summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib/krb5
diff options
context:
space:
mode:
Diffstat (limited to 'source4/heimdal/lib/krb5')
-rw-r--r--source4/heimdal/lib/krb5/krb5-protos.h13
-rw-r--r--source4/heimdal/lib/krb5/rd_rep.c146
-rw-r--r--source4/heimdal/lib/krb5/rd_req.c20
3 files changed, 86 insertions, 93 deletions
diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h
index cc619314a3..97f286b83e 100644
--- a/source4/heimdal/lib/krb5/krb5-protos.h
+++ b/source4/heimdal/lib/krb5/krb5-protos.h
@@ -2378,6 +2378,12 @@ krb5_parse_name (
krb5_principal */*principal*/);
krb5_error_code KRB5_LIB_FUNCTION
+krb5_parse_name_mustrealm (
+ krb5_context /*context*/,
+ const char */*name*/,
+ krb5_principal */*principal*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
krb5_parse_name_norealm (
krb5_context /*context*/,
const char */*name*/,
@@ -3436,13 +3442,6 @@ krb5_write_safe_message (
krb5_error_code KRB5_LIB_FUNCTION
krb5_xfree (void */*ptr*/);
-krb5_error_code
-parse_name (
- krb5_context /*context*/,
- const char */*name*/,
- krb5_boolean /*short_form*/,
- krb5_principal */*principal*/);
-
#ifdef __cplusplus
}
#endif
diff --git a/source4/heimdal/lib/krb5/rd_rep.c b/source4/heimdal/lib/krb5/rd_rep.c
index a92eea5c04..53138d9f45 100644
--- a/source4/heimdal/lib/krb5/rd_rep.c
+++ b/source4/heimdal/lib/krb5/rd_rep.c
@@ -36,94 +36,80 @@
RCSID("$Id: rd_rep.c,v 1.25 2005/06/17 07:49:33 lha Exp $");
krb5_error_code KRB5_LIB_FUNCTION
-_krb5_rd_rep_type(krb5_context context,
- krb5_auth_context auth_context,
- const krb5_data *inbuf,
- krb5_ap_rep_enc_part **repl,
- krb5_boolean dce_style_response)
+krb5_rd_rep(krb5_context context,
+ krb5_auth_context auth_context,
+ const krb5_data *inbuf,
+ krb5_ap_rep_enc_part **repl)
{
- krb5_error_code ret;
- AP_REP ap_rep;
- size_t len;
- krb5_data data;
- krb5_crypto crypto;
+ krb5_error_code ret;
+ AP_REP ap_rep;
+ size_t len;
+ krb5_data data;
+ krb5_crypto crypto;
- krb5_data_zero (&data);
- ret = 0;
+ krb5_data_zero (&data);
+ ret = 0;
- ret = decode_AP_REP(inbuf->data, inbuf->length, &ap_rep, &len);
- if (ret)
- return ret;
- if (ap_rep.pvno != 5) {
- ret = KRB5KRB_AP_ERR_BADVERSION;
- krb5_clear_error_string (context);
- goto out;
- }
- if (ap_rep.msg_type != krb_ap_rep) {
- ret = KRB5KRB_AP_ERR_MSG_TYPE;
- krb5_clear_error_string (context);
- goto out;
- }
+ ret = decode_AP_REP(inbuf->data, inbuf->length, &ap_rep, &len);
+ if (ret)
+ return ret;
+ if (ap_rep.pvno != 5) {
+ ret = KRB5KRB_AP_ERR_BADVERSION;
+ krb5_clear_error_string (context);
+ goto out;
+ }
+ if (ap_rep.msg_type != krb_ap_rep) {
+ ret = KRB5KRB_AP_ERR_MSG_TYPE;
+ krb5_clear_error_string (context);
+ goto out;
+ }
- ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto);
- if (ret)
- goto out;
- ret = krb5_decrypt_EncryptedData (context,
- crypto,
- KRB5_KU_AP_REQ_ENC_PART,
- &ap_rep.enc_part,
- &data);
- krb5_crypto_destroy(context, crypto);
- if (ret)
- goto out;
+ ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto);
+ if (ret)
+ goto out;
+ ret = krb5_decrypt_EncryptedData (context,
+ crypto,
+ KRB5_KU_AP_REQ_ENC_PART,
+ &ap_rep.enc_part,
+ &data);
+ krb5_crypto_destroy(context, crypto);
+ if (ret)
+ goto out;
- *repl = malloc(sizeof(**repl));
- if (*repl == NULL) {
- ret = ENOMEM;
- krb5_set_error_string (context, "malloc: out of memory");
- goto out;
- }
- ret = krb5_decode_EncAPRepPart(context,
- data.data,
- data.length,
- *repl,
- &len);
- if (ret)
