diff options
| author | Keith Vetter <keithv@fusion.com> | 1995-09-29 02:27:50 +0000 |
|---|---|---|
| committer | Keith Vetter <keithv@fusion.com> | 1995-09-29 02:27:50 +0000 |
| commit | 4e848f98be5178109409aacfbc7e7749d54c5499 (patch) | |
| tree | cedec7873b9d1e49bace53077af3807ddfcbf5ac /src/lib/krb5/krb/gc_via_tkt.c | |
| parent | bb7017e221c8f2af6d234c4d236415b91bb610c5 (diff) | |
| download | krb5-4e848f98be5178109409aacfbc7e7749d54c5499.tar.gz krb5-4e848f98be5178109409aacfbc7e7749d54c5499.tar.xz krb5-4e848f98be5178109409aacfbc7e7749d54c5499.zip | |
Misc Mac cleanups
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6881 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5/krb/gc_via_tkt.c')
| -rw-r--r-- | src/lib/krb5/krb/gc_via_tkt.c | 56 |
1 files changed, 35 insertions, 21 deletions
diff --git a/src/lib/krb5/krb/gc_via_tkt.c b/src/lib/krb5/krb/gc_via_tkt.c index b310a10f94..b2ca37fc5c 100644 --- a/src/lib/krb5/krb/gc_via_tkt.c +++ b/src/lib/krb5/krb/gc_via_tkt.c @@ -179,29 +179,43 @@ krb5_get_cred_via_tkt (context, tkt, kdcoptions, address, in_cred, out_cred) retval = KRB5KRB_AP_ERR_MSG_TYPE; goto error_3; } - + /* make sure the response hasn't been tampered with..... */ - if (!krb5_principal_compare(context, dec_rep->client, tkt->client) || - !krb5_principal_compare(context, dec_rep->enc_part2->server, - in_cred->server) || - !krb5_principal_compare(context, dec_rep->ticket->server, - in_cred->server) || - (dec_rep->enc_part2->nonce != tgsrep.expected_nonce) || - ((in_cred->times.starttime != 0) && - (in_cred->times.starttime != dec_rep->enc_part2->times.starttime)) || - ((in_cred->times.endtime != 0) && - (dec_rep->enc_part2->times.endtime > in_cred->times.endtime)) || - ((kdcoptions & KDC_OPT_RENEWABLE) && - (in_cred->times.renew_till != 0) && - (dec_rep->enc_part2->times.renew_till > in_cred->times.renew_till)) || - ((kdcoptions & KDC_OPT_RENEWABLE_OK) && - (dec_rep->enc_part2->flags & KDC_OPT_RENEWABLE) && - (in_cred->times.endtime != 0) && - (dec_rep->enc_part2->times.renew_till > in_cred->times.endtime)) - ) { + retval = 0; + + if (!krb5_principal_compare(context, dec_rep->client, tkt->client)) retval = KRB5_KDCREP_MODIFIED; - goto error_3; - } + + if (!krb5_principal_compare(context, dec_rep->enc_part2->server, in_cred->server)) + retval = KRB5_KDCREP_MODIFIED; + + if (!krb5_principal_compare(context, dec_rep->ticket->server, in_cred->server)) + retval = KRB5_KDCREP_MODIFIED; + + if (dec_rep->enc_part2->nonce != tgsrep.expected_nonce) + retval = KRB5_KDCREP_MODIFIED; + + if ((in_cred->times.starttime != 0) && + (in_cred->times.starttime != dec_rep->enc_part2->times.starttime)) + retval = KRB5_KDCREP_MODIFIED; + + if ((in_cred->times.endtime != 0) && + (dec_rep->enc_part2->times.endtime > in_cred->times.endtime)) + retval = KRB5_KDCREP_MODIFIED; + + if ((kdcoptions & KDC_OPT_RENEWABLE) && + (in_cred->times.renew_till != 0) && + (dec_rep->enc_part2->times.renew_till > in_cred->times.renew_till)) + retval = KRB5_KDCREP_MODIFIED; + + if ((kdcoptions & KDC_OPT_RENEWABLE_OK) && + (dec_rep->enc_part2->flags & KDC_OPT_RENEWABLE) && + (in_cred->times.endtime != 0) && + (dec_rep->enc_part2->times.renew_till > in_cred->times.endtime)) + retval = KRB5_KDCREP_MODIFIED; + + if (retval != 0) + goto error_3; if (!in_cred->times.starttime && !in_clock_skew(dec_rep->enc_part2->times.starttime, |