oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Return whole asn.1 ticket in krb5_ticket->tkt.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@1354 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
1997-03-11 19:25:23 +00:00
parent e727117eae
commit 708eaba401
1 changed files with 32 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
lib/krb5/rd_req.c
View File

@@ -76,49 +76,52 @@ krb5_rd_req_with_keyblock(krb5_context context,
if (ap_req.ap_options.use_session_key) if (ap_req.ap_options.use_session_key)
abort (); abort ();
else { else {
EncTicketPart decr_part;
Authenticator authenticator; Authenticator authenticator;
krb5_ticket *t;
t = malloc(sizeof(*t));
ret = decrypt_tkt_enc_part (context, ret = decrypt_tkt_enc_part (context,
keyblock, keyblock,
&ap_req.ticket.enc_part, &ap_req.ticket.enc_part,
&decr_part); &t->tkt);
if (ret) if (ret)
return ret; return ret;
if (ticket) { principalname2krb5_principal(&t->enc_part2.client,
*ticket = malloc(sizeof(**ticket)); t->tkt.cname,
t->tkt.crealm);
principalname2krb5_principal(&(*ticket)->enc_part2.client, if (ticket)
decr_part.cname, *ticket = t;
decr_part.crealm);
}
/* save key */ /* save key */
(*auth_context)->key.keytype = decr_part.key.keytype; (*auth_context)->key.keytype = t->tkt.key.keytype;
krb5_data_copy(&(*auth_context)->key.contents, krb5_data_copy(&(*auth_context)->key.contents,
decr_part.key.keyvalue.data, t->tkt.key.keyvalue.data,
decr_part.key.keyvalue.length); t->tkt.key.keyvalue.length);
ret = decrypt_authenticator (context, ret = decrypt_authenticator (context,
&decr_part.key, &t->tkt.key,
&ap_req.authenticator, &ap_req.authenticator,
&authenticator); &authenticator);
if (ret) if (ret)
return ret; return ret;
if (strcmp (authenticator.crealm, decr_part.crealm) != 0) memset((*auth_context)->authenticator, 0,
return KRB5KRB_AP_ERR_BADMATCH; sizeof((*auth_context)->authenticator));
{ {
krb5_principal p1, p2; krb5_principal p2;
principalname2krb5_principal(&p1, authenticator.cname, principalname2krb5_principal(&(*auth_context)->authenticator->cname,
authenticator.crealm); authenticator.cname,
principalname2krb5_principal(&p2, decr_part.cname, authenticator.crealm);
decr_part.crealm); principalname2krb5_principal(&p2,
if (!krb5_principal_compare (context, p1, p2)) t->tkt.cname,
return KRB5KRB_AP_ERR_BADMATCH; t->tkt.crealm);
if (!krb5_principal_compare (context,
(*auth_context)->authenticator->cname,
p2))
return KRB5KRB_AP_ERR_BADMATCH;
} }
(*auth_context)->authenticator->cusec = authenticator.cusec; (*auth_context)->authenticator->cusec = authenticator.cusec;
(*auth_context)->authenticator->ctime = authenticator.ctime; (*auth_context)->authenticator->ctime = authenticator.ctime;
@@ -133,11 +136,11 @@ krb5_rd_req_with_keyblock(krb5_context context,
/* Check address and time */ /* Check address and time */
gettimeofday (&now, NULL); gettimeofday (&now, NULL);
if ((decr_part.starttime ? *decr_part.starttime : decr_part.authtime) if ((t->tkt.starttime ? *t->tkt.starttime : t->tkt.authtime)
- now.tv_sec > 600 || - now.tv_sec > 600 ||
decr_part.flags.invalid) t->tkt.flags.invalid)
return KRB5KRB_AP_ERR_TKT_NYV; return KRB5KRB_AP_ERR_TKT_NYV;
if (now.tv_sec - decr_part.endtime > 600) if (now.tv_sec - t->tkt.endtime > 600)
return KRB5KRB_AP_ERR_TKT_EXPIRED; return KRB5KRB_AP_ERR_TKT_EXPIRED;
return 0; return 0;
@@ -159,7 +162,7 @@ krb5_rd_req(krb5_context context,
krb5_kt_default(context, &keytab); krb5_kt_default(context, &keytab);
ret = krb5_kt_get_entry(context, ret = krb5_kt_get_entry(context,
keytab, keytab,
server, (krb5_principal)server,
0, 0,
KEYTYPE_DES, KEYTYPE_DES,
&entry); &entry);