diff options
author | Theodore Tso <tytso@mit.edu> | 1999-03-27 03:52:58 +0000 |
---|---|---|
committer | Theodore Tso <tytso@mit.edu> | 1999-03-27 03:52:58 +0000 |
commit | a8be84d0a3f4ee659606260a5ea106a2d95d510f (patch) | |
tree | 25376d76de3c25c57ec3db47b7b9649fd3e7b7c2 /src/lib/gssapi | |
parent | f1eee1d37f0cb7ed53497063f37b1c3fc3eef5a3 (diff) | |
download | krb5-a8be84d0a3f4ee659606260a5ea106a2d95d510f.zip krb5-a8be84d0a3f4ee659606260a5ea106a2d95d510f.tar.gz krb5-a8be84d0a3f4ee659606260a5ea106a2d95d510f.tar.bz2 |
acquire_cred.c (krb5_gss_acquire_cred): Don't use strcmp to compare
against principal components (they aren't null terminated!)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11320 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/gssapi')
-rw-r--r-- | src/lib/gssapi/krb5/ChangeLog | 6 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/acquire_cred.c | 21 |
2 files changed, 21 insertions, 6 deletions
diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index 448c9ab..1ad383a 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,9 @@ +Fri Mar 26 22:17:20 1999 Theodore Y. Ts'o <tytso@mit.edu> + + * acquire_cred.c (krb5_gss_acquire_cred): Don't use strcmp to + compare against principal components (they aren't null + terminated!) + Thu Mar 25 22:43:54 1999 Theodore Y. Ts'o <tytso@mit.edu> * gssapi_krb5.c: Rearrange OID's so that the V1V2 mechanism set diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index f968b7d..b67eb4f 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -144,7 +144,7 @@ acquire_init_cred(context, minor_status, desired_name, output_princ, cred) { krb5_error_code code; krb5_ccache ccache; - krb5_principal princ; + krb5_principal princ, tmp_princ; krb5_flags flags; krb5_cc_cursor cur; krb5_creds creds; @@ -202,12 +202,20 @@ acquire_init_cred(context, minor_status, desired_name, output_princ, cred) got_endtime = 0; + code = krb5_build_principal_ext(context, &tmp_princ, + krb5_princ_realm(context, princ)->length, + krb5_princ_realm(context, princ)->data, + 6, "krbtgt", + krb5_princ_realm(context, princ)->length, + krb5_princ_realm(context, princ)->data, + 0); + if (code) { + (void)krb5_cc_close(context, ccache); + *minor_status = code; + return(GSS_S_FAILURE); + } while (!(code = krb5_cc_next_cred(context, ccache, &cur, &creds))) { - if ((creds.server->length == 2) && - (strcmp(creds.server->realm.data, princ->realm.data) == 0) && - (strcmp((char *) creds.server->data[0].data, "krbtgt") == 0) && - (strcmp((char *) creds.server->data[1].data, - princ->realm.data) == 0)) { + if (krb5_principal_compare(context, tmp_princ, creds.server)) { cred->tgt_expire = creds.times.endtime; got_endtime = 1; *minor_status = 0; @@ -221,6 +229,7 @@ acquire_init_cred(context, minor_status, desired_name, output_princ, cred) } krb5_free_cred_contents(context, &creds); } + krb5_free_principal(context, tmp_princ); if (code && code != KRB5_CC_END) { /* this means some error occurred reading the ccache */ |