update to actually do replay checking
authorJohn Kohl <jtkohl@mit.edu>
Wed, 27 Feb 1991 11:50:57 +0000 (11:50 +0000)
committerJohn Kohl <jtkohl@mit.edu>
Wed, 27 Feb 1991 11:50:57 +0000 (11:50 +0000)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1799 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/krb5/krb/rd_priv.c
src/lib/krb5/krb/rd_safe.c

index dcc0177b1ea0972f1fc847611dfe1308f11ef97a..7dfe5331a6fc213e04304c9752080cc9d9cfb3b0 100644 (file)
@@ -2,7 +2,8 @@
  * $Source$
  * $Author$
  *
- * Copyright 1990 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
  *
  * For copying and distribution information, please see the file
  * <krb5/copyright.h>.
@@ -15,7 +16,6 @@ static char rcsid_rd_priv_c[] =
 "$Id$";
 #endif /* !lint & !SABER */
 
-#include <krb5/copyright.h>
 #include <krb5/krb5.h>
 
 #include <krb5/asn1.h>
@@ -148,6 +148,8 @@ OLDDECLARG(krb5_data *, outbuf)
 #define cleanup_mesg() {(void)xfree(privmsg_enc_part);}
 
     if (!(priv_flags & KRB5_PRIV_NOTIME)) {
+       krb5_donot_replay replay;
+
        if (retval = krb5_timeofday(&currenttime)) {
            cleanup_data();
            cleanup_mesg();
@@ -158,7 +160,28 @@ OLDDECLARG(krb5_data *, outbuf)
            cleanup_mesg();  
            return KRB5KRB_AP_ERR_SKEW;
        }
-       /* replay detection goes here... XXX */
+       if (!rcache) {
+           /* gotta provide an rcache in this case... */
+           cleanup_data();
+           cleanup_mesg();  
+           return KRB5_RC_REQUIRED;
+       }
+       if (retval = krb5_gen_replay_name(sender_addr, "_priv",
+                                         &replay.client)) {
+           cleanup_data();
+           cleanup_mesg();  
+           return retval;
+       }
+       replay.server = "";             /* XXX */
+       replay.cusec = privmsg_enc_part->usec;
+       replay.ctime = privmsg_enc_part->timestamp;
+       if (retval = krb5_rc_store(rcache, &replay)) {
+           xfree(replay.client);
+           cleanup_data();
+           cleanup_mesg();  
+           return retval;
+       }
+       xfree(replay.client);
     }
 
     if (priv_flags & KRB5_PRIV_DOSEQUENCE)
index 8426a8224190cab406cd7e1cc5c353cd24d51545..88baba4e1a931b071e0aa2dcf6ed214bf538f431 100644 (file)
@@ -2,7 +2,8 @@
  * $Source$
  * $Author$
  *
- * Copyright 1990 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
  *
  * For copying and distribution information, please see the file
  * <krb5/copyright.h>.
@@ -15,7 +16,6 @@ static char rcsid_rd_safe_c[] =
 "$Id$";
 #endif /* !lint & !SABER */
 
-#include <krb5/copyright.h>
 #include <krb5/krb5.h>
 #include <krb5/asn1.h>
 #include <krb5/libos-proto.h>
@@ -70,17 +70,37 @@ krb5_data *outbuf;
        !is_keyed_cksum(message->checksum->checksum_type))
        return KRB5KRB_AP_ERR_INAPP_CKSUM;
 
-    if (retval = krb5_timeofday(&currenttime)) {
-       cleanup();
-       return retval;
-    }
     if (!(safe_flags & KRB5_SAFE_NOTIME)) {
+       krb5_donot_replay replay;
+
+       if (retval = krb5_timeofday(&currenttime)) {
+           cleanup();
+           return retval;
+       }
        /* in_clock_skew #defined above */
        if (!in_clock_skew(message->timestamp)) {
            cleanup();
            return KRB5KRB_AP_ERR_SKEW;
        }
-       /* replay detection goes here... XXX */
+       if (!rcache) {
+           /* gotta provide an rcache in this case... */
+           cleanup();
+           return KRB5_RC_REQUIRED;
+       }
+       if (retval = krb5_gen_replay_name(sender_addr, "_safe",
+                                         &replay.client)) {
+           cleanup();
+           return retval;
+       }
+       replay.server = "";             /* XXX */
+       replay.cusec = message->usec;
+       replay.ctime = message->timestamp;
+       if (retval = krb5_rc_store(rcache, &replay)) {
+           xfree(replay.client);
+           cleanup();
+           return retval;
+       }
+       xfree(replay.client);
     }
 
     if (safe_flags & KRB5_SAFE_DOSEQUENCE)