oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Use actual Ticket to construct AP-REQ

Browse Source 
When the cred passed krb5_build_ap_req() has a different name for the actual
ticket (e.g., because the entry came from a ccache with an alias name as the
entry name) then we were putting a Ticket on the wire with the name from the
cred rather than from the Ticket in the cred.  We don't think this is intended
or desirable.  The server should see the Ticket _exactly_ as minted by the KDC.

Perhaps AP-REQ should have used an OCTET STRING to contain the Ticket given that
Ticket is a PDU, which would make a byte-for-byte copy trivial, but as it is it
uses Ticket instead.  Therefore this commit has it decode the Ticket from the
cred and then C struct assign that value to the AP-REP's ticket field -- this
then copies the Ticket as exactly as vended.
This commit is contained in:
Viktor Dukhovni
2017-04-11 03:26:51 +00:00
committed by Nico Williams
parent b1e699103f
commit f468c2fed1
1 changed files with 17 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
lib/krb5/build_ap_req.c
View File

@@ -41,34 +41,24 @@ krb5_build_ap_req (krb5_context context,
krb5_data authenticator, krb5_data authenticator,
krb5_data *retdata) krb5_data *retdata)
{ {
krb5_error_code ret = 0; krb5_error_code ret = 0;
AP_REQ ap; AP_REQ ap;
Ticket t; size_t len;
size_t len;
ap.pvno = 5; ap.pvno = 5;
ap.msg_type = krb_ap_req; ap.msg_type = krb_ap_req;
memset(&ap.ap_options, 0, sizeof(ap.ap_options)); memset(&ap.ap_options, 0, sizeof(ap.ap_options));
ap.ap_options.use_session_key = (ap_options & AP_OPTS_USE_SESSION_KEY) > 0; ap.ap_options.use_session_key = (ap_options & AP_OPTS_USE_SESSION_KEY) > 0;
ap.ap_options.mutual_required = (ap_options & AP_OPTS_MUTUAL_REQUIRED) > 0; ap.ap_options.mutual_required = (ap_options & AP_OPTS_MUTUAL_REQUIRED) > 0;
ap.ticket.tkt_vno = 5; decode_Ticket(cred->ticket.data, cred->ticket.length, &ap.ticket, &len);
copy_Realm(&cred->server->realm, &ap.ticket.realm); ap.authenticator.etype = enctype;
copy_PrincipalName(&cred->server->name, &ap.ticket.sname); ap.authenticator.kvno = NULL;
ap.authenticator.cipher = authenticator;
decode_Ticket(cred->ticket.data, cred->ticket.length, &t, &len);
copy_EncryptedData(&t.enc_part, &ap.ticket.enc_part);
free_Ticket(&t);
ap.authenticator.etype = enctype;
ap.authenticator.kvno = NULL;
ap.authenticator.cipher = authenticator;
ASN1_MALLOC_ENCODE(AP_REQ, retdata->data, retdata->length,
&ap, &len, ret);
if(ret == 0 && retdata->length != len)
krb5_abortx(context, "internal error in ASN.1 encoder");
free_AP_REQ(&ap);
return ret;
ASN1_MALLOC_ENCODE(AP_REQ, retdata->data, retdata->length, &ap, &len, ret);
if (ret == 0 && retdata->length != len)
krb5_abortx(context, "internal error in ASN.1 encoder");
free_AP_REQ(&ap);
return ret;
} }