oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

(check_flags): handle NULL client or server

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@5311 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
1999-01-30 19:35:53 +00:00
parent e38da30adb
commit 34ea75f10f
1 changed files with 49 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

94
kdc/kerberos5.c
View File

@@ -314,64 +314,68 @@ check_flags(hdb_entry *client, const char *client_name,
krb5_boolean is_as_req) krb5_boolean is_as_req)
{ {
/* check client */ /* check client */
if (client->flags.invalid) { if (client != NULL) {
kdc_log(0, "Client (%s) has invalid bit set", client_name); if (client->flags.invalid) {
return KRB5KDC_ERR_POLICY; kdc_log(0, "Client (%s) has invalid bit set", client_name);
} return KRB5KDC_ERR_POLICY;
}
if(!client->flags.client){ if(!client->flags.client){
kdc_log(0, "Principal may not act as client -- %s", kdc_log(0, "Principal may not act as client -- %s",
client_name); client_name);
return KRB5KDC_ERR_POLICY; return KRB5KDC_ERR_POLICY;
} }
if (client->valid_start && *client->valid_start > kdc_time) { if (client->valid_start && *client->valid_start > kdc_time) {
kdc_log(0, "Client not yet valid -- %s", client_name); kdc_log(0, "Client not yet valid -- %s", client_name);
return KRB5KDC_ERR_CLIENT_NOTYET; return KRB5KDC_ERR_CLIENT_NOTYET;
} }
if (client->valid_end && *client->valid_end < kdc_time) { if (client->valid_end && *client->valid_end < kdc_time) {
kdc_log(0, "Client expired -- %s", client_name); kdc_log(0, "Client expired -- %s", client_name);
return KRB5KDC_ERR_NAME_EXP; return KRB5KDC_ERR_NAME_EXP;
} }
if (client->pw_end && *client->pw_end < kdc_time if (client->pw_end && *client->pw_end < kdc_time
&& !server->flags.change_pw) { && !server->flags.change_pw) {
kdc_log(0, "Client's key has expired -- %s", client_name); kdc_log(0, "Client's key has expired -- %s", client_name);
return KRB5KDC_ERR_KEY_EXPIRED; return KRB5KDC_ERR_KEY_EXPIRED;
}
} }
/* check server */ /* check server */
if (server->flags.invalid) { if (server != NULL) {
kdc_log(0, "Server has invalid flag set -- %s", server_name); if (server->flags.invalid) {
return KRB5KDC_ERR_POLICY; kdc_log(0, "Server has invalid flag set -- %s", server_name);
} return KRB5KDC_ERR_POLICY;
}
if(!server->flags.server){ if(!server->flags.server){
kdc_log(0, "Principal may not act as server -- %s", kdc_log(0, "Principal may not act as server -- %s",
server_name); server_name);
return KRB5KDC_ERR_POLICY; return KRB5KDC_ERR_POLICY;
} }
if(!is_as_req && server->flags.initial) { if(!is_as_req && server->flags.initial) {
kdc_log(0, "AS-REQ is required for server -- %s", server_name); kdc_log(0, "AS-REQ is required for server -- %s", server_name);
return KRB5KDC_ERR_POLICY; return KRB5KDC_ERR_POLICY;
} }
if (server->valid_start && *server->valid_start > kdc_time) { if (server->valid_start && *server->valid_start > kdc_time) {
kdc_log(0, "Server not yet valid -- %s", server_name); kdc_log(0, "Server not yet valid -- %s", server_name);
return KRB5KDC_ERR_SERVICE_NOTYET; return KRB5KDC_ERR_SERVICE_NOTYET;
} }
if (server->valid_end && *server->valid_end < kdc_time) { if (server->valid_end && *server->valid_end < kdc_time) {
kdc_log(0, "Server expired -- %s", server_name); kdc_log(0, "Server expired -- %s", server_name);
return KRB5KDC_ERR_SERVICE_EXP; return KRB5KDC_ERR_SERVICE_EXP;
} }
if (server->pw_end && *server->pw_end < kdc_time) { if (server->pw_end && *server->pw_end < kdc_time) {
kdc_log(0, "Server's key has expired -- %s", server_name); kdc_log(0, "Server's key has expired -- %s", server_name);
return KRB5KDC_ERR_KEY_EXPIRED; return KRB5KDC_ERR_KEY_EXPIRED;
}
} }
return 0; return 0;
} }