+
+Mon Mar 27 07:56:26 1995 Chris Provenzano (proven@mit.edu)
+
+ * adm_process.c, adm_kadmin.c, adm_adm_func.c, adm_kpasswd.c,
+ * adm_funcs, adm_nego.c adm_extern.c and adm_listen.c
+ Use new calling convention for krb5_recvauth(), krb5_mk_priv(),
+ krb5_rd_priv(), krb5_mk_safe(), and krb5_rd_safe().
+ (Redid many of the internal functions to accomidate new a
+ uth_context structure and remove old unnecessary structures.)
+
Fri Mar 24 14:38:06 1995 <tytso@rsx-11.mit.edu>
* adm_network.c (setup_network): If /etc/services doesn't have the
#endif
krb5_error_code
-adm_build_key (context, newprinc, client_creds, new_passwd, oper_type, entry)
+adm_build_key (context, auth_context, new_passwd, oper_type, entry)
krb5_context context;
- krb5_principal newprinc;
- krb5_ticket *client_creds;
+ krb5_auth_context * auth_context;
char *new_passwd;
int oper_type;
krb5_db_entry entry;
{
+ krb5_replay_data replaydata;
krb5_data outbuf;
int retval;
#if defined(MACH_PASS) || defined(SANDIA)
#endif
/* Encrypt Password and Phrase */
- if (retval = krb5_mk_priv(context, &outbuf,
- ETYPE_DES_CBC_CRC,
- client_creds->enc_part2->session,
- &client_server_info.server_addr,
- &client_server_info.client_addr,
- send_seqno,
- KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
- 0,
- 0,
- &msg_data)) {
+ if (retval = krb5_mk_priv(context, auth_context, &outbuf,
+ &msg_data, &replaydata)) {
com_err("adm_build_key", retval, "during mk_priv");
#if defined(MACH_PASS) || defined(SANDIA)
free(tmp_passwd);
}
/* Decrypt Client Response */
- if (retval = krb5_rd_priv(context, &inbuf,
- client_creds->enc_part2->session,
- &client_server_info.client_addr,
- &client_server_info.server_addr,
- recv_seqno,
- KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
- 0,
- 0,
- &msg_data)) {
+ if (retval = krb5_rd_priv(context, auth_context, &inbuf,
+ &msg_data, &replaydata)) {
syslog(LOG_ERR | LOG_INFO, "adm_build_key krb5_rd_priv error");
free(inbuf.data);
return(5); /* Protocol Failure */
/* kadmin change password request */
krb5_error_code
-adm_change_pwd(context, prog, customer_name, client_creds, salttype)
+adm_change_pwd(context, auth_context, prog, customer_name, salttype)
krb5_context context;
+ krb5_auth_context * auth_context;
char *prog;
char *customer_name;
- krb5_ticket *client_creds;
int salttype;
{
krb5_db_entry entry;
oper_type = (salttype == KRB5_KDB_SALTTYPE_NORMAL) ? CHGOPER : CH4OPER;
- if (retval = adm_build_key(context, newprinc, client_creds,
- new_passwd, oper_type, entry)) {
+ if (retval = adm_build_key(context, auth_context, new_passwd,
+ oper_type, entry)) {
krb5_free_principal(context, newprinc);
krb5_db_free_principal(context, &entry, nprincs);
free(new_passwd);
/* kadmin add new random key function */
krb5_error_code
-adm_change_pwd_rnd(context, cmdname, customer_name, client_creds)
+adm_change_pwd_rnd(context, cmdname, customer_name)
krb5_context context;
char *cmdname;
char *customer_name;
- krb5_ticket *client_creds;
{
krb5_db_entry entry;
int nprincs = 1;
/* kadmin add new key function */
krb5_error_code
-adm_add_new_key(context, cmdname, customer_name, client_creds, salttype)
+adm_add_new_key(context, auth_context, cmdname, customer_name, salttype)
krb5_context context;
