From a8be84d0a3f4ee659606260a5ea106a2d95d510f Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Sat, 27 Mar 1999 03:52:58 +0000 Subject: [PATCH] acquire_cred.c (krb5_gss_acquire_cred): Don't use strcmp to compare against principal components (they aren't null terminated!) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11320 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/krb5/ChangeLog | 6 ++++++ src/lib/gssapi/krb5/acquire_cred.c | 21 +++++++++++++++------ 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index 448c9ab27..1ad383abf 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,9 @@ +Fri Mar 26 22:17:20 1999 Theodore Y. Ts'o + + * acquire_cred.c (krb5_gss_acquire_cred): Don't use strcmp to + compare against principal components (they aren't null + terminated!) + Thu Mar 25 22:43:54 1999 Theodore Y. Ts'o * gssapi_krb5.c: Rearrange OID's so that the V1V2 mechanism set diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index f968b7d4f..b67eb4f8f 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -144,7 +144,7 @@ acquire_init_cred(context, minor_status, desired_name, output_princ, cred) { krb5_error_code code; krb5_ccache ccache; - krb5_principal princ; + krb5_principal princ, tmp_princ; krb5_flags flags; krb5_cc_cursor cur; krb5_creds creds; @@ -202,12 +202,20 @@ acquire_init_cred(context, minor_status, desired_name, output_princ, cred) got_endtime = 0; + code = krb5_build_principal_ext(context, &tmp_princ, + krb5_princ_realm(context, princ)->length, + krb5_princ_realm(context, princ)->data, + 6, "krbtgt", + krb5_princ_realm(context, princ)->length, + krb5_princ_realm(context, princ)->data, + 0); + if (code) { + (void)krb5_cc_close(context, ccache); + *minor_status = code; + return(GSS_S_FAILURE); + } while (!(code = krb5_cc_next_cred(context, ccache, &cur, &creds))) { - if ((creds.server->length == 2) && - (strcmp(creds.server->realm.data, princ->realm.data) == 0) && - (strcmp((char *) creds.server->data[0].data, "krbtgt") == 0) && - (strcmp((char *) creds.server->data[1].data, - princ->realm.data) == 0)) { + if (krb5_principal_compare(context, tmp_princ, creds.server)) { cred->tgt_expire = creds.times.endtime; got_endtime = 1; *minor_status = 0; @@ -221,6 +229,7 @@ acquire_init_cred(context, minor_status, desired_name, output_princ, cred) } krb5_free_cred_contents(context, &creds); } + krb5_free_principal(context, tmp_princ); if (code && code != KRB5_CC_END) { /* this means some error occurred reading the ccache */ -- 2.26.2