oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

preliminary PREAUTH_ENC_TIMESTAMP

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@1798 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
1997-06-01 14:32:17 +00:00
parent d6eb3ead4d
commit ef3b3da01f
2 changed files with 82 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
kdc/kdc.c
View File

@@ -30,8 +30,11 @@ krb5_encrypt (krb5_context context,
krb5_keyblock *keyblock, krb5_keyblock *keyblock,
krb5_data *result); krb5_data *result);
krb5_error_code
krb5_mk_error(krb5_principal princ, krb5_mk_error(krb5_principal princ,
krb5_error_code error_code, krb5_error_code error_code,
char *e_text,
krb5_data *e_data,
krb5_data *err) krb5_data *err)
{ {
KRB_ERROR msg; KRB_ERROR msg;
@@ -44,6 +47,10 @@ krb5_mk_error(krb5_principal princ,
msg.error_code = error_code; msg.error_code = error_code;
msg.realm = princ->realm.data; msg.realm = princ->realm.data;
krb5_principal2principalname(&msg.sname, princ); krb5_principal2principalname(&msg.sname, princ);
if (e_text)
msg.e_text = &e_text;
if (e_data)
msg.e_data = e_data;
err->length = encode_KRB_ERROR(buf + sizeof(buf) - 1, sizeof(buf), &msg); err->length = encode_KRB_ERROR(buf + sizeof(buf) - 1, sizeof(buf), &msg);
err->data = malloc(err->length); err->data = malloc(err->length);
memcpy(err->data, buf + sizeof(buf) - err->length, err->length); memcpy(err->data, buf + sizeof(buf) - err->length, err->length);
@@ -68,13 +75,46 @@ as_rep(krb5_context context,
KDC_REP *rep, KDC_REP *rep,
krb5_data *data) krb5_data *data)
{ {
KDCOptions f = req->req_body.kdc_options;
KDC_REQ_BODY *b = &req->req_body; KDC_REQ_BODY *b = &req->req_body;
KDCOptions f = b->kdc_options;
hdb_entry *client, *server; hdb_entry *client, *server;
int use_etype; int use_etype;
EncTicketPart *et = calloc(1, sizeof(*et)); EncTicketPart *et = calloc(1, sizeof(*et));
EncKDCRepPart *ek = calloc(1, sizeof(*ek)); EncKDCRepPart *ek = calloc(1, sizeof(*ek));
/* PREAUTH */
#ifdef PREAUTH_ENC_TIMESTAMP
if(req->padata == NULL || req->padata->len < 1 ||
req->padata->val->padata_type != pa_enc_timestamp) {
PA_DATA foo;
u_char buf[16];
int len;
krb5_data foo_data;
krb5_principal princ;
principalname2krb5_principal (&princ, *(b->cname), b->realm);
foo.padata_type = pa_enc_timestamp;
foo.padata_value.length = 0;
foo.padata_value.data = NULL;
len = encode_PA_DATA(buf + sizeof(buf) - 1,
sizeof(buf),
&foo);
foo_data.length = len;
foo_data.data = buf + sizeof(buf) - len;
krb5_mk_error (princ,
KRB5KDC_ERR_PREAUTH_REQUIRED,
"Need to use PA-ENC-TIMESTAMP",
&foo_data,
data);
return 0;
}
#endif /* PREAUTH_ENC_TIMESTAMP */
client = db_fetch(context, b->cname, b->realm); client = db_fetch(context, b->cname, b->realm);
server = db_fetch(context, b->sname, b->realm); server = db_fetch(context, b->sname, b->realm);

42
kdc/kerberos5.c
View File

@@ -30,8 +30,11 @@ krb5_encrypt (krb5_context context,
krb5_keyblock *keyblock, krb5_keyblock *keyblock,
krb5_data *result); krb5_data *result);
krb5_error_code
krb5_mk_error(krb5_principal princ, krb5_mk_error(krb5_principal princ,
krb5_error_code error_code, krb5_error_code error_code,
char *e_text,
krb5_data *e_data,
krb5_data *err) krb5_data *err)
{ {
KRB_ERROR msg; KRB_ERROR msg;
@@ -44,6 +47,10 @@ krb5_mk_error(krb5_principal princ,
msg.error_code = error_code; msg.error_code = error_code;
msg.realm = princ->realm.data; msg.realm = princ->realm.data;
krb5_principal2principalname(&msg.sname, princ); krb5_principal2principalname(&msg.sname, princ);
if (e_text)
msg.e_text = &e_text;
if (e_data)
msg.e_data = e_data;
err->length = encode_KRB_ERROR(buf + sizeof(buf) - 1, sizeof(buf), &msg); err->length = encode_KRB_ERROR(buf + sizeof(buf) - 1, sizeof(buf), &msg);
err->data = malloc(err->length); err->data = malloc(err->length);
memcpy(err->data, buf + sizeof(buf) - err->length, err->length); memcpy(err->data, buf + sizeof(buf) - err->length, err->length);
@@ -68,13 +75,46 @@ as_rep(krb5_context context,
KDC_REP *rep, KDC_REP *rep,
krb5_data *data) krb5_data *data)
{ {
KDCOptions f = req->req_body.kdc_options;
KDC_REQ_BODY *b = &req->req_body; KDC_REQ_BODY *b = &req->req_body;
KDCOptions f = b->kdc_options;
hdb_entry *client, *server; hdb_entry *client, *server;
int use_etype; int use_etype;
EncTicketPart *et = calloc(1, sizeof(*et)); EncTicketPart *et = calloc(1, sizeof(*et));
EncKDCRepPart *ek = calloc(1, sizeof(*ek)); EncKDCRepPart *ek = calloc(1, sizeof(*ek));
/* PREAUTH */
#ifdef PREAUTH_ENC_TIMESTAMP
if(req->padata == NULL || req->padata->len < 1 ||
req->padata->val->padata_type != pa_enc_timestamp) {
PA_DATA foo;
u_char buf[16];
int len;
krb5_data foo_data;
krb5_principal princ;
principalname2krb5_principal (&princ, *(b->cname), b->realm);
foo.padata_type = pa_enc_timestamp;
foo.padata_value.length = 0;
foo.padata_value.data = NULL;
len = encode_PA_DATA(buf + sizeof(buf) - 1,
sizeof(buf),
&foo);
foo_data.length = len;
foo_data.data = buf + sizeof(buf) - len;
krb5_mk_error (princ,
KRB5KDC_ERR_PREAUTH_REQUIRED,
"Need to use PA-ENC-TIMESTAMP",
&foo_data,
data);
return 0;
}
#endif /* PREAUTH_ENC_TIMESTAMP */
client = db_fetch(context, b->cname, b->realm); client = db_fetch(context, b->cname, b->realm);
server = db_fetch(context, b->sname, b->realm); server = db_fetch(context, b->sname, b->realm);