Implement [kdc] derived_keys_maxdots

This commit is contained in:
Roland C. Dowdeswell
2019-10-17 16:30:24 +01:00
committed by Viktor Dukhovni
parent dfada0ccad
commit aa5c525e71
3 changed files with 16 additions and 1 deletions

View File

@@ -70,6 +70,7 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
c->logf = NULL;
c->enable_derived_keys = FALSE;
c->derived_keys_ndots = 2;
c->derived_keys_maxdots = -1;
c->num_kdc_processes =
krb5_config_get_int_default(context, NULL, c->num_kdc_processes,
@@ -267,6 +268,10 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
krb5_config_get_int_default(context, NULL, c->derived_keys_ndots,
"kdc", "derived_keys_ndots", NULL);
c->derived_keys_maxdots =
krb5_config_get_int_default(context, NULL, c->derived_keys_maxdots,
"kdc", "derived_keys_maxdots", NULL);
*config = c;
return 0;

View File

@@ -98,6 +98,7 @@ typedef struct krb5_kdc_configuration {
krb5_boolean enable_derived_keys;
int derived_keys_ndots;
int derived_keys_maxdots;
} krb5_kdc_configuration;

View File

@@ -142,8 +142,9 @@ _fetch_it(krb5_context context, krb5_kdc_configuration *config, HDB *db,
char *tmp;
const char *realm = NULL;
int is_derived_key = 0;
size_t ndots = 0;
size_t hdots;
size_t ndots = 0;
size_t maxdots = -1;
flags |= HDB_F_DECRYPT;
@@ -167,6 +168,7 @@ _fetch_it(krb5_context context, krb5_kdc_configuration *config, HDB *db,
}
ndots = config->derived_keys_ndots;
maxdots = config->derived_keys_maxdots;
for (hdots = 0, tmp = host; tmp && *tmp; tmp++)
if (*tmp == '.')
@@ -192,6 +194,13 @@ _fetch_it(krb5_context context, krb5_kdc_configuration *config, HDB *db,
if (!tmp || !*tmp || hdots < ndots)
break;
while (maxdots > 0 && hdots > maxdots) {
tmp = strchr(tmp, '.');
/* tmp != NULL because maxdots > 0 */
tmp++;
hdots--;
}
is_derived_key = 1;
krb5_free_principal(context, tmpprinc);
krb5_build_principal(context, &tmpprinc, strlen(realm), realm,