mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
heimdal: Fix bug in KDC handling of enterprise principals
The useful change in Samba from this commit is that we gain validation of the enterprise principal name. (commit message by Andrew Bartlett) Cherry-pick of Heimdal commit c76ec8ec6a507a6f34ca80c11e5297146acff83f Reviewed-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
a07598db9c
commit
fe99c420b2
@ -48,41 +48,36 @@ _kdc_db_fetch(krb5_context context,
|
||||
krb5_error_code ret = HDB_ERR_NOENTRY;
|
||||
int i;
|
||||
unsigned kvno = 0;
|
||||
krb5_principal enterprise_principal = NULL;
|
||||
krb5_const_principal princ;
|
||||
|
||||
*h = NULL;
|
||||
|
||||
if (kvno_ptr) {
|
||||
kvno = *kvno_ptr;
|
||||
flags |= HDB_F_KVNO_SPECIFIED;
|
||||
}
|
||||
|
||||
ent = calloc (1, sizeof (*ent));
|
||||
if (ent == NULL) {
|
||||
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
|
||||
return ENOMEM;
|
||||
ent = calloc(1, sizeof (*ent));
|
||||
if (ent == NULL)
|
||||
return krb5_enomem(context);
|
||||
|
||||
if (principal->name.name_type == KRB5_NT_ENTERPRISE_PRINCIPAL) {
|
||||
if (principal->name.name_string.len != 1) {
|
||||
ret = KRB5_PARSE_MALFORMED;
|
||||
krb5_set_error_message(context, ret,
|
||||
"malformed request: "
|
||||
"enterprise name with %d name components",
|
||||
principal->name.name_string.len);
|
||||
goto out;
|
||||
}
|
||||
ret = krb5_parse_name(context, principal->name.name_string.val[0],
|
||||
&enterprise_principal);
|
||||
if (ret)
|
||||
goto out;
|
||||
}
|
||||
|
||||
for(i = 0; i < config->num_db; i++) {
|
||||
krb5_principal enterprise_principal = NULL;
|
||||
if (!(config->db[i]->hdb_capability_flags & HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL)
|
||||
&& principal->name.name_type == KRB5_NT_ENTERPRISE_PRINCIPAL) {
|
||||
if (principal->name.name_string.len != 1) {
|
||||
ret = KRB5_PARSE_MALFORMED;
|
||||
krb5_set_error_message(context, ret,
|
||||
"malformed request: "
|
||||
"enterprise name with %d name components",
|
||||
principal->name.name_string.len);
|
||||
free(ent);
|
||||
return ret;
|
||||
}
|
||||
ret = krb5_parse_name(context, principal->name.name_string.val[0],
|
||||
&enterprise_principal);
|
||||
if (ret) {
|
||||
free(ent);
|
||||
return ret;
|
||||
}
|
||||
|
||||
principal = enterprise_principal;
|
||||
}
|
||||
|
||||
for (i = 0; i < config->num_db; i++) {
|
||||
ret = config->db[i]->hdb_open(context, config->db[i], O_RDONLY, 0);
|
||||
if (ret) {
|
||||
const char *msg = krb5_get_error_message(context, ret);
|
||||
@ -91,26 +86,34 @@ _kdc_db_fetch(krb5_context context,
|
||||
continue;
|
||||
}
|
||||
|
||||
if (config->db[i]->hdb_capability_flags & HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL)
|
||||
princ = principal;
|
||||
else if (enterprise_principal)
|
||||
princ = enterprise_principal;
|
||||
|
||||
ret = config->db[i]->hdb_fetch_kvno(context,
|
||||
config->db[i],
|
||||
principal,
|
||||
princ,
|
||||
flags | HDB_F_DECRYPT,
|
||||
kvno,
|
||||
ent);
|
||||
|
||||
krb5_free_principal(context, enterprise_principal);
|
||||
|
||||
config->db[i]->hdb_close(context, config->db[i]);
|
||||
if(ret == 0) {
|
||||
|
||||
if (ret == 0) {
|
||||
if (db)
|
||||
*db = config->db[i];
|
||||
*h = ent;
|
||||
return 0;
|
||||
ent = NULL;
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
|
||||
ret = HDB_ERR_NOENTRY;
|
||||
krb5_set_error_message(context, ret, "no such entry found in hdb");
|
||||
|
||||
out:
|
||||
krb5_free_principal(context, enterprise_principal);
|
||||
free(ent);
|
||||
krb5_set_error_message(context, ret,
|
||||
"no such entry found in hdb");
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user