Connected: An Internet Encyclopedia
A.15. KRB_SAFE and KRB_PRIV common checks
Up:
Connected: An Internet Encyclopedia
Up:
Requests For Comments
Up:
RFC 1510
Up:
A. Pseudo-code for protocol processing
Prev: A.14. KRB_SAFE verification
Next: A.16. KRB_PRIV generation
A.15. KRB_SAFE and KRB_PRIV common checks
A.15. KRB_SAFE and KRB_PRIV common checks
if (packet.s-address != O/S_sender(packet)) then
/* O/S report of sender not who claims to have sent it */
error_out(KRB_AP_ERR_BADADDR);
endif
if ((packet.r-address is present) and
(packet.r-address != local_host_address)) then
/* was not sent to proper place */
error_out(KRB_AP_ERR_BADADDR);
endif
if (((packet.timestamp is present) and
(not in_clock_skew(packet.timestamp,packet.usec))) or
(packet.timestamp is not present and timestamp expected))
then error_out(KRB_AP_ERR_SKEW);
endif
if (repeated(packet.timestamp,packet.usec,packet.s-address))
then error_out(KRB_AP_ERR_REPEAT);
endif
if (((packet.seq-number is present) and
((not in_sequence(packet.seq-number)))) or
(packet.seq-number is not present and sequence expected))
then error_out(KRB_AP_ERR_BADORDER);
endif
if (packet.timestamp not present and
packet.seq-number not present) then
error_out(KRB_AP_ERR_MODIFIED);
endif
save_identifier(packet.{timestamp,usec,s-address},
sender_principal(packet));
return PACKET_IS_OK;
Next: A.16. KRB_PRIV generation
Connected: An Internet Encyclopedia
A.15. KRB_SAFE and KRB_PRIV common checks