diff options
| author | Tom Yu <tlyu@mit.edu> | 2000-03-01 05:15:31 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2000-03-01 05:15:31 +0000 |
| commit | 84bb15d7f03199761c4a7864e32e7a5b6b4b0b03 (patch) | |
| tree | d3c8ba8c5c6d5a9718b94a85b5804102ae62a5eb /src | |
| parent | 8f8c45e408e3c6935ec805ecd5433361cd397ca4 (diff) | |
| download | krb5-84bb15d7f03199761c4a7864e32e7a5b6b4b0b03.tar.gz krb5-84bb15d7f03199761c4a7864e32e7a5b6b4b0b03.tar.xz krb5-84bb15d7f03199761c4a7864e32e7a5b6b4b0b03.zip | |
* kdc_preauth.c (verify_sam_response): Declare and set rc_lifetime
for real.
* dispatch.c: Include some more net-related headers.
(dispatch): Fix ifndef HAVE_INET_NTOP branch.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12091 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/kdc/ChangeLog | 10 | ||||
| -rw-r--r-- | src/kdc/dispatch.c | 5 | ||||
| -rw-r--r-- | src/kdc/kdc_preauth.c | 6 |
3 files changed, 20 insertions, 1 deletions
diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog index 6e7892d855..039703627a 100644 --- a/src/kdc/ChangeLog +++ b/src/kdc/ChangeLog @@ -1,3 +1,13 @@ +2000-03-01 Tom Yu <tlyu@mit.edu> + + * kdc_preauth.c (verify_sam_response): Declare and set rc_lifetime + for real. + +2000-02-29 Tom Yu <tlyu@mit.edu> + + * dispatch.c: Include some more net-related headers. + (dispatch): Fix ifndef HAVE_INET_NTOP branch. + 2000-02-28 Ken Raeburn <raeburn@mit.edu> * configure.in: New enable-kdc-replay-cache arg. Define diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c index 230b7df2f0..9cfb6551e1 100644 --- a/src/kdc/dispatch.c +++ b/src/kdc/dispatch.c @@ -31,6 +31,9 @@ #include "kdc_util.h" #include "extern.h" #include "adm_proto.h" +#include <netinet/in.h> +#include <arpa/inet.h> +#include <string.h> krb5_error_code dispatch(pkt, from, portnum, response) @@ -57,7 +60,7 @@ dispatch(pkt, from, portnum, response) name = inet_ntop (from->address->addrtype, from->address->contents, buf, sizeof (buf)); #else - if (addrtype == ADDRTYPE_INET) { + if (from->address->addrtype == ADDRTYPE_INET) { struct sockaddr_in *sin = (struct sockaddr_in *)from->address->contents; strcpy (buf, inet_ntoa (sin->sin_addr)); diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c index db358d283b..cc957016ba 100644 --- a/src/kdc/kdc_preauth.c +++ b/src/kdc/kdc_preauth.c @@ -1267,11 +1267,17 @@ verify_sam_response(context, client, request, enc_tkt_reply, pa) #ifdef USE_RCACHE { krb5_donot_replay rep; + krb5_deltat rc_lifetime; /* * Verify this response came back in a timely manner. * We do this b/c otherwise very old (expunged from the rcache) * psr's would be able to be replayed. */ + retval = krb5_rc_get_lifespan(kdc_context, kdc_rcache, &rc_lifetime); + if (retval) { + com_err("krb5kdc", retval, "while getting rcache lifespan"); + goto cleanup; + } if (timenow - psr->stime > rc_lifetime) { com_err("krb5kdc", retval = KRB5KDC_ERR_PREAUTH_FAILED, "SAM psr came back too late! -- replay attack?"); |