oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

(tgs_check_authenticator): RFC1510 doesn't say that the checksum has

Browse Source 
to be keyed, even though later drafts do.  Accept unkeyed checksums to
be compatible with MIT.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@4213 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
1997-12-17 01:34:25 +00:00
parent 54a969bca0
commit 33247b6276
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
kdc/kerberos5.c
View File

@@ -996,8 +996,16 @@ tgs_check_authenticator(krb5_auth_context ac,
ret = KRB5KRB_AP_ERR_INAPP_CKSUM; ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
goto out; goto out;
} }
if (!krb5_checksum_is_keyed(auth->cksum->cksumtype) /*
|| !krb5_checksum_is_collision_proof(auth->cksum->cksumtype)) { * according to RFC1510 it doesn't need to be keyed,
* but according to the latest draft it needs to.
*/
if (
#if 0
!krb5_checksum_is_keyed(auth->cksum->cksumtype)
||
#endif
!krb5_checksum_is_collision_proof(auth->cksum->cksumtype)) {
kdc_log(0, "Bad checksum type in authenticator: %d", kdc_log(0, "Bad checksum type in authenticator: %d",
auth->cksum->cksumtype); auth->cksum->cksumtype);
ret = KRB5KRB_AP_ERR_INAPP_CKSUM; ret = KRB5KRB_AP_ERR_INAPP_CKSUM;