diff options
| author | markm <markm@FreeBSD.org> | 2000-02-24 11:07:16 +0000 |
|---|---|---|
| committer | markm <markm@FreeBSD.org> | 2000-02-24 11:07:16 +0000 |
| commit | fa8b1a96d3a4e7cb6123f48b6c27b717a5ed86fe (patch) | |
| tree | 2e1873a5f9196289affc301c4d3c862d04a3f4c8 /crypto/heimdal/kdc | |
| parent | 4ecbd6db44d79348bc815f31096e53104f50838b (diff) | |
| download | FreeBSD-src-fa8b1a96d3a4e7cb6123f48b6c27b717a5ed86fe.zip FreeBSD-src-fa8b1a96d3a4e7cb6123f48b6c27b717a5ed86fe.tar.gz | |
Vendor import of Heimdal 0.2n
Diffstat (limited to 'crypto/heimdal/kdc')
| -rw-r--r-- | crypto/heimdal/kdc/headers.h | 5 | ||||
| -rw-r--r-- | crypto/heimdal/kdc/kerberos4.c | 30 | ||||
| -rw-r--r-- | crypto/heimdal/kdc/kerberos5.c | 6 |
3 files changed, 35 insertions, 6 deletions
diff --git a/crypto/heimdal/kdc/headers.h b/crypto/heimdal/kdc/headers.h index f9c3eb8..845b2a5 100644 --- a/crypto/heimdal/kdc/headers.h +++ b/crypto/heimdal/kdc/headers.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ */ /* - * $Id: headers.h,v 1.5 1999/12/02 17:04:59 joda Exp $ + * $Id: headers.h,v 1.6 2000/02/06 06:04:36 assar Exp $ */ #ifndef __HEADERS_H__ @@ -79,6 +79,7 @@ #include <getarg.h> #include <base64.h> #include <parse_units.h> +#include <des.h> #include <krb5.h> #include <hdb.h> #include <hdb_err.h> diff --git a/crypto/heimdal/kdc/kerberos4.c b/crypto/heimdal/kdc/kerberos4.c index 9ff082c..29e28b3 100644 --- a/crypto/heimdal/kdc/kerberos4.c +++ b/crypto/heimdal/kdc/kerberos4.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kerberos4.c,v 1.24 1999/12/02 17:04:59 joda Exp $"); +RCSID("$Id: kerberos4.c,v 1.26 2000/02/02 01:26:41 assar Exp $"); #ifdef KRB4 @@ -125,6 +125,12 @@ get_des_key(hdb_entry *principal, Key **key) #define RCHECK(X, L) if(X){make_err_reply(reply, KFAILURE, "Packet too short"); goto L;} +/* + * Process the v4 request in `buf, len' (received from `addr' + * (with string `from'). + * Return an error code and a reply in `reply'. + */ + krb5_error_code do_version4(unsigned char *buf, size_t len, @@ -184,6 +190,23 @@ do_version4(unsigned char *buf, goto out1; } + /* + * There's no way to do pre-authentication in v4 and thus no + * good error code to return if preauthentication is required. + */ + + if (require_preauth + || client->flags.require_preauth + || server->flags.require_preauth) { + kdc_log(0, + "Pre-authentication required for v4-request: " + "%s.%s@%s for %s.%s@%s", + name, inst, realm, + sname, sinst, v4_realm); + make_err_reply(reply, KERB_ERR_NULL_KEY, NULL); + goto out1; + } + ret = get_des_key(client, &ckey); if(ret){ kdc_log(0, "%s", krb5_get_err_text(context, ret)); @@ -305,6 +328,9 @@ do_version4(unsigned char *buf, memcpy(&auth.dat, buf, pos); auth.length = pos; krb_set_key(tkey->key.keyvalue.data, 0); + + krb_ignore_ip_address = !check_ticket_addresses; + ret = krb_rd_req(&auth, "krbtgt", realm, addr->sin_addr.s_addr, &ad, 0); if(ret){ diff --git a/crypto/heimdal/kdc/kerberos5.c b/crypto/heimdal/kdc/kerberos5.c index 1108e6d..7100274 100644 --- a/crypto/heimdal/kdc/kerberos5.c +++ b/crypto/heimdal/kdc/kerberos5.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kerberos5.c,v 1.108 1999/12/02 17:04:59 joda Exp $"); +RCSID("$Id: kerberos5.c,v 1.109 2000/01/18 03:13:00 assar Exp $"); #define MAX_TIME ((time_t)((1U << 31) - 1)) @@ -571,7 +571,9 @@ as_rep(KDC_REQ *req, e_text = NULL; goto out; } - }else if (require_preauth || client->flags.require_preauth || server->flags.require_preauth) { + }else if (require_preauth + || client->flags.require_preauth + || server->flags.require_preauth) { METHOD_DATA method_data; PA_DATA *pa; unsigned char *buf; |
