diff options
Diffstat (limited to 'crypto/kerberosIV/lib/krb')
-rw-r--r-- | crypto/kerberosIV/lib/krb/Makefile.in | 16 | ||||
-rw-r--r-- | crypto/kerberosIV/lib/krb/dest_tkt.c | 80 | ||||
-rw-r--r-- | crypto/kerberosIV/lib/krb/extra.c | 4 | ||||
-rw-r--r-- | crypto/kerberosIV/lib/krb/get_default_principal.c | 5 | ||||
-rw-r--r-- | crypto/kerberosIV/lib/krb/getaddrs.c | 10 | ||||
-rw-r--r-- | crypto/kerberosIV/lib/krb/getfile.c | 6 | ||||
-rw-r--r-- | crypto/kerberosIV/lib/krb/kdc_reply.c | 9 | ||||
-rw-r--r-- | crypto/kerberosIV/lib/krb/krb-protos.h | 8 | ||||
-rw-r--r-- | crypto/kerberosIV/lib/krb/logging.c | 5 | ||||
-rw-r--r-- | crypto/kerberosIV/lib/krb/mk_safe.c | 13 | ||||
-rw-r--r-- | crypto/kerberosIV/lib/krb/rd_req.c | 11 | ||||
-rw-r--r-- | crypto/kerberosIV/lib/krb/rd_safe.c | 14 | ||||
-rw-r--r-- | crypto/kerberosIV/lib/krb/roken_rename.h | 13 | ||||
-rw-r--r-- | crypto/kerberosIV/lib/krb/rw.c | 15 | ||||
-rw-r--r-- | crypto/kerberosIV/lib/krb/send_to_kdc.c | 8 | ||||
-rw-r--r-- | crypto/kerberosIV/lib/krb/tf_util.c | 2 | ||||
-rw-r--r-- | crypto/kerberosIV/lib/krb/verify_user.c | 47 |
17 files changed, 174 insertions, 92 deletions
diff --git a/crypto/kerberosIV/lib/krb/Makefile.in b/crypto/kerberosIV/lib/krb/Makefile.in index 301a9af..2196db2 100644 --- a/crypto/kerberosIV/lib/krb/Makefile.in +++ b/crypto/kerberosIV/lib/krb/Makefile.in @@ -1,5 +1,5 @@ # -# $Id: Makefile.in,v 1.113 1999/11/25 05:26:26 assar Exp $ +# $Id: Makefile.in,v 1.113.2.2 2000/12/07 16:44:12 assar Exp $ # SHELL = /bin/sh @@ -10,6 +10,7 @@ CC = @CC@ LINK = @LINK@ AR = ar RANLIB = @RANLIB@ +CP = cp LN_S = @LN_S@ DEFS = @DEFS@ -DROKEN_RENAME CFLAGS = @CFLAGS@ $(WFLAGS) @@ -254,7 +255,7 @@ Wall: install: all $(MKINSTALLDIRS) $(DESTDIR)$(libdir) - $(INSTALL_DATA) -m 0555 $(LIB) $(DESTDIR)$(libdir)/$(LIB) + $(INSTALL_DATA) $(LIB) $(DESTDIR)$(libdir)/$(LIB) @install_symlink_command@ $(MKINSTALLDIRS) $(DESTDIR)$(includedir) @for i in $(inc_DATA); do \ @@ -291,12 +292,17 @@ distclean: clean realclean: distclean rm -f TAGS +$(LIBNAME)_pic.a: $(OBJECTS) $(SHLIB_LIBADD) + rm -f $@ + $(AR) cr $@ $(OBJECTS) $(SHLIB_LIBADD) + -$(RANLIB) $@ + $(LIBNAME).a: $(OBJECTS) rm -f $@ $(AR) cr $@ $(OBJECTS) -$(RANLIB) $@ -$(LIBNAME).$(SHLIBEXT): $(OBJECTS) $(SHLIB_LIBADD) +$(LIBNAME).$(SHLIBEXT): $(OBJECTS) $(SHLIB_LIBADD) $(LIBNAME)_pic.a rm -f $@ $(LDSHARED) -o $@ $(OBJECTS) $(SHLIB_LIBADD) $(LIB_DEPS) @build_symlink_command@ @@ -359,8 +365,8 @@ rw.o: ../../include/version.h all-local: $(inc_DATA) @for i in $(inc_DATA); do \ if cmp -s $$i $(idir)/$$i 2> /dev/null ; then :; else\ - echo " $(INSTALL_DATA) $$i $(idir)/$$i"; \ - $(INSTALL_DATA) $$i $(idir)/$$i; \ + echo " $(CP) $$i $(idir)/$$i"; \ + $(CP) $$i $(idir)/$$i; \ fi ; \ done diff --git a/crypto/kerberosIV/lib/krb/dest_tkt.c b/crypto/kerberosIV/lib/krb/dest_tkt.c index 0487e6b..4330df2 100644 --- a/crypto/kerberosIV/lib/krb/dest_tkt.c +++ b/crypto/kerberosIV/lib/krb/dest_tkt.c @@ -21,7 +21,11 @@ or implied warranty. #include "krb_locl.h" -RCSID("$Id: dest_tkt.c,v 1.11 1997/05/19 03:03:40 assar Exp $"); +RCSID("$Id: dest_tkt.c,v 1.11.14.2 2000/10/18 20:26:42 assar Exp $"); + +#ifndef O_BINARY +#define O_BINARY 0 +#endif /* * dest_tkt() is used to destroy the ticket store upon logout. @@ -35,48 +39,70 @@ RCSID("$Id: dest_tkt.c,v 1.11 1997/05/19 03:03:40 assar Exp $"); int dest_tkt(void) { - char *file = TKT_FILE; - int i,fd; - struct stat statb; + const char *filename = TKT_FILE; + int i, fd; + struct stat sb1, sb2; char buf[BUFSIZ]; + int error = 0; - errno = 0; - if ( -#ifdef HAVE_LSTAT - lstat -#else - stat -#endif - (file, &statb) < 0) + if (lstat (filename, &sb1) < 0) { + error = errno; goto out; + } - if (!(statb.st_mode & S_IFREG) -#ifdef notdef - || statb.st_mode & 077 -#endif - ) + fd = open (filename, O_RDWR | O_BINARY); + if (fd < 0) { + error = errno; + goto out; + } + + if (unlink (filename) < 0) { + error = errno; + close(fd); goto out; + } - if ((fd = open(file, O_RDWR, 0)) < 0) + if (fstat (fd, &sb2) < 0) { + error = errno; + close(fd); goto out; + } - memset(buf, 0, BUFSIZ); + if (sb1.st_dev != sb2.st_dev || sb1.st_ino != sb2.st_ino) { + close (fd); + error = EPERM; + goto out; + } + + if (sb2.st_nlink != 0) { + close (fd); + error = EPERM; + goto out; + } - for (i = 0; i < statb.st_size; i += sizeof(buf)) - if (write(fd, buf, sizeof(buf)) != sizeof(buf)) { + for (i = 0; i < sb2.st_size; i += sizeof(buf)) { + int ret; + + ret = write(fd, buf, sizeof(buf)); + if (ret != sizeof(buf)) { + if (ret < 0) + error = errno; + else + error = EINVAL; fsync(fd); close(fd); goto out; } - + } fsync(fd); close(fd); - unlink(file); - out: - if (errno == ENOENT) return RET_TKFIL; - else if (errno != 0) return KFAILURE; - return(KSUCCESS); + if (error == ENOENT) + return RET_TKFIL; + else if (error != 0) + return KFAILURE; + else + return(KSUCCESS); } diff --git a/crypto/kerberosIV/lib/krb/extra.c b/crypto/kerberosIV/lib/krb/extra.c index 0668e17..17193a4 100644 --- a/crypto/kerberosIV/lib/krb/extra.c +++ b/crypto/kerberosIV/lib/krb/extra.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: extra.c,v 1.7 1999/12/02 16:58:41 joda Exp $"); +RCSID("$Id: extra.c,v 1.7.2.1 2000/12/07 16:06:09 assar Exp $"); struct value { char *variable; diff --git a/crypto/kerberosIV/lib/krb/get_default_principal.c b/crypto/kerberosIV/lib/krb/get_default_principal.c index 47ad6b3..860f237 100644 --- a/crypto/kerberosIV/lib/krb/get_default_principal.c +++ b/crypto/kerberosIV/lib/krb/get_default_principal.c @@ -33,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: get_default_principal.c,v 1.14 1999/12/02 16:58:41 joda Exp $"); +RCSID("$Id: get_default_principal.c,v 1.14.2.1 2000/06/23 03:29:10 assar Exp $"); int krb_get_default_principal(char *name, char *instance, char *realm) @@ -42,8 +42,7 @@ krb_get_default_principal(char *name, char *instance, char *realm) int ret; char *p; - if ((file = getenv("KRBTKFILE")) == NULL) - file = TKT_FILE; + file = tkt_string (); ret = krb_get_tf_fullname(file, name, instance, realm); if(ret == KSUCCESS) diff --git a/crypto/kerberosIV/lib/krb/getaddrs.c b/crypto/kerberosIV/lib/krb/getaddrs.c index d157690..80b7238 100644 --- a/crypto/kerberosIV/lib/krb/getaddrs.c +++ b/crypto/kerberosIV/lib/krb/getaddrs.