diff options
| author | Luke Howard <lukeh@padl.com> | 2009-08-07 23:24:50 +0000 |
|---|---|---|
| committer | Luke Howard <lukeh@padl.com> | 2009-08-07 23:24:50 +0000 |
| commit | 10b0a521b3cc0094e005deedfb670f261ffb0e4f (patch) | |
| tree | e8b00b992dab521efa14cadc66f8b1aa649ccec9 | |
| parent | 00541e84a76b850f56681f45391c89bb32b480c9 (diff) | |
| download | krb5-10b0a521b3cc0094e005deedfb670f261ffb0e4f.zip krb5-10b0a521b3cc0094e005deedfb670f261ffb0e4f.tar.gz krb5-10b0a521b3cc0094e005deedfb670f261ffb0e4f.tar.bz2 | |
cleanup
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22507 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | src/lib/krb5/krb/s4u_creds.c | 47 |
1 files changed, 20 insertions, 27 deletions
diff --git a/src/lib/krb5/krb/s4u_creds.c b/src/lib/krb5/krb/s4u_creds.c index ecdb20f..3ebe58b 100644 --- a/src/lib/krb5/krb/s4u_creds.c +++ b/src/lib/krb5/krb/s4u_creds.c @@ -401,12 +401,6 @@ verify_s4u2self_reply(krb5_context context, else usage = KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST; - if (!not_newer && - !krb5_c_is_keyed_cksum(rep_s4u_user->cksum.checksum_type)) { - code = KRB5KRB_AP_ERR_INAPP_CKSUM; - goto cleanup; - } - code = krb5_c_verify_checksum(context, subkey, usage, datap, &rep_s4u_user->cksum, &valid); if (code != 0) @@ -420,29 +414,28 @@ verify_s4u2self_reply(krb5_context context, * KDCs that support KRB5_S4U_OPTS_USE_REPLY_KEY_USAGE also return * S4U enc_padata for older (pre-AES) encryption types only. */ - if (not_newer && - (rep_s4u_user->user_id.options & KRB5_S4U_OPTS_USE_REPLY_KEY_USAGE)) { + if (not_newer) { if (enc_s4u_padata == NULL) { - code = KRB5_KDCREP_MODIFIED; - goto cleanup; - } - - /* - * According to the terribly written specification, the value of - * the padata here is the concatenated checksums. Presumably - * this is to avoid a downgrade attack. - */ - if (enc_s4u_padata->length != req_s4u_user->cksum.length + rep_s4u_user->cksum.length) { - code = KRB5_KDCREP_MODIFIED; - goto cleanup; - } - if (memcmp(enc_s4u_padata->contents, - req_s4u_user->cksum.contents, req_s4u_user->cksum.length) || - memcmp(&enc_s4u_padata->contents[req_s4u_user->cksum.length], - rep_s4u_user->cksum.contents, rep_s4u_user->cksum.length)) { - code = KRB5_KDCREP_MODIFIED; - goto cleanup; + if (rep_s4u_user->user_id.options & KRB5_S4U_OPTS_USE_REPLY_KEY_USAGE) { + code = KRB5_KDCREP_MODIFIED; + goto cleanup; + } + } else { + if (enc_s4u_padata->length != req_s4u_user->cksum.length + rep_s4u_user->cksum.length) { + code = KRB5_KDCREP_MODIFIED; + goto cleanup; + } + if (memcmp(enc_s4u_padata->contents, + req_s4u_user->cksum.contents, req_s4u_user->cksum.length) || + memcmp(&enc_s4u_padata->contents[req_s4u_user->cksum.length], + rep_s4u_user->cksum.contents, rep_s4u_user->cksum.length)) { + code = KRB5_KDCREP_MODIFIED; + goto cleanup; + } } + } else if (!krb5_c_is_keyed_cksum(rep_s4u_user->cksum.checksum_type)) { + code = KRB5KRB_AP_ERR_INAPP_CKSUM; + goto cleanup; } cleanup: |