1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

heimdal: Fix bug in KDC handling of enterprise principals

The useful change in Samba from this commit is that we gain
validation of the enterprise principal name.

(commit message by Andrew Bartlett)

Cherry-pick of Heimdal commit c76ec8ec6a507a6f34ca80c11e5297146acff83f

Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Nicolas Williams 2014-12-17 16:55:34 +13:00 committed by Andrew Bartlett
parent a07598db9c
commit fe99c420b2

View File

@ -48,41 +48,36 @@ _kdc_db_fetch(krb5_context context,
krb5_error_code ret = HDB_ERR_NOENTRY;
int i;
unsigned kvno = 0;
krb5_principal enterprise_principal = NULL;
krb5_const_principal princ;
*h = NULL;
if (kvno_ptr) {
kvno = *kvno_ptr;
flags |= HDB_F_KVNO_SPECIFIED;
}
ent = calloc (1, sizeof (*ent));
if (ent == NULL) {
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
ent = calloc(1, sizeof (*ent));
if (ent == NULL)
return krb5_enomem(context);
if (principal->name.name_type == KRB5_NT_ENTERPRISE_PRINCIPAL) {
if (principal->name.name_string.len != 1) {
ret = KRB5_PARSE_MALFORMED;
krb5_set_error_message(context, ret,
"malformed request: "
"enterprise name with %d name components",
principal->name.name_string.len);
goto out;
}
ret = krb5_parse_name(context, principal->name.name_string.val[0],
&enterprise_principal);
if (ret)
goto out;
}
for(i = 0; i < config->num_db; i++) {
krb5_principal enterprise_principal = NULL;
if (!(config->db[i]->hdb_capability_flags & HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL)
&& principal->name.name_type == KRB5_NT_ENTERPRISE_PRINCIPAL) {
if (principal->name.name_string.len != 1) {
ret = KRB5_PARSE_MALFORMED;
krb5_set_error_message(context, ret,
"malformed request: "
"enterprise name with %d name components",
principal->name.name_string.len);
free(ent);
return ret;
}
ret = krb5_parse_name(context, principal->name.name_string.val[0],
&enterprise_principal);
if (ret) {
free(ent);
return ret;
}
principal = enterprise_principal;
}
for (i = 0; i < config->num_db; i++) {
ret = config->db[i]->hdb_open(context, config->db[i], O_RDONLY, 0);
if (ret) {
const char *msg = krb5_get_error_message(context, ret);
@ -91,26 +86,34 @@ _kdc_db_fetch(krb5_context context,
continue;
}
if (config->db[i]->hdb_capability_flags & HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL)
princ = principal;
else if (enterprise_principal)
princ = enterprise_principal;
ret = config->db[i]->hdb_fetch_kvno(context,
config->db[i],
principal,
princ,
flags | HDB_F_DECRYPT,
kvno,
ent);
krb5_free_principal(context, enterprise_principal);
config->db[i]->hdb_close(context, config->db[i]);
if(ret == 0) {
if (ret == 0) {
if (db)
*db = config->db[i];
*h = ent;
return 0;
ent = NULL;
goto out;
}
}
ret = HDB_ERR_NOENTRY;
krb5_set_error_message(context, ret, "no such entry found in hdb");
out:
krb5_free_principal(context, enterprise_principal);
free(ent);
krb5_set_error_message(context, ret,
"no such entry found in hdb");
return ret;
}