summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/kdc/ChangeLog21
-rw-r--r--src/kdc/do_as_req.c2
-rw-r--r--src/kdc/do_tgs_req.c24
-rw-r--r--src/kdc/kdc_util.c6
-rw-r--r--src/kdc/main.c2
-rw-r--r--src/kdc/policy.c8
6 files changed, 43 insertions, 20 deletions
diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog
index 5c005e43d..6e359e3c9 100644
--- a/src/kdc/ChangeLog
+++ b/src/kdc/ChangeLog
@@ -1,3 +1,24 @@
+Thu Dec 8 00:33:05 1994 <tytso@rsx-11.mit.edu>
+
+ * do_tgs_req.c (prepare_error_tgs): Don't free the passed in
+ ticket; it will be freed as part of other structures.
+
+ * do_tgs_req.c (process_tgs_req): Set the encryption type in the
+ reply structure, and set the eblock type accordingly.
+
+Wed Dec 7 13:36:34 1994 <tytso@rsx-11.mit.edu>
+
+ * do_as_req.c (process_as_req): Set the encryption type in the
+ reply_encpart structure.
+
+ * kdc_util.c (validate_as_request):
+ * policy.c (against_local_policy_as): Move requirement that an AS
+ request must include the addresses field to the local
+ policy routine. (Not required by RFC).
+
+ * main.c (setup_com_err): Initialize the kdc5 error table (the
+ kdb5 error table is already initialized)
+
Wed Nov 30 16:37:26 1994 Theodore Y. Ts'o (tytso@dcl)
* confiugre.in: Add appropriate help text for --with-krb4
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
index 62fb0eb25..8bc3f07e3 100644
--- a/src/kdc/do_as_req.c
+++ b/src/kdc/do_as_req.c
@@ -489,7 +489,7 @@ krb5_data **response; /* filled in with a response packet */
in the database) */
if (retval = KDB_CONVERT_KEY_OUTOF_DB(&client.key, &encrypting_key))
goto errout;
-
+ reply.enc_part.etype = useetype;
reply.enc_part.kvno = client.kvno;
retval = krb5_encode_kdc_rep(KRB5_AS_REP, &reply_encpart, &eblock,
&encrypting_key, &reply, response);
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index 46407185c..ede57588e 100644
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -534,6 +534,9 @@ tgt_again:
}
ticket_reply.enc_part.kvno = 0;
+ ticket_reply.enc_part.etype =
+ request->second_ticket[st_idx]->enc_part2->session->etype;
+ krb5_use_cstype(&eblock, ticket_reply.enc_part.etype);
if (retval = krb5_encrypt_tkt_part(&eblock,
request->second_ticket[st_idx]->enc_part2->session,
&ticket_reply)) {
@@ -550,6 +553,8 @@ tgt_again:
}
ticket_reply.enc_part.kvno = server.kvno;
+ ticket_reply.enc_part.etype = useetype;
+ krb5_use_cstype(&eblock, ticket_reply.enc_part.etype);
retval = krb5_encrypt_tkt_part(&eblock, &encrypting_key, &ticket_reply);
memset((char *)encrypting_key.contents, 0, encrypting_key.length);
@@ -593,6 +598,11 @@ tgt_again:
/* use the session key in the ticket, unless there's a subsession key
in the AP_REQ */
+ reply.enc_part.etype = req_authdat->authenticator->subkey ?
+ req_authdat->authenticator->subkey->etype :
+ header_ticket->enc_part2->session->etype;
+ krb5_use_cstype(&eblock, reply.enc_part.etype);
+
retval = krb5_encode_kdc_rep(KRB5_TGS_REP, &reply_encpart, &eblock,
req_authdat->authenticator->subkey ?
req_authdat->authenticator->subkey :
@@ -663,11 +673,8 @@ krb5_data **response;
errpkt.ctime = request->nonce;
errpkt.cusec = 0;
- if (retval = krb5_us_timeofday(&errpkt.stime, &errpkt.susec)) {
- if (ticket)
- krb5_free_ticket(ticket);
+ if (retval = krb5_us_timeofday(&errpkt.stime, &errpkt.susec))
return(retval);
- }
errpkt.error = error;
errpkt.server = request->server;
if (ticket && ticket->enc_part2)
@@ -675,17 +682,12 @@ krb5_data **response;
else
errpkt.client = 0;
errpkt.text.length = strlen(error_message(error+KRB5KDC_ERR_NONE))+1;
- if (!(errpkt.text.data = malloc(errpkt.text.length))) {
- if (ticket)
- krb5_free_ticket(ticket);
+ if (!(errpkt.text.data = malloc(errpkt.text.length)))
return ENOMEM;
- }
(void) strcpy(errpkt.text.data, error_message(error+KRB5KDC_ERR_NONE));
if (!(scratch = (krb5_data *)malloc(sizeof(*scratch)))) {
free(errpkt.text.data);
- if (ticket)
- krb5_free_ticket(ticket);
return ENOMEM;
}
errpkt.e_data.length = 0;
@@ -694,8 +696,6 @@ krb5_data **response;
retval = krb5_mk_error(&errpkt, scratch);
free(errpkt.text.data);
*response = scratch;
- if (ticket)
- krb5_free_ticket(ticket);
return retval;
}
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
index 6eef4cace..e76bb4967 100644
--- a/src/kdc/kdc_util.c
+++ b/src/kdc/kdc_util.c
@@ -732,12 +732,6 @@ char **status;
return KDC_ERR_BADOPTION;
}
- /* An AS request must include the addresses field */
- if (request->addresses == 0) {
- *status = "NO ADDRESS";
- return KRB_AP_ERR_BADADDR;
- }
-
/* The client's password must not be expired */
if (client.pw_expiration && client.pw_expiration < kdc_time) {
*status = "CLIENT KEY EXPIRED";
diff --git a/src/kdc/main.c b/src/kdc/main.c
index 4912ab894..5f01081fc 100644
--- a/src/kdc/main.c
+++ b/src/kdc/main.c
@@ -102,7 +102,7 @@ void
setup_com_err()
{
krb5_init_ets();
- initialize_kdb5_error_table();
+ initialize_kdc5_error_table();
(void) set_com_err_hook(kdc_com_err_proc);
return;
}
diff --git a/src/kdc/policy.c b/src/kdc/policy.c
index 716f48158..55d99b755 100644
--- a/src/kdc/policy.c
+++ b/src/kdc/policy.c
@@ -40,6 +40,14 @@ krb5_db_entry server;
krb5_timestamp kdc_time;
char **status;
{
+#if 0
+ /* An AS request must include the addresses field */
+ if (request->addresses == 0) {
+ *status = "NO ADDRESS";
+ return KRB5KDC_ERR_POLICY;
+ }
+#endif
+
return 0; /* not against policy */
}
generated by cgit (git 2.34.1) at 2024-10-06 20:35:45 +0000