From: Sam Hartman <hartmans@mit.edu>
Date: Sat, 10 Feb 1996 02:35:39 +0000 (+0000)
Subject: Fixed bug in v4 compatability: you don't check
X-Git-Tag: krb5-1.0-beta6~518
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=c57a6585b4328c5e68ee46dce20ae85e56bf4554;p=krb5.git

Fixed bug in v4 compatability: you don't check
v5 authenticator checksums when v4 is being used.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7466 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog
index 289ce69ce..507e841a4 100644
--- a/src/appl/bsd/ChangeLog
+++ b/src/appl/bsd/ChangeLog
@@ -1,3 +1,8 @@
+Fri Feb  9 20:18:48 1996  <hartmans@mit.edu>
+
+	* krlogind.c (recvauth): Fix v4 incompatability created by
+        checksum code; if using v4, don't try to verify a v5 checksum.
+
 Thu Feb  1 00:09:13 1996  Sam Hartman  <hartmans@tertius.mit.edu>
 
 	* rcp.M: Fix typo.
diff --git a/src/appl/bsd/krlogind.c b/src/appl/bsd/krlogind.c
index c7680c3bc..ab9f5ea3e 100644
--- a/src/appl/bsd/krlogind.c
+++ b/src/appl/bsd/krlogind.c
@@ -1523,7 +1523,7 @@ recvauth(valid_checksum)
 				  &auth_sys, 	/* which authentication system*/
 				  &v4_kdata, v4_schedule, v4_version)) {
 
-	if (auth_sys == KRB5_RECVAUTH_V5) {
+      if (auth_sys == KRB5_RECVAUTH_V5) {
 	    /*
 	     * clean up before exiting
 	     */
@@ -1536,40 +1536,42 @@ recvauth(valid_checksum)
 
     getstr(netf, lusername, sizeof (lusername), "locuser");
     getstr(netf, term, sizeof(term), "Terminal type");
-    if (status = krb5_auth_con_getauthenticator(bsd_context, auth_context, &authenticator))
-      return status;
+    if (auth_sys == KRB5_RECVAUTH_V5) {
+      
+      if(status = krb5_auth_con_getauthenticator(bsd_context, auth_context, &authenticator))
+	return status;
     
-    if (authenticator->checksum) {
+      if (authenticator->checksum) {
 	struct sockaddr_in adr;
 	int adr_length = sizeof(adr);
-      char * chksumbuf = (char *) malloc(strlen(term)+strlen(lusername)+32);
+	char * chksumbuf = (char *) malloc(strlen(term)+strlen(lusername)+32);
 	if (getsockname(netf, (struct sockaddr *) &adr, &adr_length) != 0)
-    return errno;
-      if (chksumbuf == 0)
-    goto error_cleanup;
-
-      sprintf(chksumbuf,"%u:", ntohs(adr.sin_port));
-      strcat(chksumbuf,term);
-      strcat(chksumbuf,lusername);
-
-      if ( status = krb5_verify_checksum(bsd_context,
-					 authenticator->checksum->checksum_type,
-					 authenticator->checksum,
-					 chksumbuf, strlen(chksumbuf),
-					 				       ticket->enc_part2->session->contents, 
-				       ticket->enc_part2->session->length))
-	goto error_cleanup;
-
- error_cleanup:
-krb5_xfree(chksumbuf);
-      if (status) {
-	krb5_free_authenticator(bsd_context, authenticator);
-	return status;
-      }
+	  return errno;
+	if (chksumbuf == 0)
+	  goto error_cleanup;
+
+	sprintf(chksumbuf,"%u:", ntohs(adr.sin_port));
+	strcat(chksumbuf,term);
+	strcat(chksumbuf,lusername);
+
+	if ( status = krb5_verify_checksum(bsd_context,
+					   authenticator->checksum->checksum_type,
+					   authenticator->checksum,
+					   chksumbuf, strlen(chksumbuf),
+					   ticket->enc_part2->session->contents, 
+					   ticket->enc_part2->session->length))
+	  goto error_cleanup;
+
+      error_cleanup:
+	krb5_xfree(chksumbuf);
+	if (status) {
+	  krb5_free_authenticator(bsd_context, authenticator);
+	  return status;
+	}
 	*valid_checksum = 1;
-}
-    krb5_free_authenticator(bsd_context, authenticator);
-
+      }
+      krb5_free_authenticator(bsd_context, authenticator);
+    }
 
 
 #ifdef KRB5_KRB4_COMPAT