+ krb5_auth_context *auth_context;
char *cmdname;
char *customer_name;
- krb5_ticket *client_creds;
int salttype;
{
krb5_db_entry entry;
return(3); /* No Memory */
}
- if (retval = adm_build_key(context, newprinc,
- client_creds,
- new_passwd,
- ADDOPER,
- entry)) {
+ if (retval = adm_build_key(context, auth_context, new_passwd,
+ ADDOPER, entry)) {
krb5_free_principal(context, newprinc);
krb5_db_free_principal(context, &entry, nprincs);
free(new_passwd);
/* kadmin add new random key function */
krb5_error_code
-adm_add_new_key_rnd(context, cmdname, customer_name, client_creds)
+adm_add_new_key_rnd(context, cmdname, customer_name)
krb5_context context;
char *cmdname;
char *customer_name;
- krb5_ticket *client_creds;
{
krb5_db_entry entry;
int nprincs = 1;
/* kadmin modify existing Principal function */
krb5_error_code
-adm_mod_old_key(context, cmdname, customer_name, client_creds)
+adm_mod_old_key(context, auth_context, cmdname, customer_name)
krb5_context context;
+ krb5_auth_context * auth_context;
char *cmdname;
char *customer_name;
- krb5_ticket *client_creds;
{
+ krb5_replay_data replaydata;
krb5_db_entry entry;
int nprincs = 1;
extern int errno;
outbuf.data[1] = MODOPER;
outbuf.data[2] = SENDDATA3;
- if (retval = krb5_mk_priv(context, &outbuf,
- ETYPE_DES_CBC_CRC,
- client_creds->enc_part2->session,
- &client_server_info.server_addr,
- &client_server_info.client_addr,
- send_seqno,
- KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
- 0,
- 0,
- &msg_data)) {
+ if (retval = krb5_mk_priv(context, auth_context, &outbuf,
+ &msg_data, &replaydata)) {
krb5_free_principal(context, newprinc);
krb5_db_free_principal(context, &entry, nprincs);
com_err("adm_mod_old_key", retval, "during mk_priv");
}
/* Decrypt Client Response */
- if (retval = krb5_rd_priv(context, &inbuf,
- client_creds->enc_part2->session,
- &client_server_info.client_addr,
- &client_server_info.server_addr,
- recv_seqno,
- KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
- 0,
- 0,
- &msg_data)) {
+ if (retval = krb5_rd_priv(context, auth_context, &inbuf,
+ &msg_data, &replaydata)) {
com_err("adm_mod_old_key", retval, "krb5_rd_priv error %s",
error_message(retval));
free(inbuf.data);
}
/* Decrypt Client Response */
- if (retval = krb5_rd_priv(context, &inbuf,
- client_creds->enc_part2->session,
- &client_server_info.client_addr,
- &client_server_info.server_addr,
- recv_seqno,
- KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
- 0,
- 0,
- &msg_data)) {
+ if (retval = krb5_rd_priv(context, auth_context, &inbuf,
+ &msg_data, &replaydata)) {
com_err("adm_mod_old_key", retval, "krb5_rd_priv error %s",
error_message(retval));
free(inbuf.data);
/* kadmin inquire existing Principal function */
krb5_error_code
-adm_inq_old_key(context, cmdname, customer_name, client_creds)
+adm_inq_old_key(context, auth_context, cmdname, customer_name)
krb5_context context;
+ krb5_auth_context * auth_context;
char *cmdname;
char *customer_name;
- krb5_ticket *client_creds;
{
+ krb5_replay_data replaydata;
krb5_db_entry entry;
int nprincs = 1;
free(fullname);
/* Encrypt Inquiry Data */
- if (retval = krb5_mk_priv(context, &outbuf,
- ETYPE_DES_CBC_CRC,
- client_creds->enc_part2->session,
- &client_server_info.server_addr,
