diff options
Diffstat (limited to 'crypto/heimdal/kdc/kaserver.c')
| -rw-r--r-- | crypto/heimdal/kdc/kaserver.c | 90 |
1 files changed, 59 insertions, 31 deletions
diff --git a/crypto/heimdal/kdc/kaserver.c b/crypto/heimdal/kdc/kaserver.c index 64121eb..175ddb6 100644 --- a/crypto/heimdal/kdc/kaserver.c +++ b/crypto/heimdal/kdc/kaserver.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kaserver.c,v 1.10 2000/02/13 19:21:22 assar Exp $"); +RCSID("$Id: kaserver.c,v 1.15 2001/01/28 21:51:05 assar Exp $"); #ifdef KASERVER @@ -277,9 +277,6 @@ create_reply_ticket (struct rx_header *hdr, krb5_generate_random_block(&fyrtiosjuelva, sizeof(fyrtiosjuelva)); fyrtiosjuelva &= 0xffffffff; krb5_store_int32 (sp, fyrtiosjuelva); -#if 0 - krb5_store_int32 (sp, 4711); /* XXX */ -#endif krb5_store_int32 (sp, challenge); sp->store (sp, session, 8); memset (&session, 0, sizeof(session)); @@ -398,30 +395,45 @@ do_authenticate (struct rx_header *hdr, time_t max_life; u_int8_t life; int32_t chal; + char client_name[256]; + char server_name[256]; krb5_data_zero (&request); unparse_auth_args (sp, &name, &instance, &start_time, &end_time, &request, &max_seq_len); + snprintf (client_name, sizeof(client_name), "%s.%s@%s", + name, instance, v4_realm); + client_entry = db_fetch4 (name, instance, v4_realm); if (client_entry == NULL) { - kdc_log(0, "Client not found in database: %s.%s@%s", - name, instance, v4_realm); + kdc_log(0, "Client not found in database: %s", + client_name); make_error_reply (hdr, KANOENT, reply); goto out; } + snprintf (server_name, sizeof(server_name), "%s.%s@%s", + "krbtgt", v4_realm, v4_realm); + server_entry = db_fetch4 ("krbtgt", v4_realm, v4_realm); if (server_entry == NULL) { - kdc_log(0, "Server not found in database: %s.%s@%s", - "krbtgt", v4_realm, v4_realm); + kdc_log(0, "Server not found in database: %s", server_name); make_error_reply (hdr, KANOENT, reply); goto out; } + ret = check_flags (client_entry, client_name, + server_entry, server_name, + TRUE); + if (ret) { + make_error_reply (hdr, KAPWEXPIRED, reply); + goto out; + } + /* find a DES key */ - ret = get_des_key(client_entry, &ckey); + ret = get_des_key(client_entry, TRUE, &ckey); if(ret){ kdc_log(0, "%s", krb5_get_err_text(context, ret)); make_error_reply (hdr, KANOKEYS, reply); @@ -429,7 +441,7 @@ do_authenticate (struct rx_header *hdr, } /* find a DES key */ - ret = get_des_key(server_entry, &skey); + ret = get_des_key(server_entry, TRUE, &skey); if(ret){ kdc_log(0, "%s", krb5_get_err_text(context, ret)); make_error_reply (hdr, KANOKEYS, reply); @@ -457,6 +469,11 @@ do_authenticate (struct rx_header *hdr, krb5_ret_int32 (reply_sp, &chal); krb5_storage_free (reply_sp); + if (abs(chal - kdc_time) > context->max_skew) { + make_error_reply (hdr, KACLOCKSKEW, reply); + goto out; + } + /* life */ max_life = end_time - kdc_time; if (client_entry->max_life) @@ -484,14 +501,10 @@ out: free (name); if (instance) free (instance); - if (client_entry) { - hdb_free_entry (context, client_entry); - free (client_entry); - } - if (server_entry) { - hdb_free_entry (context, server_entry); - free (server_entry); - } + if (client_entry) + free_ent (client_entry); + if (server_entry) + free_ent (server_entry); } static krb5_error_code @@ -575,6 +588,7 @@ do_getticket (struct rx_header *hdr, char pname[ANAME_SZ]; char pinst[INST_SZ]; char prealm[REALM_SZ]; + char server_name[256]; krb5_data_zero (&aticket); krb5_data_zero (×); @@ -582,14 +596,24 @@ do_getticket (struct rx_header *hdr, unparse_getticket_args (sp, &kvno, &auth_domain, &aticket, &name, &instance, ×, &max_seq_len); + snprintf (server_name, sizeof(server_name), + "%s.%s@%s", name, instance, v4_realm); + server_entry = db_fetch4 (name, instance, v4_realm); if (server_entry == NULL) { - kdc_log(0, "Server not found in database: %s.%s@%s", - name, instance, v4_realm); + kdc_log(0, "Server not found in database: %s", server_name); make_error_reply (hdr, KANOENT, reply); goto out; } + ret = check_flags (NULL, NULL, + server_entry, server_name, + FALSE); + if (ret) { + make_error_reply (hdr, KAPWEXPIRED, reply); + goto out; + } + krbtgt_entry = db_fetch4 ("krbtgt", v4_realm, v4_realm); if (krbtgt_entry == NULL) { kdc_log(0, "Server not found in database: %s.%s@%s", @@ -599,7 +623,7 @@ do_getticket (struct rx_header *hdr, } /* find a DES key */ - ret = get_des_key(krbtgt_entry, &kkey); + ret = get_des_key(krbtgt_entry, TRUE, &kkey); if(ret){ kdc_log(0, "%s", krb5_get_err_text(context, ret)); make_error_reply (hdr, KANOKEYS, reply); @@ -607,7 +631,7 @@ do_getticket (struct rx_header *hdr, } /* find a DES key */ - ret = get_des_key(server_entry, &skey); + ret = get_des_key(server_entry, TRUE, &skey); if(ret){ kdc_log(0, "%s", krb5_get_err_text(context, ret)); make_error_reply (hdr, KANOKEYS, reply); @@ -627,6 +651,14 @@ do_getticket (struct rx_header *hdr, char sinstance[SNAME_SZ]; u_int32_t paddress; + if (aticket.length > sizeof(ticket.dat)) { + kdc_log(0, "ticket too long (%u > %u)", + (unsigned)aticket.length, + (unsigned)sizeof(ticket.dat)); + make_error_reply (hdr, KABADTICKET, reply); + goto out; + } + ticket.length = aticket.length; memcpy (ticket.dat, aticket.data, ticket.length); @@ -707,14 +739,10 @@ out: free (name); if (instance) free (instance); - if (krbtgt_entry) { - hdb_free_entry (context, krbtgt_entry); - free (krbtgt_entry); - } - if (server_entry) { - hdb_free_entry (context, server_entry); - free (server_entry); - } + if (krbtgt_entry) + free_ent (krbtgt_entry); + if (server_entry) + free_ent (server_entry); } krb5_error_code |
