oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Implement [kdc] derived_keys_maxdots

Browse Source
This commit is contained in:
Roland C. Dowdeswell
2019-10-17 16:30:24 +01:00
committed by Viktor Dukhovni
parent dfada0ccad
commit aa5c525e71
3 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
kdc/default_config.c
View File

@@ -70,6 +70,7 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
c->logf = NULL; c->logf = NULL;
c->enable_derived_keys = FALSE; c->enable_derived_keys = FALSE;
c->derived_keys_ndots = 2; c->derived_keys_ndots = 2;
c->derived_keys_maxdots = -1;
c->num_kdc_processes = c->num_kdc_processes =
krb5_config_get_int_default(context, NULL, c->num_kdc_processes, krb5_config_get_int_default(context, NULL, c->num_kdc_processes,
@@ -267,6 +268,10 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
krb5_config_get_int_default(context, NULL, c->derived_keys_ndots, krb5_config_get_int_default(context, NULL, c->derived_keys_ndots,
"kdc", "derived_keys_ndots", NULL); "kdc", "derived_keys_ndots", NULL);
c->derived_keys_maxdots =
krb5_config_get_int_default(context, NULL, c->derived_keys_maxdots,
"kdc", "derived_keys_maxdots", NULL);
*config = c; *config = c;
return 0; return 0;

1
kdc/kdc.h
View File

@@ -98,6 +98,7 @@ typedef struct krb5_kdc_configuration {
krb5_boolean enable_derived_keys; krb5_boolean enable_derived_keys;
int derived_keys_ndots; int derived_keys_ndots;
int derived_keys_maxdots;
} krb5_kdc_configuration; } krb5_kdc_configuration;

11
kdc/misc.c
View File

@@ -142,8 +142,9 @@ _fetch_it(krb5_context context, krb5_kdc_configuration *config, HDB *db,
char *tmp; char *tmp;
const char *realm = NULL; const char *realm = NULL;
int is_derived_key = 0; int is_derived_key = 0;
size_t ndots = 0;
size_t hdots; size_t hdots;
size_t ndots = 0;
size_t maxdots = -1;
flags |= HDB_F_DECRYPT; flags |= HDB_F_DECRYPT;
@@ -167,6 +168,7 @@ _fetch_it(krb5_context context, krb5_kdc_configuration *config, HDB *db,
} }
ndots = config->derived_keys_ndots; ndots = config->derived_keys_ndots;
maxdots = config->derived_keys_maxdots;
for (hdots = 0, tmp = host; tmp && *tmp; tmp++) for (hdots = 0, tmp = host; tmp && *tmp; tmp++)
if (*tmp == '.') if (*tmp == '.')
@@ -192,6 +194,13 @@ _fetch_it(krb5_context context, krb5_kdc_configuration *config, HDB *db,
if (!tmp || !*tmp || hdots < ndots) if (!tmp || !*tmp || hdots < ndots)
break; break;
while (maxdots > 0 && hdots > maxdots) {
tmp = strchr(tmp, '.');
/* tmp != NULL because maxdots > 0 */
tmp++;
hdots--;
}
is_derived_key = 1; is_derived_key = 1;
krb5_free_principal(context, tmpprinc); krb5_free_principal(context, tmpprinc);
krb5_build_principal(context, &tmpprinc, strlen(realm), realm, krb5_build_principal(context, &tmpprinc, strlen(realm), realm,