- &client_server_info.client_addr,
- send_seqno,
- KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
- 0,
- 0,
- &msg_data)) {
+ if (retval = krb5_mk_priv(context, auth_context, &outbuf,
+ &msg_data, &replaydata)) {
com_err("adm_inq_old_key", retval, "during mk_priv");
free(outbuf.data);
return(5); /* Protocol Failure */
}
/* Decrypt Client Response */
- if (retval = krb5_rd_priv(context, &inbuf,
- client_creds->enc_part2->session,
- &client_server_info.client_addr,
- &client_server_info.server_addr,
- recv_seqno,
- KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
- 0,
- 0,
- &msg_data)) {
+ if (retval = krb5_rd_priv(context, auth_context, &inbuf,
+ &msg_data, &replaydata)) {
com_err("adm_inq_old_key", retval, "krb5_rd_priv error %s",
error_message(retval));
free(inbuf.data);
krb5_data msg_data;
int send_seqno;
-int recv_seqno;
/*
static krb5_data tgs_name = {KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME};
extern int adm_debug_flag;
extern int send_seqno;
-extern int recv_seqno;
extern int exit_now;
krb5_error_code adm_build_key
PROTOTYPE((krb5_context,
- krb5_principal,
- krb5_ticket *,
+ krb5_auth_context *,
char *,
int,
krb5_db_entry));
krb5_error_code adm_change_pwd
PROTOTYPE((krb5_context,
+ krb5_auth_context *,
char *,
char *,
- krb5_ticket *,
int));
krb5_error_code adm_change_pwd_rnd
PROTOTYPE((krb5_context,
char *,
- char *,
- krb5_ticket *));
+ char *));
krb5_error_code adm_add_new_key
PROTOTYPE((krb5_context,
+ krb5_auth_context *,
char *,
char *,
- krb5_ticket *,
int));
krb5_error_code adm_add_new_key_rnd
PROTOTYPE((krb5_context,
char *,
- char *,
- krb5_ticket *));
+ char *));
krb5_error_code adm_del_old_key
PROTOTYPE((krb5_context,
krb5_error_code adm_mod_old_key
PROTOTYPE((krb5_context,
+ krb5_auth_context *,
char *,
- char *,
- krb5_ticket* ));
+ char *));
krb5_error_code adm_inq_old_key
PROTOTYPE((krb5_context,
+ krb5_auth_context *,
char *,
- char *,
- krb5_ticket *));
+ char *));
krb5_error_code adm_print_exp_time
PROTOTYPE((krb5_context,
krb5_error_code adm5_kadmin
PROTOTYPE((krb5_context,
+ krb5_auth_context *,
char *,
- krb5_authenticator *,
- krb5_ticket *,
char *,
int *));
krb5_error_code adm_negotiate_key
PROTOTYPE((krb5_context,
+ krb5_auth_context *,
char const *,
- krb5_ticket *,
char *));
krb5_error_code setup_network
PROTOTYPE((krb5_context,
const char *));
-krb5_error_code cpw_keyproc
- PROTOTYPE((krb5_context,
- krb5_pointer,
- krb5_principal,
- krb5_kvno,
- krb5_keytype,
- krb5_keyblock **));
-
krb5_error_code process_client
PROTOTYPE((krb5_context,
char *));
krb5_error_code adm5_change
PROTOTYPE((krb5_context,
+ krb5_auth_context *,
char *,
- krb5_principal ,
- krb5_ticket *));
+ krb5_principal));
int adm5_listen_and_process
PROTOTYPE((krb5_context,
krb5_error_code adm5_kpasswd
PROTOTYPE((krb5_context,
+ krb5_auth_context *,
char *,
kadmin_requests *,
- krb5_ticket *,
char *,
int *));
}
krb5_error_code
-adm5_change(context, prog, newprinc, client_creds)
+adm5_change(context, auth_context, prog, newprinc)
krb5_context context;
+ krb5_auth_context * auth_context;
char *prog;
krb5_principal newprinc;
- krb5_ticket *client_creds;
{
krb5_db_entry entry;
int nprincs = 1;
memset((char *) new_passwd, 0, ADM_MAX_PW_LENGTH + 1);
