oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Ensure all calls to rk_dns_lookup are headed by a block_dns check.

Browse Source 
Exception: In lib/kafs/common.c, we don't have a krb5_context in
which to check.
This commit is contained in:
Taylor R Campbell
2023-06-09 00:09:59 +00:00
committed by Nico Williams
parent fd77c4000d
commit 19505537fd
3 changed files with 24 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/krb5/krbhst.c
View File

@@ -795,7 +795,9 @@ kdc_get_next(krb5_context context,
return KRB5_KDC_UNREACH;
}
if(context->srv_lookup) {
if (krb5_config_get_bool(context, NULL, "libdefaults", "block_dns",
NULL) &&
context->srv_lookup) {
if(kd->sitename && (kd->flags & KD_SITE_SRV_TCP) == 0) {
srv_get_hosts(context, kd, kd->sitename, "tcp", "kerberos");
kd->flags |= KD_SITE_SRV_TCP;
@@ -867,7 +869,9 @@ admin_get_next(krb5_context context,
return KRB5_KDC_UNREACH;
}
if(context->srv_lookup) {
if (krb5_config_get_bool(context, NULL, "libdefaults", "block_dns",
NULL) &&
context->srv_lookup) {
if((kd->flags & KD_SRV_TCP) == 0) {
srv_get_hosts(context, kd, NULL, "tcp", kd->srv_label);
kd->flags |= KD_SRV_TCP;
@@ -921,7 +925,9 @@ kpasswd_get_next(krb5_context context,
return KRB5_KDC_UNREACH;
}
if(context->srv_lookup) {
if (krb5_config_get_bool(context, NULL, "libdefaults", "block_dns",
NULL) &&
context->srv_lookup) {
if((kd->flags & KD_SRV_UDP) == 0) {
srv_get_hosts(context, kd, NULL, "udp", kd->srv_label);
kd->flags |= KD_SRV_UDP;