diff options
| author | assar <assar@FreeBSD.org> | 2001-02-13 16:46:19 +0000 |
|---|---|---|
| committer | assar <assar@FreeBSD.org> | 2001-02-13 16:46:19 +0000 |
| commit | ebfe6dc471c206300fd82c7c0fd145f683aa52f6 (patch) | |
| tree | e66aa570ad1d12c43b32a7313b0f8e28971bf8a9 /crypto/heimdal/lib/krb5/get_cred.c | |
| parent | e5f617598c2db0dd51906a38ecea9208123a8b70 (diff) | |
| download | FreeBSD-src-ebfe6dc471c206300fd82c7c0fd145f683aa52f6.zip FreeBSD-src-ebfe6dc471c206300fd82c7c0fd145f683aa52f6.tar.gz | |
import of heimdal 0.3e
Diffstat (limited to 'crypto/heimdal/lib/krb5/get_cred.c')
| -rw-r--r-- | crypto/heimdal/lib/krb5/get_cred.c | 60 |
1 files changed, 42 insertions, 18 deletions
diff --git a/crypto/heimdal/lib/krb5/get_cred.c b/crypto/heimdal/lib/krb5/get_cred.c index 61951c1..e649cfe 100644 --- a/crypto/heimdal/lib/krb5/get_cred.c +++ b/crypto/heimdal/lib/krb5/get_cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: get_cred.c,v 1.75 1999/12/02 17:05:09 joda Exp $"); +RCSID("$Id: get_cred.c,v 1.82 2001/01/19 04:29:44 assar Exp $"); /* * Take the `body' and encode it into `padata' using the credentials @@ -82,12 +82,13 @@ make_pa_tgs_req(krb5_context context, in_data.data = buf + buf_size - len; ret = krb5_mk_req_internal(context, &ac, 0, &in_data, creds, &padata->padata_value, - KRB5_KU_TGS_REQ_AUTH_CKSUM); + KRB5_KU_TGS_REQ_AUTH_CKSUM, + KRB5_KU_TGS_REQ_AUTH); out: free (buf); if(ret) return ret; - padata->padata_type = pa_tgs_req; + padata->padata_type = KRB5_PADATA_TGS_REQ; return 0; } @@ -191,6 +192,10 @@ init_tgs_req (krb5_context context, ret = ENOMEM; goto fail; } + + /* some versions of some code might require that the client be + present in TGS-REQs, but this is clearly against the spec */ + ret = copy_PrincipalName(&in_creds->server->name, t->req_body.sname); if (ret) goto fail; @@ -273,6 +278,7 @@ init_tgs_req (krb5_context context, } fail: if (ret) + /* XXX - don't free addresses? */ free_TGS_REQ (t); return ret; } @@ -320,7 +326,9 @@ decrypt_tkt_with_subkey (krb5_context context, size_t size; krb5_crypto crypto; - krb5_crypto_init(context, key, 0, &crypto); + ret = krb5_crypto_init(context, key, 0, &crypto); + if (ret) + return ret; ret = krb5_decrypt_EncryptedData (context, crypto, usage, @@ -329,7 +337,9 @@ decrypt_tkt_with_subkey (krb5_context context, krb5_crypto_destroy(context, crypto); if(ret && subkey){ /* DCE compat -- try to decrypt with subkey */ - krb5_crypto_init(context, (krb5_keyblock*)subkey, 0, &crypto); + ret = krb5_crypto_init(context, (krb5_keyblock*)subkey, 0, &crypto); + if (ret) + return ret; ret = krb5_decrypt_EncryptedData (context, crypto, KRB5_KU_TGS_REP_ENC_PART_SUB_KEY, @@ -471,6 +481,7 @@ get_cred_kdc(krb5_context context, &krbtgt->addresses, nonce, TRUE, + flags.b.request_anonymous, decrypt_tkt_with_subkey, subkey); krb5_free_kdc_rep(context, &rep); @@ -610,7 +621,7 @@ get_cred_from_kdc_flags(krb5_context context, { krb5_error_code ret; krb5_creds *tgt, tmp_creds; - krb5_realm client_realm, server_realm; + krb5_const_realm client_realm, server_realm, try_realm; *out_creds = NULL; @@ -620,9 +631,15 @@ get_cred_from_kdc_flags(krb5_context context, ret = krb5_copy_principal(context, in_creds->client, &tmp_creds.client); if(ret) return ret; + + try_realm = krb5_config_get_string(context, NULL, "libdefaults", + "capath", server_realm, NULL); + if (try_realm == NULL) + try_realm = client_realm; + ret = krb5_make_principal(context, &tmp_creds.server, - client_realm, + try_realm, KRB5_TGS_NAME, server_realm, NULL); @@ -642,8 +659,10 @@ get_cred_from_kdc_flags(krb5_context context, else { ret = get_cred_kdc_la(context, ccache, flags, in_creds, &tgts, *out_creds); - if (ret) + if (ret) { free (*out_creds); + *out_creds = NULL; + } } krb5_free_creds_contents(context, &tgts); krb5_free_principal(context, tmp_creds.server); @@ -656,8 +675,7 @@ get_cred_from_kdc_flags(krb5_context context, /* XXX this can loop forever */ while(1){ general_string tgt_inst; - krb5_kdc_flags f; - f.i = 0; + ret = get_cred_from_kdc_flags(context, flags, ccache, &tmp_creds, &tgt, ret_tgts); if(ret) { @@ -698,8 +716,10 @@ get_cred_from_kdc_flags(krb5_context context, else { ret = get_cred_kdc_la(context, ccache, flags, in_creds, tgt, *out_creds); - if (ret) + if (ret) { free (*out_creds); + *out_creds = NULL; + } } krb5_free_creds(context, tgt); return ret; @@ -729,20 +749,24 @@ krb5_get_credentials_with_flags(krb5_context context, { krb5_error_code ret; krb5_creds **tgts; + krb5_creds *res_creds; int i; - *out_creds = calloc(1, sizeof(**out_creds)); - if (*out_creds == NULL) + *out_creds = NULL; + res_creds = calloc(1, sizeof(*res_creds)); + if (res_creds == NULL) return ENOMEM; ret = krb5_cc_retrieve_cred(context, ccache, in_creds->session.keytype ? KRB5_TC_MATCH_KEYTYPE : 0, - in_creds, *out_creds); - if(ret == 0) + in_creds, res_creds); + if(ret == 0) { + *out_creds = res_creds; return 0; - free(*out_creds); + } + free(res_creds); if(ret != KRB5_CC_END) return ret; if(options & KRB5_GC_CACHED) @@ -752,7 +776,7 @@ krb5_get_credentials_with_flags(krb5_context context, tgts = NULL; ret = get_cred_from_kdc_flags(context, flags, ccache, in_creds, out_creds, &tgts); - for(i = 0; tgts && tgts[i]; i++){ + for(i = 0; tgts && tgts[i]; i++) { krb5_cc_store_cred(context, ccache, tgts[i]); krb5_free_creds(context, tgts[i]); } |