- return ret;
-
- if (!dce_style_response) {
- if ((*repl)->ctime != auth_context->authenticator->ctime ||
- (*repl)->cusec != auth_context->authenticator->cusec) {
- ret = KRB5KRB_AP_ERR_MUT_FAIL;
- krb5_set_error_string (context, "Mutual authentication failed: Timestamps mismatch");
- goto out;
- }
- }
- if ((*repl)->seq_number)
- krb5_auth_con_setremoteseqnumber(context, auth_context,
- *((*repl)->seq_number));
- if ((*repl)->subkey)
- krb5_auth_con_setremotesubkey(context, auth_context, (*repl)->subkey);
+ *repl = malloc(sizeof(**repl));
+ if (*repl == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string (context, "malloc: out of memory");
+ goto out;
+ }
+ ret = krb5_decode_EncAPRepPart(context,
+ data.data,
+ data.length,
+ *repl,
+ &len);
+ if (ret)
+ return ret;
+
+ if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
+ if ((*repl)->ctime != auth_context->authenticator->ctime ||
+ (*repl)->cusec != auth_context->authenticator->cusec) {
+ ret = KRB5KRB_AP_ERR_MUT_FAIL;
+ krb5_clear_error_string (context);
+ goto out;
+ }
+ }
+ if ((*repl)->seq_number)
+ krb5_auth_con_setremoteseqnumber(context, auth_context,
+ *((*repl)->seq_number));
+ if ((*repl)->subkey)
+ krb5_auth_con_setremotesubkey(context, auth_context, (*repl)->subkey);
-out:
- krb5_data_free (&data);
- free_AP_REP (&ap_rep);
- return ret;
+ out:
+ krb5_data_free (&data);
+ free_AP_REP (&ap_rep);
+ return ret;
}
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_rep(krb5_context context,
- krb5_auth_context auth_context,
- const krb5_data *inbuf,
- krb5_ap_rep_enc_part **repl)
-{
- return _krb5_rd_rep_type(context,
- auth_context,
- inbuf,
- repl,
- FALSE);
-}
-
void KRB5_LIB_FUNCTION
krb5_free_ap_rep_enc_part (krb5_context context,
krb5_ap_rep_enc_part *val)
diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c
index 30ad08bd82..66172c10fb 100644
--- a/source4/heimdal/lib/krb5/rd_req.c
+++ b/source4/heimdal/lib/krb5/rd_req.c
@@ -33,7 +33,7 @@
#include <krb5_locl.h>
-RCSID("$Id: rd_req.c,v 1.57 2005/01/08 20:41:17 lha Exp $");
+RCSID("$Id: rd_req.c,v 1.58 2005/08/27 05:48:57 lha Exp $");
static krb5_error_code
decrypt_tkt_enc_part (krb5_context context,
@@ -136,6 +136,10 @@ check_transited(krb5_context context, Ticket *ticket, EncTicketPart *enc)
int num_realms;
krb5_error_code ret;
+ /* Windows w2k and w2k3 uses this */
+ if(enc->transited.tr_type == 0 && enc->transited.contents.length == 0)
+ return 0;
+
if(enc->transited.tr_type != DOMAIN_X500_COMPRESS)
return KRB5KDC_ERR_TRTYPE_NOSUPP;
@@ -561,6 +565,7 @@ krb5_rd_req_return_keyblock(krb5_context context,
krb5_error_code ret;
krb5_ap_req ap_req;
krb5_principal service = NULL;
+ krb5_keyblock *local_keyblock;
if (*auth_context == NULL) {
ret = krb5_auth_con_init(context, auth_context);
@@ -592,13 +597,13 @@ krb5_rd_req_return_keyblock(krb5_context context,
&ap_req,
server,
keytab,
- keyblock);
+ &local_keyblock);
if(ret)
goto out;
} else {
ret = krb5_copy_keyblock(context,
(*auth_context)->keyblock,
- keyblock);
+ &local_keyblock);
if (ret)
goto out;
}
@@ -607,17 +612,20 @@ krb5_rd_req_return_keyblock(krb5_context context,
auth_context,
&ap_req,
server,
- *keyblock,
+ local_keyblock,
0,
ap_req_options,
ticket);
+ if (ret) {
+ krb5_free_keyblock(context, local_keyblock);
+ } else {
+ *keyblock = local_keyblock;
+ }
out:
free_AP_REQ(&ap_req);
if(service)
krb5_free_principal(context, service);
- if (ret)
- krb5_free_keyblock(context, *keyblock);
return ret;
}