aboutsummaryrefslogtreecommitdiff
path: root/src/lib/krb5/krb/get_in_tkt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/krb5/krb/get_in_tkt.c')
-rw-r--r--src/lib/krb5/krb/get_in_tkt.c69
1 files changed, 45 insertions, 24 deletions
diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index c1c6df1..57d0313 100644
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -84,13 +84,13 @@ static krb5_error_code make_preauth_list PROTOTYPE((krb5_context,
*/
static krb5_error_code
send_as_request(context, request, time_now, ret_err_reply, ret_as_reply,
- master)
+ use_master)
krb5_context context;
krb5_kdc_req *request;
krb5_timestamp *time_now;
krb5_error ** ret_err_reply;
krb5_kdc_rep ** ret_as_reply;
- int * master;
+ int use_master;
{
krb5_kdc_rep *as_reply = 0;
krb5_error_code retval;
@@ -116,7 +116,7 @@ send_as_request(context, request, time_now, ret_err_reply, ret_as_reply,
k4_version = packet->data[0];
retval = krb5_sendto_kdc(context, packet,
krb5_princ_realm(context, request->client),
- &reply, master);
+ &reply, use_master);
krb5_free_data(context, packet);
if (retval)
goto cleanup;
@@ -367,7 +367,6 @@ make_preauth_list(context, ptypes, nptypes, ret_list)
{
krb5_preauthtype * ptypep;
krb5_pa_data ** preauthp;
- krb5_pa_data ** preauth_to_use;
int i;
if (nptypes < 0) {
@@ -457,12 +456,35 @@ krb5_get_in_tkt(context, options, addrs, ktypes, ptypes, key_proc, keyseed,
request.from = creds->times.starttime;
request.till = creds->times.endtime;
request.rtime = creds->times.renew_till;
- if (ktypes)
- request.ktype = ktypes;
- else
- if ((retval = krb5_get_default_in_tkt_ktypes(context, &request.ktype)))
- goto cleanup;
+ if ((retval = krb5_get_default_in_tkt_ktypes(context, &request.ktype)))
+ goto cleanup;
for (request.nktypes = 0;request.ktype[request.nktypes];request.nktypes++);
+ if (ktypes) {
+ int i, req, next = 0;
+ for (req = 0; ktypes[req]; req++) {
+ if (ktypes[req] == request.ktype[next]) {
+ next++;
+ continue;
+ }
+ for (i = next + 1; i < request.nktypes; i++)
+ if (ktypes[req] == request.ktype[i]) {
+ /* Found the enctype we want, but not in the
+ position we want. Move it, but keep the old
+ one from the desired slot around in case it's
+ later in our requested-ktypes list. */
+ krb5_enctype t;
+ t = request.ktype[next];
+ request.ktype[next] = request.ktype[i];
+ request.ktype[i] = t;
+ next++;
+ break;
+ }
+ /* If we didn't find it, don't do anything special, just
+ drop it. */
+ }
+ request.ktype[next] = 0;
+ request.nktypes = next;
+ }
request.authorization_data.ciphertext.length = 0;
request.authorization_data.ciphertext.data = 0;
request.unenc_authdata = 0;
@@ -538,7 +560,7 @@ krb5_get_in_tkt(context, options, addrs, ktypes, ptypes, key_proc, keyseed,
goto cleanup;
cleanup:
- if (!ktypes && request.ktype)
+ if (request.ktype)
free(request.ktype);
if (!addrs && request.addresses)
krb5_free_addresses(context, request.addresses);
@@ -559,17 +581,17 @@ cleanup:
return (retval);
}
-/* begin appdefaults parsing code. This should almost certainly move
+/* begin libdefaults parsing code. This should almost certainly move
somewhere else, but I don't know where the correct somewhere else
is yet. */
/* XXX Duplicating this is annoying; try to work on a better way.*/
-static char *conf_yes[] = {
+static const char *conf_yes[] = {
"y", "yes", "true", "t", "1", "on",
0,
};
-static char *conf_no[] = {
+static const char *conf_no[] = {
"n", "no", "false", "nil", "0", "off",
0,
};