/* Negotiate for New Key */
- if (retval = adm_negotiate_key(context, "adm5_change", client_creds,
+ if (retval = adm_negotiate_key(context, auth_context, "adm5_change",
new_passwd)) {
krb5_db_free_principal(context, &entry, nprincs);
krb5_free_principal(context, newprinc);
#include "adm_extern.h"
krb5_error_code
-adm5_kadmin(context, prog, client_auth_data, client_creds, retbuf, otype)
+adm5_kadmin(context, auth_context, prog, retbuf, otype)
krb5_context context;
+ krb5_auth_context * auth_context;
char *prog;
- krb5_authenticator *client_auth_data;
- krb5_ticket *client_creds;
char *retbuf; /* Allocated in Calling Routine */
int *otype;
{
+ krb5_replay_data replaydata;
krb5_error_code retval;
kadmin_requests request_type;
krb5_data msg_data, outbuf, inbuf;
retbuf[2] = SENDDATA2;
outbuf.length = 3;
- retval = krb5_mk_priv(context, &outbuf,
- ETYPE_DES_CBC_CRC,
- client_creds->enc_part2->session,
- &client_server_info.server_addr,
- &client_server_info.client_addr,
- send_seqno,
- KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
- 0,
- 0,
- &msg_data);
+ retval = krb5_mk_priv(context, auth_context, &outbuf,
+ &msg_data, &replaydata);
if (retval ) {
syslog(LOG_ERR,
"adm5_kadmin - Error Performing Acknowledgement mk_priv");
}
/* Decrypt Client Response */
- if ((retval = krb5_rd_priv(context, &inbuf,
- client_creds->enc_part2->session,
- &client_server_info.client_addr,
- &client_server_info.server_addr,
- recv_seqno,
- KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
- 0,
- 0,
- &msg_data))) {
+ if ((retval = krb5_rd_priv(context, auth_context, &inbuf,
+ &msg_data, &replaydata))) {
free(inbuf.data);
syslog(LOG_ERR | LOG_INFO, "Error decoding Username - rd_priv");
return(5); /* Protocol Failure */
}
*otype = 1;
salttype = KRB5_KDB_SALTTYPE_NORMAL;
- retval = adm_add_new_key(context, "adm5_kadmin", customer_name,
- client_creds, salttype);
+ retval = adm_add_new_key(context, auth_context, "adm5_kadmin",
+ customer_name, salttype);
goto process_retval;
case CHGOPER:
}
*otype = 2;
salttype = KRB5_KDB_SALTTYPE_NORMAL;
- retval = adm_change_pwd(context, "adm5_kadmin", customer_name,
- client_creds, salttype);
+ retval = adm_change_pwd(context, auth_context, "adm5_kadmin",
+ customer_name, salttype);
goto process_retval;
case ADROPER:
}
*otype = 3;
retval = adm_add_new_key_rnd(context, "adm5_kadmin",
- customer_name, client_creds);
+ customer_name);
goto process_retval;
case CHROPER:
}
*otype = 4;
retval = adm_change_pwd_rnd(context, "adm5_kadmin",
- customer_name, client_creds);
+ customer_name);
goto process_retval;
case DELOPER:
goto process_retval;
}
*otype = 6;
- retval = adm_mod_old_key(context, "adm5_kadmin", customer_name,
- client_creds);
+ retval = adm_mod_old_key(context, auth_context, "adm5_kadmin",
+ customer_name);
goto process_retval;
case INQOPER:
goto process_retval;
}
*otype = 7;
- retval = adm_inq_old_key(context, "adm5_kadmin", customer_name,
- client_creds);
+ retval = adm_inq_old_key(context, auth_context, "adm5_kadmin",
+ customer_name);
goto process_retval;
case AD4OPER:
}
*otype = 8;
salttype = KRB5_KDB_SALTTYPE_V4;
- retval = adm_add_new_key(context, "adm5_kadmin", customer_name,
- client_creds, salttype);
+ retval = adm_add_new_key(context, auth_context, "adm5_kadmin",
