bug-compatible with MIT
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2255 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
@@ -17,16 +17,9 @@ krb5_mk_safe(krb5_context context,
|
|||||||
size_t len;
|
size_t len;
|
||||||
unsigned tmp_seq;
|
unsigned tmp_seq;
|
||||||
|
|
||||||
r = krb5_create_checksum (context,
|
|
||||||
auth_context->cksumtype,
|
|
||||||
userdata->data,
|
|
||||||
userdata->length,
|
|
||||||
&s.cksum);
|
|
||||||
if (r)
|
|
||||||
return r;
|
|
||||||
|
|
||||||
s.pvno = 5;
|
s.pvno = 5;
|
||||||
s.msg_type = krb_safe;
|
s.msg_type = krb_safe;
|
||||||
|
|
||||||
s.safe_body.user_data = *userdata;
|
s.safe_body.user_data = *userdata;
|
||||||
gettimeofday (&tv, NULL);
|
gettimeofday (&tv, NULL);
|
||||||
usec = tv.tv_usec;
|
usec = tv.tv_usec;
|
||||||
@@ -41,9 +34,31 @@ krb5_mk_safe(krb5_context context,
|
|||||||
s.safe_body.s_address = auth_context->local_address;
|
s.safe_body.s_address = auth_context->local_address;
|
||||||
s.safe_body.r_address = auth_context->remote_address;
|
s.safe_body.r_address = auth_context->remote_address;
|
||||||
|
|
||||||
|
s.cksum.cksumtype = 0;
|
||||||
|
s.cksum.checksum.data = NULL;
|
||||||
|
s.cksum.checksum.length = 0;
|
||||||
|
|
||||||
|
r = encode_KRB_SAFE (buf + sizeof(buf) - 1,
|
||||||
|
sizeof(buf),
|
||||||
|
&s,
|
||||||
|
&len);
|
||||||
|
|
||||||
|
if (r)
|
||||||
|
return r;
|
||||||
|
|
||||||
|
r = krb5_create_checksum (context,
|
||||||
|
auth_context->cksumtype,
|
||||||
|
buf + sizeof(buf) - len,
|
||||||
|
len,
|
||||||
|
&auth_context->key,
|
||||||
|
&s.cksum);
|
||||||
|
if (r)
|
||||||
|
return r;
|
||||||
|
|
||||||
r = encode_KRB_SAFE (buf + sizeof(buf) - 1, sizeof(buf), &s, &len);
|
r = encode_KRB_SAFE (buf + sizeof(buf) - 1, sizeof(buf), &s, &len);
|
||||||
if (r)
|
if (r)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
outbuf->length = len;
|
outbuf->length = len;
|
||||||
outbuf->data = malloc (len);
|
outbuf->data = malloc (len);
|
||||||
if (outbuf->data == NULL)
|
if (outbuf->data == NULL)
|
||||||
|
|||||||
@@ -25,7 +25,7 @@ krb5_rd_safe(krb5_context context,
|
|||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
/* XXX - checksum collision-proff and keyed */
|
/* XXX - checksum collision-proff and keyed */
|
||||||
if (safe.cksum.cksumtype != CKSUMTYPE_RSA_MD4) {
|
if (safe.cksum.cksumtype != CKSUMTYPE_RSA_MD5_DES) {
|
||||||
r = KRB5KRB_AP_ERR_INAPP_CKSUM;
|
r = KRB5KRB_AP_ERR_INAPP_CKSUM;
|
||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
@@ -74,12 +74,31 @@ krb5_rd_safe(krb5_context context,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
r = krb5_verify_checksum (context,
|
{
|
||||||
safe.safe_body.user_data.data,
|
u_char buf[1024];
|
||||||
safe.safe_body.user_data.length,
|
size_t len;
|
||||||
&safe.cksum);
|
Checksum c;
|
||||||
if (r)
|
|
||||||
goto failure;
|
copy_Checksum (&safe.cksum, &c);
|
||||||
|
|
||||||
|
safe.cksum.cksumtype = 0;
|
||||||
|
safe.cksum.checksum.data = NULL;
|
||||||
|
safe.cksum.checksum.length = 0;
|
||||||
|
|
||||||
|
encode_KRB_SAFE (buf + sizeof(buf) - 1,
|
||||||
|
sizeof(buf),
|
||||||
|
&safe,
|
||||||
|
&len);
|
||||||
|
|
||||||
|
r = krb5_verify_checksum (context,
|
||||||
|
buf + sizeof(buf) - len,
|
||||||
|
len,
|
||||||
|
&auth_context->key,
|
||||||
|
&c);
|
||||||
|
free_Checksum (&c);
|
||||||
|
if (r)
|
||||||
|
goto failure;
|
||||||
|
}
|
||||||
outbuf->length = safe.safe_body.user_data.length;
|
outbuf->length = safe.safe_body.user_data.length;
|
||||||
outbuf->data = malloc(outbuf->length);
|
outbuf->data = malloc(outbuf->length);
|
||||||
if (outbuf->data == NULL) {
|
if (outbuf->data == NULL) {
|
||||||
|
|||||||
Reference in New Issue
Block a user