summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/lib/krb5/convert_creds.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/lib/krb5/convert_creds.c')
-rw-r--r--crypto/heimdal/lib/krb5/convert_creds.c115
1 files changed, 62 insertions, 53 deletions
diff --git a/crypto/heimdal/lib/krb5/convert_creds.c b/crypto/heimdal/lib/krb5/convert_creds.c
index f248cd0..ecdcf96 100644
--- a/crypto/heimdal/lib/krb5/convert_creds.c
+++ b/crypto/heimdal/lib/krb5/convert_creds.c
@@ -32,7 +32,7 @@
*/
#include "krb5_locl.h"
-RCSID("$Id: convert_creds.c,v 1.17 2001/05/14 06:14:45 assar Exp $");
+RCSID("$Id: convert_creds.c,v 1.24 2001/06/20 02:49:21 joda Exp $");
static krb5_error_code
check_ticket_flags(TicketFlags f)
@@ -121,7 +121,6 @@ _krb_time_to_life(time_t start, time_t end)
krb5_error_code
krb524_convert_creds_kdc(krb5_context context,
- krb5_ccache ccache,
krb5_creds *in_cred,
struct credentials *v4creds)
{
@@ -132,67 +131,30 @@ krb524_convert_creds_kdc(krb5_context context,
krb5_data ticket;
char realm[REALM_SZ];
krb5_creds *v5_creds = in_cred;
- krb5_keytype keytype;
-
- keytype = v5_creds->session.keytype;
-
- if (keytype != ENCTYPE_DES_CBC_CRC) {
- /* MIT krb524d doesn't like nothing but des-cbc-crc tickets,
- so go get one */
- krb5_creds template;
-
- memset (&template, 0, sizeof(template));
- template.session.keytype = ENCTYPE_DES_CBC_CRC;
- ret = krb5_copy_principal (context, in_cred->client, &template.client);
- if (ret) {
- krb5_free_creds_contents (context, &template);
- return ret;
- }
- ret = krb5_copy_principal (context, in_cred->server, &template.server);
- if (ret) {
- krb5_free_creds_contents (context, &template);
- return ret;
- }
-
- ret = krb5_get_credentials (context, 0, ccache,
- &template, &v5_creds);
- krb5_free_creds_contents (context, &template);
- if (ret)
- return ret;
- }
ret = check_ticket_flags(v5_creds->flags.b);
if(ret)
goto out2;
{
- char **hostlist;
- int port;
- port = krb5_getportbyname (context, "krb524", "udp", 4444);
-
- ret = krb5_get_krbhst (context, krb5_princ_realm(context,
- v5_creds->server),
- &hostlist);
- if(ret)
+ krb5_krbhst_handle handle;
+
+ ret = krb5_krbhst_init(context,
+ *krb5_princ_realm(context,
+ v5_creds->server),
+ KRB5_KRBHST_KRB524,
+ &handle);
+ if (ret)
goto out2;
-
+
ret = krb5_sendto (context,
&v5_creds->ticket,
- hostlist,
- port,
+ handle,
&reply);
- if(ret == KRB5_KDC_UNREACH) {
- port = krb5_getportbyname (context, "kerberos", "udp", 88);
- ret = krb5_sendto (context,
- &v5_creds->ticket,
- hostlist,
- port,
- &reply);
- }
- krb5_free_krbhst (context, hostlist);
+ krb5_krbhst_free(context, handle);
+ if (ret)
+ goto out2;
}
- if (ret)
- goto out2;
sp = krb5_storage_from_mem(reply.data, reply.length);
if(sp == NULL) {
ret = ENOMEM;
@@ -220,7 +182,7 @@ krb524_convert_creds_kdc(krb5_context context,
v4creds->realm);
if(ret)
goto out;
- v4creds->issue_date = v5_creds->times.authtime;
+ v4creds->issue_date = v5_creds->times.starttime;
v4creds->lifetime = _krb_time_to_life(v4creds->issue_date,
v5_creds->times.endtime);
ret = krb5_524_conv_principal(context, v5_creds->client,
@@ -230,6 +192,9 @@ krb524_convert_creds_kdc(krb5_context context,
if(ret)
goto out;
memcpy(v4creds->session, v5_creds->session.keyvalue.data, 8);
+ } else {
+ krb5_set_error_string(context, "converting credentials: %s",
+ krb5_get_err_text(context, ret));
}
out:
krb5_storage_free(sp);
@@ -239,3 +204,47 @@ out2:
krb5_free_creds (context, v5_creds);
return ret;
}
+
+krb5_error_code
+krb524_convert_creds_kdc_ccache(krb5_context context,
+ krb5_ccache ccache,
+ krb5_creds *in_cred,
+ struct credentials *v4creds)
+{
+ krb5_error_code ret;
+ krb5_creds *v5_creds = in_cred;
+ krb5_keytype keytype;
+
+ keytype = v5_creds->session.keytype;
+
+ if (keytype != ENCTYPE_DES_CBC_CRC) {
+ /* MIT krb524d doesn't like nothing but des-cbc-crc tickets,
+ so go get one */
+ krb5_creds template;
+
+ memset (&template, 0, sizeof(template));
+ template.session.keytype = ENCTYPE_DES_CBC_CRC;
+ ret = krb5_copy_principal (context, in_cred->client, &template.client);
+ if (ret) {
+ krb5_free_creds_contents (context, &template);
+ return ret;
+ }
+ ret = krb5_copy_principal (context, in_cred->server, &template.server);
+ if (ret) {
+ krb5_free_creds_contents (context, &template);
+ return ret;
+ }
+
+ ret = krb5_get_credentials (context, 0, ccache,
+ &template, &v5_creds);
+ krb5_free_creds_contents (context, &template);
+ if (ret)
+ return ret;
+ }
+
+ ret = krb524_convert_creds_kdc(context, v5_creds, v4creds);
+
+ if (v5_creds != in_cred)
+ krb5_free_creds (context, v5_creds);
+ return ret;
+}
OpenPOWER on IntegriCloud