oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Conditionalize pa-enc-timestamp.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2397 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
1997-07-16 22:56:30 +00:00
parent a1c34f4f77
commit f097a12adf
1 changed files with 29 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
kdc/kerberos5.c
View File

@@ -103,34 +103,36 @@ as_rep(krb5_context context,
if(req->padata == NULL || req->padata->len < 1 || if(req->padata == NULL || req->padata->len < 1 ||
req->padata->val->padata_type != pa_enc_timestamp) { req->padata->val->padata_type != pa_enc_timestamp) {
PA_DATA foo; if(require_enc_timestamp){
u_char buf[16]; PA_DATA foo;
size_t len; u_char buf[16];
krb5_data foo_data; size_t len;
krb5_data foo_data;
foo.padata_type = pa_enc_timestamp; foo.padata_type = pa_enc_timestamp;
foo.padata_value.length = 0; foo.padata_value.length = 0;
foo.padata_value.data = NULL; foo.padata_value.data = NULL;
encode_PA_DATA(buf + sizeof(buf) - 1, encode_PA_DATA(buf + sizeof(buf) - 1,
sizeof(buf), sizeof(buf),
&foo, &foo,
&len); &len);
foo_data.length = len; foo_data.length = len;
foo_data.data = buf + sizeof(buf) - len; foo_data.data = buf + sizeof(buf) - len;
ret = KRB5KDC_ERR_PREAUTH_REQUIRED; ret = KRB5KDC_ERR_PREAUTH_REQUIRED;
krb5_mk_error(context, krb5_mk_error(context,
ret, ret,
"Need to use PA-ENC-TIMESTAMP", "Need to use PA-ENC-TIMESTAMP",
&foo_data, &foo_data,
client_princ, client_princ,
server_princ, server_princ,
0, 0,
reply); reply);
kdc_log(0, "No PA-ENC-TIMESTAMP -- %s", client_name); kdc_log(0, "No PA-ENC-TIMESTAMP -- %s", client_name);
goto out2; goto out2;
}
} else { } else {
krb5_data ts_data; krb5_data ts_data;
PA_ENC_TS_ENC p; PA_ENC_TS_ENC p;
@@ -139,9 +141,9 @@ as_rep(krb5_context context,
EncryptedData enc_data; EncryptedData enc_data;
ret = decode_EncryptedData(req->padata->val->padata_value.data, ret = decode_EncryptedData(req->padata->val->padata_value.data,
req->padata->val->padata_value.length, req->padata->val->padata_value.length,
&enc_data, &enc_data,
&len); &len);
if (ret) { if (ret) {
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
kdc_log(0, "Failed to decode PA-DATA -- %s", client_name); kdc_log(0, "Failed to decode PA-DATA -- %s", client_name);