diff options
| -rw-r--r-- | src/lib/krb5/krb/privsafe.c | 20 | ||||
| -rw-r--r-- | src/lib/krb5/krb/rd_priv.c | 3 | ||||
| -rw-r--r-- | src/lib/krb5/krb/rd_safe.c | 7 |
3 files changed, 18 insertions, 12 deletions
diff --git a/src/lib/krb5/krb/privsafe.c b/src/lib/krb5/krb/privsafe.c index 405a24211..264b07684 100644 --- a/src/lib/krb5/krb/privsafe.c +++ b/src/lib/krb5/krb/privsafe.c @@ -208,14 +208,17 @@ k5_privsafe_check_addrs(krb5_context context, krb5_auth_context ac, local_fulladdr.contents = remote_fulladdr.contents = NULL; /* Determine the remote comparison address. */ - if (ac->remote_port != NULL) { - ret = krb5_make_fulladdr(context, ac->remote_addr, ac->remote_port, - &remote_fulladdr); - if (ret) - goto cleanup; - remote_addr = &remote_fulladdr; + if (ac->remote_addr != NULL) { + if (ac->remote_port != NULL) { + ret = krb5_make_fulladdr(context, ac->remote_addr, ac->remote_port, + &remote_fulladdr); + if (ret) + goto cleanup; + remote_addr = &remote_fulladdr; + } else + remote_addr = ac->remote_addr; } else - remote_addr = ac->remote_addr; + remote_addr = NULL; /* Determine the local comparison address (possibly NULL). */ if (ac->local_addr != NULL) { @@ -231,7 +234,8 @@ k5_privsafe_check_addrs(krb5_context context, krb5_auth_context ac, local_addr = NULL; /* Check the remote address against the message's sender address. */ - if (!krb5_address_compare(context, remote_addr, msg_s_addr)) { + if (remote_addr != NULL && + !krb5_address_compare(context, remote_addr, msg_s_addr)) { ret = KRB5KRB_AP_ERR_BADADDR; goto cleanup; } diff --git a/src/lib/krb5/krb/rd_priv.c b/src/lib/krb5/krb/rd_priv.c index 831f25807..93259680e 100644 --- a/src/lib/krb5/krb/rd_priv.c +++ b/src/lib/krb5/krb/rd_priv.c @@ -133,7 +133,8 @@ krb5_rd_priv(krb5_context context, krb5_auth_context auth_context, /* Need a better error */ return KRB5_RC_REQUIRED; - if (!auth_context->remote_addr) + if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) && + (auth_context->remote_addr == NULL)) return KRB5_REMOTE_ADDR_REQUIRED; if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) && diff --git a/src/lib/krb5/krb/rd_safe.c b/src/lib/krb5/krb/rd_safe.c index e12148911..c879f331f 100644 --- a/src/lib/krb5/krb/rd_safe.c +++ b/src/lib/krb5/krb/rd_safe.c @@ -146,12 +146,13 @@ krb5_rd_safe(krb5_context context, krb5_auth_context auth_context, return KRB5_RC_REQUIRED; if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) && + (auth_context->remote_addr == NULL)) + return KRB5_REMOTE_ADDR_REQUIRED; + + if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) && (auth_context->rcache == NULL)) return KRB5_RC_REQUIRED; - if (!auth_context->remote_addr) - return KRB5_REMOTE_ADDR_REQUIRED; - /* Get key */ if ((key = auth_context->recv_subkey) == NULL) key = auth_context->key; |