oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Check database when converting v4 principals.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@3079 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
1997-08-21 18:49:54 +00:00
parent 6d2ac84132
commit 0694fa6a88
1 changed files with 36 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

86
kdc/kerberos4.c
View File

@@ -72,6 +72,33 @@ make_err_reply(krb5_data *reply, int code, const char *msg)
krb5_data_copy(reply, er.dat, er.length); krb5_data_copy(reply, er.dat, er.length);
} }
static krb5_boolean
valid_princ(krb5_context context, krb5_principal princ)
{
hdb_entry *ent = db_fetch(princ);
if(ent == NULL)
return 0;
hdb_free_entry(context, ent);
free(ent);
return 1;
}
static hdb_entry*
db_fetch4(const char *name, const char *instance, const char *realm)
{
krb5_principal p;
hdb_entry *ent;
krb5_error_code ret;
ret = krb5_425_conv_principal_ext(context, name, instance, realm,
valid_princ, 0, &p);
if(ret)
return NULL;
ent = db_fetch(p);
krb5_free_principal(context, p);
return ent;
}
#define RCHECK(X, L) if(X){make_err_reply(reply, KFAILURE, "Packet too short"); goto L;} #define RCHECK(X, L) if(X){make_err_reply(reply, KFAILURE, "Packet too short"); goto L;}
krb5_error_code krb5_error_code
@@ -83,7 +110,6 @@ do_version4(unsigned char *buf,
{ {
krb5_storage *sp; krb5_storage *sp;
krb5_error_code ret; krb5_error_code ret;
krb5_principal client_princ = NULL, server_princ = NULL;
hdb_entry *client = NULL, *server = NULL; hdb_entry *client = NULL, *server = NULL;
Key *ckey, *skey, *ekey; Key *ckey, *skey, *ekey;
int8_t pvno; int8_t pvno;
@@ -119,35 +145,14 @@ do_version4(unsigned char *buf,
kdc_log(0, "AS-REQ %s.%s@%s from %s for %s.%s", kdc_log(0, "AS-REQ %s.%s@%s from %s for %s.%s",
name, inst, realm, from, sname, sinst); name, inst, realm, from, sname, sinst);
ret = krb5_425_conv_principal(context, name, inst, realm, client = db_fetch4(name, inst, realm);
&client_princ);
if(ret){
kdc_log(0, "Converting client principal: %s",
krb5_get_err_text(context, ret));
make_err_reply(reply, KFAILURE,
"Failed to convert v4 principal (client)");
goto out1;
}
ret = krb5_425_conv_principal(context, sname, sinst, v4_realm,
&server_princ);
if(ret){
kdc_log(0, "Converting server principal: %s",
krb5_get_err_text(context, ret));
make_err_reply(reply, KFAILURE,
"Failed to convert v4 principal (server)");
goto out1;
}
client = db_fetch(client_princ);
if(client == NULL){ if(client == NULL){
kdc_log(0, "Client not found in database: %s.%s@%s", kdc_log(0, "Client not found in database: %s.%s@%s",
name, inst, realm); name, inst, realm);
make_err_reply(reply, KERB_ERR_PRINCIPAL_UNKNOWN, NULL); make_err_reply(reply, KERB_ERR_PRINCIPAL_UNKNOWN, NULL);
goto out1; goto out1;
} }
server = db_fetch(server_princ); server = db_fetch4(sname, sinst, v4_realm);
if(server == NULL){ if(server == NULL){
kdc_log(0, "Server not found in database: %s.%s@%s", kdc_log(0, "Server not found in database: %s.%s@%s",
sname, sinst, v4_realm); sname, sinst, v4_realm);
@@ -317,17 +322,8 @@ do_version4(unsigned char *buf,
goto out2; goto out2;
} }
ret = krb5_425_conv_principal(context, ad.pname, ad.pinst, ad.prealm, #if 0
&client_princ); client = db_fetch4(ad.pname, ad.pinst, ad.prealm);
if(ret){
kdc_log(0, "Converting client principal: %s",
krb5_get_err_text(context, ret));
make_err_reply(reply, KFAILURE,
"Failed to convert v4 principal (client)");
goto out2;
}
client = db_fetch(client_princ);
if(client == NULL){ if(client == NULL){
char *s; char *s;
s = kdc_log_msg(0, "Client not found in database: %s.%s@%s", s = kdc_log_msg(0, "Client not found in database: %s.%s@%s",
@@ -336,17 +332,9 @@ do_version4(unsigned char *buf,
free(s); free(s);
goto out2; goto out2;
} }
#endif
ret = krb5_425_conv_principal(context, sname, sinst, v4_realm, server = db_fetch4(sname, sinst, v4_realm);
&server_princ);
if(ret){
kdc_log(0, "Converting server principal: %s",
krb5_get_err_text(context, ret));
make_err_reply(reply, KFAILURE,
"Failed to convert v4 principal (server)");
goto out2;
}
server = db_fetch(server_princ);
if(server == NULL){ if(server == NULL){
char *s; char *s;
s = kdc_log_msg(0, "Server not found in database: %s.%s@%s", s = kdc_log_msg(0, "Server not found in database: %s.%s@%s",
@@ -361,7 +349,7 @@ do_version4(unsigned char *buf,
kdc_log(0, "%s", krb5_get_err_text(context, ret)); kdc_log(0, "%s", krb5_get_err_text(context, ret));
/* XXX */ /* XXX */
make_err_reply(reply, KDC_NULL_KEY, make_err_reply(reply, KDC_NULL_KEY,
"No DES key in database (server)"); "Server has no DES key");
goto out2; goto out2;
} }
@@ -369,8 +357,10 @@ do_version4(unsigned char *buf,
max_life = min(max_life, krb_life_to_time(kdc_time, life)); max_life = min(max_life, krb_life_to_time(kdc_time, life));
life = min(life, krb_time_to_life(kdc_time, max_life)); life = min(life, krb_time_to_life(kdc_time, max_life));
max_life = krb_life_to_time(0, life); max_life = krb_life_to_time(0, life);
#if 0
if(client->max_life) if(client->max_life)
max_life = min(max_life, *client->max_life); max_life = min(max_life, *client->max_life);
#endif
if(server->max_life) if(server->max_life)
max_life = min(max_life, *server->max_life); max_life = min(max_life, *server->max_life);
@@ -428,10 +418,6 @@ out:
free(sname); free(sname);
if(sinst) if(sinst)
free(sinst); free(sinst);
if(client_princ)
krb5_free_principal(context, client_princ);
if(server_princ)
krb5_free_principal(context, server_princ);
if(client){ if(client){
hdb_free_entry(context, client); hdb_free_entry(context, client);
free(client); free(client);