diff options
| author | Sam Hartman <hartmans@mit.edu> | 1996-02-10 02:35:39 +0000 |
|---|---|---|
| committer | Sam Hartman <hartmans@mit.edu> | 1996-02-10 02:35:39 +0000 |
| commit | c57a6585b4328c5e68ee46dce20ae85e56bf4554 (patch) | |
| tree | 269a276ef025b97fb06fe6b24bee7e7d803e5aae /src | |
| parent | 8681961a7e2f69a98b0e180f96ca135e48ce7e51 (diff) | |
| download | krb5-c57a6585b4328c5e68ee46dce20ae85e56bf4554.tar.gz krb5-c57a6585b4328c5e68ee46dce20ae85e56bf4554.tar.xz krb5-c57a6585b4328c5e68ee46dce20ae85e56bf4554.zip | |
Fixed bug in v4 compatability: you don't check
v5 authenticator checksums when v4 is being used.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7466 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/appl/bsd/ChangeLog | 5 | ||||
| -rw-r--r-- | src/appl/bsd/krlogind.c | 62 |
2 files changed, 37 insertions, 30 deletions
diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog index 289ce69ce..507e841a4 100644 --- a/src/appl/bsd/ChangeLog +++ b/src/appl/bsd/ChangeLog @@ -1,3 +1,8 @@ +Fri Feb 9 20:18:48 1996 <hartmans@mit.edu> + + * krlogind.c (recvauth): Fix v4 incompatability created by + checksum code; if using v4, don't try to verify a v5 checksum. + Thu Feb 1 00:09:13 1996 Sam Hartman <hartmans@tertius.mit.edu> * rcp.M: Fix typo. diff --git a/src/appl/bsd/krlogind.c b/src/appl/bsd/krlogind.c index c7680c3bc..ab9f5ea3e 100644 --- a/src/appl/bsd/krlogind.c +++ b/src/appl/bsd/krlogind.c @@ -1523,7 +1523,7 @@ recvauth(valid_checksum) &auth_sys, /* which authentication system*/ &v4_kdata, v4_schedule, v4_version)) { - if (auth_sys == KRB5_RECVAUTH_V5) { + if (auth_sys == KRB5_RECVAUTH_V5) { /* * clean up before exiting */ @@ -1536,40 +1536,42 @@ recvauth(valid_checksum) getstr(netf, lusername, sizeof (lusername), "locuser"); getstr(netf, term, sizeof(term), "Terminal type"); - if (status = krb5_auth_con_getauthenticator(bsd_context, auth_context, &authenticator)) - return status; + if (auth_sys == KRB5_RECVAUTH_V5) { + + if(status = krb5_auth_con_getauthenticator(bsd_context, auth_context, &authenticator)) + return status; - if (authenticator->checksum) { + if (authenticator->checksum) { struct sockaddr_in adr; int adr_length = sizeof(adr); - char * chksumbuf = (char *) malloc(strlen(term)+strlen(lusername)+32); + char * chksumbuf = (char *) malloc(strlen(term)+strlen(lusername)+32); if (getsockname(netf, (struct sockaddr *) &adr, &adr_length) != 0) - return errno; - if (chksumbuf == 0) - goto error_cleanup; - - sprintf(chksumbuf,"%u:", ntohs(adr.sin_port)); - strcat(chksumbuf,term); - strcat(chksumbuf,lusername); - - if ( status = krb5_verify_checksum(bsd_context, - authenticator->checksum->checksum_type, - authenticator->checksum, - chksumbuf, strlen(chksumbuf), - ticket->enc_part2->session->contents, - ticket->enc_part2->session->length)) - goto error_cleanup; - - error_cleanup: -krb5_xfree(chksumbuf); - if (status) { - krb5_free_authenticator(bsd_context, authenticator); - return status; - } + return errno; + if (chksumbuf == 0) + goto error_cleanup; + + sprintf(chksumbuf,"%u:", ntohs(adr.sin_port)); + strcat(chksumbuf,term); + strcat(chksumbuf,lusername); + + if ( status = krb5_verify_checksum(bsd_context, + authenticator->checksum->checksum_type, + authenticator->checksum, + chksumbuf, strlen(chksumbuf), + ticket->enc_part2->session->contents, + ticket->enc_part2->session->length)) + goto error_cleanup; + + error_cleanup: + krb5_xfree(chksumbuf); + if (status) { + krb5_free_authenticator(bsd_context, authenticator); + return status; + } *valid_checksum = 1; -} - krb5_free_authenticator(bsd_context, authenticator); - + } + krb5_free_authenticator(bsd_context, authenticator); + } #ifdef KRB5_KRB4_COMPAT |