diff options
| author | John Kohl <jtkohl@mit.edu> | 1990-05-09 17:07:32 +0000 |
|---|---|---|
| committer | John Kohl <jtkohl@mit.edu> | 1990-05-09 17:07:32 +0000 |
| commit | 244db0dc5ebfe7be1c5e9eca974a4cc27265efe9 (patch) | |
| tree | 04a1fa8618c781f0753195f3892701b7d3317b20 /src | |
| parent | 23f2e04abf566b55fbb9f15fc747915db62914fb (diff) | |
| download | krb5-244db0dc5ebfe7be1c5e9eca974a4cc27265efe9.tar.gz krb5-244db0dc5ebfe7be1c5e9eca974a4cc27265efe9.tar.xz krb5-244db0dc5ebfe7be1c5e9eca974a4cc27265efe9.zip | |
changes for new encryption & checksum interface
add in checksum-checking code
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@813 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/kdc/kdc_util.c | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index a87c421f2..9a660c99f 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -121,7 +121,8 @@ const krb5_fulladdr *from; if (retval = (*eblock.crypto_entry->decrypt_func)((krb5_pointer) tgs_req->tgs_request2->enc_part.data, (krb5_pointer) scratch.data, - scratch.length, &eblock)) { + scratch.length, &eblock, + 0)) { (void) (*eblock.crypto_entry->finish_key)(&eblock); free(scratch.data); return retval; @@ -260,17 +261,33 @@ const krb5_fulladdr *from; } /* check application checksum vs. tgs request */ #ifdef notdef + if (!(our_cksum.contents = (krb5_octet *) + malloc(krb5_cksumarray[our_cksum.checksum_type]->checksum_length))) { + krb5_free_authenticator(authdat.authenticator); + krb5_free_ticket(authdat.ticket); + return ENOMEM; /* XXX cktype nosupp */ + } if (retval = (*krb5_cksumarray[our_cksum.checksum_type]-> sum_func)(in, /* where to? */ - NULL, /* don't produce output */ - authdat.ticket->enc_part2->session->contents, /* seed */ in_length, /* input length */ + authdat.ticket->enc_part2->session->contents, /* seed */ authdat.ticket->enc_part2->session->length, /* seed length */ &our_cksum)) { krb5_free_authenticator(authdat.authenticator); krb5_free_ticket(authdat.ticket); + xfree(our_cksum.contents); + return retval; + } + if (our_cksum.length != authdat.authenticator->checksum->length || + bcmp((char *)our_cksum.contents, + (char *)authdat.authenticator->checksum->contents, + our_cksum.length)) { + krb5_free_authenticator(authdat.authenticator); + krb5_free_ticket(authdat.ticket); + xfree(our_cksum.contents); return KRB5KRB_AP_ERR_BAD_INTEGRITY; /* XXX wrong code? */ } + xfree(our_cksum.contents); #endif /* don't need authenticator anymore */ krb5_free_authenticator(authdat.authenticator); |