oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Better logging and return status = FALSE when checksum doesn't match.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20120 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2007-02-01 20:28:49 +00:00
parent c2fc3006d8
commit abcd0e9de6
1 changed files with 31 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
kdc/digest.c
View File

@@ -629,19 +629,19 @@ _kdc_do_digest(krb5_context context,
goto out; goto out;
} }
ret = strcmp(mdx, ireq.u.digestRequest.responseData); r.element = choice_DigestRepInner_response;
ret = strcasecmp(mdx, ireq.u.digestRequest.responseData);
free(mdx); free(mdx);
if (ret != 0) { if (ret == 0) {
krb5_set_error_string(context, r.u.response.success = TRUE;
} else {
kdc_log(context, config, 0,
"CHAP reply mismatch for %s", "CHAP reply mismatch for %s",
ireq.u.digestRequest.username); ireq.u.digestRequest.username);
ret = EINVAL; r.u.response.success = FALSE;
goto out;
} }
r.element = choice_DigestRepInner_response;
r.u.response.success = TRUE;
} else if (strcasecmp(ireq.u.digestRequest.type, "SASL-DIGEST-MD5") == 0) { } else if (strcasecmp(ireq.u.digestRequest.type, "SASL-DIGEST-MD5") == 0) {
MD5_CTX ctx; MD5_CTX ctx;
unsigned char md[MD5_DIGEST_LENGTH]; unsigned char md[MD5_DIGEST_LENGTH];
@@ -742,18 +742,17 @@ _kdc_do_digest(krb5_context context,
goto out; goto out;
} }
ret = strcmp(mdx, ireq.u.digestRequest.responseData);
free(mdx);
if (ret != 0) {
krb5_set_error_string(context,
"Digest-MD5 reply mismatch for %s",
ireq.u.digestRequest.username);
ret = EINVAL;
goto out;
}
r.element = choice_DigestRepInner_response; r.element = choice_DigestRepInner_response;
ret = strcasecmp(mdx, ireq.u.digestRequest.responseData);
free(mdx);
if (ret == 0) {
r.u.response.success = TRUE; r.u.response.success = TRUE;
} else {
kdc_log(context, config, 0,
"DIGEST-MD5 reply mismatch for %s",
ireq.u.digestRequest.username);
r.u.response.success = FALSE;
}
} else if (strcasecmp(ireq.u.digestRequest.type, "MS-CHAP-V2") == 0) { } else if (strcasecmp(ireq.u.digestRequest.type, "MS-CHAP-V2") == 0) {
unsigned char md[SHA_DIGEST_LENGTH], challange[SHA_DIGEST_LENGTH]; unsigned char md[SHA_DIGEST_LENGTH], challange[SHA_DIGEST_LENGTH];
@@ -857,20 +856,18 @@ _kdc_do_digest(krb5_context context,
goto out; goto out;
} }
ret = strcmp(mdx, ireq.u.digestRequest.responseData); r.element = choice_DigestRepInner_response;
ret = strcasecmp(mdx, ireq.u.digestRequest.responseData);
free(mdx); free(mdx);
if (ret != 0) { if (ret == 0) {
free(answer.data); r.u.response.success = TRUE;
krb5_set_error_string(context, } else {
kdc_log(context, config, 0,
"MS-CHAP-V2 reply mismatch for %s", "MS-CHAP-V2 reply mismatch for %s",
ireq.u.digestRequest.username); ireq.u.digestRequest.username);
ret = EINVAL; r.u.response.success = FALSE;
goto out;
} }
r.element = choice_DigestRepInner_response;
r.u.response.success = TRUE;
/* GenerateAuthenticatorResponse */ /* GenerateAuthenticatorResponse */
SHA1_Init(&ctx); SHA1_Init(&ctx);
SHA1_Update(&ctx, key->key.keyvalue.data, key->key.keyvalue.length); SHA1_Update(&ctx, key->key.keyvalue.data, key->key.keyvalue.length);