diff options
| author | John Carr <jfc@mit.edu> | 1992-03-12 02:27:21 +0000 |
|---|---|---|
| committer | John Carr <jfc@mit.edu> | 1992-03-12 02:27:21 +0000 |
| commit | ac95879c428c3db6d8172b106ed54f8e8abdfda1 (patch) | |
| tree | 4a7b9bc4551f1631bf8ff2d81fb307d6b14e2c14 /src/kdc/kdc_util.c | |
| parent | 7c2f60eeff138f9c488fab1ccb57dfdc2457739c (diff) | |
| download | krb5-ac95879c428c3db6d8172b106ed54f8e8abdfda1.zip krb5-ac95879c428c3db6d8172b106ed54f8e8abdfda1.tar.gz krb5-ac95879c428c3db6d8172b106ed54f8e8abdfda1.tar.bz2 | |
Make sure the ticket in the TGS request is for the ticket granting service.
Add local variable for encrypted ticket pointer.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2255 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kdc/kdc_util.c')
| -rw-r--r-- | src/kdc/kdc_util.c | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index a000a2a..19dd720 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -58,9 +58,11 @@ krb5_authdata ***output; /* count up the entries */ i = 0; if (first) - for (ptr = first; *ptr; ptr++,i++); + for (ptr = first; *ptr; ptr++) + i++; if (second) - for (ptr = second; *ptr; ptr++,i++); + for (ptr = second; *ptr; ptr++) + i++; retdata = (krb5_authdata **)malloc((i+1)*sizeof(*retdata)); if (!retdata) @@ -148,6 +150,7 @@ krb5_tkt_authent **ret_authdat; krb5_data *scratch, scratch2; krb5_pa_data **tmppa; krb5_boolean local_client = TRUE; + krb5_enc_tkt_part *ticket_enc; if (!request->padata) return KRB5KDC_ERR_PADATA_TYPE_NOSUPP; @@ -175,6 +178,13 @@ krb5_tkt_authent **ret_authdat; authdat->ticket = apreq->ticket; *ret_authdat = authdat; + /* Verify that the server principal in authdat->ticket is + the ticket granting service. */ + if (! krb5_principal_compare (authdat->ticket->server, tgs_server)) { + cleanup_apreq(); + return KRB5KRB_AP_ERR_NOT_US; + } + if (isflagset(apreq->ap_options, AP_OPTS_USE_SESSION_KEY) || isflagset(apreq->ap_options, AP_OPTS_MUTUAL_REQUIRED)) { cleanup_apreq(); @@ -224,14 +234,14 @@ krb5_tkt_authent **ret_authdat; #undef cleanup_apreq authdat = nauthdat; *ret_authdat = authdat; + ticket_enc = authdat->ticket->enc_part2; /* now rearrange output from rd_req_decoded */ /* make sure the client is of proper lineage (see above) */ if (!local_client && - (authdat->ticket->enc_part2->client[0]->length == - tgs_server[0]->length) && - !memcmp(authdat->ticket->enc_part2->client[0]->data, + (ticket_enc->client[0]->length == tgs_server[0]->length) && + !memcmp(ticket_enc->client[0]->data, tgs_server[0]->data, tgs_server[0]->length)) { /* someone in a foreign realm claiming to be local */ @@ -265,8 +275,8 @@ krb5_tkt_authent **ret_authdat; if (retval = krb5_calculate_checksum(our_cksum.checksum_type, scratch->data, scratch->length, - authdat->ticket->enc_part2->session->contents, /* seed */ - authdat->ticket->enc_part2->session->length, /* seed length */ + ticket_enc->session->contents, /* seed */ + ticket_enc->session->length, /* seed length */ &our_cksum)) { xfree(our_cksum.contents); krb5_free_data(scratch); |