diff options
author | Karl Ramm <kcr@1ts.org> | 2009-04-10 00:15:29 +0000 |
---|---|---|
committer | Karl Ramm <kcr@1ts.org> | 2009-04-10 00:15:29 +0000 |
commit | 578536337826fc191d30a85fd7e89a78652b40df (patch) | |
tree | 06cbebe106e60270d8b80ad2f433171c3dc91dc5 /server/kstuff.c | |
parent | 57fc124fed7c33779255b13a8c54d6702762333f (diff) |
kstuff.c:
Turn off the replay cache (at least with MIT krb5 1.6)
All three authentication checks:
Initialize cksum1_buf so gcc will shut up.
Diffstat (limited to 'server/kstuff.c')
-rw-r--r-- | server/kstuff.c | 42 |
1 files changed, 38 insertions, 4 deletions
diff --git a/server/kstuff.c b/server/kstuff.c index 7311727..c5a030a 100644 --- a/server/kstuff.c +++ b/server/kstuff.c @@ -261,11 +261,12 @@ ZCheckRealmAuthentication(ZNotice_t *notice, krb5_cksumtype cksumtype; krb5_data cksumbuf; int valid; - char *cksum0_base, *cksum1_base, *cksum2_base; + char *cksum0_base, *cksum1_base = NULL, *cksum2_base; char *x; unsigned char *asn1_data; unsigned char *key_data; - int asn1_len, key_len, cksum0_len = 0, cksum1_len = 0, cksum2_len = 0; + int asn1_len, key_len, cksum0_len = 0, cksum1_len = 0, cksum2_len = 0; + krb5_flags acflags; #ifdef KRB5_AUTH_CON_GETAUTHENTICATOR_TAKES_DOUBLE_POINTER krb5_authenticator *authenticator; #define KRB5AUTHENT authenticator @@ -314,6 +315,22 @@ ZCheckRealmAuthentication(ZNotice_t *notice, return (result); } + result = krb5_auth_con_getflags(Z_krb5_ctx, authctx, &acflags); + if (result) { + krb5_kt_close(Z_krb5_ctx, keytabid); + free(authbuf); + return (result); + } + + acflags &= ~KRB5_AUTH_CONTEXT_DO_TIME; + + result = krb5_auth_con_setflags(Z_krb5_ctx, authctx, acflags); + if (result) { + krb5_kt_close(Z_krb5_ctx, keytabid); + free(authbuf); + return (result); + } + /* HOLDING: authbuf, authctx */ result = krb5_build_principal(Z_krb5_ctx, &server, strlen(__Zephyr_realm), __Zephyr_realm, SERVER_SERVICE, @@ -560,10 +577,11 @@ ZCheckAuthentication(ZNotice_t *notice, krb5_cksumtype cksumtype; krb5_data cksumbuf; int valid; - char *cksum0_base, *cksum1_base, *cksum2_base; + char *cksum0_base, *cksum1_base = NULL, *cksum2_base; char *x; unsigned char *asn1_data, *key_data; - int asn1_len, key_len, cksum0_len = 0, cksum1_len = 0, cksum2_len = 0; + int asn1_len, key_len, cksum0_len = 0, cksum1_len = 0, cksum2_len = 0; + krb5_flags acflags; #ifdef KRB5_AUTH_CON_GETAUTHENTICATOR_TAKES_DOUBLE_POINTER krb5_authenticator *authenticator; #define KRB5AUTHENT authenticator @@ -614,6 +632,22 @@ ZCheckAuthentication(ZNotice_t *notice, return (result); } + result = krb5_auth_con_getflags(Z_krb5_ctx, authctx, &acflags); + if (result) { + krb5_kt_close(Z_krb5_ctx, keytabid); + free(authbuf); + return (result); + } + + acflags &= ~KRB5_AUTH_CONTEXT_DO_TIME; + + result = krb5_auth_con_setflags(Z_krb5_ctx, authctx, acflags); + if (result) { + krb5_kt_close(Z_krb5_ctx, keytabid); + free(authbuf); + return (result); + } + /* HOLDING: authbuf, authctx */ result = krb5_build_principal(Z_krb5_ctx, &server, strlen(__Zephyr_realm), __Zephyr_realm, SERVER_SERVICE, |