From: Theodore Tso Date: Tue, 13 Dec 1994 20:39:00 +0000 (+0000) Subject: do_tgs_req.c (prepare_error_tgs): Don't free the passed in ticket; it X-Git-Tag: krb5-1.0-beta5~923 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=0bc7bb97d787a1438c45f97957abec092618cdf0;p=krb5.git do_tgs_req.c (prepare_error_tgs): Don't free the passed in ticket; it will be freed as part of other structures. do_tgs_req.c (process_tgs_req): Set the encryption type in the reply structure, and set the eblock type accordingly. do_as_req.c (process_as_req): Set the encryption type in the reply_encpart structure. kdc_util.c (validate_as_request): policy.c (against_local_policy_as): Move requirement that an AS request must include the addresses field to the local policy routine. (Not required by RFC). main.c (setup_com_err): Initialize the kdc5 error table (the kdb5 error table is already initialized) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4730 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog index 5c005e43d..6e359e3c9 100644 --- a/src/kdc/ChangeLog +++ b/src/kdc/ChangeLog @@ -1,3 +1,24 @@ +Thu Dec 8 00:33:05 1994 + + * do_tgs_req.c (prepare_error_tgs): Don't free the passed in + ticket; it will be freed as part of other structures. + + * do_tgs_req.c (process_tgs_req): Set the encryption type in the + reply structure, and set the eblock type accordingly. + +Wed Dec 7 13:36:34 1994 + + * do_as_req.c (process_as_req): Set the encryption type in the + reply_encpart structure. + + * kdc_util.c (validate_as_request): + * policy.c (against_local_policy_as): Move requirement that an AS + request must include the addresses field to the local + policy routine. (Not required by RFC). + + * main.c (setup_com_err): Initialize the kdc5 error table (the + kdb5 error table is already initialized) + Wed Nov 30 16:37:26 1994 Theodore Y. Ts'o (tytso@dcl) * confiugre.in: Add appropriate help text for --with-krb4 diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index 62fb0eb25..8bc3f07e3 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -489,7 +489,7 @@ krb5_data **response; /* filled in with a response packet */ in the database) */ if (retval = KDB_CONVERT_KEY_OUTOF_DB(&client.key, &encrypting_key)) goto errout; - + reply.enc_part.etype = useetype; reply.enc_part.kvno = client.kvno; retval = krb5_encode_kdc_rep(KRB5_AS_REP, &reply_encpart, &eblock, &encrypting_key, &reply, response); diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index 46407185c..ede57588e 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -534,6 +534,9 @@ tgt_again: } ticket_reply.enc_part.kvno = 0; + ticket_reply.enc_part.etype = + request->second_ticket[st_idx]->enc_part2->session->etype; + krb5_use_cstype(&eblock, ticket_reply.enc_part.etype); if (retval = krb5_encrypt_tkt_part(&eblock, request->second_ticket[st_idx]->enc_part2->session, &ticket_reply)) { @@ -550,6 +553,8 @@ tgt_again: } ticket_reply.enc_part.kvno = server.kvno; + ticket_reply.enc_part.etype = useetype; + krb5_use_cstype(&eblock, ticket_reply.enc_part.etype); retval = krb5_encrypt_tkt_part(&eblock, &encrypting_key, &ticket_reply); memset((char *)encrypting_key.contents, 0, encrypting_key.length); @@ -593,6 +598,11 @@ tgt_again: /* use the session key in the ticket, unless there's a subsession key in the AP_REQ */ + reply.enc_part.etype = req_authdat->authenticator->subkey ? + req_authdat->authenticator->subkey->etype : + header_ticket->enc_part2->session->etype; + krb5_use_cstype(&eblock, reply.enc_part.etype); + retval = krb5_encode_kdc_rep(KRB5_TGS_REP, &reply_encpart, &eblock, req_authdat->authenticator->subkey ? req_authdat->authenticator->subkey : @@ -663,11 +673,8 @@ krb5_data **response; errpkt.ctime = request->nonce; errpkt.cusec = 0; - if (retval = krb5_us_timeofday(&errpkt.stime, &errpkt.susec)) { - if (ticket) - krb5_free_ticket(ticket); + if (retval = krb5_us_timeofday(&errpkt.stime, &errpkt.susec)) return(retval); - } errpkt.error = error; errpkt.server = request->server; if (ticket && ticket->enc_part2) @@ -675,17 +682,12 @@ krb5_data **response; else errpkt.client = 0; errpkt.text.length = strlen(error_message(error+KRB5KDC_ERR_NONE))+1; - if (!(errpkt.text.data = malloc(errpkt.text.length))) { - if (ticket) - krb5_free_ticket(ticket); + if (!(errpkt.text.data = malloc(errpkt.text.length))) return ENOMEM; - } (void) strcpy(errpkt.text.data, error_message(error+KRB5KDC_ERR_NONE)); if (!(scratch = (krb5_data *)malloc(sizeof(*scratch)))) { free(errpkt.text.data); - if (ticket) - krb5_free_ticket(ticket); return ENOMEM; } errpkt.e_data.length = 0; @@ -694,8 +696,6 @@ krb5_data **response; retval = krb5_mk_error(&errpkt, scratch); free(errpkt.text.data); *response = scratch; - if (ticket) - krb5_free_ticket(ticket); return retval; } diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index 6eef4cace..e76bb4967 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -732,12 +732,6 @@ char **status; return KDC_ERR_BADOPTION; } - /* An AS request must include the addresses field */ - if (request->addresses == 0) { - *status = "NO ADDRESS"; - return KRB_AP_ERR_BADADDR; - } - /* The client's password must not be expired */ if (client.pw_expiration && client.pw_expiration < kdc_time) { *status = "CLIENT KEY EXPIRED"; diff --git a/src/kdc/main.c b/src/kdc/main.c index 4912ab894..5f01081fc 100644 --- a/src/kdc/main.c +++ b/src/kdc/main.c @@ -102,7 +102,7 @@ void setup_com_err() { krb5_init_ets(); - initialize_kdb5_error_table(); + initialize_kdc5_error_table(); (void) set_com_err_hook(kdc_com_err_proc); return; } diff --git a/src/kdc/policy.c b/src/kdc/policy.c index 716f48158..55d99b755 100644 --- a/src/kdc/policy.c +++ b/src/kdc/policy.c @@ -40,6 +40,14 @@ krb5_db_entry server; krb5_timestamp kdc_time; char **status; { +#if 0 + /* An AS request must include the addresses field */ + if (request->addresses == 0) { + *status = "NO ADDRESS"; + return KRB5KDC_ERR_POLICY; + } +#endif + return 0; /* not against policy */ }