diff options
Diffstat (limited to 'source4/heimdal/lib')
| -rw-r--r-- | source4/heimdal/lib/hdb/hdb.h | 11 | ||||
| -rw-r--r-- | source4/heimdal/lib/krb5/krb5-private.h | 8 | ||||
| -rw-r--r-- | source4/heimdal/lib/krb5/mk_req.c | 2 | ||||
| -rw-r--r-- | source4/heimdal/lib/krb5/ticket.c | 27 |
4 files changed, 37 insertions, 11 deletions
diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h index 41cc03cf36..45ea5a9f30 100644 --- a/source4/heimdal/lib/hdb/hdb.h +++ b/source4/heimdal/lib/hdb/hdb.h @@ -61,14 +61,19 @@ typedef struct hdb_entry_ex { krb5_error_code (*free_private)(krb5_context, struct hdb_entry_ex *); krb5_error_code (*check_client_access)(krb5_context, struct hdb_entry_ex *, HostAddresses *); krb5_error_code (*authz_data_as_req)(krb5_context, struct hdb_entry_ex *, - AuthorizationData *in, + METHOD_DATA* pa_data_seq, + time_t authtime, EncryptionKey *tgtkey, - AuthorizationData *out); + EncryptionKey *sessionkey, + AuthorizationData **out); krb5_error_code (*authz_data_tgs_req)(krb5_context, struct hdb_entry_ex *, + krb5_principal client, AuthorizationData *in, + time_t authtime, EncryptionKey *tgtkey, EncryptionKey *servicekey, - AuthorizationData *out); + EncryptionKey *sessionkey, + AuthorizationData **out); } hdb_entry_ex; typedef struct HDB{ diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h index 07d9329337..2645c29fe7 100644 --- a/source4/heimdal/lib/krb5/krb5-private.h +++ b/source4/heimdal/lib/krb5/krb5-private.h @@ -399,4 +399,12 @@ _krb5_xunlock ( krb5_context /*context*/, int /*fd*/); +int +_krb5_find_type_in_ad(krb5_context context, + int type, + krb5_data *data, + int *found, + krb5_keyblock *sessionkey, + const AuthorizationData *ad); + #endif /* __krb5_private_h__ */ diff --git a/source4/heimdal/lib/krb5/mk_req.c b/source4/heimdal/lib/krb5/mk_req.c index adc077e13f..44e5d9c222 100644 --- a/source4/heimdal/lib/krb5/mk_req.c +++ b/source4/heimdal/lib/krb5/mk_req.c @@ -64,7 +64,9 @@ krb5_mk_req_exact(krb5_context context, if (auth_context && *auth_context && (*auth_context)->keytype) this_cred.session.keytype = (*auth_context)->keytype; + /* This is the network contact with the KDC */ ret = krb5_get_credentials (context, 0, ccache, &this_cred, &cred); + krb5_free_cred_contents(context, &this_cred); if (ret) return ret; diff --git a/source4/heimdal/lib/krb5/ticket.c b/source4/heimdal/lib/krb5/ticket.c index 7dae26acf2..b3efeb39d3 100644 --- a/source4/heimdal/lib/krb5/ticket.c +++ b/source4/heimdal/lib/krb5/ticket.c @@ -101,8 +101,8 @@ static int find_type_in_ad(krb5_context context, int type, krb5_data *data, - int *found, - int failp, + krb5_boolean *found, + krb5_boolean failp, krb5_keyblock *sessionkey, const AuthorizationData *ad, int level) @@ -129,7 +129,7 @@ find_type_in_ad(krb5_context context, krb5_set_error_string(context, "malloc - out of memory"); goto out; } - *found = 1; + *found = TRUE; continue; } switch (ad->val[i].ad_type) { @@ -228,6 +228,19 @@ out: return ret; } +int +_krb5_find_type_in_ad(krb5_context context, + int type, + krb5_data *data, + krb5_boolean *found, + krb5_keyblock *sessionkey, + const AuthorizationData *ad) +{ + krb5_data_zero(data); + return find_type_in_ad(context, type, data, found, TRUE, sessionkey, ad, 0); +} + + /* * Extract the authorization data type of `type' from the * 'ticket'. Store the field in `data'. This function is to use for @@ -242,9 +255,7 @@ krb5_ticket_get_authorization_data_type(krb5_context context, { AuthorizationData *ad; krb5_error_code ret; - int found = 0; - - krb5_data_zero(data); + krb5_boolean found = 0; ad = ticket->ticket.authorization_data; if (ticket->ticket.authorization_data == NULL) { @@ -252,8 +263,8 @@ krb5_ticket_get_authorization_data_type(krb5_context context, return ENOENT; /* XXX */ } - ret = find_type_in_ad(context, type, data, &found, 1, &ticket->ticket.key, - ticket->ticket.authorization_data, 0); + ret = _krb5_find_type_in_ad(context, type, data, &found, &ticket->ticket.key, + ticket->ticket.authorization_data); if (ret) return ret; if (!found) { |