summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib
diff options
context:
space:
mode:
Diffstat (limited to 'source4/heimdal/lib')
-rw-r--r--source4/heimdal/lib/hdb/hdb.h11
-rw-r--r--source4/heimdal/lib/krb5/krb5-private.h8
-rw-r--r--source4/heimdal/lib/krb5/mk_req.c2
-rw-r--r--source4/heimdal/lib/krb5/ticket.c27
4 files changed, 37 insertions, 11 deletions
diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h
index 41cc03cf36..45ea5a9f30 100644
--- a/source4/heimdal/lib/hdb/hdb.h
+++ b/source4/heimdal/lib/hdb/hdb.h
@@ -61,14 +61,19 @@ typedef struct hdb_entry_ex {
krb5_error_code (*free_private)(krb5_context, struct hdb_entry_ex *);
krb5_error_code (*check_client_access)(krb5_context, struct hdb_entry_ex *, HostAddresses *);
krb5_error_code (*authz_data_as_req)(krb5_context, struct hdb_entry_ex *,
- AuthorizationData *in,
+ METHOD_DATA* pa_data_seq,
+ time_t authtime,
EncryptionKey *tgtkey,
- AuthorizationData *out);
+ EncryptionKey *sessionkey,
+ AuthorizationData **out);
krb5_error_code (*authz_data_tgs_req)(krb5_context, struct hdb_entry_ex *,
+ krb5_principal client,
AuthorizationData *in,
+ time_t authtime,
EncryptionKey *tgtkey,
EncryptionKey *servicekey,
- AuthorizationData *out);
+ EncryptionKey *sessionkey,
+ AuthorizationData **out);
} hdb_entry_ex;
typedef struct HDB{
diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h
index 07d9329337..2645c29fe7 100644
--- a/source4/heimdal/lib/krb5/krb5-private.h
+++ b/source4/heimdal/lib/krb5/krb5-private.h
@@ -399,4 +399,12 @@ _krb5_xunlock (
krb5_context /*context*/,
int /*fd*/);
+int
+_krb5_find_type_in_ad(krb5_context context,
+ int type,
+ krb5_data *data,
+ int *found,
+ krb5_keyblock *sessionkey,
+ const AuthorizationData *ad);
+
#endif /* __krb5_private_h__ */
diff --git a/source4/heimdal/lib/krb5/mk_req.c b/source4/heimdal/lib/krb5/mk_req.c
index adc077e13f..44e5d9c222 100644
--- a/source4/heimdal/lib/krb5/mk_req.c
+++ b/source4/heimdal/lib/krb5/mk_req.c
@@ -64,7 +64,9 @@ krb5_mk_req_exact(krb5_context context,
if (auth_context && *auth_context && (*auth_context)->keytype)
this_cred.session.keytype = (*auth_context)->keytype;
+ /* This is the network contact with the KDC */
ret = krb5_get_credentials (context, 0, ccache, &this_cred, &cred);
+
krb5_free_cred_contents(context, &this_cred);
if (ret)
return ret;
diff --git a/source4/heimdal/lib/krb5/ticket.c b/source4/heimdal/lib/krb5/ticket.c
index 7dae26acf2..b3efeb39d3 100644
--- a/source4/heimdal/lib/krb5/ticket.c
+++ b/source4/heimdal/lib/krb5/ticket.c
@@ -101,8 +101,8 @@ static int
find_type_in_ad(krb5_context context,
int type,
krb5_data *data,
- int *found,
- int failp,
+ krb5_boolean *found,
+ krb5_boolean failp,
krb5_keyblock *sessionkey,
const AuthorizationData *ad,
int level)
@@ -129,7 +129,7 @@ find_type_in_ad(krb5_context context,
krb5_set_error_string(context, "malloc - out of memory");
goto out;
}
- *found = 1;
+ *found = TRUE;
continue;
}
switch (ad->val[i].ad_type) {
@@ -228,6 +228,19 @@ out:
return ret;
}
+int
+_krb5_find_type_in_ad(krb5_context context,
+ int type,
+ krb5_data *data,
+ krb5_boolean *found,
+ krb5_keyblock *sessionkey,
+ const AuthorizationData *ad)
+{
+ krb5_data_zero(data);
+ return find_type_in_ad(context, type, data, found, TRUE, sessionkey, ad, 0);
+}
+
+
/*
* Extract the authorization data type of `type' from the
* 'ticket'. Store the field in `data'. This function is to use for
@@ -242,9 +255,7 @@ krb5_ticket_get_authorization_data_type(krb5_context context,
{
AuthorizationData *ad;
krb5_error_code ret;
- int found = 0;
-
- krb5_data_zero(data);
+ krb5_boolean found = 0;
ad = ticket->ticket.authorization_data;
if (ticket->ticket.authorization_data == NULL) {
@@ -252,8 +263,8 @@ krb5_ticket_get_authorization_data_type(krb5_context context,
return ENOENT; /* XXX */
}
- ret = find_type_in_ad(context, type, data, &found, 1, &ticket->ticket.key,
- ticket->ticket.authorization_data, 0);
+ ret = _krb5_find_type_in_ad(context, type, data, &found, &ticket->ticket.key,
+ ticket->ticket.authorization_data);
if (ret)
return ret;
if (!found) {