acquire_cred.c (krb5_gss_acquire_cred): Don't use strcmp to compare
authorTheodore Tso <tytso@mit.edu>
Sat, 27 Mar 1999 03:52:58 +0000 (03:52 +0000)
committerTheodore Tso <tytso@mit.edu>
Sat, 27 Mar 1999 03:52:58 +0000 (03:52 +0000)
against principal components (they aren't null terminated!)

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11320 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/gssapi/krb5/ChangeLog
src/lib/gssapi/krb5/acquire_cred.c

index 448c9ab27c782e8505a4d05b1ae5d7430e08ae77..1ad383abf7a52a8671465909d0038fa5ee2723e5 100644 (file)
@@ -1,3 +1,9 @@
+Fri Mar 26 22:17:20 1999  Theodore Y. Ts'o  <tytso@mit.edu>
+
+       * acquire_cred.c (krb5_gss_acquire_cred): Don't use strcmp to
+               compare against principal components (they aren't null
+               terminated!)
+
 Thu Mar 25 22:43:54 1999  Theodore Y. Ts'o  <tytso@mit.edu>
 
        * gssapi_krb5.c: Rearrange OID's so that the V1V2 mechanism set
index f968b7d4f6ede17eb4eeae24c9919d22aeab6c8a..b67eb4f8f82a169eeee83eb95ac8c28304d55c7a 100644 (file)
@@ -144,7 +144,7 @@ acquire_init_cred(context, minor_status, desired_name, output_princ, cred)
 {
    krb5_error_code code;
    krb5_ccache ccache;
-   krb5_principal princ;
+   krb5_principal princ, tmp_princ;
    krb5_flags flags;
    krb5_cc_cursor cur;
    krb5_creds creds;
@@ -202,12 +202,20 @@ acquire_init_cred(context, minor_status, desired_name, output_princ, cred)
 
    got_endtime = 0;
 
+   code = krb5_build_principal_ext(context, &tmp_princ,
+                                  krb5_princ_realm(context, princ)->length,
+                                  krb5_princ_realm(context, princ)->data,
+                                  6, "krbtgt",
+                                  krb5_princ_realm(context, princ)->length,
+                                  krb5_princ_realm(context, princ)->data,
+                                  0);
+   if (code) {
+      (void)krb5_cc_close(context, ccache);
+      *minor_status = code;
+      return(GSS_S_FAILURE);
+   }
    while (!(code = krb5_cc_next_cred(context, ccache, &cur, &creds))) {
-      if ((creds.server->length == 2) &&
-         (strcmp(creds.server->realm.data, princ->realm.data) == 0) &&
-         (strcmp((char *) creds.server->data[0].data, "krbtgt") == 0) &&
-         (strcmp((char *) creds.server->data[1].data,
-                 princ->realm.data) == 0)) {
+      if (krb5_principal_compare(context, tmp_princ, creds.server)) {
         cred->tgt_expire = creds.times.endtime;
         got_endtime = 1;
         *minor_status = 0;
@@ -221,6 +229,7 @@ acquire_init_cred(context, minor_status, desired_name, output_princ, cred)
       }
       krb5_free_cred_contents(context, &creds);
    }
+   krb5_free_principal(context, tmp_princ);
 
    if (code && code != KRB5_CC_END) {
       /* this means some error occurred reading the ccache */