(handle_v5): accept any kadmin/admin@* principal as the server
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8973 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
@@ -459,7 +459,7 @@ handle_v5(krb5_context context,
|
||||
krb5_error_code ret;
|
||||
u_char version[sizeof(KRB5_SENDAUTH_VERSION)];
|
||||
krb5_ticket *ticket;
|
||||
krb5_principal server;
|
||||
char *server_name;
|
||||
char *client;
|
||||
void *kadm_handle;
|
||||
ssize_t n;
|
||||
@@ -478,25 +478,30 @@ handle_v5(krb5_context context,
|
||||
if(memcmp(version, KRB5_SENDAUTH_VERSION, len) != 0)
|
||||
krb5_errx(context, 1, "bad sendauth version %.8s", version);
|
||||
|
||||
ret = krb5_parse_name(context, KADM5_ADMIN_SERVICE, &server);
|
||||
if (ret)
|
||||
krb5_err (context, 1, ret, "krb5_parse_name %s", KADM5_ADMIN_SERVICE);
|
||||
ret = krb5_recvauth_match_version(context, &ac, &fd,
|
||||
match_appl_version, &kadm_version,
|
||||
server, KRB5_RECVAUTH_IGNORE_VERSION,
|
||||
NULL, KRB5_RECVAUTH_IGNORE_VERSION,
|
||||
keytab, &ticket);
|
||||
if(ret == KRB5_KT_NOTFOUND) {
|
||||
char *name;
|
||||
krb5_unparse_name(context, server, &name);
|
||||
krb5_unparse_name(context, ticket->server, &server_name);
|
||||
krb5_errx(context, 1, "krb5_recvauth: %s (%s)",
|
||||
krb5_get_err_text(context, ret),
|
||||
name);
|
||||
server_name);
|
||||
}
|
||||
krb5_free_principal(context, server);
|
||||
|
||||
if(ret)
|
||||
krb5_err(context, 1, ret, "krb5_recvauth");
|
||||
|
||||
ret = krb5_unparse_name (context, ticket->server, &server_name);
|
||||
if (ret)
|
||||
krb5_err (context, 1, ret, "krb5_unparse_name");
|
||||
|
||||
if (strncmp (server_name, KADM5_ADMIN_SERVICE,
|
||||
strlen(KADM5_ADMIN_SERVICE)) != 0)
|
||||
krb5_errx (context, 1, "ticket for strange principal (%s)",
|
||||
server_name);
|
||||
|
||||
free (server_name);
|
||||
|
||||
memset(&realm_params, 0, sizeof(realm_params));
|
||||
|
||||
if(kadm_version == 1) {
|
||||
@@ -538,7 +543,7 @@ kadmind_loop(krb5_context context,
|
||||
if(n == 0)
|
||||
exit(0);
|
||||
if(n < 0)
|
||||
krb5_errx(context, 1, "read error: %d", errno);
|
||||
krb5_err(context, 1, errno, "read");
|
||||
_krb5_get_int(tmp, &len, 4);
|
||||
if(len > 0xffff && (len & 0xffff) == ('K' << 8) + 'A') {
|
||||
len >>= 16;
|
||||
|
Reference in New Issue
Block a user