From fc95cdda6fd9c3dbdb10e122b497d72a56648f9a Mon Sep 17 00:00:00 2001 From: John Kohl Date: Wed, 27 Feb 1991 11:50:57 +0000 Subject: [PATCH] update to actually do replay checking git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1799 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/rd_priv.c | 29 ++++++++++++++++++++++++++--- src/lib/krb5/krb/rd_safe.c | 34 +++++++++++++++++++++++++++------- 2 files changed, 53 insertions(+), 10 deletions(-) diff --git a/src/lib/krb5/krb/rd_priv.c b/src/lib/krb5/krb/rd_priv.c index dcc0177b1..7dfe5331a 100644 --- a/src/lib/krb5/krb/rd_priv.c +++ b/src/lib/krb5/krb/rd_priv.c @@ -2,7 +2,8 @@ * $Source$ * $Author$ * - * Copyright 1990 by the Massachusetts Institute of Technology. + * Copyright 1990,1991 by the Massachusetts Institute of Technology. + * All Rights Reserved. * * For copying and distribution information, please see the file * . @@ -15,7 +16,6 @@ static char rcsid_rd_priv_c[] = "$Id$"; #endif /* !lint & !SABER */ -#include #include #include @@ -148,6 +148,8 @@ OLDDECLARG(krb5_data *, outbuf) #define cleanup_mesg() {(void)xfree(privmsg_enc_part);} if (!(priv_flags & KRB5_PRIV_NOTIME)) { + krb5_donot_replay replay; + if (retval = krb5_timeofday(¤ttime)) { cleanup_data(); cleanup_mesg(); @@ -158,7 +160,28 @@ OLDDECLARG(krb5_data *, outbuf) cleanup_mesg(); return KRB5KRB_AP_ERR_SKEW; } - /* replay detection goes here... XXX */ + if (!rcache) { + /* gotta provide an rcache in this case... */ + cleanup_data(); + cleanup_mesg(); + return KRB5_RC_REQUIRED; + } + if (retval = krb5_gen_replay_name(sender_addr, "_priv", + &replay.client)) { + cleanup_data(); + cleanup_mesg(); + return retval; + } + replay.server = ""; /* XXX */ + replay.cusec = privmsg_enc_part->usec; + replay.ctime = privmsg_enc_part->timestamp; + if (retval = krb5_rc_store(rcache, &replay)) { + xfree(replay.client); + cleanup_data(); + cleanup_mesg(); + return retval; + } + xfree(replay.client); } if (priv_flags & KRB5_PRIV_DOSEQUENCE) diff --git a/src/lib/krb5/krb/rd_safe.c b/src/lib/krb5/krb/rd_safe.c index 8426a8224..88baba4e1 100644 --- a/src/lib/krb5/krb/rd_safe.c +++ b/src/lib/krb5/krb/rd_safe.c @@ -2,7 +2,8 @@ * $Source$ * $Author$ * - * Copyright 1990 by the Massachusetts Institute of Technology. + * Copyright 1990,1991 by the Massachusetts Institute of Technology. + * All Rights Reserved. * * For copying and distribution information, please see the file * . @@ -15,7 +16,6 @@ static char rcsid_rd_safe_c[] = "$Id$"; #endif /* !lint & !SABER */ -#include #include #include #include @@ -70,17 +70,37 @@ krb5_data *outbuf; !is_keyed_cksum(message->checksum->checksum_type)) return KRB5KRB_AP_ERR_INAPP_CKSUM; - if (retval = krb5_timeofday(¤ttime)) { - cleanup(); - return retval; - } if (!(safe_flags & KRB5_SAFE_NOTIME)) { + krb5_donot_replay replay; + + if (retval = krb5_timeofday(¤ttime)) { + cleanup(); + return retval; + } /* in_clock_skew #defined above */ if (!in_clock_skew(message->timestamp)) { cleanup(); return KRB5KRB_AP_ERR_SKEW; } - /* replay detection goes here... XXX */ + if (!rcache) { + /* gotta provide an rcache in this case... */ + cleanup(); + return KRB5_RC_REQUIRED; + } + if (retval = krb5_gen_replay_name(sender_addr, "_safe", + &replay.client)) { + cleanup(); + return retval; + } + replay.server = ""; /* XXX */ + replay.cusec = message->usec; + replay.ctime = message->timestamp; + if (retval = krb5_rc_store(rcache, &replay)) { + xfree(replay.client); + cleanup(); + return retval; + } + xfree(replay.client); } if (safe_flags & KRB5_SAFE_DOSEQUENCE) -- 2.26.2