/*
- * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
+ * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
*
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
*
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
*
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
*
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
#include "kdc_locl.h"
-RCSID("$Id: 524.c 18270 2006-10-06 17:06:30Z lha $");
+RCSID("$Id$");
#include <krb5-v4compat.h>
*/
static krb5_error_code
-fetch_server (krb5_context context,
+fetch_server (krb5_context context,
krb5_kdc_configuration *config,
const Ticket *t,
char **spn,
krb5_get_err_text(context, ret));
return ret;
}
- ret = _kdc_db_fetch(context, config, sprinc, HDB_F_GET_SERVER,
+ ret = _kdc_db_fetch(context, config, sprinc, HDB_F_GET_SERVER,
NULL, server);
krb5_free_principal(context, sprinc);
if (ret) {
}
static krb5_error_code
-log_524 (krb5_context context,
+log_524 (krb5_context context,
krb5_kdc_configuration *config,
const EncTicketPart *et,
const char *from,
char *cpn;
krb5_error_code ret;
- ret = _krb5_principalname2krb5_principal(context, &client,
+ ret = _krb5_principalname2krb5_principal(context, &client,
et->cname, et->crealm);
if (ret) {
kdc_log(context, config, 0, "_krb5_principalname2krb5_principal: %s",
}
static krb5_error_code
-verify_flags (krb5_context context,
+verify_flags (krb5_context context,
krb5_kdc_configuration *config,
const EncTicketPart *et,
const char *spn)
*/
static krb5_error_code
-set_address (krb5_context context,
+set_address (krb5_context context,
krb5_kdc_configuration *config,
EncTicketPart *et,
struct sockaddr *addr,
kdc_log(context, config, 0, "Failed to convert address (%s)", from);
return ret;
}
-
+
if (et->caddr && !krb5_address_search (context, v4_addr, et->caddr)) {
kdc_log(context, config, 0, "Incorrect network address (%s)", from);
krb5_free_address(context, v4_addr);
static krb5_error_code
-encrypt_v4_ticket(krb5_context context,
+encrypt_v4_ticket(krb5_context context,
krb5_kdc_configuration *config,
- void *buf,
- size_t len,
- krb5_keyblock *skey,
+ void *buf,
+ size_t len,
+ krb5_keyblock *skey,
EncryptedData *reply)
{
krb5_crypto crypto;
return ret;
}
- ret = krb5_encrypt_EncryptedData(context,
+ ret = krb5_encrypt_EncryptedData(context,
crypto,
KRB5_KU_TICKET,
buf,
}
static krb5_error_code
-encode_524_response(krb5_context context,
+encode_524_response(krb5_context context,
krb5_kdc_configuration *config,
const char *spn, const EncTicketPart et,
- const Ticket *t, hdb_entry_ex *server,
+ const Ticket *t, hdb_entry_ex *server,
EncryptedData *ticket, int *kvno)
{
krb5_error_code ret;
use_2b = krb5_config_get_bool(context, NULL, "kdc", "use_2b", spn, NULL);
if(use_2b) {
- ASN1_MALLOC_ENCODE(EncryptedData,
- ticket->cipher.data, ticket->cipher.length,
+ ASN1_MALLOC_ENCODE(EncryptedData,
+ ticket->cipher.data, ticket->cipher.length,
&t->enc_part, &len, ret);
if (ret) {
- kdc_log(context, config, 0,
+ kdc_log(context, config, 0,
"Failed to encode v4 (2b) ticket (%s)", spn);
return ret;
}
return KRB5KDC_ERR_POLICY;
}
- ret = _kdc_encode_v4_ticket(context, config,
+ ret = _kdc_encode_v4_ticket(context, config,
buf + sizeof(buf) - 1, sizeof(buf),
&et, &t->sname, &len);
if(ret){
"no suitable DES key for server (%s)", spn);
return ret;
}
- ret = encrypt_v4_ticket(context, config, buf + sizeof(buf) - len, len,
+ ret = encrypt_v4_ticket(context, config, buf + sizeof(buf) - len, len,
&skey->key, ticket);
if(ret){
kdc_log(context, config, 0,
*/
krb5_error_code
-_kdc_do_524(krb5_context context,
+_kdc_do_524(krb5_context context,
krb5_kdc_configuration *config,
const Ticket *t, krb5_data *reply,
const char *from, struct sockaddr *addr)
unsigned char buf[MAX_KTXT_LEN + 4 * 4];
size_t len;
int kvno = 0;
-
+
if(!config->enable_524) {
ret = KRB5KDC_ERR_POLICY;
kdc_log(context, config, 0,
"Failed to decrypt ticket from %s for %s", from, spn);
goto out;
}
- ret = krb5_decode_EncTicketPart(context, et_data.data, et_data.length,
+ ret = krb5_decode_EncTicketPart(context, et_data.data, et_data.length,
&et, &len);
krb5_data_free(&et_data);
if(ret){
git.samba.org / amitay / samba.git / blobdiff