+ customer_name, salttype);
goto process_retval;
case CH4OPER:
}
*otype = 9;
salttype = KRB5_KDB_SALTTYPE_V4;
- retval = adm_change_pwd(context, "adm5_kadmin", customer_name,
- client_creds, salttype);
+ retval = adm_change_pwd(context, auth_context, "adm5_kadmin",
+ customer_name, salttype);
goto process_retval;
default:
outbuf.length = strlen(retbuf) + 1;
/* Send Completion Message */
- if (retval = krb5_mk_priv(context, &outbuf,
- ETYPE_DES_CBC_CRC,
- client_creds->enc_part2->session,
- &client_server_info.server_addr,
- &client_server_info.client_addr,
- send_seqno,
- KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
- 0,
- 0,
- &msg_data)) {
+ if (retval = krb5_mk_priv(context, auth_context, &outbuf,
+ &msg_data, &replaydata)) {
syslog(LOG_ERR, "adm5_kadmin - Error Performing Final mk_priv");
return(1);
}
/* Send Final Reply to Client */
- if (retval = krb5_write_message(context, &client_server_info.client_socket,
+ if (retval = krb5_write_message(context,
+ &client_server_info.client_socket,
&msg_data)){
free(msg_data.data);
syslog(LOG_ERR, "adm5_kadmin - Error Performing Final Write: %s",
};
krb5_error_code
-adm5_kpasswd(context, prog, request_type, client_creds, retbuf, otype)
+adm5_kpasswd(context, auth_context, prog, request_type, retbuf, otype)
krb5_context context;
+ krb5_auth_context *auth_context;
char *prog;
kadmin_requests *request_type;
- krb5_ticket *client_creds;
char *retbuf;
int *otype;
{
*otype = 3;
syslog(LOG_AUTH | LOG_INFO,
"adm_kpasswd: kpasswd change received");
- retval = adm5_change(context, "adm5_kpasswd",
- client_server_info.client,
- client_creds);
+ retval = adm5_change(context, auth_context, "adm5_kpasswd",
+ client_server_info.client);
switch(retval) {
case 0:
}
if (adm_debug_flag) {
- retval = process_client(context, "adm5_listen_and_process");
+ retval = process_client(context,
+ "adm5_listen_and_process");
exit(retval);
}
/* child */
(void) close(client_server_info.server_socket);
- retval = process_client(context, "adm5_listen_and_process");
+ retval = process_client(context,
+ "adm5_listen_and_process");
exit(retval);
} else {
/* parent */
#include "adm_extern.h"
krb5_error_code
-adm_negotiate_key(context, prog, client_creds, new_passwd)
+adm_negotiate_key(context, auth_context, prog, new_passwd)
krb5_context context;
+ krb5_auth_context *auth_context;
char const * prog;
- krb5_ticket * client_creds;
char * new_passwd;
{
+ krb5_replay_data replaydata;
krb5_data msg_data, inbuf;
krb5_error_code retval;
#if defined(MACH_PASS) || defined(SANDIA) /* Machine-generated passwords. */
free_phrases();
/* Encrypt Password/Phrases Encoding */
- retval = krb5_mk_priv(context, encoded_pw_string,
- ETYPE_DES_CBC_CRC,
- client_creds->enc_part2->session,
- &client_server_info.server_addr,
- &client_server_info.client_addr,
- send_seqno,
- KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
- 0,
- 0,
- &msg_data);
+ retval = krb5_mk_priv(context, auth_context, encoded_pw_string,
+ &msg_data, &replaydata);
if (retval ) {
free_passwds();
free_pwd_and_phrase_structures();
}
/* Decrypt Client Response */
- if ((retval = krb5_rd_priv(context, &inbuf,
- client_creds->enc_part2->session,
- &client_server_info.client_addr,
