diff options
| -rw-r--r-- | lib/ZCkZAut.c | 2 | ||||
| -rw-r--r-- | server/kstuff.c | 42 |
2 files changed, 39 insertions, 5 deletions
diff --git a/lib/ZCkZAut.c b/lib/ZCkZAut.c index 0e5df8b..69bca56 100644 --- a/lib/ZCkZAut.c +++ b/lib/ZCkZAut.c @@ -42,7 +42,7 @@ Code_t ZCheckZcodeAuthentication(ZNotice_t *notice, krb5_cksumtype cksumtype; krb5_data cksumbuf; int valid; - char *cksum0_base, *cksum1_base, *cksum2_base; + char *cksum0_base, *cksum1_base = NULL, *cksum2_base; char *x; unsigned char *asn1_data, *key_data; int asn1_len, key_len, cksum0_len = 0, cksum1_len = 0, cksum2_len = 0; diff --git a/server/kstuff.c b/server/kstuff.c index 7311727..c5a030a 100644 --- a/server/kstuff.c +++ b/server/kstuff.c @@ -261,11 +261,12 @@ ZCheckRealmAuthentication(ZNotice_t *notice, krb5_cksumtype cksumtype; krb5_data cksumbuf; int valid; - char *cksum0_base, *cksum1_base, *cksum2_base; + char *cksum0_base, *cksum1_base = NULL, *cksum2_base; char *x; unsigned char *asn1_data; unsigned char *key_data; - int asn1_len, key_len, cksum0_len = 0, cksum1_len = 0, cksum2_len = 0; + int asn1_len, key_len, cksum0_len = 0, cksum1_len = 0, cksum2_len = 0; + krb5_flags acflags; #ifdef KRB5_AUTH_CON_GETAUTHENTICATOR_TAKES_DOUBLE_POINTER krb5_authenticator *authenticator; #define KRB5AUTHENT authenticator @@ -314,6 +315,22 @@ ZCheckRealmAuthentication(ZNotice_t *notice, return (result); } + result = krb5_auth_con_getflags(Z_krb5_ctx, authctx, &acflags); + if (result) { + krb5_kt_close(Z_krb5_ctx, keytabid); + free(authbuf); + return (result); + } + + acflags &= ~KRB5_AUTH_CONTEXT_DO_TIME; + + result = krb5_auth_con_setflags(Z_krb5_ctx, authctx, acflags); + if (result) { + krb5_kt_close(Z_krb5_ctx, keytabid); + free(authbuf); + return (result); + } + /* HOLDING: authbuf, authctx */ result = krb5_build_principal(Z_krb5_ctx, &server, strlen(__Zephyr_realm), __Zephyr_realm, SERVER_SERVICE, @@ -560,10 +577,11 @@ ZCheckAuthentication(ZNotice_t *notice, krb5_cksumtype cksumtype; krb5_data cksumbuf; int valid; - char *cksum0_base, *cksum1_base, *cksum2_base; + char *cksum0_base, *cksum1_base = NULL, *cksum2_base; char *x; unsigned char *asn1_data, *key_data; - int asn1_len, key_len, cksum0_len = 0, cksum1_len = 0, cksum2_len = 0; + int asn1_len, key_len, cksum0_len = 0, cksum1_len = 0, cksum2_len = 0; + krb5_flags acflags; #ifdef KRB5_AUTH_CON_GETAUTHENTICATOR_TAKES_DOUBLE_POINTER krb5_authenticator *authenticator; #define KRB5AUTHENT authenticator @@ -614,6 +632,22 @@ ZCheckAuthentication(ZNotice_t *notice, return (result); } + result = krb5_auth_con_getflags(Z_krb5_ctx, authctx, &acflags); + if (result) { + krb5_kt_close(Z_krb5_ctx, keytabid); + free(authbuf); + return (result); + } + + acflags &= ~KRB5_AUTH_CONTEXT_DO_TIME; + + result = krb5_auth_con_setflags(Z_krb5_ctx, authctx, acflags); + if (result) { + krb5_kt_close(Z_krb5_ctx, keytabid); + free(authbuf); + return (result); + } + /* HOLDING: authbuf, authctx */ result = krb5_build_principal(Z_krb5_ctx, &server, strlen(__Zephyr_realm), __Zephyr_realm, SERVER_SERVICE, |