for real.
* dispatch.c: Include some more net-related headers.
(dispatch): Fix ifndef HAVE_INET_NTOP branch.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12091
dc483132-0cff-0310-8789-
dd5450dbe970
+2000-03-01 Tom Yu <tlyu@mit.edu>
+
+ * kdc_preauth.c (verify_sam_response): Declare and set rc_lifetime
+ for real.
+
+2000-02-29 Tom Yu <tlyu@mit.edu>
+
+ * dispatch.c: Include some more net-related headers.
+ (dispatch): Fix ifndef HAVE_INET_NTOP branch.
+
2000-02-28 Ken Raeburn <raeburn@mit.edu>
* configure.in: New enable-kdc-replay-cache arg. Define
#include "kdc_util.h"
#include "extern.h"
#include "adm_proto.h"
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <string.h>
krb5_error_code
dispatch(pkt, from, portnum, response)
name = inet_ntop (from->address->addrtype, from->address->contents,
buf, sizeof (buf));
#else
- if (addrtype == ADDRTYPE_INET) {
+ if (from->address->addrtype == ADDRTYPE_INET) {
struct sockaddr_in *sin
= (struct sockaddr_in *)from->address->contents;
strcpy (buf, inet_ntoa (sin->sin_addr));
#ifdef USE_RCACHE
{
krb5_donot_replay rep;
+ krb5_deltat rc_lifetime;
/*
* Verify this response came back in a timely manner.
* We do this b/c otherwise very old (expunged from the rcache)
* psr's would be able to be replayed.
*/
+ retval = krb5_rc_get_lifespan(kdc_context, kdc_rcache, &rc_lifetime);
+ if (retval) {
+ com_err("krb5kdc", retval, "while getting rcache lifespan");
+ goto cleanup;
+ }
if (timenow - psr->stime > rc_lifetime) {
com_err("krb5kdc", retval = KRB5KDC_ERR_PREAUTH_FAILED,
"SAM psr came back too late! -- replay attack?");
projects / krb5.git / commitdiff