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: getaddrs.c,v 1.28 1999/12/02 16:58:42 joda Exp $"); +RCSID("$Id: getaddrs.c,v 1.28.2.1 2000/06/23 03:29:53 assar Exp $"); #if defined(HAVE_SYS_IOCTL_H) && SunOS != 40 #include <sys/ioctl.h> @@ -100,7 +100,11 @@ k_get_all_addrs (struct in_addr **l) ifconf.ifc_len = in_len; ifconf.ifc_buf = inbuf; - if(ioctl(fd, SIOCGIFCONF, &ifconf) < 0) + /* + * Solaris returns EINVAL when the buffer is too small. + */ + + if(ioctl(fd, SIOCGIFCONF, &ifconf) < 0 && errno != EINVAL) goto fail; if(ifconf.ifc_len + sizeof(ifreq) < in_len) break; diff --git a/crypto/kerberosIV/lib/krb/getfile.c b/crypto/kerberosIV/lib/krb/getfile.c index 99d0c3f..7684aee 100644 --- a/crypto/kerberosIV/lib/krb/getfile.c +++ b/crypto/kerberosIV/lib/krb/getfile.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: getfile.c,v 1.5 1999/12/02 16:58:42 joda Exp $"); +RCSID("$Id: getfile.c,v 1.5.2.1 2000/12/07 17:04:48 assar Exp $"); static int is_suid(void) @@ -53,7 +53,7 @@ get_file(const char **files, int num, const char *file, char *buf, size_t len) { const char *p, **q; int i = 0; - if(!is_suid() && (p = getenv("KRBCONFDIR"))){ + if(getuid() != 0 && !is_suid() && (p = getenv("KRBCONFDIR"))){ if(num == i){ snprintf(buf, len, "%s/%s", p, file); return 0; diff --git a/crypto/kerberosIV/lib/krb/kdc_reply.c b/crypto/kerberosIV/lib/krb/kdc_reply.c index 2c940ec..888ab16 100644 --- a/crypto/kerberosIV/lib/krb/kdc_reply.c +++ b/crypto/kerberosIV/lib/krb/kdc_reply.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: kdc_reply.c,v 1.12 1999/12/02 16:58:42 joda Exp $"); +RCSID("$Id: kdc_reply.c,v 1.12.2.2 2000/12/04 14:34:28 assar Exp $"); static int little_endian; /* XXX ugly */ @@ -115,7 +115,10 @@ kdc_reply_cipher(KTEXT reply, KTEXT cip) if(type != AUTH_MSG_KDC_REPLY) return INTK_PROT; - p += krb_get_nir(p, aname, inst, realm); + p += krb_get_nir(p, + aname, sizeof(aname), + inst, sizeof(inst), + realm, sizeof(realm)); p += krb_get_int(p, &kdc_time, 4, little_endian); p++; /* number of tickets */ p += krb_get_int(p, &exp_date, 4, little_endian); diff --git a/crypto/kerberosIV/lib/krb/krb-protos.h b/crypto/kerberosIV/lib/krb/krb-protos.h index bb385d6..0fbf46a 100644 --- a/crypto/kerberosIV/lib/krb/krb-protos.h +++ b/crypto/kerberosIV/lib/krb/krb-protos.