From 1b1791322c75c266cfba6ac77f5daf0d2954e569 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Wed, 17 Jun 1998 20:38:09 +0000 Subject: [PATCH] * cnv_tkt_skey.c (krb524_convert_tkt_skey): Handle null address fields; actually use saddr (the address from the UDP header) to generate the ticket address rather than just checking against it. * conv_creds.c (krb524_convert_creds_plain): Punt address checks. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10601 dc483132-0cff-0310-8789-dd5450dbe970 --- src/krb524/ChangeLog | 8 ++++++++ src/krb524/cnv_tkt_skey.c | 36 ++++++++++++++---------------------- src/krb524/conv_creds.c | 5 ++++- 3 files changed, 26 insertions(+), 23 deletions(-) diff --git a/src/krb524/ChangeLog b/src/krb524/ChangeLog index 675070c2c..ef7375c56 100644 --- a/src/krb524/ChangeLog +++ b/src/krb524/ChangeLog @@ -1,3 +1,11 @@ +Wed Jun 17 16:35:37 1998 Tom Yu + + * cnv_tkt_skey.c (krb524_convert_tkt_skey): Handle null address + fields; actually use saddr (the address from the UDP header) to + generate the ticket address rather than just checking against it. + + * conv_creds.c (krb524_convert_creds_plain): Punt address checks. + 1998-05-06 Theodore Ts'o * k524init.c (main): POSIX states that getopt returns -1 diff --git a/src/krb524/cnv_tkt_skey.c b/src/krb524/cnv_tkt_skey.c index afdb46cd4..df270776a 100644 --- a/src/krb524/cnv_tkt_skey.c +++ b/src/krb524/cnv_tkt_skey.c @@ -67,7 +67,8 @@ int krb524_convert_tkt_skey(context, v5tkt, v4tkt, v5_skey, v4_skey, krb5_enc_tkt_part *v5etkt; int ret, lifetime, deltatime; krb5_timestamp server_time; - krb5_address **caddr, *good_addr = 0; + struct sockaddr_in *sinp = (struct sockaddr_in *)saddr; + krb5_address kaddr; v5tkt->enc_part2 = NULL; if ((ret = krb5_decrypt_tkt_part(context, v5_skey, v5tkt))) { @@ -134,27 +135,18 @@ int krb524_convert_tkt_skey(context, v5tkt, v4tkt, v5_skey, v4_skey, return KRB5KRB_AP_ERR_TKT_NYV; } - for (caddr = v5etkt->caddrs; *caddr; caddr++) { - if (v5etkt->caddrs[0]->addrtype == ADDRTYPE_INET) { - if (! memcmp((*caddr)->contents, &saddr->sin_addr, - sizeof(saddr->sin_addr))) { - good_addr = *caddr; - break; - } - else if (! good_addr) { - good_addr = *caddr; - } - } - } - - if (! good_addr) { - if (krb524_debug) - fprintf(stderr, "Invalid v5creds address information.\n"); - krb5_free_enc_tkt_part(context, v5etkt); - v5tkt->enc_part2 = NULL; - return KRB524_BADADDR; + kaddr.addrtype = ADDRTYPE_INET; + kaddr.length = sizeof(sinp->sin_addr); + kaddr.contents = (krb5_octet *)&sinp->sin_addr; + + if (!krb5_address_search(context, &kaddr, v5etkt->caddrs)) { + if (krb524_debug) + fprintf(stderr, "Invalid v5creds address information.\n"); + krb5_free_enc_tkt_part(context, v5etkt); + v5tkt->enc_part2 = NULL; + return KRB524_BADADDR; } - + if (krb524_debug) printf("startime = %ld, authtime = %ld, lifetime = %ld\n", (long) v5etkt->times.starttime, @@ -167,7 +159,7 @@ int krb524_convert_tkt_skey(context, v5tkt, v4tkt, v5_skey, v4_skey, pname, pinst, prealm, - *((unsigned long *)good_addr->contents), + *((unsigned long *)kaddr.contents), (char *) v5etkt->session->contents, lifetime, /* issue_data */ diff --git a/src/krb524/conv_creds.c b/src/krb524/conv_creds.c index f1e8f3709..ae31f9cf9 100644 --- a/src/krb524/conv_creds.c +++ b/src/krb524/conv_creds.c @@ -119,7 +119,9 @@ krb524_convert_creds_plain(context, v5creds, v4creds) krb5_creds *v5creds; CREDENTIALS *v4creds; { +#if 0 krb5_ui_4 addr; +#endif int ret; krb5_timestamp lifetime; @@ -151,6 +153,7 @@ krb524_convert_creds_plain(context, v5creds, v4creds) ((lifetime > 0xff) ? 0xff : lifetime); v4creds->issue_date = v5creds->times.starttime; +#if 0 /* XXX perhaps we should use the addr of the client host if */ /* v5creds contains more than one addr. Q: Does V4 support */ /* non-INET addresses? */ @@ -163,6 +166,6 @@ krb524_convert_creds_plain(context, v5creds, v4creds) } else memcpy((char *) &addr, v5creds->addresses[0]->contents, sizeof(addr)); - +#endif return 0; } -- 2.26.2