diff options
Diffstat (limited to 'crypto/heimdal/lib/krb5/convert_creds.c')
-rw-r--r-- | crypto/heimdal/lib/krb5/convert_creds.c | 115 |
1 files changed, 62 insertions, 53 deletions
diff --git a/crypto/heimdal/lib/krb5/convert_creds.c b/crypto/heimdal/lib/krb5/convert_creds.c index f248cd0..ecdcf96 100644 --- a/crypto/heimdal/lib/krb5/convert_creds.c +++ b/crypto/heimdal/lib/krb5/convert_creds.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: convert_creds.c,v 1.17 2001/05/14 06:14:45 assar Exp $"); +RCSID("$Id: convert_creds.c,v 1.24 2001/06/20 02:49:21 joda Exp $"); static krb5_error_code check_ticket_flags(TicketFlags f) @@ -121,7 +121,6 @@ _krb_time_to_life(time_t start, time_t end) krb5_error_code krb524_convert_creds_kdc(krb5_context context, - krb5_ccache ccache, krb5_creds *in_cred, struct credentials *v4creds) { @@ -132,67 +131,30 @@ krb524_convert_creds_kdc(krb5_context context, krb5_data ticket; char realm[REALM_SZ]; krb5_creds *v5_creds = in_cred; - krb5_keytype keytype; - - keytype = v5_creds->session.keytype; - - if (keytype != ENCTYPE_DES_CBC_CRC) { - /* MIT krb524d doesn't like nothing but des-cbc-crc tickets, - so go get one */ - krb5_creds template; - - memset (&template, 0, sizeof(template)); - template.session.keytype = ENCTYPE_DES_CBC_CRC; - ret = krb5_copy_principal (context, in_cred->client, &template.client); - if (ret) { - krb5_free_creds_contents (context, &template); - return ret; - } - ret = krb5_copy_principal (context, in_cred->server, &template.server); - if (ret) { - krb5_free_creds_contents (context, &template); - return ret; - } - - ret = krb5_get_credentials (context, 0, ccache, - &template, &v5_creds); - krb5_free_creds_contents (context, &template); - if (ret) - return ret; - } ret = check_ticket_flags(v5_creds->flags.b); if(ret) goto out2; { - char **hostlist; - int port; - port = krb5_getportbyname (context, "krb524", "udp", 4444); - - ret = krb5_get_krbhst (context, krb5_princ_realm(context, - v5_creds->server), - &hostlist); - if(ret) + krb5_krbhst_handle handle; + + ret = krb5_krbhst_init(context, + *krb5_princ_realm(context, + v5_creds->server), + KRB5_KRBHST_KRB524, + &handle); + if (ret) goto out2; - + ret = krb5_sendto (context, &v5_creds->ticket, - hostlist, - port, + handle, &reply); - if(ret == KRB5_KDC_UNREACH) { - port = krb5_getportbyname (context, "kerberos", "udp", 88); - ret = krb5_sendto (context, - &v5_creds->ticket, - hostlist, - port, - &reply); - } - krb5_free_krbhst (context, hostlist); + krb5_krbhst_free(context, handle); + if (ret) + goto out2; } - if (ret) - goto out2; sp = krb5_storage_from_mem(reply.data, reply.length); if(sp == NULL) { ret = ENOMEM; @@ -220,7 +182,7 @@ krb524_convert_creds_kdc(krb5_context context, v4creds->realm); if(ret) goto out; - v4creds->issue_date = v5_creds->times.authtime; + v4creds->issue_date = v5_creds->times.starttime; v4creds->lifetime = _krb_time_to_life(v4creds->issue_date, v5_creds->times.endtime); ret = krb5_524_conv_principal(context, v5_creds->client, @@ -230,6 +192,9 @@ krb524_convert_creds_kdc(krb5_context context, if(ret) goto out; memcpy(v4creds->session, v5_creds->session.keyvalue.data, 8); + } else { + krb5_set_error_string(context, "converting credentials: %s", + krb5_get_err_text(context, ret)); } out: krb5_storage_free(sp); @@ -239,3 +204,47 @@ out2: krb5_free_creds (context, v5_creds); return ret; } + +krb5_error_code +krb524_convert_creds_kdc_ccache(krb5_context context, + krb5_ccache ccache, + krb5_creds *in_cred, + struct credentials *v4creds) +{ + krb5_error_code ret; + krb5_creds *v5_creds = in_cred; + krb5_keytype keytype; + + keytype = v5_creds->session.keytype; + + if (keytype != ENCTYPE_DES_CBC_CRC) { + /* MIT krb524d doesn't like nothing but des-cbc-crc tickets, + so go get one */ + krb5_creds template; + + memset (&template, 0, sizeof(template)); + template.session.keytype = ENCTYPE_DES_CBC_CRC; + ret = krb5_copy_principal (context, in_cred->client, &template.client); + if (ret) { + krb5_free_creds_contents (context, &template); + return ret; + } + ret = krb5_copy_principal (context, in_cred->server, &template.server); + if (ret) { + krb5_free_creds_contents (context, &template); + return ret; + } + + ret = krb5_get_credentials (context, 0, ccache, + &template, &v5_creds); + krb5_free_creds_contents (context, &template); + if (ret) + return ret; + } + + ret = krb524_convert_creds_kdc(context, v5_creds, v4creds); + + if (v5_creds != in_cred) + krb5_free_creds (context, v5_creds); + return ret; +} |