Fixed bug in v4 compatability: you don't check

v5 authenticator checksums when v4 is being used.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7466 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog
index 289ce69ceedc7d75c1c58d789a594882c8787b77..507e841a4a02d36d54b67734a397a7a01aca215d 100644 (file)
--- a/src/appl/bsd/ChangeLog
+++ b/src/appl/bsd/ChangeLog
@@ -1,3 +1,8 @@
+Fri Feb  9 20:18:48 1996  <hartmans@mit.edu>
+
+       * krlogind.c (recvauth): Fix v4 incompatability created by
+        checksum code; if using v4, don't try to verify a v5 checksum.
+
 Thu Feb  1 00:09:13 1996  Sam Hartman  <hartmans@tertius.mit.edu>
 
        * rcp.M: Fix typo.

diff --git a/src/appl/bsd/krlogind.c b/src/appl/bsd/krlogind.c
index c7680c3bcc39802df1bfd5deaf5907c661fd0262..ab9f5ea3e4a05d24e5e726d2a89e0b06bf4528f8 100644 (file)
--- a/src/appl/bsd/krlogind.c
+++ b/src/appl/bsd/krlogind.c
@@ -1523,7 +1523,7 @@ recvauth(valid_checksum)
                                  &auth_sys,    /* which authentication system*/
                                  &v4_kdata, v4_schedule, v4_version)) {
 
-       if (auth_sys == KRB5_RECVAUTH_V5) {
+      if (auth_sys == KRB5_RECVAUTH_V5) {
            /*
             * clean up before exiting
             */
@@ -1536,40 +1536,42 @@ recvauth(valid_checksum)
 
     getstr(netf, lusername, sizeof (lusername), "locuser");
     getstr(netf, term, sizeof(term), "Terminal type");
-    if (status = krb5_auth_con_getauthenticator(bsd_context, auth_context, &authenticator))
-      return status;
+    if (auth_sys == KRB5_RECVAUTH_V5) {
+      
+      if(status = krb5_auth_con_getauthenticator(bsd_context, auth_context, &authenticator))
+       return status;
     
-    if (authenticator->checksum) {
+      if (authenticator->checksum) {
        struct sockaddr_in adr;
        int adr_length = sizeof(adr);
-      char * chksumbuf = (char *) malloc(strlen(term)+strlen(lusername)+32);
+       char * chksumbuf = (char *) malloc(strlen(term)+strlen(lusername)+32);
        if (getsockname(netf, (struct sockaddr *) &adr, &adr_length) != 0)
-    return errno;
-      if (chksumbuf == 0)
-    goto error_cleanup;
-
-      sprintf(chksumbuf,"%u:", ntohs(adr.sin_port));
-      strcat(chksumbuf,term);
-      strcat(chksumbuf,lusername);
-
-      if ( status = krb5_verify_checksum(bsd_context,
-                                        authenticator->checksum->checksum_type,
-                                        authenticator->checksum,
-                                        chksumbuf, strlen(chksumbuf),
-                                                                              ticket->enc_part2->session->contents, 
-                                      ticket->enc_part2->session->length))
-       goto error_cleanup;
-
- error_cleanup:
-krb5_xfree(chksumbuf);
-      if (status) {
-       krb5_free_authenticator(bsd_context, authenticator);
-       return status;
-      }
+         return errno;
+       if (chksumbuf == 0)
+         goto error_cleanup;
+
+       sprintf(chksumbuf,"%u:", ntohs(adr.sin_port));
+       strcat(chksumbuf,term);
+       strcat(chksumbuf,lusername);
+
+       if ( status = krb5_verify_checksum(bsd_context,
+                                          authenticator->checksum->checksum_type,
+                                          authenticator->checksum,
+                                          chksumbuf, strlen(chksumbuf),
+                                          ticket->enc_part2->session->contents, 
+                                          ticket->enc_part2->session->length))
+         goto error_cleanup;
+
+      error_cleanup:
+       krb5_xfree(chksumbuf);
+       if (status) {
+         krb5_free_authenticator(bsd_context, authenticator);
+         return status;
+       }
        *valid_checksum = 1;
-}
-    krb5_free_authenticator(bsd_context, authenticator);
-
+      }
+      krb5_free_authenticator(bsd_context, authenticator);
+    }
 
 
 #ifdef KRB5_KRB4_COMPAT