- &client_server_info.server_addr,
- recv_seqno,
- KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
- 0,
- 0,
- &msg_data))) {
+ if ((retval = krb5_rd_priv(context, auth_context, &inbuf,
+ &msg_data, &replaydata))) {
free(inbuf.data);
#if defined(MACH_PASS) || defined(SANDIA)
free_passwds();
extern krb5_encrypt_block master_encblock;
extern krb5_keyblock master_keyblock;
-struct cpw_keyproc_arg {
- krb5_keyblock *key;
-};
-
-krb5_error_code
-cpw_keyproc(context, keyprocarg, server, key_vno, keytype, key)
+static krb5_error_code
+cpw_keyproc(context, keyblock)
krb5_context context;
- krb5_pointer keyprocarg;
- krb5_principal server;
- krb5_kvno key_vno;
- krb5_keytype keytype;
- krb5_keyblock ** key;
+ krb5_keyblock ** keyblock;
{
krb5_error_code retval;
krb5_db_entry cpw_entry;
krb5_principal cpw_krb;
krb5_keyblock *realkey;
-
- struct cpw_keyproc_arg *arg;
-
krb5_boolean more;
-
int nprincs = 1;
- arg = ( struct cpw_keyproc_arg *) keyprocarg;
-
- if (arg->key) {
- retval = krb5_copy_keyblock(context, arg->key, key);
- if (retval)
- return retval;
- } else {
- if (retval = krb5_parse_name(context, client_server_info.name_of_service,
+ if (*keyblock == NULL) {
+ if (retval = krb5_parse_name(context,
+ client_server_info.name_of_service,
&cpw_krb)) {
syslog(LOG_ERR,
"cpw_keyproc %d while attempting to parse \"%s\"",
}
if (retval = krb5_db_get_principal(context, cpw_krb, &cpw_entry,
- &nprincs, &more)) {
+ &nprincs, &more)) {
syslog(LOG_ERR,
"cpw_keyproc %d while extracting %s entry",
client_server_info.name_of_service, retval);
exit(retval);
}
- *key = realkey;
+ *keyblock = realkey;
}
-
return(0);
}
{
krb5_error_code retval;
- struct cpw_keyproc_arg cpw_key;
+ krb5_keyblock * cpw_keyblock = NULL;
int on = 1;
krb5_db_entry server_entry;
- krb5_ticket *client_creds;
- krb5_authenticator *client_auth_data;
char retbuf[512];
krb5_data final_msg;
char completion_msg[520];
kadmin_requests request_type;
+ krb5_auth_context *auth_context = NULL;
+ krb5_ticket * client_ticket = NULL;
+ krb5_replay_data replaydata;
int number_of_entries;
krb5_boolean more;
exit(0);
}
- if ((cpw_key.key = (krb5_keyblock *) calloc (1,
+ if ((cpw_keyblock = (krb5_keyblock *) calloc (1,
sizeof(krb5_keyblock))) == (krb5_keyblock *) 0) {
krb5_db_free_principal(context, &server_entry, number_of_entries);
syslog(LOG_ERR,
if (retval = krb5_kdb_decrypt_key(context,
&master_encblock,
&server_entry.key,
- (krb5_keyblock *) cpw_key.key)) {
+ cpw_keyblock)) {
krb5_db_free_principal(context, &server_entry, number_of_entries);
- free(cpw_key.key);
+ free(cpw_keyblock);
syslog(LOG_ERR,
"kadmind error: Cannot extract kadmin/<realm> from master key");
close(client_server_info.client_socket);
syslog(LOG_AUTH | LOG_INFO,
"Request for Administrative Service Received from %s - Authenticating.",
inet_ntoa( client_server_info.client_name.sin_addr ));
+
+ cpw_keyproc(context, &cpw_keyblock);
- if ((retval = krb5_recvauth(context,
+ if (krb5_auth_con_init(context, &auth_context))
+ exit(1);
+
+ krb5_auth_con_setflags(context,auth_context,KRB5_AUTH_CONTEXT_RET_SEQUENCE);
+
+ krb5_auth_con_setaddrs(context, auth_context,
+ &client_server_info.server_addr,
+ &client_server_info.client_addr);
+