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb-protos.h,v 1.24 1999/12/02 16:58:42 joda Exp $ */ +/* $Id: krb-protos.h,v 1.24.2.1 2000/06/23 03:32:04 assar Exp $ */ #ifndef __krb_protos_h__ #define __krb_protos_h__ @@ -328,9 +328,9 @@ krb_get_lrealm __P(( int KRB_LIB_FUNCTION krb_get_nir __P(( void *from, - char *name, - char *instance, - char *realm)); + char *name, size_t name_len, + char *instance, size_t instance_len, + char *realm, size_t realm_len)); char * KRB_LIB_FUNCTION krb_get_phost __P((const char *alias)); diff --git a/crypto/kerberosIV/lib/krb/logging.c b/crypto/kerberosIV/lib/krb/logging.c index bac1c18..1044fac 100644 --- a/crypto/kerberosIV/lib/krb/logging.c +++ b/crypto/kerberosIV/lib/krb/logging.c @@ -34,7 +34,7 @@ #include "krb_locl.h" #include <klog.h> -RCSID("$Id: logging.c,v 1.18 1999/12/02 16:58:42 joda Exp $"); +RCSID("$Id: logging.c,v 1.18.2.1 2000/10/13 15:57:34 assar Exp $"); struct krb_log_facility { char filename[MaxPathLen]; @@ -53,6 +53,9 @@ krb_vlogger(struct krb_log_facility *f, const char *format, va_list args) else if (f->filename && f->filename[0]) file = fopen(f->filename, "a"); + if (file == NULL) + return KFAILURE; + ret = f->func(file, format, args); if (file != f->file) diff --git a/crypto/kerberosIV/lib/krb/mk_safe.c b/crypto/kerberosIV/lib/krb/mk_safe.c index 2e8c5c2..c0bbc9a 100644 --- a/crypto/kerberosIV/lib/krb/mk_safe.c +++ b/crypto/kerberosIV/lib/krb/mk_safe.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,11 +33,20 @@ #include "krb_locl.h" -RCSID("$Id: mk_safe.c,v 1.25 1999/12/02 16:58:43 joda Exp $"); +RCSID("$Id: mk_safe.c,v 1.25.2.1 2000/10/10 13:19:25 assar Exp $"); /* application include files */ #include "krb-archaeology.h" +#ifndef DES_QUAD_GUESS +/* Temporary fixes for krb_{rd,mk}_safe */ +#define DES_QUAD_GUESS 0 +#define DES_QUAD_NEW 1 +#define DES_QUAD_OLD 2 + +#define DES_QUAD_DEFAULT DES_QUAD_GUESS + +#endif /* DES_QUAD_GUESS */ /* from rd_safe.c */ extern int dqc_type; diff --git a/crypto/kerberosIV/lib/krb/rd_req.c b/crypto/kerberosIV/lib/krb/rd_req.c index 91b27a5..4dca78e 100644 --- a/crypto/kerberosIV/lib/krb/rd_req.c +++ b/crypto/kerberosIV/lib/krb/rd_req.c @@ -33,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: rd_req.c,v 1.27.2.1 1999/12/06 22:04:36 assar Exp $"); +RCSID("$Id: rd_req.c,v 1.27.2.2 2000/06/23 04:00:20 assar Exp $"); static struct timeval t_local = { 0, 0 }; @@ -141,7 +141,7 @@ krb_rd_req(KTEXT authent, /* The received message */ char *instance, /* Service instance */ int32_t from_addr, /* Net address of originating host */ AUTH_DAT *ad, /* Structure to be filled in */ - char *fn) /* Filename to get keys from */ + char *a_fn) /* Filename to get keys from */ { static KTEXT_ST ticket; /* Temp storage for ticket */ static KTEXT tkt = &ticket; @@ -169,6 +169,8 @@ krb_rd_req(KTEXT authent, /* The received message */ int type; int little_endian; + const char *fn = a_fn; + unsigned char *p; if (authent->length <= 0) @@ -262,7 +264,10 @@ krb_rd_req(KTEXT authent, /* The received message */ /* cast req_id->length to int? */ #define check_ptr() if ((ptr - (char *) req_id->dat) > req_id->length) return(RD_AP_MODIFIED); - p += krb_get_nir(p, r_aname, r_inst, r_realm); /* XXX no rangecheck */ + p += krb_get_nir(p, + r_aname, sizeof(r_aname), + r_inst, sizeof(r_inst), + r_realm, sizeof(r_realm)); p += krb_get_int(p, &ad->checksum, 4, little_endian); diff --git a/crypto/kerberosIV/lib/krb/rd_safe.c b/crypto/kerberosIV/lib/krb/rd_safe.c index fd8f35e..1d536ab 100644 --- a/crypto/kerberosIV/lib/krb/rd_safe.c +++ b/crypto/kerberosIV/lib/krb/rd_safe.