oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kdc: Fix _kdc_audit_addaddrs() buglet

Browse Source
This commit is contained in:
Nicolas Williams
2021-06-21 22:19:31 -05:00
parent 0452d8c601
commit 1870584d22
2 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
kdc/process.c
View File

@@ -113,7 +113,7 @@ _kdc_audit_addaddrs(kdc_request_t r, HostAddresses *a, const char *key)
} }
for (i = 0; i < 3 && i < a->len; i++) { for (i = 0; i < 3 && i < a->len; i++) {
if (krb5_print_address(&a->val[0], buf, sizeof(buf), NULL) == 0) if (krb5_print_address(&a->val[i], buf, sizeof(buf), NULL) == 0)
_kdc_audit_addkv(r, 0, key, "%s", buf); _kdc_audit_addkv(r, 0, key, "%s", buf);
} }
} }

5
tests/kdc/check-bx509.in
View File

@@ -556,7 +556,7 @@ if ! (set -vx;
curl -o "${cachefile}" -Lgsf \ curl -o "${cachefile}" -Lgsf \
--resolve ${server}:${bx509port}:127.0.0.1 \ --resolve ${server}:${bx509port}:127.0.0.1 \
-H "Authorization: Negotiate $token" \ -H "Authorization: Negotiate $token" \
"http://${server}:${bx509port}/get-tgt?cname=bar@${R}&address=8.8.8.8&lifetime=5d"); then "http://${server}:${bx509port}/get-tgt?cname=bar@${R}&address=8.8.8.8&address=8.9.10.11&address=11.11.11.11&address=12.12.12.12&lifetime=5d"); then
echo "Failed to get a TGT with /get-tgt end-point" echo "Failed to get a TGT with /get-tgt end-point"
exit 2 exit 2
fi fi
@@ -589,7 +589,8 @@ ${kgetcred} -H HTTP/${server}@${R} ||
KRB5CCNAME=$cache $gsstoken HTTP@$server | KRB5_KTNAME="$keytab" $gsstoken -r || KRB5CCNAME=$cache $gsstoken HTTP@$server | KRB5_KTNAME="$keytab" $gsstoken -r ||
{ echo "Trivial offline CA test failed (gss-token)"; exit 2; } { echo "Trivial offline CA test failed (gss-token)"; exit 2; }
grep 'REQ.*wrongaddr' ${objdir}/messages.log || # Check that we get up to three tixaddrs k/v in the log
grep 'REQ.*numtixaddrs=4 tixaddrs=IPv4:8.8.8.8 tixaddrs=IPv4:8.9.10.11 tixaddrs=IPv4:11.11.11.11 wrongaddr=yes' ${objdir}/messages.log ||
{ echo "KDC not warning about requests from wrong address"; exit 2; } { echo "KDC not warning about requests from wrong address"; exit 2; }
echo "Fetching a Negotiate token" echo "Fetching a Negotiate token"