diff options
author | Tom Yu <tlyu@mit.edu> | 2009-04-02 23:30:28 +0000 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2009-04-02 23:30:28 +0000 |
commit | d44144bc3c86cd2e0b9dbe74f0241905201ddd23 (patch) | |
tree | 7892d4e88451b3e4816985a16603bc0334f00085 | |
parent | 56108ac2b7c7b747951614b9da99a5df1d57be6d (diff) | |
download | krb5-d44144bc3c86cd2e0b9dbe74f0241905201ddd23.tar.gz krb5-d44144bc3c86cd2e0b9dbe74f0241905201ddd23.tar.xz krb5-d44144bc3c86cd2e0b9dbe74f0241905201ddd23.zip |
Fix krshd and krlogind to use krb5_c_verify_checksum
ticket: 1624
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22159 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r-- | src/appl/bsd/krlogind.c | 25 | ||||
-rw-r--r-- | src/appl/bsd/krshd.c | 24 |
2 files changed, 29 insertions, 20 deletions
diff --git a/src/appl/bsd/krlogind.c b/src/appl/bsd/krlogind.c index 705285640b..09aeaad21c 100644 --- a/src/appl/bsd/krlogind.c +++ b/src/appl/bsd/krlogind.c @@ -1358,21 +1358,26 @@ recvauth(valid_checksum) if (authenticator->checksum) { struct sockaddr_in adr; socklen_t adr_length = sizeof(adr); - char * chksumbuf = NULL; + krb5_data chksumbuf; + krb5_boolean valid = 0; + + chksumbuf.data = NULL; if (getsockname(netf, (struct sockaddr *) &adr, &adr_length) != 0) goto error_cleanup; - if (asprintf(&chksumbuf, "%u:%s%s", ntohs(adr.sin_port), term, lusername) < 0) + if (asprintf(&chksumbuf.data, "%u:%s%s", ntohs(adr.sin_port), term, lusername) < 0) goto error_cleanup; - status = krb5_verify_checksum(bsd_context, - authenticator->checksum->checksum_type, - authenticator->checksum, - chksumbuf, strlen(chksumbuf), - ticket->enc_part2->session->contents, - ticket->enc_part2->session->length); + chksumbuf.length = strlen(chksumbuf.data); + status = krb5_c_verify_checksum(bsd_context, + ticket->enc_part2->session, + KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM, + &chksumbuf, authenticator->checksum, + &valid); + if (status == 0 && !valid) status = KRB5KRB_AP_ERR_BAD_INTEGRITY; + error_cleanup: - if (chksumbuf) - free(chksumbuf); + if (chksumbuf.data) + free(chksumbuf.data); if (status) { krb5_free_authenticator(bsd_context, authenticator); return status; diff --git a/src/appl/bsd/krshd.c b/src/appl/bsd/krshd.c index 76c0ca1fc2..59a088ef1b 100644 --- a/src/appl/bsd/krshd.c +++ b/src/appl/bsd/krshd.c @@ -1810,8 +1810,11 @@ recvauth(netfd, peersin, valid_checksum) struct sockaddr_storage adr; unsigned int adr_length = sizeof(adr); int e; - char namebuf[32], *chksumbuf = NULL; + char namebuf[32]; + krb5_boolean valid = 0; + krb5_data chksumbuf; + chksumbuf.data = NULL; if (getsockname(netfd, (struct sockaddr *) &adr, &adr_length) != 0) goto error_cleanup; @@ -1819,19 +1822,20 @@ recvauth(netfd, peersin, valid_checksum) namebuf, sizeof(namebuf), NI_NUMERICSERV); if (e) fatal(netfd, "local error: can't examine port number"); - if (asprintf(&chksumbuf, "%s:%s%s", namebuf, cmdbuf, locuser) < 0) + if (asprintf(&chksumbuf.data, "%s:%s%s", namebuf, cmdbuf, locuser) < 0) goto error_cleanup; - status = krb5_verify_checksum(bsd_context, - authenticator->checksum->checksum_type, - authenticator->checksum, - chksumbuf, strlen(chksumbuf), - ticket->enc_part2->session->contents, - ticket->enc_part2->session->length); + chksumbuf.length = strlen(chksumbuf.data); + status = krb5_c_verify_checksum(bsd_context, + ticket->enc_part2->session, + KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM, + &chksumbuf, authenticator->checksum, + &valid); + if (status == 0 && !valid) status = KRB5KRB_AP_ERR_BAD_INTEGRITY; error_cleanup: - if (chksumbuf) - free(chksumbuf); + if (chksumbuf.data) + free(chksumbuf.data); if (status) { krb5_free_authenticator(bsd_context, authenticator); return status; |