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,11 +33,21 @@ #include "krb_locl.h" -RCSID("$Id: rd_safe.c,v 1.26 1999/12/02 16:58:43 joda Exp $"); +RCSID("$Id: rd_safe.c,v 1.26.2.1 2000/10/10 13:20:36 assar Exp $"); /* application include files */ #include "krb-archaeology.h" +#ifndef DES_QUAD_GUESS +/* Temporary fixes for krb_{rd,mk}_safe */ +#define DES_QUAD_GUESS 0 +#define DES_QUAD_NEW 1 +#define DES_QUAD_OLD 2 + +#define DES_QUAD_DEFAULT DES_QUAD_GUESS + +#endif /* DES_QUAD_GUESS */ + /* Generate two checksums in the given byteorder of the data, one * new-form and one old-form. It has to be done this way to be * compatible with the old version of des_quad_cksum. diff --git a/crypto/kerberosIV/lib/krb/roken_rename.h b/crypto/kerberosIV/lib/krb/roken_rename.h index bae1098..7bd86e2 100644 --- a/crypto/kerberosIV/lib/krb/roken_rename.h +++ b/crypto/kerberosIV/lib/krb/roken_rename.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: roken_rename.h,v 1.8 1999/12/02 16:58:44 joda Exp $ */ +/* $Id: roken_rename.h,v 1.8.2.1 2000/06/23 03:35:31 assar Exp $ */ #ifndef __roken_rename_h__ #define __roken_rename_h__ @@ -85,6 +85,12 @@ #ifndef HAVE_STRDUP #define strdup _krb_strdup #endif +#ifndef HAVE_STRLCAT +#define strlcat _krb_strlcat +#endif +#ifndef HAVE_STRLCPY +#define strlcpy _krb_strlcpy +#endif #ifndef HAVE_STRNLEN #define strnlen _krb_strnlen #endif @@ -95,4 +101,7 @@ #define strtok_r _krb_strtok_r #endif +#define dns_free_data _krb_dns_free_data +#define dns_lookup _krb_dns_lookup + #endif /* __roken_rename_h__ */ diff --git a/crypto/kerberosIV/lib/krb/rw.c b/crypto/kerberosIV/lib/krb/rw.c index 88589c3..5064a6f 100644 --- a/crypto/kerberosIV/lib/krb/rw.c +++ b/crypto/kerberosIV/lib/krb/rw.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -38,7 +38,7 @@ #include "krb_locl.h" -RCSID("$Id: rw.c,v 1.12 1999/12/02 16:58:44 joda Exp $"); +RCSID("$Id: rw.c,v 1.12.2.1 2000/06/23 03:37:33 assar Exp $"); int krb_get_int(void *f, u_int32_t *to, int size, int lsb) @@ -109,14 +109,17 @@ krb_get_string(void *from, char *to, size_t to_size) } int -krb_get_nir(void *from, char *name, char *instance, char *realm) +krb_get_nir(void *from, + char *name, size_t name_len, + char *instance, size_t instance_len, + char *realm, size_t realm_len) { char *p = (char *)from; - p += krb_get_string(p, name, ANAME_SZ); - p += krb_get_string(p, instance, INST_SZ); + p += krb_get_string(p, name, name_len); + p += krb_get_string(p, instance, instance_len); if(realm) - p += krb_get_string(p, realm, REALM_SZ); + p += krb_get_string(p, realm, realm_len); return p - (char *)from; } diff --git a/crypto/kerberosIV/lib/krb/send_to_kdc.c