oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

put address comparison in separate function

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15085 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
2005-05-04 12:25:04 +00:00
parent 7f6414c62f
commit 82fa25b5c4
1 changed files with 33 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
lib/krb5/rd_cred.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2003 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2005 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -35,6 +35,24 @@
RCSID("$Id$"); RCSID("$Id$");
static krb5_error_code
compare_addrs(krb5_context context,
krb5_address *a,
krb5_address *b,
const char *message)
{
char a_str[64], b_str[64];
size_t len;
if(krb5_address_compare (context, a, b))
return 0;
krb5_print_address (a, a_str, sizeof(a_str), &len);
krb5_print_address (b, b_str, sizeof(b_str), &len);
krb5_set_error_string(context, "%s: %s != %s", message, b_str, a_str);
return KRB5KRB_AP_ERR_BADADDR;
}
krb5_error_code KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_FUNCTION
krb5_rd_cred(krb5_context context, krb5_rd_cred(krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
@@ -115,7 +133,6 @@ krb5_rd_cred(krb5_context context,
&& auth_context->remote_address && auth_context->remote_address
&& auth_context->remote_port) { && auth_context->remote_port) {
krb5_address *a; krb5_address *a;
int cmp;
ret = krb5_make_addrport (context, &a, ret = krb5_make_addrport (context, &a,
auth_context->remote_address, auth_context->remote_address,
@@ -124,19 +141,13 @@ krb5_rd_cred(krb5_context context,
goto out; goto out;
cmp = krb5_address_compare (context, ret = compare_addrs(context, a, enc_krb_cred_part.s_address,
a, "sender address is wrong in received creds");
enc_krb_cred_part.s_address);
krb5_free_address(context, a); krb5_free_address(context, a);
free(a); free(a);
if(ret)
if (cmp == 0) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BADADDR;
goto out; goto out;
} }
}
/* check receiver address */ /* check receiver address */
@@ -145,34 +156,26 @@ krb5_rd_cred(krb5_context context,
if(auth_context->local_port && if(auth_context->local_port &&
enc_krb_cred_part.r_address->addr_type == KRB5_ADDRESS_ADDRPORT) { enc_krb_cred_part.r_address->addr_type == KRB5_ADDRESS_ADDRPORT) {
krb5_address *a; krb5_address *a;
int cmp;
ret = krb5_make_addrport (context, &a, ret = krb5_make_addrport (context, &a,
auth_context->local_address, auth_context->local_address,
auth_context->local_port); auth_context->local_port);
if (ret) if (ret)
goto out; goto out;
cmp = krb5_address_compare (context, ret = compare_addrs(context, a, enc_krb_cred_part.r_address,
a, "receiver address is wrong in received creds");
enc_krb_cred_part.r_address);
krb5_free_address(context, a); krb5_free_address(context, a);
free(a); free(a);
if(ret)
if (cmp == 0) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BADADDR;
goto out; goto out;
}
} else { } else {
if(!krb5_address_compare (context, ret = compare_addrs(context, auth_context->local_address,
auth_context->local_address, enc_krb_cred_part.r_address,
enc_krb_cred_part.r_address)) { "receiver address is wrong in received creds");
krb5_clear_error_string (context); if(ret)
ret = KRB5KRB_AP_ERR_BADADDR;
goto out; goto out;
} }
} }
}
/* check timestamp */ /* check timestamp */
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) { if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {