Connected: An Internet Encyclopedia
A.15. KRB_SAFE and KRB_PRIV common checks

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 1510
Up: A. Pseudo-code for protocol processing
Prev: A.14. KRB_SAFE verification
Next: A.16. KRB_PRIV generation

A.15. KRB_SAFE and KRB_PRIV common checks

A.15. KRB_SAFE and KRB_PRIV common checks

        if (packet.s-address != O/S_sender(packet)) then
            /* O/S report of sender not who claims to have sent it */
            error_out(KRB_AP_ERR_BADADDR);
        endif
        if ((packet.r-address is present) and
            (packet.r-address != local_host_address)) then
                /* was not sent to proper place */
                error_out(KRB_AP_ERR_BADADDR);
        endif
        if (((packet.timestamp is present) and
             (not in_clock_skew(packet.timestamp,packet.usec))) or
            (packet.timestamp is not present and timestamp expected))
                then error_out(KRB_AP_ERR_SKEW);
        endif
        if (repeated(packet.timestamp,packet.usec,packet.s-address))
                then error_out(KRB_AP_ERR_REPEAT);
        endif
        if (((packet.seq-number is present) and
             ((not in_sequence(packet.seq-number)))) or
            (packet.seq-number is not present and sequence expected))
                then error_out(KRB_AP_ERR_BADORDER);
        endif
        if (packet.timestamp not present and
            packet.seq-number not present) then
                error_out(KRB_AP_ERR_MODIFIED);
        endif

        save_identifier(packet.{timestamp,usec,s-address},
                        sender_principal(packet));

        return PACKET_IS_OK;


Next: A.16. KRB_PRIV generation

Connected: An Internet Encyclopedia
A.15. KRB_SAFE and KRB_PRIV common checks