oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Ensure all calls to rk_dns_lookup are headed by a block_dns check.

Browse Source 
Exception: In lib/kafs/common.c, we don't have a krb5_context in
which to check.
This commit is contained in:
Taylor R Campbell
2023-06-09 00:09:59 +00:00
committed by Nico Williams
parent fd77c4000d
commit 19505537fd
3 changed files with 24 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
kdc/altsecid_gss_preauth_authorizer.c
View File

@@ -167,6 +167,13 @@ ad_connect(krb5_context context,
} *s, *servers = NULL;
size_t i, num_servers = 0;
if (krb5_config_get_bool(context, NULL, "libdefaults", "block_dns",
NULL)) {
ret = KRB5KDC_ERR_SVC_UNAVAILABLE;
krb5_set_error_message(context, ret, "DNS blocked when finding AD DC");
return ret;
}
{
struct rk_dns_reply *r;
struct rk_resource_record *rr;