diff options
Diffstat (limited to 'source4/heimdal/lib/krb5')
| -rw-r--r-- | source4/heimdal/lib/krb5/krb5-protos.h | 13 | ||||
| -rw-r--r-- | source4/heimdal/lib/krb5/rd_rep.c | 146 | ||||
| -rw-r--r-- | source4/heimdal/lib/krb5/rd_req.c | 20 |
3 files changed, 86 insertions, 93 deletions
diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h index cc619314a3..97f286b83e 100644 --- a/source4/heimdal/lib/krb5/krb5-protos.h +++ b/source4/heimdal/lib/krb5/krb5-protos.h @@ -2378,6 +2378,12 @@ krb5_parse_name ( krb5_principal */*principal*/); krb5_error_code KRB5_LIB_FUNCTION +krb5_parse_name_mustrealm ( + krb5_context /*context*/, + const char */*name*/, + krb5_principal */*principal*/); + +krb5_error_code KRB5_LIB_FUNCTION krb5_parse_name_norealm ( krb5_context /*context*/, const char */*name*/, @@ -3436,13 +3442,6 @@ krb5_write_safe_message ( krb5_error_code KRB5_LIB_FUNCTION krb5_xfree (void */*ptr*/); -krb5_error_code -parse_name ( - krb5_context /*context*/, - const char */*name*/, - krb5_boolean /*short_form*/, - krb5_principal */*principal*/); - #ifdef __cplusplus } #endif diff --git a/source4/heimdal/lib/krb5/rd_rep.c b/source4/heimdal/lib/krb5/rd_rep.c index a92eea5c04..53138d9f45 100644 --- a/source4/heimdal/lib/krb5/rd_rep.c +++ b/source4/heimdal/lib/krb5/rd_rep.c @@ -36,94 +36,80 @@ RCSID("$Id: rd_rep.c,v 1.25 2005/06/17 07:49:33 lha Exp $"); krb5_error_code KRB5_LIB_FUNCTION -_krb5_rd_rep_type(krb5_context context, - krb5_auth_context auth_context, - const krb5_data *inbuf, - krb5_ap_rep_enc_part **repl, - krb5_boolean dce_style_response) +krb5_rd_rep(krb5_context context, + krb5_auth_context auth_context, + const krb5_data *inbuf, + krb5_ap_rep_enc_part **repl) { - krb5_error_code ret; - AP_REP ap_rep; - size_t len; - krb5_data data; - krb5_crypto crypto; + krb5_error_code ret; + AP_REP ap_rep; + size_t len; + krb5_data data; + krb5_crypto crypto; - krb5_data_zero (&data); - ret = 0; + krb5_data_zero (&data); + ret = 0; - ret = decode_AP_REP(inbuf->data, inbuf->length, &ap_rep, &len); - if (ret) - return ret; - if (ap_rep.pvno != 5) { - ret = KRB5KRB_AP_ERR_BADVERSION; - krb5_clear_error_string (context); - goto out; - } - if (ap_rep.msg_type != krb_ap_rep) { - ret = KRB5KRB_AP_ERR_MSG_TYPE; - krb5_clear_error_string (context); - goto out; - } + ret = decode_AP_REP(inbuf->data, inbuf->length, &ap_rep, &len); + if (ret) + return ret; + if (ap_rep.pvno != 5) { + ret = KRB5KRB_AP_ERR_BADVERSION; + krb5_clear_error_string (context); + goto out; + } + if (ap_rep.msg_type != krb_ap_rep) { + ret = KRB5KRB_AP_ERR_MSG_TYPE; + krb5_clear_error_string (context); + goto out; + } - ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto); - if (ret) - goto out; - ret = krb5_decrypt_EncryptedData (context, - crypto, - KRB5_KU_AP_REQ_ENC_PART, - &ap_rep.enc_part, - &data); - krb5_crypto_destroy(context, crypto); - if (ret) - goto out; + ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto); + if (ret) + goto out; + ret = krb5_decrypt_EncryptedData (context, + crypto, + KRB5_KU_AP_REQ_ENC_PART, + &ap_rep.enc_part, + &data); + krb5_crypto_destroy(context, crypto); + if (ret) + goto out; - *repl = malloc(sizeof(**repl)); - if (*repl == NULL) { - ret = ENOMEM; - krb5_set_error_string (context, "malloc: out of memory"); - goto out; - } - ret = krb5_decode_EncAPRepPart(context, - data.data, - data.length, - *repl, - &len); - if (ret) - return ret; - - if (!dce_style_response) { - if ((*repl)->ctime != auth_context->authenticator->ctime || - (*repl)->cusec != auth_context->authenticator->cusec) { - ret = KRB5KRB_AP_ERR_MUT_FAIL; - krb5_set_error_string (context, "Mutual authentication failed: Timestamps mismatch"); - goto out; - } - } - if ((*repl)->seq_number) - krb5_auth_con_setremoteseqnumber(context, auth_context, - *((*repl)->seq_number)); - if ((*repl)->subkey) - krb5_auth_con_setremotesubkey(context, auth_context, (*repl)->subkey); + *repl = malloc(sizeof(**repl)); + if (*repl == NULL) { + ret = ENOMEM; + krb5_set_error_string (context, "malloc: out of memory"); + goto out; + } + ret = krb5_decode_EncAPRepPart(context, + data.data, + data.length, + *repl, + &len); + if (ret) + return ret; + + if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) { + if ((*repl)->ctime != auth_context->authenticator->ctime || + (*repl)->cusec != auth_context->authenticator->cusec) { + ret = KRB5KRB_AP_ERR_MUT_FAIL; + krb5_clear_error_string (context); + goto out; + } + } + if ((*repl)->seq_number) + krb5_auth_con_setremoteseqnumber(context, auth_context, + *((*repl)->seq_number)); + if ((*repl)->subkey) + krb5_auth_con_setremotesubkey(context, auth_context, (*repl)->subkey); -out: - krb5_data_free (&data); - free_AP_REP (&ap_rep); - return ret; + out: + krb5_data_free (&data); + free_AP_REP (&ap_rep); + return ret; } -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_rep(krb5_context context, - krb5_auth_context auth_context, - const krb5_data *inbuf, - krb5_ap_rep_enc_part **repl) -{ - return _krb5_rd_rep_type(context, - auth_context, - inbuf, - repl, - FALSE); -} - void KRB5_LIB_FUNCTION krb5_free_ap_rep_enc_part (krb5_context context, krb5_ap_rep_enc_part *val) diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c index 30ad08bd82..66172c10fb 100644 --- a/source4/heimdal/lib/krb5/rd_req.c +++ b/source4/heimdal/lib/krb5/rd_req.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: rd_req.c,v 1.57 2005/01/08 20:41:17 lha Exp $"); +RCSID("$Id: rd_req.c,v 1.58 2005/08/27 05:48:57 lha Exp $"); static krb5_error_code decrypt_tkt_enc_part (krb5_context context, @@ -136,6 +136,10 @@ check_transited(krb5_context context, Ticket *ticket, EncTicketPart *enc) int num_realms; krb5_error_code ret; + /* Windows w2k and w2k3 uses this */ + if(enc->transited.tr_type == 0 && enc->transited.contents.length == 0) + return 0; + if(enc->transited.tr_type != DOMAIN_X500_COMPRESS) return KRB5KDC_ERR_TRTYPE_NOSUPP; @@ -561,6 +565,7 @@ krb5_rd_req_return_keyblock(krb5_context context, krb5_error_code ret; krb5_ap_req ap_req; krb5_principal service = NULL; + krb5_keyblock *local_keyblock; if (*auth_context == NULL) { ret = krb5_auth_con_init(context, auth_context); @@ -592,13 +597,13 @@ krb5_rd_req_return_keyblock(krb5_context context, &ap_req, server, keytab, - keyblock); + &local_keyblock); if(ret) goto out; } else { ret = krb5_copy_keyblock(context, (*auth_context)->keyblock, - keyblock); + &local_keyblock); if (ret) goto out; } @@ -607,17 +612,20 @@ krb5_rd_req_return_keyblock(krb5_context context, auth_context, &ap_req, server, - *keyblock, + local_keyblock, 0, ap_req_options, ticket); + if (ret) { + krb5_free_keyblock(context, local_keyblock); + } else { + *keyblock = local_keyblock; + } out: free_AP_REQ(&ap_req); if(service) krb5_free_principal(context, service); - if (ret) - krb5_free_keyblock(context, *keyblock); return ret; } |