+ if (krb5_auth_con_setuseruserkey(context, auth_context, cpw_keyblock))
+ exit(1);
+
+ if ((retval = krb5_recvauth(context, &auth_context,
(krb5_pointer) &client_server_info.client_socket,
ADM5_CPW_VERSION,
client_server_info.server,
- &client_server_info.client_addr,
+ NULL,
0,
- cpw_keyproc,
- (krb5_pointer) &cpw_key,
- 0,
- 0,
- &send_seqno,
- &client_server_info.client,
- &client_creds,
- &client_auth_data
+ NULL,
+ &client_ticket
))) {
syslog(LOG_ERR, "kadmind error: %s during recvauth\n",
error_message(retval));
(void) sprintf(retbuf, "kadmind error during recvauth: %s\n",
error_message(retval));
- krb5_free_keyblock(context, cpw_key.key);
+ krb5_free_keyblock(context, cpw_keyblock);
goto finish;
}
- krb5_free_keyblock(context, cpw_key.key);
+ krb5_free_keyblock(context, cpw_keyblock);
+ if (retval = krb5_copy_principal(context, client_ticket->enc_part2->client,
+ &client_server_info.client))
+ goto finish;
+
/* Check if ticket was issued using password (and not tgt)
* within the last 5 minutes
*/
- if (!(client_creds->enc_part2->flags & TKT_FLG_INITIAL)) {
+ if (!(client_ticket->enc_part2->flags & TKT_FLG_INITIAL)) {
syslog(LOG_ERR, "Client ticket not initial");
close(client_server_info.client_socket);
exit(0);
exit(0);
}
- if ((adm_time - client_creds->enc_part2->times.authtime) > 60*5) {
+ if ((adm_time - client_ticket->enc_part2->times.authtime) > 60*5) {
syslog(LOG_ERR, "Client ticket not recent");
close(client_server_info.client_socket);
exit(0);
}
- recv_seqno = client_auth_data->seq_number;
-
if ((client_server_info.name_of_client =
(char *) calloc (1, 3 * 255)) == (char *) 0) {
syslog(LOG_ERR, "kadmind error: No Memory for name_of_client");
goto finish;
}
- if ((retval = krb5_rd_priv(context, &inbuf,
- client_creds->enc_part2->session,
- &client_server_info.client_addr,
- &client_server_info.server_addr,
- client_auth_data->seq_number,
- KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
- 0,
- 0,
- &msg_data))) {
+ if ((retval = krb5_rd_priv(context, auth_context, &inbuf,
+ &msg_data, &replaydata))) {
free(inbuf.data);
syslog(LOG_ERR, "kadmind error: rd_priv:%s\n", error_message(retval));
goto finish;
switch (request_type.appl_code) {
case KPASSWD:
req_type = "kpasswd";
- if (retval = adm5_kpasswd(context, "process_client", &request_type,
- client_creds, retbuf, &otype)) {
+ if (retval = adm5_kpasswd(context, auth_context, "process_client",
+ &request_type, retbuf, &otype)) {
goto finish;
}
break;
case KADMIN:
req_type = "kadmin";
- if (retval = adm5_kadmin(context, "process_client",
- client_auth_data, client_creds,
+ if (retval = adm5_kadmin(context, auth_context, "process_client",
retbuf, &otype)) {
goto finish;
}
final_msg.data = retbuf;
final_msg.length = strlen(retbuf) + 1;
- /* Send Completion Message */
- if (retval = krb5_mk_priv(context, &final_msg,
- ETYPE_DES_CBC_CRC,
- client_creds->enc_part2->session,
- &client_server_info.server_addr,
- &client_server_info.client_addr,
- send_seqno,
- KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
- 0,
- 0,
- &msg_data)) {
+ /* Send Completion Message */
+ if (retval = krb5_mk_priv(context, auth_context, &final_msg,
+ &msg_data, &replaydata)) {
syslog(LOG_ERR, "kadmind error Error Performing Final mk_priv");
goto finish;
}