+Thu Jun 22 15:24:16 EDT 1995 Paul Park (pjpark@mit.edu)
+ * main.c - Change option parsing logic to support multiple realms.
+ Use alternate profile routines from libkadm to support reading
+ values from it.
+ * dispatch.c - Setup global realm context before calling process_as_
+ req().
+ * do_as_req.c - Change KDB_CONVERT_KEY_OUTOF_DB to decrypt_key call.
+ * do_tgs_req.c - Setup global realm context from our service principal
+ name.
+ * extern.c - Remove per-realm global data. Replace this with list
+ of per-realm data with a pointer to the active request's realm.
+ * extern.h - Change per-realm global data names to #define's. This
+ is to avoid having to rewrite everything to pass a pointer to
+ the active realm.
+ * kdc_util.c - Change "kdc_context" to "kcontext" because of #defines
+ in extern.h. Also add logic after call to rd_req_decoded
+ to see if it failed because of a rcache error. If so, then
+ reinitialize the replay cache and retry it.
+ Also change KDB_CONVERT_KEY_OUTOF_DB to decrypt_key.
+ * kerberos_v4.c - Remove extraneous definition of master_encblock.
+ * krb5kdc.M - Add definition of -p, add vague reference to kdc.conf
+ manpage and describe multiple realms briefly.
+ * network.c - Change udp_port_fd to a list of fds to support having
+ multiple ports to listen on.
+
+
Thu Jun 15 17:55:21 EDT 1995 Paul Park (pjpark@mit.edu)
* Makefile.in - Change explicit library names to -l<lib> form, and
change target link line to use $(LD) and associated flags.
* is provided.
*/
static krb5_error_code
-comp_cksum(kdc_context, source, ticket, his_cksum)
- krb5_context kdc_context;
+comp_cksum(kcontext, source, ticket, his_cksum)
+ krb5_context kcontext;
krb5_data * source;
krb5_ticket * ticket;
krb5_checksum * his_cksum;
return KRB5KRB_AP_ERR_INAPP_CKSUM;
if (!(our_cksum.contents = (krb5_octet *)
- malloc(krb5_checksum_size(kdc_context, our_cksum.checksum_type))))
+ malloc(krb5_checksum_size(kcontext, our_cksum.checksum_type))))
return ENOMEM;
/* compute checksum */
- if ((retval = krb5_calculate_checksum(kdc_context, our_cksum.checksum_type,
+ if ((retval = krb5_calculate_checksum(kcontext, our_cksum.checksum_type,
source->data, source->length,
ticket->enc_part2->session->contents,
ticket->enc_part2->session->length,&our_cksum))) {
if ((retval = krb5_rd_req_decoded(kdc_context, &auth_context, apreq,
apreq->ticket->server, NULL,
- NULL, ticket)))
- goto cleanup_auth_context;
+ NULL, ticket))) {
+ /*
+ * I'm not so sure that this is right, but it's better than nothing
+ * at all.
+ *
+ * If we choke in the rd_req because of the replay cache, then attempt
+ * to reinitialize the replay cache because somebody could have deleted
+ * it from underneath us (e.g. a cron job)
+ */
+ if ((retval == KRB5_RC_IO_IO) ||
+ (retval == KRB5_RC_IO_UNKNOWN)) {
+ (void) krb5_rc_close(kdc_context, kdc_rcache);
+ kdc_rcache = (krb5_rcache) NULL;
+ if (!(retval = kdc_initialize_rcache(kdc_context,
+ (char *) NULL))) {
+ if ((retval = krb5_auth_con_setrcache(kdc_context,
+ auth_context,
+ kdc_rcache)) ||
+ (retval = krb5_rd_req_decoded(kdc_context,
+ &auth_context,
+ apreq,
+ apreq->ticket->server,
+ NULL,
+ NULL,
+ ticket))
+ )
+ goto cleanup_auth_context;
+ }
+ }
+ else
+ goto cleanup_auth_context;
+ }
if ((retval = krb5_auth_con_getremotesubkey(kdc_context,
auth_context, subkey)))
/* convert server.key into a real key (it may be encrypted
in the database) */
if ((*key = (krb5_keyblock *)malloc(sizeof **key))) {
- retval = KDB_CONVERT_KEY_OUTOF_DB(kdc_context, &server.key, *key);
+ retval = krb5_kdb_decrypt_key(kdc_context, &master_encblock,
+ &server.key, *key);
} else
retval = ENOMEM;
*kvno = server.kvno;
projects / krb5.git / commitdiff