svn rev #22159: trunk/src/appl/bsd/
tlyu@MIT.EDU
tlyu at MIT.EDU
Thu Apr 2 19:30:28 EDT 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=22159
Commit By: tlyu
Log Message:
ticket: 1624
Fix krshd and krlogind to use krb5_c_verify_checksum.
Changed Files:
U trunk/src/appl/bsd/krlogind.c
U trunk/src/appl/bsd/krshd.c
Modified: trunk/src/appl/bsd/krlogind.c
===================================================================
--- trunk/src/appl/bsd/krlogind.c 2009-04-01 21:13:40 UTC (rev 22158)
+++ trunk/src/appl/bsd/krlogind.c 2009-04-02 23:30:28 UTC (rev 22159)
@@ -1358,21 +1358,26 @@
if (authenticator->checksum) {
struct sockaddr_in adr;
socklen_t adr_length = sizeof(adr);
- char * chksumbuf = NULL;
+ krb5_data chksumbuf;
+ krb5_boolean valid = 0;
+
+ chksumbuf.data = NULL;
if (getsockname(netf, (struct sockaddr *) &adr, &adr_length) != 0)
goto error_cleanup;
- if (asprintf(&chksumbuf, "%u:%s%s", ntohs(adr.sin_port), term, lusername) < 0)
+ if (asprintf(&chksumbuf.data, "%u:%s%s", ntohs(adr.sin_port), term, lusername) < 0)
goto error_cleanup;
- status = krb5_verify_checksum(bsd_context,
- authenticator->checksum->checksum_type,
- authenticator->checksum,
- chksumbuf, strlen(chksumbuf),
- ticket->enc_part2->session->contents,
- ticket->enc_part2->session->length);
+ chksumbuf.length = strlen(chksumbuf.data);
+ status = krb5_c_verify_checksum(bsd_context,
+ ticket->enc_part2->session,
+ KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM,
+ &chksumbuf, authenticator->checksum,
+ &valid);
+ if (status == 0 && !valid) status = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+
error_cleanup:
- if (chksumbuf)
- free(chksumbuf);
+ if (chksumbuf.data)
+ free(chksumbuf.data);
if (status) {
krb5_free_authenticator(bsd_context, authenticator);
return status;
Modified: trunk/src/appl/bsd/krshd.c
===================================================================
--- trunk/src/appl/bsd/krshd.c 2009-04-01 21:13:40 UTC (rev 22158)
+++ trunk/src/appl/bsd/krshd.c 2009-04-02 23:30:28 UTC (rev 22159)
@@ -1810,8 +1810,11 @@
struct sockaddr_storage adr;
unsigned int adr_length = sizeof(adr);
int e;
- char namebuf[32], *chksumbuf = NULL;
+ char namebuf[32];
+ krb5_boolean valid = 0;
+ krb5_data chksumbuf;
+ chksumbuf.data = NULL;
if (getsockname(netfd, (struct sockaddr *) &adr, &adr_length) != 0)
goto error_cleanup;
@@ -1819,19 +1822,20 @@
namebuf, sizeof(namebuf), NI_NUMERICSERV);
if (e)
fatal(netfd, "local error: can't examine port number");
- if (asprintf(&chksumbuf, "%s:%s%s", namebuf, cmdbuf, locuser) < 0)
+ if (asprintf(&chksumbuf.data, "%s:%s%s", namebuf, cmdbuf, locuser) < 0)
goto error_cleanup;
- status = krb5_verify_checksum(bsd_context,
- authenticator->checksum->checksum_type,
- authenticator->checksum,
- chksumbuf, strlen(chksumbuf),
- ticket->enc_part2->session->contents,
- ticket->enc_part2->session->length);
+ chksumbuf.length = strlen(chksumbuf.data);
+ status = krb5_c_verify_checksum(bsd_context,
+ ticket->enc_part2->session,
+ KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM,
+ &chksumbuf, authenticator->checksum,
+ &valid);
+ if (status == 0 && !valid) status = KRB5KRB_AP_ERR_BAD_INTEGRITY;
error_cleanup:
- if (chksumbuf)
- free(chksumbuf);
+ if (chksumbuf.data)
+ free(chksumbuf.data);
if (status) {
krb5_free_authenticator(bsd_context, authenticator);
return status;
More information about the cvs-krb5
mailing list