oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

krb5_get_kdc_cred uses get_kdc_cred

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2897 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
1997-08-11 02:47:32 +00:00
parent 04c1b3ce80
commit 7be1cc16df
1 changed files with 46 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

154
lib/krb5/get_cred.c
View File

@@ -175,110 +175,9 @@ get_krbtgt(krb5_context context,
} }
krb5_error_code
krb5_get_kdc_cred(krb5_context context,
krb5_ccache id,
krb5_kdc_flags flags,
krb5_addresses *addresses,
Ticket *second_ticket,
krb5_creds *in_creds,
krb5_creds **out_creds
)
{
TGS_REQ req;
krb5_data enc;
krb5_data resp;
krb5_kdc_rep rep;
KRB_ERROR error;
krb5_error_code ret;
krb5_creds *krbtgt;
unsigned nonce;
unsigned char buf[1024];
size_t len;
krb5_generate_random_block(&nonce, sizeof(nonce));
ret = get_krbtgt (context,
id,
in_creds->server->realm,
&krbtgt);
if (ret)
return ret;
ret = init_tgs_req (context,
id,
addresses,
flags,
second_ticket,
in_creds,
krbtgt,
nonce,
&req);
if (ret)
goto out;
ret = encode_TGS_REQ (buf + sizeof (buf) - 1, sizeof(buf),
&req, &enc.length);
/* Don't free this part, it's from the caller */
req.req_body.addresses = NULL;
free_TGS_REQ(&req);
enc.data = buf + sizeof(buf) - enc.length;
if (ret)
goto out;
/*
* Send and receive
*/
ret = krb5_sendto_kdc (context, &enc, &in_creds->server->realm, &resp);
if(ret)
goto out;
memset(&rep, 0, sizeof(rep));
if(decode_TGS_REP(resp.data, resp.length, &rep.part1, &len) == 0){
ret = krb5_copy_creds_contents (context,
in_creds,
*out_creds);
if(ret)
goto out;
#if 0
krb5_copy_principal (context,
in_creds->client,
&(*out_creds)->client);
krb5_copy_principal (context,
in_creds->server,
&(*out_creds)->server);
#endif
ret = extract_ticket(context,
&rep,
*out_creds,
&krbtgt->session,
NULL,
&krbtgt->addresses,
nonce,
NULL,
NULL);
krb5_free_kdc_rep(context, &rep);
if (ret)
goto out;
}else if(krb5_rd_error(context, &resp, &error) == 0){
ret = error.error_code;
free_KRB_ERROR(&error);
}else
ret = KRB5KRB_AP_ERR_MSG_TYPE;
krb5_data_free(&resp);
out:
krb5_free_creds (context, krbtgt);
return ret;
}
static krb5_error_code static krb5_error_code
get_cred_kdc(krb5_context context, krb5_ccache id, krb5_kdc_flags flags, get_cred_kdc(krb5_context context, krb5_ccache id, krb5_kdc_flags flags,
krb5_addresses *addresses,
krb5_creds *in_creds, krb5_creds *krbtgt, krb5_creds *in_creds, krb5_creds *krbtgt,
krb5_creds **out_creds) krb5_creds **out_creds)
{ {
@@ -291,10 +190,6 @@ get_cred_kdc(krb5_context context, krb5_ccache id, krb5_kdc_flags flags,
unsigned nonce; unsigned nonce;
unsigned char buf[1024]; unsigned char buf[1024];
size_t len; size_t len;
krb5_addresses *addresses;
addresses = malloc(sizeof(*addresses));
krb5_get_all_client_addrs(addresses);
krb5_generate_random_block(&nonce, sizeof(nonce)); krb5_generate_random_block(&nonce, sizeof(nonce));
@@ -312,6 +207,8 @@ get_cred_kdc(krb5_context context, krb5_ccache id, krb5_kdc_flags flags,
ret = encode_TGS_REQ (buf + sizeof (buf) - 1, sizeof(buf), ret = encode_TGS_REQ (buf + sizeof (buf) - 1, sizeof(buf),
&req, &enc.length); &req, &enc.length);
/* don't free addresses */
req.req_body.addresses = NULL;
free_TGS_REQ(&req); free_TGS_REQ(&req);
enc.data = buf + sizeof(buf) - enc.length; enc.data = buf + sizeof(buf) - enc.length;
@@ -357,6 +254,47 @@ out:
} }
/* same as above, just get local addresses first */
static krb5_error_code
get_cred_kdc_la(krb5_context context, krb5_ccache id, krb5_kdc_flags flags,
krb5_creds *in_creds, krb5_creds *krbtgt,
krb5_creds **out_creds)
{
krb5_error_code ret;
krb5_addresses addresses;
krb5_get_all_client_addrs(&addresses);
ret = get_cred_kdc(context, id, flags, &addresses,
in_creds, krbtgt, out_creds);
krb5_free_addresses(context, &addresses);
return ret;
}
krb5_error_code
krb5_get_kdc_cred(krb5_context context,
krb5_ccache id,
krb5_kdc_flags flags,
krb5_addresses *addresses,
Ticket *second_ticket,
krb5_creds *in_creds,
krb5_creds **out_creds
)
{
krb5_error_code ret;
krb5_creds *krbtgt;
ret = get_krbtgt (context,
id,
in_creds->server->realm,
&krbtgt);
ret = get_cred_kdc(context, id, flags, addresses,
in_creds, krbtgt, out_creds);
krb5_free_creds (context, krbtgt);
return ret;
}
/* /*
get_cred(server) get_cred(server)
creds = cc_get_cred(server) creds = cc_get_cred(server)
@@ -416,7 +354,7 @@ krb5_get_credentials(krb5_context context,
ret = krb5_cc_retrieve_cred_any_realm(context, ccache, 0, ret = krb5_cc_retrieve_cred_any_realm(context, ccache, 0,
&tmp_creds, &tgts); &tmp_creds, &tgts);
if(ret == 0){ if(ret == 0){
ret = get_cred_kdc(context, ccache, flags, ret = get_cred_kdc_la(context, ccache, flags,
in_creds, &tgts, out_creds); in_creds, &tgts, out_creds);
krb5_free_creds_contents(context, &tgts); krb5_free_creds_contents(context, &tgts);
krb5_free_principal(context, tmp_creds.server); krb5_free_principal(context, tmp_creds.server);
@@ -449,7 +387,7 @@ krb5_get_credentials(krb5_context context,
krb5_free_principal(context, tmp_creds.server); krb5_free_principal(context, tmp_creds.server);
krb5_free_principal(context, tmp_creds.client); krb5_free_principal(context, tmp_creds.client);
ret = get_cred_kdc(context, ccache, flags, in_creds, tgt, out_creds); ret = get_cred_kdc_la(context, ccache, flags, in_creds, tgt, out_creds);
krb5_free_creds_contents(context, tgt); krb5_free_creds_contents(context, tgt);
free(tgt); free(tgt);
if(ret) if(ret)