krb5-no-dot-20041017

author Jeffrey Altman <jaltman@mit.edu>

Sun, 17 Oct 2004 21:24:19 +0000 (21:24 +0000)

committer Jeffrey Altman <jaltman@secure-endpoints.com>

Sun, 17 Oct 2004 21:24:19 +0000 (21:24 +0000)
author Jeffrey Altman <jaltman@mit.edu>
Sun, 17 Oct 2004 21:24:19 +0000 (21:24 +0000)
committer Jeffrey Altman <jaltman@secure-endpoints.com>
Sun, 17 Oct 2004 21:24:19 +0000 (21:24 +0000)
diff --git a/src/WINNT/afsd/afskfw.c b/src/WINNT/afsd/afskfw.c

index 823c60c..743374a 100644 (file)
--- a/src/WINNT/afsd/afskfw.c
+++ b/src/WINNT/afsd/afskfw.c
@@ -927,11 +927,11 @@ KFW_import_windows_lsa(void)
 
     princ_realm = krb5_princ_realm(ctx, princ);
     for ( i=0; i<princ_realm->length; i++ ) {
-               realm[i] = princ_realm->data[i];
+        realm[i] = princ_realm->data[i];
         cell[i] = tolower(princ_realm->data[i]);
     }
-       cell[i] = '\0';
-       realm[i] = '\0';
+    cell[i] = '\0';
+    realm[i] = '\0';
 
     code = KFW_AFS_klog(ctx, cc, "afs", cell, realm, pLeash_get_default_lifetime(),NULL);
     if ( IsDebuggerPresent() ) {
@@ -2583,10 +2583,10 @@ KFW_AFS_klog(
     memset(ServiceName, '\0', sizeof(ServiceName));
     memset(realm_of_user, '\0', sizeof(realm_of_user));
     memset(realm_of_cell, '\0', sizeof(realm_of_cell));
-       if (cell && cell[0])
-               strcpy(Dmycell, cell);
-       else
-               memset(Dmycell, '\0', sizeof(Dmycell));
+    if (cell && cell[0])
+        strcpy(Dmycell, cell);
+    else
+        memset(Dmycell, '\0', sizeof(Dmycell));
 
     // NULL or empty cell returns information on local cell
     if (rc = KFW_AFS_get_cellconfig(Dmycell, &ak_cellconfig, local_cell))
@@ -2612,13 +2612,21 @@ KFW_AFS_klog(
     memset((char *)&increds, 0, sizeof(increds));
 
     code = pkrb5_cc_get_principal(ctx, cc, &client_principal);
-       if (code) {
+    if (code) {
         if ( code == KRB5_CC_NOTFOUND && IsDebuggerPresent() ) 
         {
             OutputDebugString("Principal Not Found for ccache\n");
         }
         goto skip_krb5_init;
     }
+
+    if ( strchr(krb5_princ_component(ctx,client_principal,0),'.') != NULL )
+    {
+        OutputDebugString("Illegal Principal name contains dot in first component\n");
+        rc = KRB5KRB_ERR_GENERIC;
+        goto cleanup;
+    }
+
     i = krb5_princ_realm(ctx, client_principal)->length;
     if (i > REALM_SZ-1) 
         i = REALM_SZ-1;
diff --git a/src/WINNT/aklog/aklog.c b/src/WINNT/aklog/aklog.c

index 27ce5b0..a226d3a 100644 (file)
--- a/src/WINNT/aklog/aklog.c
+++ b/src/WINNT/aklog/aklog.c
@@ -390,11 +390,11 @@ static int get_v5cred(krb5_context context,
 
     memset((char *)&increds, 0, sizeof(increds));
 
-       if ((r = krb5_build_principal(context, &increds.server,
-                     strlen(realm), realm,
-                     name,
-           (inst && strlen(inst)) ? inst : 0,
-                     0))) {
+    if ((r = krb5_build_principal(context, &increds.server,
+                                  strlen(realm), realm,
+                                  name,
+                                  (inst && strlen(inst)) ? inst : 0,
+                                  0))) {
         return((int)r);
     }
 
@@ -624,6 +624,12 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm)
     { /* using krb5 */
         int retry = 1;
 
+        if ( strchr(name,'.') != NULL ) {
+            fprintf(stderr, "%s: Can't support principal names including a dot.\n",
+                    progname);
+            return(AKLOG_MISC);
+        }
+
       try_v5:
         if (dflag)
             printf("Getting v5 tickets: %s/%s@%s\n", name, instance, realm_of_cell);
author	Jeffrey Altman <jaltman@mit.edu>
	Sun, 17 Oct 2004 21:24:19 +0000 (21:24 +0000)
committer	Jeffrey Altman <jaltman@secure-endpoints.com>
	Sun, 17 Oct 2004 21:24:19 +0000 (21:24 +0000)
src/WINNT/afsd/afskfw.c		patch \| blob \| history
src/WINNT/aklog/aklog.c		patch \| blob \| history