kdc: Fix _kdc_audit_addaddrs() buglet

This commit is contained in:
Nicolas Williams
2021-06-21 22:19:31 -05:00
parent 0452d8c601
commit 1870584d22
2 changed files with 4 additions and 3 deletions

View File

@@ -113,7 +113,7 @@ _kdc_audit_addaddrs(kdc_request_t r, HostAddresses *a, const char *key)
}
for (i = 0; i < 3 && i < a->len; i++) {
if (krb5_print_address(&a->val[0], buf, sizeof(buf), NULL) == 0)
if (krb5_print_address(&a->val[i], buf, sizeof(buf), NULL) == 0)
_kdc_audit_addkv(r, 0, key, "%s", buf);
}
}

View File

@@ -556,7 +556,7 @@ if ! (set -vx;
curl -o "${cachefile}" -Lgsf \
--resolve ${server}:${bx509port}:127.0.0.1 \
-H "Authorization: Negotiate $token" \
"http://${server}:${bx509port}/get-tgt?cname=bar@${R}&address=8.8.8.8&lifetime=5d"); then
"http://${server}:${bx509port}/get-tgt?cname=bar@${R}&address=8.8.8.8&address=8.9.10.11&address=11.11.11.11&address=12.12.12.12&lifetime=5d"); then
echo "Failed to get a TGT with /get-tgt end-point"
exit 2
fi
@@ -589,7 +589,8 @@ ${kgetcred} -H HTTP/${server}@${R} ||
KRB5CCNAME=$cache $gsstoken HTTP@$server | KRB5_KTNAME="$keytab" $gsstoken -r ||
{ echo "Trivial offline CA test failed (gss-token)"; exit 2; }
grep 'REQ.*wrongaddr' ${objdir}/messages.log ||
# Check that we get up to three tixaddrs k/v in the log
grep 'REQ.*numtixaddrs=4 tixaddrs=IPv4:8.8.8.8 tixaddrs=IPv4:8.9.10.11 tixaddrs=IPv4:11.11.11.11 wrongaddr=yes' ${objdir}/messages.log ||
{ echo "KDC not warning about requests from wrong address"; exit 2; }
echo "Fetching a Negotiate token"