]>
Commit | Line | Data |
---|---|---|
6cf77d05 SS |
1 | commit 1c2f5144de0f15f7d9c8659a71adc10c2755b57e |
2 | Author: ghudson <ghudson@dc483132-0cff-0310-8789-dd5450dbe970> | |
3 | Date: Wed Dec 7 19:38:32 2011 +0000 | |
4 | ||
5 | ticket: 7048 | |
6 | subject: Allow null server key to krb5_pac_verify | |
7 | ||
8 | When the KDC verifies a PAC, it doesn't really need to check the | |
9 | server signature, since it can't trust that anyway. Allow the caller | |
10 | to pass only a TGT key. | |
11 | ||
12 | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25532 dc483132-0cff-0310-8789-dd5450dbe970 | |
13 | ||
14 | diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin | |
15 | index f3d0225..83c2dc7 100644 | |
16 | --- a/src/include/krb5/krb5.hin | |
17 | +++ b/src/include/krb5/krb5.hin | |
18 | @@ -7506,13 +7506,13 @@ krb5_pac_parse(krb5_context context, const void *ptr, size_t len, | |
19 | * @param [in] pac PAC handle | |
20 | * @param [in] authtime Expected timestamp | |
21 | * @param [in] principal Expected principal name (or NULL) | |
22 | - * @param [in] server Key to validate server checksum | |
23 | + * @param [in] server Key to validate server checksum (or NULL) | |
24 | * @param [in] privsvr Key to validate KDC checksum (or NULL) | |
25 | * | |
26 | * This function validates @a pac against the supplied @a server, @a privsvr, | |
27 | * @a principal and @a authtime. If @a principal is NULL, the principal and | |
28 | - * authtime are not verified. If @a privsvr is NULL, the KDC checksum is not | |
29 | - * verified. | |
30 | + * authtime are not verified. If @a server or @a privsvr is NULL, the | |
31 | + * corresponding checksum is not verified. | |
32 | * | |
33 | * If successful, @a pac is marked as verified. | |
34 | * | |
35 | diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c | |
36 | index f173b04..23aa930 100644 | |
37 | --- a/src/lib/krb5/krb/pac.c | |
38 | +++ b/src/lib/krb5/krb/pac.c | |
39 | @@ -637,9 +637,11 @@ krb5_pac_verify(krb5_context context, | |
40 | if (server == NULL) | |
41 | return EINVAL; | |
42 | ||
43 | - ret = k5_pac_verify_server_checksum(context, pac, server); | |
44 | - if (ret != 0) | |
45 | - return ret; | |
46 | + if (server != NULL) { | |
47 | + ret = k5_pac_verify_server_checksum(context, pac, server); | |
48 | + if (ret != 0) | |
49 | + return ret; | |
50 | + } | |
51 | ||
52 | if (privsvr != NULL) { | |
53 | ret = k5_pac_verify_kdc_checksum(context, pac, privsvr); | |
54 | ||
55 | commit e31486a84380647e49ba6199a3e10ac739fa1a45 | |
56 | Author: ghudson <ghudson@dc483132-0cff-0310-8789-dd5450dbe970> | |
57 | Date: Thu Dec 8 04:21:23 2011 +0000 | |
58 | ||
59 | ticket: 7048 | |
60 | ||
61 | Actually allow null server key in krb5_pac_verify | |
62 | ||
63 | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25534 dc483132-0cff-0310-8789-dd5450dbe970 | |
64 | ||
65 | diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c | |
66 | index 23aa930..3262d21 100644 | |
67 | --- a/src/lib/krb5/krb/pac.c | |
68 | +++ b/src/lib/krb5/krb/pac.c | |
69 | @@ -634,9 +634,6 @@ krb5_pac_verify(krb5_context context, | |
70 | { | |
71 | krb5_error_code ret; | |
72 | ||
73 | - if (server == NULL) | |
74 | - return EINVAL; | |
75 | - | |
76 | if (server != NULL) { | |
77 | ret = k5_pac_verify_server_checksum(context, pac, server); | |
78 | if (ret != 0) |