oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

deny non valid use of anonymous requests.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24574 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2009-02-04 22:03:27 +00:00
parent 2e93ad7a9f
commit cc20011567
1 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
kdc/pkinit.c
View File

@@ -394,6 +394,13 @@ _kdc_pk_rd_padata(krb5_context context,
type = "PK-INIT-Win2k";
if (req->req_body.kdc_options.request_anonymous) {
ret = KRB5_KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED;
krb5_set_error_message(context, ret,
"Anon not supported in RSA mode");
goto out;
}
ret = decode_PA_PK_AS_REQ_Win2k(pa->padata_value.data,
pa->padata_value.length,
&r,
@@ -605,6 +612,15 @@ _kdc_pk_rd_padata(krb5_context context,
goto out;
}
if (req->req_body.kdc_options.request_anonymous &&
ap.clientPublicValue == NULL) {
free_AuthPack(&ap);
ret = KRB5_KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED;
krb5_set_error_message(context, ret,
"Anon not supported in RSA mode");
goto out;
}
ret = pk_check_pkauthenticator(context,
&ap.pkAuthenticator,
req);