be more compatible with MIT code. From Daniel Kouril

<kouril@ics.muni.cz> git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8428 ec53bebd-3082-4978-b11e-865c3cabbd6b
2000-06-21 02:20:04 +00:00
parent 736565a8ee
commit 23490da719
2 changed files with 42 additions and 25 deletions
--- a/lib/krb5/get_for_creds.c
+++ b/lib/krb5/get_for_creds.c
@@ -201,22 +201,26 @@ krb5_get_forwarded_creds (krb5_context	    context,
    }
    *enc_krb_cred_part.usec      = usec;

-    ret = krb5_make_addrport (&enc_krb_cred_part.s_address,
-			      auth_context->local_address,
-			      auth_context->local_port);
-    if (ret)
-	goto out4;
-
-    ALLOC(enc_krb_cred_part.r_address, 1);
-    if (enc_krb_cred_part.r_address == NULL) {
-	ret = ENOMEM;
-	goto out4;
+    if (auth_context->local_address && auth_context->local_port) {
+	ret = krb5_make_addrport (&enc_krb_cred_part.s_address,
+				  auth_context->local_address,
+				  auth_context->local_port);
+	if (ret)
+	    goto out4;
    }

-    ret = krb5_copy_address (context, auth_context->remote_address,
-			     enc_krb_cred_part.r_address);
-    if (ret)
-	goto out4;
+    if (auth_context->remote_address) {
+	ALLOC(enc_krb_cred_part.r_address, 1);
+	if (enc_krb_cred_part.r_address == NULL) {
+	    ret = ENOMEM;
+	    goto out4;
+	}
+
+	ret = krb5_copy_address (context, auth_context->remote_address,
+				 enc_krb_cred_part.r_address);
+	if (ret)
+	    goto out4;
+    }

    /* fill ticket_info.val[0] */

--- a/lib/krb5/rd_cred.c
+++ b/lib/krb5/rd_cred.c
@@ -64,16 +64,27 @@ krb5_rd_cred (krb5_context      context,
 	goto out;
    }

-    krb5_crypto_init(context, auth_context->remote_subkey, 0, &crypto);
-    ret = krb5_decrypt_EncryptedData(context,
-				     crypto,
-				     KRB5_KU_KRB_CRED,
-				     &cred.enc_part,
-				     &enc_krb_cred_part_data);
-    krb5_crypto_destroy(context, crypto);
-    if (ret)
-	goto out;
-    
+    if (cred.enc_part.etype == ETYPE_NULL) {  
+       /* DK: MIT GSS-API Compatibility */
+       enc_krb_cred_part_data.length = cred.enc_part.cipher.length;
+       enc_krb_cred_part_data.data   = cred.enc_part.cipher.data;
+    } else {
+	if (auth_context->remote_subkey)
+	    krb5_crypto_init(context, auth_context->remote_subkey, 0, &crypto);
+	else
+	    krb5_crypto_init(context, auth_context->keyblock, 0, &crypto);
+          /* DK: MIT rsh */
+       
+	ret = krb5_decrypt_EncryptedData(context,
+					 crypto,
+					 KRB5_KU_KRB_CRED,
+					 &cred.enc_part,
+					 &enc_krb_cred_part_data);
+       
+	krb5_crypto_destroy(context, crypto);
+	if (ret)
+	    goto out;
+    }

    ret = krb5_decode_EncKrbCredPart (context,
 				      enc_krb_cred_part_data.data,
@@ -86,7 +97,8 @@ krb5_rd_cred (krb5_context      context,
    /* check sender address */

    if (enc_krb_cred_part.s_address
-	&& auth_context->remote_address) {
+	&& auth_context->remote_address
+	&& auth_context->remote_port) {
 	krb5_address *a;
 	int cmp;

@@ -113,6 +125,7 @@ krb5_rd_cred (krb5_context      context,
    /* check receiver address */

    if (enc_krb_cred_part.r_address
+	&& auth_context->local_address
 	&& !krb5_address_compare (context,
 				  auth_context->local_address,
 				  enc_krb_cred_part.r_address)) {