* cnv_tkt_skey.c (krb524_convert_tkt_skey): Handle null address

	fields; actually use saddr (the address from the UDP header) to
	generate the ticket address rather than just checking against it.

	* conv_creds.c (krb524_convert_creds_plain): Punt address checks.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10601 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/krb524/ChangeLog b/src/krb524/ChangeLog
index 675070c2cf6732868db5a28139d52de268de203c..ef7375c567c568c095d3ec413adf602f62ee2cd0 100644 (file)
--- a/src/krb524/ChangeLog
+++ b/src/krb524/ChangeLog
@@ -1,3 +1,11 @@
+Wed Jun 17 16:35:37 1998  Tom Yu  <tlyu@mit.edu>
+
+       * cnv_tkt_skey.c (krb524_convert_tkt_skey): Handle null address
+       fields; actually use saddr (the address from the UDP header) to
+       generate the ticket address rather than just checking against it.
+
+       * conv_creds.c (krb524_convert_creds_plain): Punt address checks.
+
 1998-05-06  Theodore Ts'o  <tytso@rsts-11.mit.edu>
 
        * k524init.c (main): POSIX states that getopt returns -1

diff --git a/src/krb524/cnv_tkt_skey.c b/src/krb524/cnv_tkt_skey.c
index afdb46cd4bbe125641d4988d2e206158fe851fc2..df270776ab802638d7bab45950491dabfa2f4f26 100644 (file)
--- a/src/krb524/cnv_tkt_skey.c
+++ b/src/krb524/cnv_tkt_skey.c
@@ -67,7 +67,8 @@ int krb524_convert_tkt_skey(context, v5tkt, v4tkt, v5_skey, v4_skey,
      krb5_enc_tkt_part *v5etkt;
      int ret, lifetime, deltatime;
      krb5_timestamp server_time;
-     krb5_address **caddr, *good_addr = 0;
+     struct sockaddr_in *sinp = (struct sockaddr_in *)saddr;
+     krb5_address kaddr;
 
      v5tkt->enc_part2 = NULL;
      if ((ret = krb5_decrypt_tkt_part(context, v5_skey, v5tkt))) {
@@ -134,27 +135,18 @@ int krb524_convert_tkt_skey(context, v5tkt, v4tkt, v5_skey, v4_skey,
            return KRB5KRB_AP_ERR_TKT_NYV;
      }
 
-     for (caddr = v5etkt->caddrs; *caddr; caddr++) {
-       if (v5etkt->caddrs[0]->addrtype == ADDRTYPE_INET) {
-        if (! memcmp((*caddr)->contents, &saddr->sin_addr,
-                     sizeof(saddr->sin_addr))) {
-          good_addr = *caddr;
-          break;
-        }
-        else if (! good_addr) {
-          good_addr = *caddr;
-        }
-       }
-     }
-        
-     if (! good_addr) {
-       if (krb524_debug)
-        fprintf(stderr, "Invalid v5creds address information.\n");
-       krb5_free_enc_tkt_part(context, v5etkt);
-       v5tkt->enc_part2 = NULL;
-       return KRB524_BADADDR;
+     kaddr.addrtype = ADDRTYPE_INET;
+     kaddr.length = sizeof(sinp->sin_addr);
+     kaddr.contents = (krb5_octet *)&sinp->sin_addr;
+
+     if (!krb5_address_search(context, &kaddr, v5etkt->caddrs)) {
+        if (krb524_debug)
+            fprintf(stderr, "Invalid v5creds address information.\n");
+        krb5_free_enc_tkt_part(context, v5etkt);
+        v5tkt->enc_part2 = NULL;
+        return KRB524_BADADDR;
      }
-     
+
      if (krb524_debug)
        printf("startime = %ld, authtime = %ld, lifetime = %ld\n",
               (long) v5etkt->times.starttime,
@@ -167,7 +159,7 @@ int krb524_convert_tkt_skey(context, v5tkt, v4tkt, v5_skey, v4_skey,
                             pname,
                             pinst,
                             prealm,
-                            *((unsigned long *)good_addr->contents),
+                            *((unsigned long *)kaddr.contents),
                             (char *) v5etkt->session->contents,
                             lifetime,
                             /* issue_data */

diff --git a/src/krb524/conv_creds.c b/src/krb524/conv_creds.c
index f1e8f370944451f7563e8055bed8a92183752439..ae31f9cf95d5754217895bd02b85e920815d2de1 100644 (file)
--- a/src/krb524/conv_creds.c
+++ b/src/krb524/conv_creds.c
@@ -119,7 +119,9 @@ krb524_convert_creds_plain(context, v5creds, v4creds)
      krb5_creds *v5creds;
      CREDENTIALS *v4creds;
 {
+#if 0
      krb5_ui_4 addr;
+#endif
      int ret;
      krb5_timestamp lifetime;
      
@@ -151,6 +153,7 @@ krb524_convert_creds_plain(context, v5creds, v4creds)
          ((lifetime > 0xff) ? 0xff : lifetime);
      v4creds->issue_date = v5creds->times.starttime;
 
+#if 0
      /* XXX perhaps we should use the addr of the client host if */
      /* v5creds contains more than one addr.  Q: Does V4 support */
      /* non-INET addresses? */
@@ -163,6 +166,6 @@ krb524_convert_creds_plain(context, v5creds, v4creds)
      } else
          memcpy((char *) &addr, v5creds->addresses[0]->contents,
                 sizeof(addr));
-
+#endif
      return 0;
 }