]> git.michaelhowe.org Git - packages/o/openafs.git/commitdiff
projects / packages / o / openafs.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3b5070e)
STABLE14-rxkad-krb5-improvements-20060222
authorJeffrey Altman <jaltman@secure-endpoints.com>
Wed, 22 Feb 2006 05:08:58 +0000 (05:08 +0000)
committerJeffrey Altman <jaltman@secure-endpoints.com>
Wed, 22 Feb 2006 05:08:58 +0000 (05:08 +0000)
correct precedence of && and || in conditional to determine when
tkt_DecodeTicket5() should be called.

optimize order of ticket property evaluation to delay call to get_key()
which will require that a lock be obtained until after we know that
all of the other checks will succeed.

(cherry picked from commit a2530f03bacc9d9115782b49bda40fc01294a70d)

src/rxkad/rxkad_server.c patch | blob | history
src/rxkad/ticket5.c patch | blob | history

diff --git a/src/rxkad/rxkad_server.c b/src/rxkad/rxkad_server.c
index 20fb014390f592c9700e9971a487bbd94c0d9dde..b4e42eea88d19d0ab65fdad376673e9f3acc7aca 100644 (file)
--- a/src/rxkad/rxkad_server.c
+++ b/src/rxkad/rxkad_server.c
@@ -325,8 +325,8 @@ rxkad_CheckResponse(struct rx_securityClass *aobj,
      * If the alternate decoder is not present, or returns -1, then
      * assume the ticket is of the default style.
      */
-    if (code == -1 && (kvno == RXKAD_TKT_TYPE_KERBEROS_V5)
-       || (kvno == RXKAD_TKT_TYPE_KERBEROS_V5_ENCPART_ONLY)) {
+    if (code == -1 && ((kvno == RXKAD_TKT_TYPE_KERBEROS_V5)
+       || (kvno == RXKAD_TKT_TYPE_KERBEROS_V5_ENCPART_ONLY))) {
        code =
            tkt_DecodeTicket5(tix, tlen, tsp->get_key, tsp->get_key_rock,
                              kvno, client.name, client.instance, client.cell,
diff --git a/src/rxkad/ticket5.c b/src/rxkad/ticket5.c
index cd5b7d71ae6ff0fe6350987ed8f0b3009bf4dca0..c5bed59f055ab50e4a0768e3de7729ea835c3baa 100644 (file)
--- a/src/rxkad/ticket5.c
+++ b/src/rxkad/ticket5.c
@@ -242,11 +242,6 @@ tkt_DecodeTicket5(char *ticket, afs_int32 ticket_len,
        v5_serv_kvno = *t5.enc_part.kvno;
     }
 
-
-    code = (*get_key) (get_key_rock, v5_serv_kvno, &serv_key);
-    if (code)
-       goto unknown_key;
-
     /* Check that the key type really fit into 8 bytes */
     switch (t5.enc_part.etype) {
     case ETYPE_DES_CBC_CRC:
@@ -262,6 +257,10 @@ tkt_DecodeTicket5(char *ticket, afs_int32 ticket_len,
        || t5.enc_part.cipher.length % 8 != 0)
        goto bad_ticket;
 
+    code = (*get_key) (get_key_rock, v5_serv_kvno, &serv_key);
+    if (code)
+       goto unknown_key;
+
     /* Decrypt data here, save in plain, assume it will shrink */
     code =
        krb5_des_decrypt(&serv_key, t5.enc_part.etype,