(tgs_rep2): try to set sec and usec in error replies
(*): update callers of krb5_km_error (check_tgs_flags): handle renews requesting non-renewable tickets git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9763 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 1997-2000 Kungliga Tekniska H<>gskolan
|
* Copyright (c) 1997-2001 Kungliga Tekniska H<>gskolan
|
||||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||||
* All rights reserved.
|
* All rights reserved.
|
||||||
*
|
*
|
||||||
@@ -630,7 +630,8 @@ as_rep(KDC_REQ *req,
|
|||||||
&foo_data,
|
&foo_data,
|
||||||
client_princ,
|
client_princ,
|
||||||
server_princ,
|
server_princ,
|
||||||
0,
|
NULL,
|
||||||
|
NULL,
|
||||||
reply);
|
reply);
|
||||||
free(buf);
|
free(buf);
|
||||||
kdc_log(0, "No PA-ENC-TIMESTAMP -- %s", client_name);
|
kdc_log(0, "No PA-ENC-TIMESTAMP -- %s", client_name);
|
||||||
@@ -862,7 +863,8 @@ out:
|
|||||||
NULL,
|
NULL,
|
||||||
client_princ,
|
client_princ,
|
||||||
server_princ,
|
server_princ,
|
||||||
0,
|
NULL,
|
||||||
|
NULL,
|
||||||
reply);
|
reply);
|
||||||
ret = 0;
|
ret = 0;
|
||||||
}
|
}
|
||||||
@@ -978,7 +980,9 @@ check_tgs_flags(KDC_REQ_BODY *b, EncTicketPart *tgt, EncTicketPart *et)
|
|||||||
old_life -= *tgt->starttime;
|
old_life -= *tgt->starttime;
|
||||||
else
|
else
|
||||||
old_life -= tgt->authtime;
|
old_life -= tgt->authtime;
|
||||||
et->endtime = min(*et->renew_till, *et->starttime + old_life);
|
et->endtime = *et->starttime + old_life;
|
||||||
|
if (et->renew_till != NULL)
|
||||||
|
et->endtime = min(*et->renew_till, et->endtime);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* checks for excess flags */
|
/* checks for excess flags */
|
||||||
@@ -1312,7 +1316,9 @@ tgs_rep2(KDC_REQ_BODY *b,
|
|||||||
PA_DATA *tgs_req,
|
PA_DATA *tgs_req,
|
||||||
krb5_data *reply,
|
krb5_data *reply,
|
||||||
const char *from,
|
const char *from,
|
||||||
struct sockaddr *from_addr)
|
const struct sockaddr *from_addr,
|
||||||
|
time_t **csec,
|
||||||
|
int **cusec)
|
||||||
{
|
{
|
||||||
krb5_ap_req ap_req;
|
krb5_ap_req ap_req;
|
||||||
krb5_error_code ret;
|
krb5_error_code ret;
|
||||||
@@ -1409,6 +1415,19 @@ tgs_rep2(KDC_REQ_BODY *b,
|
|||||||
goto out2;
|
goto out2;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
{
|
||||||
|
krb5_authenticator auth;
|
||||||
|
|
||||||
|
ret = krb5_auth_getauthenticator(context, ac, &auth);
|
||||||
|
if (ret == 0) {
|
||||||
|
csec = auth->csec;
|
||||||
|
auth->csec = NULL;
|
||||||
|
cusec = auth->cusec;
|
||||||
|
auth->cusec = NULL;
|
||||||
|
krb5_free_authenticator(context, &auth);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
cetype = ap_req.authenticator.etype;
|
cetype = ap_req.authenticator.etype;
|
||||||
|
|
||||||
tgt = &ticket->ticket;
|
tgt = &ticket->ticket;
|
||||||
@@ -1631,7 +1650,8 @@ out2:
|
|||||||
NULL,
|
NULL,
|
||||||
cp,
|
cp,
|
||||||
sp,
|
sp,
|
||||||
0,
|
NULL,
|
||||||
|
NULL,
|
||||||
reply);
|
reply);
|
||||||
krb5_free_principal(context, cp);
|
krb5_free_principal(context, cp);
|
||||||
krb5_free_principal(context, sp);
|
krb5_free_principal(context, sp);
|
||||||
@@ -1660,6 +1680,8 @@ tgs_rep(KDC_REQ *req,
|
|||||||
krb5_error_code ret;
|
krb5_error_code ret;
|
||||||
int i = 0;
|
int i = 0;
|
||||||
PA_DATA *tgs_req = NULL;
|
PA_DATA *tgs_req = NULL;
|
||||||
|
time_t *csec = NULL;
|
||||||
|
int *cusec = NULL;
|
||||||
|
|
||||||
if(req->padata == NULL){
|
if(req->padata == NULL){
|
||||||
ret = KRB5KDC_ERR_PREAUTH_REQUIRED; /* XXX ??? */
|
ret = KRB5KDC_ERR_PREAUTH_REQUIRED; /* XXX ??? */
|
||||||
@@ -1684,8 +1706,11 @@ out:
|
|||||||
NULL,
|
NULL,
|
||||||
NULL,
|
NULL,
|
||||||
NULL,
|
NULL,
|
||||||
0,
|
ctime,
|
||||||
|
cusec,
|
||||||
data);
|
data);
|
||||||
}
|
}
|
||||||
|
free(ctime);
|
||||||
|
free(cusec);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user