diff options
Diffstat (limited to 'crypto/heimdal/lib/krb5/transited.c')
-rw-r--r-- | crypto/heimdal/lib/krb5/transited.c | 53 |
1 files changed, 51 insertions, 2 deletions
diff --git a/crypto/heimdal/lib/krb5/transited.c b/crypto/heimdal/lib/krb5/transited.c index c7732cb..8f48ff1 100644 --- a/crypto/heimdal/lib/krb5/transited.c +++ b/crypto/heimdal/lib/krb5/transited.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: transited.c,v 1.10 2003/04/16 16:11:27 lha Exp $"); +RCSID("$Id: transited.c,v 1.10.2.3 2003/10/22 06:07:41 lha Exp $"); /* this is an attempt at one of the most horrible `compression' schemes that has ever been invented; it's so amazingly brain-dead @@ -308,6 +308,12 @@ krb5_domain_x500_decode(krb5_context context, struct tr_realm *p, **q; int ret; + if(tr.length == 0) { + *realms = NULL; + *num_realms = 0; + return 0; + } + /* split string in components */ ret = decode_realms(context, tr.data, tr.length, &r); if(ret) @@ -362,6 +368,9 @@ krb5_domain_x500_encode(char **realms, int num_realms, krb5_data *encoding) char *s = NULL; int len = 0; int i; + krb5_data_zero(encoding); + if (num_realms == 0) + return 0; for(i = 0; i < num_realms; i++){ len += strlen(realms[i]); if(realms[i][0] == '/') @@ -369,6 +378,8 @@ krb5_domain_x500_encode(char **realms, int num_realms, krb5_data *encoding) } len += num_realms - 1; s = malloc(len + 1); + if (s == NULL) + return ENOMEM; *s = '\0'; for(i = 0; i < num_realms; i++){ if(i && i < num_realms - 1) @@ -383,6 +394,44 @@ krb5_domain_x500_encode(char **realms, int num_realms, krb5_data *encoding) } krb5_error_code +krb5_check_transited(krb5_context context, + krb5_const_realm client_realm, + krb5_const_realm server_realm, + krb5_realm *realms, + int num_realms, + int *bad_realm) +{ + char **tr_realms; + char **p; + int i; + + if(num_realms == 0) + return 0; + + tr_realms = krb5_config_get_strings(context, NULL, + "capaths", + client_realm, + server_realm, + NULL); + for(i = 0; i < num_realms; i++) { + for(p = tr_realms; p && *p; p++) { + if(strcmp(*p, realms[i]) == 0) + break; + } + if(p == NULL || *p == NULL) { + krb5_config_free_strings(tr_realms); + krb5_set_error_string (context, "no transit through realm %s", + realms[i]); + if(bad_realm) + *bad_realm = i; + return KRB5KRB_AP_ERR_ILL_CR_TKT; + } + } + krb5_config_free_strings(tr_realms); + return 0; +} + +krb5_error_code krb5_check_transited_realms(krb5_context context, const char *const *realms, int num_realms, |