diff options
Diffstat (limited to 'src/lib/krb4/rd_req.c')
-rw-r--r-- | src/lib/krb4/rd_req.c | 47 |
1 files changed, 42 insertions, 5 deletions
diff --git a/src/lib/krb4/rd_req.c b/src/lib/krb4/rd_req.c index 79564e4..a78aadc 100644 --- a/src/lib/krb4/rd_req.c +++ b/src/lib/krb4/rd_req.c @@ -32,6 +32,7 @@ static int st_kvno; /* version number for this key */ static char st_rlm[REALM_SZ]; /* server's realm */ static char st_nam[ANAME_SZ]; /* service name */ static char st_inst[INST_SZ]; /* server's instance */ +static int krb5_key; /* whether krb5 key is used for decrypt */ /* * This file contains two functions. krb_set_key() takes a DES @@ -62,11 +63,18 @@ static char st_inst[INST_SZ]; /* server's instance */ * krb_rd_req(). */ +#include <krb5.h> +static krb5_keyblock srv_k5key; + int krb_set_key(key,cvt) char *key; int cvt; { + if (krb5_key) + /* XXX assumes that context arg is ignored */ + krb5_free_keyblock_contents(NULL, &srv_k5key); + krb5_key = 0; #ifdef NOENCRYPTION memset(ky, 0, sizeof(ky)); return KSUCCESS; @@ -79,6 +87,25 @@ krb_set_key(key,cvt) #endif /* NOENCRYPTION */ } +int +krb_set_key_krb5(ctx, key) + krb5_context ctx; + krb5_keyblock *key; +{ + if (krb5_key) + krb5_free_keyblock_contents(ctx, &srv_k5key); + krb5_key = 1; + return krb5_copy_keyblock_contents(ctx, key, &srv_k5key); +} + +void +krb_clear_key_krb5(ctx) + krb5_context ctx; +{ + if (krb5_key) + krb5_free_keyblock_contents(ctx, &srv_k5key); + krb5_key = 0; +} /* * krb_rd_req() takes an AUTH_MSG_APPL_REQUEST or @@ -234,15 +261,25 @@ krb_rd_req(authent,service,instance,from_addr,ad,fn) /* Decrypt and take apart ticket */ #endif - if (decomp_ticket(tkt,&ad->k_flags,ad->pname,ad->pinst,ad->prealm, - &(ad->address),ad->session, &(ad->life), - &(ad->time_sec),sname,iname,ky,serv_key)) { + if (!krb5_key) { + if (decomp_ticket(tkt,&ad->k_flags,ad->pname,ad->pinst,ad->prealm, + &(ad->address),ad->session, &(ad->life), + &(ad->time_sec),sname,iname,ky,serv_key)) { #ifdef KRB_CRYPT_DEBUG - log("Can't decode ticket"); + log("Can't decode ticket"); #endif - return(RD_AP_UNDEC); + return(RD_AP_UNDEC); + } + } else { + if (decomp_tkt_krb5(tkt, &ad->k_flags, ad->pname, ad->pinst, + ad->prealm, &ad->address, ad->session, + &ad->life, &ad->time_sec, sname, iname, + srv_k5key)) { + return RD_AP_UNDEC; + } } + #ifdef KRB_CRYPT_DEBUG if (krb_ap_req_debug) { log("Ticket Contents."); |