diff options
Diffstat (limited to 'src/lib/krb5/krb/get_in_tkt.c')
-rw-r--r-- | src/lib/krb5/krb/get_in_tkt.c | 69 |
1 files changed, 45 insertions, 24 deletions
diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index c1c6df1..57d0313 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -84,13 +84,13 @@ static krb5_error_code make_preauth_list PROTOTYPE((krb5_context, */ static krb5_error_code send_as_request(context, request, time_now, ret_err_reply, ret_as_reply, - master) + use_master) krb5_context context; krb5_kdc_req *request; krb5_timestamp *time_now; krb5_error ** ret_err_reply; krb5_kdc_rep ** ret_as_reply; - int * master; + int use_master; { krb5_kdc_rep *as_reply = 0; krb5_error_code retval; @@ -116,7 +116,7 @@ send_as_request(context, request, time_now, ret_err_reply, ret_as_reply, k4_version = packet->data[0]; retval = krb5_sendto_kdc(context, packet, krb5_princ_realm(context, request->client), - &reply, master); + &reply, use_master); krb5_free_data(context, packet); if (retval) goto cleanup; @@ -367,7 +367,6 @@ make_preauth_list(context, ptypes, nptypes, ret_list) { krb5_preauthtype * ptypep; krb5_pa_data ** preauthp; - krb5_pa_data ** preauth_to_use; int i; if (nptypes < 0) { @@ -457,12 +456,35 @@ krb5_get_in_tkt(context, options, addrs, ktypes, ptypes, key_proc, keyseed, request.from = creds->times.starttime; request.till = creds->times.endtime; request.rtime = creds->times.renew_till; - if (ktypes) - request.ktype = ktypes; - else - if ((retval = krb5_get_default_in_tkt_ktypes(context, &request.ktype))) - goto cleanup; + if ((retval = krb5_get_default_in_tkt_ktypes(context, &request.ktype))) + goto cleanup; for (request.nktypes = 0;request.ktype[request.nktypes];request.nktypes++); + if (ktypes) { + int i, req, next = 0; + for (req = 0; ktypes[req]; req++) { + if (ktypes[req] == request.ktype[next]) { + next++; + continue; + } + for (i = next + 1; i < request.nktypes; i++) + if (ktypes[req] == request.ktype[i]) { + /* Found the enctype we want, but not in the + position we want. Move it, but keep the old + one from the desired slot around in case it's + later in our requested-ktypes list. */ + krb5_enctype t; + t = request.ktype[next]; + request.ktype[next] = request.ktype[i]; + request.ktype[i] = t; + next++; + break; + } + /* If we didn't find it, don't do anything special, just + drop it. */ + } + request.ktype[next] = 0; + request.nktypes = next; + } request.authorization_data.ciphertext.length = 0; request.authorization_data.ciphertext.data = 0; request.unenc_authdata = 0; @@ -538,7 +560,7 @@ krb5_get_in_tkt(context, options, addrs, ktypes, ptypes, key_proc, keyseed, goto cleanup; cleanup: - if (!ktypes && request.ktype) + if (request.ktype) free(request.ktype); if (!addrs && request.addresses) krb5_free_addresses(context, request.addresses); @@ -559,17 +581,17 @@ cleanup: return (retval); } -/* begin appdefaults parsing code. This should almost certainly move +/* begin libdefaults parsing code. This should almost certainly move somewhere else, but I don't know where the correct somewhere else is yet. */ /* XXX Duplicating this is annoying; try to work on a better way.*/ -static char *conf_yes[] = { +static const char *conf_yes[] = { "y", "yes", "true", "t", "1", "on", 0, }; -static char *conf_no[] = { +static const char *conf_no[] = { "n", "no", "false", "nil", "0", "off", 0, }; @@ -595,7 +617,7 @@ _krb5_conf_boolean(s) } static krb5_error_code -krb5_appdefault_string(context, realm, option, ret_value) +krb5_libdefault_string(context, realm, option, ret_value) krb5_context context; const krb5_data *realm; const char *option; @@ -606,7 +628,6 @@ krb5_appdefault_string(context, realm, option, ret_value) char **nameval = NULL; krb5_error_code retval; char realmstr[1024]; - char **cpp; if (realm->length > sizeof(realmstr)-1) return(EINVAL); @@ -673,7 +694,7 @@ goodbye: /* as well as the DNS code */ krb5_error_code -krb5_appdefault_boolean(context, realm, option, ret_value) +krb5_libdefault_boolean(context, realm, option, ret_value) krb5_context context; const char *option; const krb5_data *realm; @@ -682,7 +703,7 @@ krb5_appdefault_boolean(context, realm, option, ret_value) char *string = NULL; krb5_error_code retval; - retval = krb5_appdefault_string(context, realm, option, &string); + retval = krb5_libdefault_string(context, realm, option, &string); if (retval) return(retval); @@ -696,7 +717,7 @@ krb5_appdefault_boolean(context, realm, option, ret_value) KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_get_init_creds(context, creds, client, prompter, prompter_data, start_time, in_tkt_service, options, gak_fct, gak_data, - master, as_reply) + use_master, as_reply) krb5_context context; krb5_creds *creds; krb5_principal client; @@ -707,7 +728,7 @@ krb5_get_init_creds(context, creds, client, prompter, prompter_data, krb5_get_init_creds_opt *options; krb5_gic_get_as_key_fct gak_fct; void *gak_data; - int *master; + int use_master; krb5_kdc_rep **as_reply; { krb5_error_code ret; @@ -751,7 +772,7 @@ krb5_get_init_creds(context, creds, client, prompter, prompter_data, if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_FORWARDABLE)) tempint = options->forwardable; - else if ((ret = krb5_appdefault_boolean(context, &client->realm, + else if ((ret = krb5_libdefault_boolean(context, &client->realm, "forwardable", &tempint)) == 0) ; else @@ -763,7 +784,7 @@ krb5_get_init_creds(context, creds, client, prompter, prompter_data, if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_PROXIABLE)) tempint = options->proxiable; - else if ((ret = krb5_appdefault_boolean(context, &client->realm, + else if ((ret = krb5_libdefault_boolean(context, &client->realm, "proxiable", &tempint)) == 0) ; else @@ -775,7 +796,7 @@ krb5_get_init_creds(context, creds, client, prompter, prompter_data, if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE)) { renew_life = options->renew_life; - } else if ((ret = krb5_appdefault_string(context, &client->realm, + } else if ((ret = krb5_libdefault_string(context, &client->realm, "renew_lifetime", &tempstr)) == 0) { if (ret = krb5_string_to_deltat(tempstr, &renew_life)) { @@ -868,7 +889,7 @@ krb5_get_init_creds(context, creds, client, prompter, prompter_data, } /* it would be nice if this parsed out an address list, but that would be work. */ - else if (((ret = krb5_appdefault_boolean(context, &client->realm, + else if (((ret = krb5_libdefault_boolean(context, &client->realm, "noaddresses", &tempint)) == 0) && tempint) { ; @@ -923,7 +944,7 @@ krb5_get_init_creds(context, creds, client, prompter, prompter_data, err_reply = 0; local_as_reply = 0; if ((ret = send_as_request(context, &request, &time_now, &err_reply, - &local_as_reply, master))) + &local_as_reply, use_master))) goto cleanup; if (err_reply) { |