+Thu Dec 8 00:33:05 1994 <tytso@rsx-11.mit.edu>
+
+ * do_tgs_req.c (prepare_error_tgs): Don't free the passed in
+ ticket; it will be freed as part of other structures.
+
+ * do_tgs_req.c (process_tgs_req): Set the encryption type in the
+ reply structure, and set the eblock type accordingly.
+
+Wed Dec 7 13:36:34 1994 <tytso@rsx-11.mit.edu>
+
+ * do_as_req.c (process_as_req): Set the encryption type in the
+ reply_encpart structure.
+
+ * kdc_util.c (validate_as_request):
+ * policy.c (against_local_policy_as): Move requirement that an AS
+ request must include the addresses field to the local
+ policy routine. (Not required by RFC).
+
+ * main.c (setup_com_err): Initialize the kdc5 error table (the
+ kdb5 error table is already initialized)
+
Wed Nov 30 16:37:26 1994 Theodore Y. Ts'o (tytso@dcl)
* confiugre.in: Add appropriate help text for --with-krb4
}
ticket_reply.enc_part.kvno = 0;
+ ticket_reply.enc_part.etype =
+ request->second_ticket[st_idx]->enc_part2->session->etype;
+ krb5_use_cstype(&eblock, ticket_reply.enc_part.etype);
if (retval = krb5_encrypt_tkt_part(&eblock,
request->second_ticket[st_idx]->enc_part2->session,
&ticket_reply)) {
}
ticket_reply.enc_part.kvno = server.kvno;
+ ticket_reply.enc_part.etype = useetype;
+ krb5_use_cstype(&eblock, ticket_reply.enc_part.etype);
retval = krb5_encrypt_tkt_part(&eblock, &encrypting_key, &ticket_reply);
memset((char *)encrypting_key.contents, 0, encrypting_key.length);
/* use the session key in the ticket, unless there's a subsession key
in the AP_REQ */
+ reply.enc_part.etype = req_authdat->authenticator->subkey ?
+ req_authdat->authenticator->subkey->etype :
+ header_ticket->enc_part2->session->etype;
+ krb5_use_cstype(&eblock, reply.enc_part.etype);
+
retval = krb5_encode_kdc_rep(KRB5_TGS_REP, &reply_encpart, &eblock,
req_authdat->authenticator->subkey ?
req_authdat->authenticator->subkey :
errpkt.ctime = request->nonce;
errpkt.cusec = 0;
- if (retval = krb5_us_timeofday(&errpkt.stime, &errpkt.susec)) {
- if (ticket)
- krb5_free_ticket(ticket);
+ if (retval = krb5_us_timeofday(&errpkt.stime, &errpkt.susec))
return(retval);
- }
errpkt.error = error;
errpkt.server = request->server;
if (ticket && ticket->enc_part2)
else
errpkt.client = 0;
errpkt.text.length = strlen(error_message(error+KRB5KDC_ERR_NONE))+1;
- if (!(errpkt.text.data = malloc(errpkt.text.length))) {
- if (ticket)
- krb5_free_ticket(ticket);
+ if (!(errpkt.text.data = malloc(errpkt.text.length)))
return ENOMEM;
- }
(void) strcpy(errpkt.text.data, error_message(error+KRB5KDC_ERR_NONE));
if (!(scratch = (krb5_data *)malloc(sizeof(*scratch)))) {
free(errpkt.text.data);
- if (ticket)
- krb5_free_ticket(ticket);
return ENOMEM;
}
errpkt.e_data.length = 0;
retval = krb5_mk_error(&errpkt, scratch);
free(errpkt.text.data);
*response = scratch;
- if (ticket)
- krb5_free_ticket(ticket);
return retval;
}
return KDC_ERR_BADOPTION;
}
- /* An AS request must include the addresses field */
- if (request->addresses == 0) {
- *status = "NO ADDRESS";
- return KRB_AP_ERR_BADADDR;
- }
-
/* The client's password must not be expired */
if (client.pw_expiration && client.pw_expiration < kdc_time) {
*status = "CLIENT KEY EXPIRED";
projects / krb5.git / commitdiff