From: Sam Hartman Date: Sat, 10 Feb 1996 02:35:39 +0000 (+0000) Subject: Fixed bug in v4 compatability: you don't check X-Git-Tag: krb5-1.0-beta6~518 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=c57a6585b4328c5e68ee46dce20ae85e56bf4554;p=krb5.git Fixed bug in v4 compatability: you don't check v5 authenticator checksums when v4 is being used. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7466 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog index 289ce69ce..507e841a4 100644 --- a/src/appl/bsd/ChangeLog +++ b/src/appl/bsd/ChangeLog @@ -1,3 +1,8 @@ +Fri Feb 9 20:18:48 1996 + + * krlogind.c (recvauth): Fix v4 incompatability created by + checksum code; if using v4, don't try to verify a v5 checksum. + Thu Feb 1 00:09:13 1996 Sam Hartman * rcp.M: Fix typo. diff --git a/src/appl/bsd/krlogind.c b/src/appl/bsd/krlogind.c index c7680c3bc..ab9f5ea3e 100644 --- a/src/appl/bsd/krlogind.c +++ b/src/appl/bsd/krlogind.c @@ -1523,7 +1523,7 @@ recvauth(valid_checksum) &auth_sys, /* which authentication system*/ &v4_kdata, v4_schedule, v4_version)) { - if (auth_sys == KRB5_RECVAUTH_V5) { + if (auth_sys == KRB5_RECVAUTH_V5) { /* * clean up before exiting */ @@ -1536,40 +1536,42 @@ recvauth(valid_checksum) getstr(netf, lusername, sizeof (lusername), "locuser"); getstr(netf, term, sizeof(term), "Terminal type"); - if (status = krb5_auth_con_getauthenticator(bsd_context, auth_context, &authenticator)) - return status; + if (auth_sys == KRB5_RECVAUTH_V5) { + + if(status = krb5_auth_con_getauthenticator(bsd_context, auth_context, &authenticator)) + return status; - if (authenticator->checksum) { + if (authenticator->checksum) { struct sockaddr_in adr; int adr_length = sizeof(adr); - char * chksumbuf = (char *) malloc(strlen(term)+strlen(lusername)+32); + char * chksumbuf = (char *) malloc(strlen(term)+strlen(lusername)+32); if (getsockname(netf, (struct sockaddr *) &adr, &adr_length) != 0) - return errno; - if (chksumbuf == 0) - goto error_cleanup; - - sprintf(chksumbuf,"%u:", ntohs(adr.sin_port)); - strcat(chksumbuf,term); - strcat(chksumbuf,lusername); - - if ( status = krb5_verify_checksum(bsd_context, - authenticator->checksum->checksum_type, - authenticator->checksum, - chksumbuf, strlen(chksumbuf), - ticket->enc_part2->session->contents, - ticket->enc_part2->session->length)) - goto error_cleanup; - - error_cleanup: -krb5_xfree(chksumbuf); - if (status) { - krb5_free_authenticator(bsd_context, authenticator); - return status; - } + return errno; + if (chksumbuf == 0) + goto error_cleanup; + + sprintf(chksumbuf,"%u:", ntohs(adr.sin_port)); + strcat(chksumbuf,term); + strcat(chksumbuf,lusername); + + if ( status = krb5_verify_checksum(bsd_context, + authenticator->checksum->checksum_type, + authenticator->checksum, + chksumbuf, strlen(chksumbuf), + ticket->enc_part2->session->contents, + ticket->enc_part2->session->length)) + goto error_cleanup; + + error_cleanup: + krb5_xfree(chksumbuf); + if (status) { + krb5_free_authenticator(bsd_context, authenticator); + return status; + } *valid_checksum = 1; -} - krb5_free_authenticator(bsd_context, authenticator); - + } + krb5_free_authenticator(bsd_context, authenticator); + } #ifdef KRB5_KRB4_COMPAT