fix some cleanup code to eradicate the keys
authorJohn Kohl <jtkohl@mit.edu>
Thu, 18 Oct 1990 16:01:29 +0000 (16:01 +0000)
committerJohn Kohl <jtkohl@mit.edu>
Thu, 18 Oct 1990 16:01:29 +0000 (16:01 +0000)
add some (not yet enabled) sanity-check code

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1273 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/krb5/krb/gc_via_tgt.c

index e848ed8b037367128cb880a596f9858534b6f81d..cbbe8b76a593b208378951eccaf9972e9202541e 100644 (file)
@@ -86,9 +86,18 @@ OLDDECLARG(krb5_creds *, cred)
            cleanup();
            return retval;              /* neither proper reply nor error! */
        }
-       /* XXX check to make sure the timestamps match, etc. */
 
-       retval = err_reply->error + ERROR_TABLE_BASE_krb5;
+#if 0
+       /* XXX need access to the actual assembled request...
+          need a change to send_tgs */
+       if ((err_reply->ctime != request.ctime) ||
+           !krb5_principal_compare(err_reply->server, request.server) ||
+           !krb5_principal_compare(err_reply->client, request.client))
+           retval = KRB5_KDCREP_MODIFIED;
+       else
+#endif
+           retval = err_reply->error + ERROR_TABLE_BASE_krb5;
+
        krb5_free_error(err_reply);
        cleanup();
        return retval;
@@ -102,7 +111,10 @@ OLDDECLARG(krb5_creds *, cred)
     if (retval)
        return retval;
 #undef cleanup
-#define cleanup() krb5_free_kdc_rep(dec_rep)
+#define cleanup() {\
+       bzero((char *)dec_rep->enc_part2->session.contents,\
+             dec_rep->enc_part2->session.length);\
+                 krb5_free_kdc_rep(dec_rep); }
 
     /* now it's decrypted and ready for prime time */
 
@@ -116,8 +128,44 @@ OLDDECLARG(krb5_creds *, cred)
        cleanup();
        return retval;
     }
+    bzero((char *)dec_rep->enc_part2->session.contents,
+         dec_rep->enc_part2->session.length);
+
+#undef cleanup
+#define cleanup() {\
+       bzero((char *)cred->keyblock.contents, cred->keyblock.length);\
+                 krb5_free_kdc_rep(dec_rep); }
+
     cred->times = dec_rep->enc_part2->times;
-    /* check compatibility here first ? XXX */
+
+#if 0
+    /* XXX probably need access to the request */
+    /* check the contents for sanity: */
+    if (!krb5_principal_compare(dec_rep->client, request.client)
+       || !krb5_principal_compare(dec_rep->enc_part2->server, request.server)
+       || !krb5_principal_compare(dec_rep->ticket->server, request.server)
+       || (request.nonce != dec_rep->enc_part2->nonce)
+       /* XXX check for extraneous flags */
+       /* XXX || (!krb5_addresses_compare(addrs, dec_rep->enc_part2->caddrs)) */
+       || ((request.from == 0) &&
+           !in_clock_skew(dec_rep->enc_part2->times.starttime))
+       || ((request.from != 0) &&
+           (request.from != dec_rep->enc_part2->times.starttime))
+       || ((request.till != 0) &&
+           (dec_rep->enc_part2->times.endtime > request.till))
+       || ((request.kdc_options & KDC_OPT_RENEWABLE) &&
+           (request.rtime != 0) &&
+           (dec_rep->enc_part2->times.renew_till > request.rtime))
+       || ((request.kdc_options & KDC_OPT_RENEWABLE_OK) &&
+           (dec_rep->enc_part2->flags & KDC_OPT_RENEWABLE) &&
+           (request.till != 0) &&
+           (dec_rep->enc_part2->times.renew_till > request.till))
+       ) {
+       cleanup();
+       return KRB5_KDCREP_MODIFIED;
+    }
+#endif
+
     cred->ticket_flags = dec_rep->enc_part2->flags;
     cred->is_skey = FALSE;
     if (retval = krb5_copy_addresses(dec_rep->enc_part2->caddrs,
@@ -126,13 +174,15 @@ OLDDECLARG(krb5_creds *, cred)
        return retval;
     }
 
-    if (retval = encode_krb5_ticket(dec_rep->ticket, &scratch))
+    if (retval = encode_krb5_ticket(dec_rep->ticket, &scratch)) {
+       cleanup();
        krb5_free_address(cred->addresses);
-    else {
-       cred->ticket = *scratch;
-       free((char *)scratch);
+       return retval;
     }
 
-    cleanup();
+    cred->ticket = *scratch;
+    free((char *)scratch);
+
+    krb5_free_kdc_rep(dec_rep);
     return retval;
 }