Author: metze Date: 2006-11-11 13:55:14 +0000 (Sat, 11 Nov 2006) New Revision: 665
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=665 Log: check if the service principal and realm match in the ticket and enc-part of a AS-REP metze Modified: trunk/heimdal/lib/krb5/get_in_tkt.c Changeset: Modified: trunk/heimdal/lib/krb5/get_in_tkt.c =================================================================== --- trunk/heimdal/lib/krb5/get_in_tkt.c 2006-11-10 02:47:40 UTC (rev 664) +++ trunk/heimdal/lib/krb5/get_in_tkt.c 2006-11-11 13:55:14 UTC (rev 665) @@ -131,7 +131,7 @@ krb5_const_pointer decryptarg) { krb5_error_code ret; - krb5_principal tmp_principal; + krb5_principal tmp_principal, srv_principal = NULL; int tmp; size_t len; time_t tmp_time; @@ -168,45 +168,64 @@ krb5_abortx(context, "internal error in ASN.1 encoder"); creds->second_ticket.length = 0; creds->second_ticket.data = NULL; + + /* decrypt */ + if (decrypt_proc == NULL) + decrypt_proc = decrypt_tkt; + + ret = (*decrypt_proc)(context, key, key_usage, decryptarg, rep); + if (ret) + goto out; + +#if 0 + /* XXX should this decode be here, or in the decrypt_proc? */ + ret = krb5_decode_keyblock(context, &rep->enc_part.key, 1); + if(ret) + goto out; +#endif + /* compare server */ ret = _krb5_principalname2krb5_principal (context, - &tmp_principal, + &srv_principal, rep->kdc_rep.ticket.sname, rep->kdc_rep.ticket.realm); if (ret) goto out; + + ret = _krb5_principalname2krb5_principal (context, + &tmp_principal, + rep->enc_part.sname, + rep->enc_part.srealm); + if (ret) + goto out; + + /* + * see if the service principal matches in the ticket + * and in the enc_part + */ + tmp = krb5_principal_compare (context, tmp_principal, srv_principal); + krb5_free_principal (context, tmp_principal); + if (!tmp) { + ret = KRB5KRB_AP_ERR_MODIFIED; + krb5_clear_error_string (context); + goto out; + } + if(allow_server_mismatch){ krb5_free_principal(context, creds->server); - creds->server = tmp_principal; - tmp_principal = NULL; + creds->server = srv_principal; + srv_principal = NULL; }else{ - tmp = krb5_principal_compare (context, tmp_principal, creds->server); - krb5_free_principal (context, tmp_principal); + tmp = krb5_principal_compare (context, srv_principal, creds->server); if (!tmp) { ret = KRB5KRB_AP_ERR_MODIFIED; krb5_clear_error_string (context); goto out; } } - - /* decrypt */ - if (decrypt_proc == NULL) - decrypt_proc = decrypt_tkt; - - ret = (*decrypt_proc)(context, key, key_usage, decryptarg, rep); - if (ret) - goto out; - -#if 0 - /* XXX should this decode be here, or in the decrypt_proc? */ - ret = krb5_decode_keyblock(context, &rep->enc_part.key, 1); - if(ret) - goto out; -#endif - /* compare nonces */ if (nonce != rep->enc_part.nonce) { @@ -301,6 +320,8 @@ out: memset (rep->enc_part.key.keyvalue.data, 0, rep->enc_part.key.keyvalue.length); + if (srv_principal) + krb5_free_principal (context, srv_principal); return ret; }
