|
|
||||||
asprintf (&p, "Your password/account will expire at %s",
|
asprintf (&p, "Your password/account will expire at %s",
|
||||||
ctime(rep->part2.key_expiration));
|
ctime(rep->enc_part.key_expiration));
|
||||||
(*prompter) (context, data, p, 0, NULL);
|
(*prompter) (context, data, p, 0, NULL);
|
||||||
free (p);
|
free (p);
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user