@@ -595,7 +617,7 @@ _krb5_conf_boolean(s)
}
static krb5_error_code
-krb5_appdefault_string(context, realm, option, ret_value)
+krb5_libdefault_string(context, realm, option, ret_value)
krb5_context context;
const krb5_data *realm;
const char *option;
@@ -606,7 +628,6 @@ krb5_appdefault_string(context, realm, option, ret_value)
char **nameval = NULL;
krb5_error_code retval;
char realmstr[1024];
- char **cpp;
if (realm->length > sizeof(realmstr)-1)
return(EINVAL);
@@ -673,7 +694,7 @@ goodbye:
/* as well as the DNS code */
krb5_error_code
-krb5_appdefault_boolean(context, realm, option, ret_value)
+krb5_libdefault_boolean(context, realm, option, ret_value)
krb5_context context;
const char *option;
const krb5_data *realm;
@@ -682,7 +703,7 @@ krb5_appdefault_boolean(context, realm, option, ret_value)
char *string = NULL;
krb5_error_code retval;
- retval = krb5_appdefault_string(context, realm, option, &string);
+ retval = krb5_libdefault_string(context, realm, option, &string);
if (retval)
return(retval);
@@ -696,7 +717,7 @@ krb5_appdefault_boolean(context, realm, option, ret_value)
KRB5_DLLIMP krb5_error_code KRB5_CALLCONV
krb5_get_init_creds(context, creds, client, prompter, prompter_data,
start_time, in_tkt_service, options, gak_fct, gak_data,
- master, as_reply)
+ use_master, as_reply)
krb5_context context;
krb5_creds *creds;
krb5_principal client;
@@ -707,7 +728,7 @@ krb5_get_init_creds(context, creds, client, prompter, prompter_data,
krb5_get_init_creds_opt *options;
krb5_gic_get_as_key_fct gak_fct;
void *gak_data;
- int *master;
+ int use_master;
krb5_kdc_rep **as_reply;
{
krb5_error_code ret;
@@ -751,7 +772,7 @@ krb5_get_init_creds(context, creds, client, prompter, prompter_data,
if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_FORWARDABLE))
tempint = options->forwardable;
- else if ((ret = krb5_appdefault_boolean(context, &client->realm,
+ else if ((ret = krb5_libdefault_boolean(context, &client->realm,
"forwardable", &tempint)) == 0)
;
else
@@ -763,7 +784,7 @@ krb5_get_init_creds(context, creds, client, prompter, prompter_data,
if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_PROXIABLE))
tempint = options->proxiable;
- else if ((ret = krb5_appdefault_boolean(context, &client->realm,
+ else if ((ret = krb5_libdefault_boolean(context, &client->realm,
"proxiable", &tempint)) == 0)
;
else
@@ -775,7 +796,7 @@ krb5_get_init_creds(context, creds, client, prompter, prompter_data,
if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE)) {
renew_life = options->renew_life;
- } else if ((ret = krb5_appdefault_string(context, &client->realm,
+ } else if ((ret = krb5_libdefault_string(context, &client->realm,
"renew_lifetime", &tempstr))
== 0) {
if (ret = krb5_string_to_deltat(tempstr, &renew_life)) {
@@ -868,7 +889,7 @@ krb5_get_init_creds(context, creds, client, prompter, prompter_data,
}
/* it would be nice if this parsed out an address list, but
that would be work. */
- else if (((ret = krb5_appdefault_boolean(context, &client->realm,
+ else if (((ret = krb5_libdefault_boolean(context, &client->realm,
"noaddresses", &tempint)) == 0)
&& tempint) {
;
@@ -923,7 +944,7 @@ krb5_get_init_creds(context, creds, client, prompter, prompter_data,
err_reply = 0;
local_as_reply = 0;
if ((ret = send_as_request(context, &request, &time_now, &err_reply,
- &local_as_reply, master)))
+ &local_as_reply, use_master)))
goto cleanup;
if (err_reply) {
generated by cgit v1.1 at 2024-08-01 12:33:57 +0000