62 lines
2.5 KiB
Diff
62 lines
2.5 KiB
Diff
From 81aa6ef695838a4b2fb5a53e773ea379a492913d Mon Sep 17 00:00:00 2001
|
|
From: Julien Rische <jrische@redhat.com>
|
|
Date: Feb 12 2024 14:25:16 +0000
|
|
Subject: ipd-kdb: Fix some mistakes in ipadb_check_for_bronze_bit_attack()
|
|
|
|
|
|
Fixes: https://pagure.io/freeipa/issue/9521
|
|
Signed-off-by: Julien Rische <jrische@redhat.com>
|
|
Reviewed-By: Alexander Bokovoy <abbra@users.noreply.github.com>
|
|
|
|
---
|
|
|
|
diff --git a/daemons/ipa-kdb/ipa_kdb.h b/daemons/ipa-kdb/ipa_kdb.h
|
|
index 621c235..5de5ea7 100644
|
|
--- a/daemons/ipa-kdb/ipa_kdb.h
|
|
+++ b/daemons/ipa-kdb/ipa_kdb.h
|
|
@@ -382,7 +382,8 @@ krb5_error_code ipadb_is_princ_from_trusted_realm(krb5_context kcontext,
|
|
* status If the call fails and the pointer is not NULL, set it with a
|
|
* message describing the cause of the failure. */
|
|
krb5_error_code
|
|
-ipadb_check_for_bronze_bit_attack(krb5_context context, krb5_kdc_req *request,
|
|
+ipadb_check_for_bronze_bit_attack(krb5_context context,
|
|
+ const krb5_kdc_req *request,
|
|
bool *supported, bool *detected,
|
|
const char **status);
|
|
|
|
diff --git a/daemons/ipa-kdb/ipa_kdb_kdcpolicy.c b/daemons/ipa-kdb/ipa_kdb_kdcpolicy.c
|
|
index 713e9a0..44959f3 100644
|
|
--- a/daemons/ipa-kdb/ipa_kdb_kdcpolicy.c
|
|
+++ b/daemons/ipa-kdb/ipa_kdb_kdcpolicy.c
|
|
@@ -188,7 +188,7 @@ ipa_kdcpolicy_check_tgs(krb5_context context, krb5_kdcpolicy_moddata moddata,
|
|
krb5_error_code kerr;
|
|
bool supported;
|
|
|
|
- kerr = ipadb_check_for_bronze_bit_attack(context, request, supported, NULL,
|
|
+ kerr = ipadb_check_for_bronze_bit_attack(context, request, &supported, NULL,
|
|
status);
|
|
if (kerr)
|
|
return KRB5KDC_ERR_POLICY;
|
|
diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c
|
|
index 8035036..886ed77 100644
|
|
--- a/daemons/ipa-kdb/ipa_kdb_mspac.c
|
|
+++ b/daemons/ipa-kdb/ipa_kdb_mspac.c
|
|
@@ -3306,13 +3306,14 @@ krb5_error_code ipadb_is_princ_from_trusted_realm(krb5_context kcontext,
|
|
}
|
|
|
|
krb5_error_code
|
|
-ipadb_check_for_bronze_bit_attack(krb5_context context, krb5_kdc_req *request,
|
|
+ipadb_check_for_bronze_bit_attack(krb5_context context,
|
|
+ const krb5_kdc_req *request,
|
|
bool *supported, bool *detected,
|
|
const char **status)
|
|
{
|
|
krb5_error_code kerr;
|
|
const char *st = NULL;
|
|
- size_t i, j;
|
|
+ size_t i, j = 0;
|
|
bool in_supported = true, in_detected = false;
|
|
struct ipadb_context *ipactx;
|
|
krb5_ticket *evidence_tkt;
|
|
|