From: Tom Yu <tlyu@mit.edu>
Date: Wed, 1 Mar 2000 05:15:31 +0000 (+0000)
Subject: 	* kdc_preauth.c (verify_sam_response): Declare and set rc_lifetime
X-Git-Tag: krb5-1.2-beta1~33
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=84bb15d7f03199761c4a7864e32e7a5b6b4b0b03;p=krb5.git

	* kdc_preauth.c (verify_sam_response): Declare and set rc_lifetime
	for real.

	* dispatch.c: Include some more net-related headers.
	(dispatch): Fix ifndef HAVE_INET_NTOP branch.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12091 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog
index 6e7892d85..039703627 100644
--- a/src/kdc/ChangeLog
+++ b/src/kdc/ChangeLog
@@ -1,3 +1,13 @@
+2000-03-01  Tom Yu  <tlyu@mit.edu>
+
+	* kdc_preauth.c (verify_sam_response): Declare and set rc_lifetime
+	for real.
+
+2000-02-29  Tom Yu  <tlyu@mit.edu>
+
+	* dispatch.c: Include some more net-related headers.
+	(dispatch): Fix ifndef HAVE_INET_NTOP branch.
+
 2000-02-28  Ken Raeburn  <raeburn@mit.edu>
 
 	* configure.in: New enable-kdc-replay-cache arg.  Define
diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c
index 230b7df2f..9cfb6551e 100644
--- a/src/kdc/dispatch.c
+++ b/src/kdc/dispatch.c
@@ -31,6 +31,9 @@
 #include "kdc_util.h"
 #include "extern.h"
 #include "adm_proto.h"
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <string.h>
 
 krb5_error_code
 dispatch(pkt, from, portnum, response)
@@ -57,7 +60,7 @@ dispatch(pkt, from, portnum, response)
 	name = inet_ntop (from->address->addrtype, from->address->contents,
 			  buf, sizeof (buf));
 #else
-	if (addrtype == ADDRTYPE_INET) {
+	if (from->address->addrtype == ADDRTYPE_INET) {
 	    struct sockaddr_in *sin
 		= (struct sockaddr_in *)from->address->contents;
 	    strcpy (buf, inet_ntoa (sin->sin_addr));
diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
index db358d283..cc957016b 100644
--- a/src/kdc/kdc_preauth.c
+++ b/src/kdc/kdc_preauth.c
@@ -1267,11 +1267,17 @@ verify_sam_response(context, client, request, enc_tkt_reply, pa)
 #ifdef USE_RCACHE
     {
 	krb5_donot_replay rep;
+	krb5_deltat rc_lifetime;
 	/*
 	 * Verify this response came back in a timely manner.
 	 * We do this b/c otherwise very old (expunged from the rcache)
 	 * psr's would be able to be replayed.
 	 */
+	retval = krb5_rc_get_lifespan(kdc_context, kdc_rcache, &rc_lifetime);
+	if (retval) {
+	    com_err("krb5kdc", retval, "while getting rcache lifespan");
+	    goto cleanup;
+	}
 	if (timenow - psr->stime > rc_lifetime) {
 	    com_err("krb5kdc", retval = KRB5KDC_ERR_PREAUTH_FAILED,
 	    "SAM psr came back too late! -- replay attack?");