oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

better error message, try to handle server referrals slightly better.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22760 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2008-03-24 12:08:51 +00:00
parent 70a94ea7d9
commit 090f16f717
1 changed files with 10 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
lib/krb5/get_in_tkt.c
View File

@@ -87,7 +87,7 @@ check_server_referral(krb5_context context,
size_t len; size_t len;
krb5_data data; krb5_data data;
PA_DATA *pa; PA_DATA *pa;
int i = 0; int i = 0, cmp;
if (rep->kdc_rep.padata == NULL) if (rep->kdc_rep.padata == NULL)
goto noreferral; goto noreferral;
@@ -133,34 +133,25 @@ check_server_referral(krb5_context context,
} }
krb5_data_free(&data); krb5_data_free(&data);
printf("encrypted SERVER REFERRAL data ok\n");
if (ref.requested_principal_name == NULL || ref.referred_realm == NULL) { if (ref.requested_principal_name == NULL || ref.referred_realm == NULL) {
free_PA_ServerReferralData(&ref); free_PA_ServerReferralData(&ref);
krb5_set_error_string(context, "req princ missing"); krb5_set_error_string(context, "req princ missing");
return KRB5KRB_AP_ERR_MODIFIED; return KRB5KRB_AP_ERR_MODIFIED;
} }
ret = _krb5_principalname2krb5_principal(context, &principal, cmp = _krb5_principal_compare_PrincipalName(context,
*ref.requested_principal_name, *ref.requested_principal_name,
requested->realm); requested);
if (ret) {
free_PA_ServerReferralData(&ref);
return ret;
}
ret = krb5_principal_compare(context, principal, requested);
krb5_free_principal(context, principal);
free_PA_ServerReferralData(&ref); free_PA_ServerReferralData(&ref);
if (!cmp) {
printf("referrals request match ? %d\n", ret); krb5_set_error_string(context, "krb5_principal_compare princ missing");
return KRB5KRB_AP_ERR_MODIFIED;
ret = 0; }
return ret; return ret;
noreferral: noreferral:
if (krb5_principal_compare(context, requested, returned) == FALSE) { if (krb5_principal_compare(context, requested, returned) == FALSE) {
krb5_set_error_string(context, "Not same principal returned " krb5_set_error_string(context, "Not same server principal returned "
"as requested"); "as requested");
return KRB5KRB_AP_ERR_MODIFIED; return KRB5KRB_AP_ERR_MODIFIED;
} }
@@ -257,7 +248,7 @@ check_client_referral(krb5_context context,
noreferral: noreferral:
if (krb5_principal_compare(context, requested, mapped) == FALSE) { if (krb5_principal_compare(context, requested, mapped) == FALSE) {
krb5_set_error_string(context, "Not same principal returned " krb5_set_error_string(context, "Not same client principal returned "
"as requested"); "as requested");
return KRB5KRB_AP_ERR_MODIFIED; return KRB5KRB_AP_ERR_MODIFIED;
} }