#include "kdc_util.h"
krb5_error_code
-dispatch(pkt, from, response)
-krb5_data *pkt;
-const krb5_fulladdr *from;
-krb5_data **response;
+dispatch(pkt, from, is_secondary, response)
+ krb5_data *pkt;
+ const krb5_fulladdr *from;
+ int is_secondary;
+ krb5_data **response;
{
krb5_error_code retval;
if (krb5_is_tgs_req(pkt)) {
if (!(retval = decode_krb5_tgs_req(pkt, &tgs_req))) {
- retval = process_tgs_req(tgs_req, from, response);
+ retval = process_tgs_req(tgs_req, from, is_secondary, response);
krb5_free_kdc_req(tgs_req);
}
} else if (krb5_is_as_req(pkt)) {
if (!(retval = decode_krb5_as_req(pkt, &as_req))) {
- retval = process_as_req(as_req, from, response);
+ retval = process_as_req(as_req, from, is_secondary, response);
krb5_free_kdc_req(as_req);
}
}
#ifdef KRB4
else if (pkt->data[0] == 4) /* old version */
- retval = process_v4(pkt, from, response);
+ retval = process_v4(pkt, from, is_secondary, response);
#endif
else
retval = KRB5KRB_AP_ERR_MSG_TYPE;
/*ARGSUSED*/
krb5_error_code
-process_as_req(request, from, response)
+process_as_req(request, from, is_secondary, response)
register krb5_kdc_req *request;
const krb5_fulladdr *from; /* who sent it ? */
+int is_secondary;
krb5_data **response; /* filled in with a response packet */
{
if (!fromstring)
fromstring = "<unknown>";
- syslog(LOG_INFO, "AS_REQ: host %s, %s for %s", fromstring, cname, sname);
+ if (is_secondary)
+ syslog(LOG_INFO, "AS_REQ; host %s, %s for %s", fromstring, cname,
+ sname);
+ else
+ syslog(LOG_INFO, "AS_REQ: host %s, %s for %s", fromstring, cname,
+ sname);
free(cname);
free(sname);
#define cleanup() {krb5_db_free_principal(&client, 1); krb5_db_free_principal(&server, 1); }
+ if (retval = check_kdb_flags_as(request, client, server)) {
+ cleanup();
+ return(prepare_error_as(request, retval, response));
+ }
+
if (retval = krb5_timeofday(&kdc_time)) {
cleanup();
return(retval);
krb5_data **));
/*ARGSUSED*/
krb5_error_code
-process_tgs_req(request, from, response)
+process_tgs_req(request, from, is_secondary, response)
krb5_kdc_req *request;
const krb5_fulladdr *from; /* who sent it ? */
+int is_secondary;
krb5_data **response; /* filled in with a response packet */
{
return(retval);
}
- syslog(LOG_INFO, "TGS_REQ: host %s, %s for %s", fromstring, cname, sname);
+ if (is_secondary)
+ syslog(LOG_INFO, "TGS_REQ; host %s, %s for %s", fromstring, cname,
+ sname);
+ else
+ syslog(LOG_INFO, "TGS_REQ: host %s, %s for %s", fromstring, cname,
+ sname);
free(cname);
free(sname);
#define tkt_cleanup() {krb5_free_tkt_authent(req_authdat); }
#define cleanup() { krb5_db_free_principal(&server, 1);}
+ if (retval = check_kdb_flags_tgs(request, server)) {
+ cleanup();
+ return(prepare_error_tgs(request,
+ header_ticket,
+ retval,
+ fromstring,
+ response));
+ }
+
if (retval = krb5_timeofday(&kdc_time)) {
tkt_cleanup();
cleanup();
return;
/* move to the end */
- /* SUPPRESS 530 */
for (pl2 = plist; *pl2; pl2++);
/* the first entry in this array is for krbtgt/local@local, so we