b/crypto/kerberosIV/lib/krb/send_to_kdc.c index 74ac1bb..4fc2c95 100644 --- a/crypto/kerberosIV/lib/krb/send_to_kdc.c +++ b/crypto/kerberosIV/lib/krb/send_to_kdc.c @@ -22,7 +22,7 @@ or implied warranty. #include "krb_locl.h" #include <base64.h> -RCSID("$Id: send_to_kdc.c,v 1.71 1999/11/25 02:20:53 assar Exp $"); +RCSID("$Id: send_to_kdc.c,v 1.71.2.1 2000/10/10 12:47:21 assar Exp $"); struct host { struct sockaddr_in addr; @@ -488,6 +488,12 @@ send_recv(KTEXT pkt, KTEXT rpkt, struct host *host) timeout.tv_sec = client_timeout; timeout.tv_usec = 0; FD_ZERO(&readfds); + if (s >= FD_SETSIZE) { + if (krb_debug) + krb_warning("fd too large\n"); + close (s); + return FALSE; + } FD_SET(s, &readfds); /* select - either recv is ready, or timeout */ diff --git a/crypto/kerberosIV/lib/krb/tf_util.c b/crypto/kerberosIV/lib/krb/tf_util.c index 5528c49..0d5361f 100644 --- a/crypto/kerberosIV/lib/krb/tf_util.c +++ b/crypto/kerberosIV/lib/krb/tf_util.c @@ -21,7 +21,7 @@ or implied warranty. #include "krb_locl.h" -RCSID("$Id: tf_util.c,v 1.39 1999/12/02 18:03:16 assar Exp $"); +RCSID("$Id: tf_util.c,v 1.39.2.2 2000/06/23 04:03:58 assar Exp $"); #define TOO_BIG -1 diff --git a/crypto/kerberosIV/lib/krb/verify_user.c b/crypto/kerberosIV/lib/krb/verify_user.c index 36c64d7..24138e2 100644 --- a/crypto/kerberosIV/lib/krb/verify_user.c +++ b/crypto/kerberosIV/lib/krb/verify_user.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: verify_user.c,v 1.17.2.1 1999/12/06 22:57:17 assar Exp $"); +RCSID("$Id: verify_user.c,v 1.17.2.2 2000/12/15 14:43:37 assar Exp $"); /* * Verify user (name.instance@realm) with `password'. @@ -78,6 +78,7 @@ krb_verify_user_srvtab_exact(char *name, KTEXT_ST ticket; AUTH_DAT auth; + int n; char lrealm[REALM_SZ]; char hostname[MaxHostNameLen]; @@ -94,33 +95,31 @@ krb_verify_user_srvtab_exact(char *name, return -1; } memcpy(&addr, hp->h_addr, sizeof(addr)); - - ret = krb_get_lrealm(lrealm, 1); - if(ret != KSUCCESS){ - dest_tkt(); - return ret; - } phost = krb_get_phost(hostname); - if (linstance == NULL) linstance = "rcmd"; - if(secure == KRB_VERIFY_SECURE_FAIL) { - des_cblock key; - ret = read_service_key(linstance, phost, lrealm, 0, srvtab, &key); - memset(key, 0, sizeof(key)); - if(ret == KFAILURE) - return 0; + ret = KFAILURE; + + for (n = 1; krb_get_lrealm(lrealm, n) == KSUCCESS; ++n) { + if(secure == KRB_VERIFY_SECURE_FAIL) { + des_cblock key; + ret = read_service_key(linstance, phost, lrealm, 0, srvtab, + &key); + memset(key, 0, sizeof(key)); + if(ret == KFAILURE) + continue; + } + + ret = krb_mk_req(&ticket, linstance, phost, lrealm, 0); + if(ret == KSUCCESS) { + ret = krb_rd_req(&ticket, linstance, phost, addr, &auth, + srvtab); + if (ret == KSUCCESS) + break; + } } - - ret = krb_mk_req(&ticket, linstance, phost, lrealm, 33); - if(ret != KSUCCESS){ - dest_tkt(); - return ret; - } - - ret = krb_rd_req(&ticket, linstance, phost, addr, &auth, srvtab); - if(ret != KSUCCESS){ + if (ret != KSUCCESS) { dest_tkt(); return ret; } |