diff options
| author | Theodore Tso <tytso@mit.edu> | 1994-09-29 19:39:52 +0000 |
|---|---|---|
| committer | Theodore Tso <tytso@mit.edu> | 1994-09-29 19:39:52 +0000 |
| commit | e3670f5b6ae971edd43550cab93d14093f154a87 (patch) | |
| tree | 3d1b774c264aece2f15efdfb03643e2b4b77b085 /src/lib | |
| parent | d12913aa23d9e1f0321b9cc1a9f7da4b706850b1 (diff) | |
| download | krb5-e3670f5b6ae971edd43550cab93d14093f154a87.tar.gz krb5-e3670f5b6ae971edd43550cab93d14093f154a87.tar.xz krb5-e3670f5b6ae971edd43550cab93d14093f154a87.zip | |
Return new error codes KRB5_IN_TKT_REALM_MISTCH and KRB5_KDCREP_SKEW
instead of more generic error codes.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4378 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/krb5/krb/ChangeLog | 10 | ||||
| -rw-r--r-- | src/lib/krb5/krb/gc_via_tgt.c | 14 | ||||
| -rw-r--r-- | src/lib/krb5/krb/get_in_tkt.c | 11 |
3 files changed, 28 insertions, 7 deletions
diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index 720529402..023a2a019 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,4 +1,12 @@ -Thu Sep 29 15:10:42 1994 Theodore Y. Ts'o (tytso@dcl) +Thu Sep 29 15:31:10 1994 Theodore Y. Ts'o (tytso@dcl) + + * get_in_tkt.c (krb5_get_in_tkt): Return KRB5_IN_TKT_REALM_MISATCH + if the client and server realms don't match. Return + KRB5_KDCREP_SKEW if the KDC reply has an unacceptible + clock skew (instead of KDCREP_MODIFIED.) + + * gc_via_tgt.c (krb5_get_cred_via_tgt): Use a distinct error code + for KDC skew separate from the standard KDCREP_MODIFIED * princ_comp.c (krb5_realm_compare): Added new function from OpenVision. diff --git a/src/lib/krb5/krb/gc_via_tgt.c b/src/lib/krb5/krb/gc_via_tgt.c index 7141521fb..2390d6b52 100644 --- a/src/lib/krb5/krb/gc_via_tgt.c +++ b/src/lib/krb5/krb/gc_via_tgt.c @@ -169,8 +169,6 @@ OLDDECLARG(krb5_creds *, cred) || (request.nonce != dec_rep->enc_part2->nonce) /* XXX check for extraneous flags */ /* XXX || (!krb5_addresses_compare(addrs, dec_rep->enc_part2->caddrs)) */ - || ((request.from == 0) && - !in_clock_skew(dec_rep->enc_part2->times.starttime)) || ((request.from != 0) && (request.from != dec_rep->enc_part2->times.starttime)) || ((request.till != 0) && @@ -182,10 +180,18 @@ OLDDECLARG(krb5_creds *, cred) (dec_rep->enc_part2->flags & KDC_OPT_RENEWABLE) && (request.till != 0) && (dec_rep->enc_part2->times.renew_till > request.till)) - ) { + ) + retval = KRB5_KDCREP_MODIFIED; + + if ((request.from == 0) && + !in_clock_skew(dec_rep->enc_part2->times.starttime)) + retval = KRB5_KDCREP_SKEW; + + if (retval) { cleanup(); - return KRB5_KDCREP_MODIFIED; + return retval; } + #endif cred->ticket_flags = dec_rep->enc_part2->flags; diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index ed7b486cb..f9366a6ab 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -113,6 +113,9 @@ OLDDECLARG(krb5_kdc_rep **, ret_as_reply) krb5_timestamp time_now; krb5_pa_data *padata; + if (! krb5_realm_compare(creds->client, creds->server)) + return KRB5_IN_TKT_REALM_MISMATCH; + if (ret_as_reply) *ret_as_reply = 0; @@ -248,8 +251,6 @@ OLDDECLARG(krb5_kdc_rep **, ret_as_reply) || (request.nonce != as_reply->enc_part2->nonce) /* XXX check for extraneous flags */ /* XXX || (!krb5_addresses_compare(addrs, as_reply->enc_part2->caddrs)) */ - || ((request.from == 0) && - !in_clock_skew(as_reply->enc_part2->times.starttime)) || ((request.from != 0) && (request.from != as_reply->enc_part2->times.starttime)) || ((request.till != 0) && @@ -265,6 +266,12 @@ OLDDECLARG(krb5_kdc_rep **, ret_as_reply) retval = KRB5_KDCREP_MODIFIED; goto cleanup; } + if ((request.from == 0) && + !in_clock_skew(as_reply->enc_part2->times.starttime)) { + retval = KRB5_KDCREP_MODIFIED; + goto cleanup; + } + /* XXX issue warning if as_reply->enc_part2->key_exp is nearby */ |