* kdc_util.c (kdc_initialize_rcache): Move kdc_initialize_rcache()
back here since it's needed for rtest to work. process_tgs_req()
which is called from rtest needs to call kdc_intiialize_rcache()
and we can't very well link rtest with main.o
* kdc_preauth.c (verify_sam_response): Ooops. Get rc_lifetime
from kdc_util, since it's actually declared there.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12093
dc483132-0cff-0310-8789-
dd5450dbe970
2000-03-01 Tom Yu <tlyu@mit.edu>
+ * main.c: Move kdc_initialize_rcache() to kdc_util.c
+
+ * kdc_util.c (kdc_initialize_rcache): Move kdc_initialize_rcache()
+ back here since it's needed for rtest to work. process_tgs_req()
+ which is called from rtest needs to call kdc_intiialize_rcache()
+ and we can't very well link rtest with main.o
+
+ * kdc_preauth.c (verify_sam_response): Ooops. Get rc_lifetime
+ from kdc_util, since it's actually declared there.
+
* configure.in: Fix --enable-kdc-replay-cache to actually default
to "yes".
#ifdef USE_RCACHE
{
krb5_donot_replay rep;
- krb5_deltat rc_lifetime;
+ extern krb5_deltat rc_lifetime;
/*
* Verify this response came back in a timely manner.
* We do this b/c otherwise very old (expunged from the rcache)
* psr's would be able to be replayed.
*/
- retval = krb5_rc_get_lifespan(kdc_context, kdc_rcache, &rc_lifetime);
- if (retval) {
- com_err("krb5kdc", retval, "while getting rcache lifespan");
- goto cleanup;
- }
if (timenow - psr->stime > rc_lifetime) {
com_err("krb5kdc", retval = KRB5KDC_ERR_PREAUTH_FAILED,
"SAM psr came back too late! -- replay attack?");
#include "adm.h"
#include "adm_proto.h"
+#ifdef USE_RCACHE
+static char *kdc_current_rcname = (char *) NULL;
+krb5_deltat rc_lifetime; /* See kdc_initialize_rcache() */
+#endif
+
+#ifdef USE_RCACHE
+/*
+ * initialize the replay cache.
+ */
+krb5_error_code
+kdc_initialize_rcache(kcontext, rcache_name)
+ krb5_context kcontext;
+ char *rcache_name;
+{
+ krb5_error_code retval;
+ char *rcname;
+ char *sname;
+
+ rcname = (rcache_name) ? rcache_name : kdc_current_rcname;
+
+ /* rc_lifetime used elsewhere to verify we're not */
+ /* replaying really old data */
+ rc_lifetime = kcontext->clockskew;
+
+ if (!rcname)
+ rcname = KDCRCACHE;
+ if (!(retval = krb5_rc_resolve_full(kcontext, &kdc_rcache, rcname))) {
+ /* Recover or initialize the replay cache */
+ if (!(retval = krb5_rc_recover(kcontext, kdc_rcache)) ||
+ !(retval = krb5_rc_initialize(kcontext,
+ kdc_rcache,
+ kcontext->clockskew))
+ ) {
+ /* Expunge the replay cache */
+ if (!(retval = krb5_rc_expunge(kcontext, kdc_rcache))) {
+ sname = kdc_current_rcname;
+ kdc_current_rcname = strdup(rcname);
+ if (sname)
+ free(sname);
+ }
+ }
+ if (retval)
+ krb5_rc_close(kcontext, kdc_rcache);
+ }
+ return(retval);
+}
+#endif
+
/*
* concatenate first two authdata arrays, returning an allocated replacement.
* The replacement should be freed with krb5_free_authdata().
void finish_realms PROTOTYPE((char *));
static int nofork = 0;
-#ifdef USE_RCACHE
-static char *kdc_current_rcname = (char *) NULL;
-#endif
static int rkey_init_done = 0;
-#ifdef USE_RCACHE
-krb5_deltat rc_lifetime; /* See kdc_initialize_rcache() */
-#endif /* USE_RCACHE */
-
#ifdef POSIX_SIGNALS
static struct sigaction s_action;
#endif /* POSIX_SIGNALS */
#define KRB5_KDC_MAX_REALMS 32
-#ifdef USE_RCACHE
-/*
- * initialize the replay cache.
- */
-krb5_error_code
-kdc_initialize_rcache(kcontext, rcache_name)
- krb5_context kcontext;
- char *rcache_name;
-{
- krb5_error_code retval;
- char *rcname;
- char *sname;
-
- rcname = (rcache_name) ? rcache_name : kdc_current_rcname;
-
- /* rc_lifetime used elsewhere to verify we're not */
- /* replaying really old data */
- rc_lifetime = kcontext->clockskew;
-
- if (!rcname)
- rcname = KDCRCACHE;
- if (!(retval = krb5_rc_resolve_full(kcontext, &kdc_rcache, rcname))) {
- /* Recover or initialize the replay cache */
- if (!(retval = krb5_rc_recover(kcontext, kdc_rcache)) ||
- !(retval = krb5_rc_initialize(kcontext,
- kdc_rcache,
- kcontext->clockskew))
- ) {
- /* Expunge the replay cache */
- if (!(retval = krb5_rc_expunge(kcontext, kdc_rcache))) {
- sname = kdc_current_rcname;
- kdc_current_rcname = strdup(rcname);
- if (sname)
- free(sname);
- }
- }
- if (retval)
- krb5_rc_close(kcontext, kdc_rcache);
- }
- return(retval);
-}
-#endif
-
/*
* Find the realm entry for a given realm.
*/
projects / krb5.git / commitdiff