From 578536337826fc191d30a85fd7e89a78652b40df Mon Sep 17 00:00:00 2001
From: Karl Ramm <kcr@1ts.org>
Date: Fri, 10 Apr 2009 00:15:29 +0000
Subject: kstuff.c: Turn off the replay cache (at least with MIT krb5 1.6)

All three authentication checks:
Initialize cksum1_buf so gcc will shut up.
---
 server/kstuff.c | 42 ++++++++++++++++++++++++++++++++++++++----
 1 file changed, 38 insertions(+), 4 deletions(-)

(limited to 'server/kstuff.c')

diff --git a/server/kstuff.c b/server/kstuff.c
index 7311727..c5a030a 100644
--- a/server/kstuff.c
+++ b/server/kstuff.c
@@ -261,11 +261,12 @@ ZCheckRealmAuthentication(ZNotice_t *notice,
     krb5_cksumtype cksumtype; 
     krb5_data cksumbuf;
     int valid;
-    char *cksum0_base, *cksum1_base, *cksum2_base; 
+    char *cksum0_base, *cksum1_base = NULL, *cksum2_base; 
     char *x; 
     unsigned char *asn1_data;
     unsigned char *key_data; 
-    int asn1_len, key_len, cksum0_len = 0, cksum1_len = 0, cksum2_len = 0; 
+    int asn1_len, key_len, cksum0_len = 0, cksum1_len = 0, cksum2_len = 0;
+    krb5_flags acflags;
 #ifdef KRB5_AUTH_CON_GETAUTHENTICATOR_TAKES_DOUBLE_POINTER
     krb5_authenticator *authenticator;
 #define KRB5AUTHENT authenticator
@@ -314,6 +315,22 @@ ZCheckRealmAuthentication(ZNotice_t *notice,
         return (result);
     }
 
+    result = krb5_auth_con_getflags(Z_krb5_ctx, authctx, &acflags);
+    if (result) {
+        krb5_kt_close(Z_krb5_ctx, keytabid);
+        free(authbuf);
+        return (result);
+    }
+
+    acflags &= ~KRB5_AUTH_CONTEXT_DO_TIME;
+
+    result = krb5_auth_con_setflags(Z_krb5_ctx, authctx, acflags);
+    if (result) {
+        krb5_kt_close(Z_krb5_ctx, keytabid);
+        free(authbuf);
+        return (result);
+    }
+
     /* HOLDING: authbuf, authctx */
     result = krb5_build_principal(Z_krb5_ctx, &server, strlen(__Zephyr_realm), 
 				  __Zephyr_realm, SERVER_SERVICE, 
@@ -560,10 +577,11 @@ ZCheckAuthentication(ZNotice_t *notice,
     krb5_cksumtype cksumtype; 
     krb5_data cksumbuf;
     int valid;
-    char *cksum0_base, *cksum1_base, *cksum2_base; 
+    char *cksum0_base, *cksum1_base = NULL, *cksum2_base; 
     char *x; 
     unsigned char *asn1_data, *key_data; 
-    int asn1_len, key_len, cksum0_len = 0, cksum1_len = 0, cksum2_len = 0; 
+    int asn1_len, key_len, cksum0_len = 0, cksum1_len = 0, cksum2_len = 0;
+    krb5_flags acflags;
 #ifdef KRB5_AUTH_CON_GETAUTHENTICATOR_TAKES_DOUBLE_POINTER
     krb5_authenticator *authenticator;
 #define KRB5AUTHENT authenticator
@@ -614,6 +632,22 @@ ZCheckAuthentication(ZNotice_t *notice,
         return (result);
     }
 
+    result = krb5_auth_con_getflags(Z_krb5_ctx, authctx, &acflags);
+    if (result) {
+        krb5_kt_close(Z_krb5_ctx, keytabid);
+        free(authbuf);
+        return (result);
+    }
+
+    acflags &= ~KRB5_AUTH_CONTEXT_DO_TIME;
+
+    result = krb5_auth_con_setflags(Z_krb5_ctx, authctx, acflags);
+    if (result) {
+        krb5_kt_close(Z_krb5_ctx, keytabid);
+        free(authbuf);
+        return (result);
+    }
+
     /* HOLDING: authbuf, authctx */
     result = krb5_build_principal(Z_krb5_ctx, &server, strlen(__Zephyr_realm), 
 				  __Zephyr_realm, SERVER_SERVICE, 
-- 
cgit v1.2.3