From 01559e0588f698cda9cf9d892dc7cf80ae33d54f Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Wed, 22 Feb 2006 05:08:58 +0000 Subject: [PATCH] STABLE14-rxkad-krb5-improvements-20060222 correct precedence of && and || in conditional to determine when tkt_DecodeTicket5() should be called. optimize order of ticket property evaluation to delay call to get_key() which will require that a lock be obtained until after we know that all of the other checks will succeed. (cherry picked from commit a2530f03bacc9d9115782b49bda40fc01294a70d) --- src/rxkad/rxkad_server.c | 4 ++-- src/rxkad/ticket5.c | 9 ++++----- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/src/rxkad/rxkad_server.c b/src/rxkad/rxkad_server.c index 20fb01439..b4e42eea8 100644 --- a/src/rxkad/rxkad_server.c +++ b/src/rxkad/rxkad_server.c @@ -325,8 +325,8 @@ rxkad_CheckResponse(struct rx_securityClass *aobj, * If the alternate decoder is not present, or returns -1, then * assume the ticket is of the default style. */ - if (code == -1 && (kvno == RXKAD_TKT_TYPE_KERBEROS_V5) - || (kvno == RXKAD_TKT_TYPE_KERBEROS_V5_ENCPART_ONLY)) { + if (code == -1 && ((kvno == RXKAD_TKT_TYPE_KERBEROS_V5) + || (kvno == RXKAD_TKT_TYPE_KERBEROS_V5_ENCPART_ONLY))) { code = tkt_DecodeTicket5(tix, tlen, tsp->get_key, tsp->get_key_rock, kvno, client.name, client.instance, client.cell, diff --git a/src/rxkad/ticket5.c b/src/rxkad/ticket5.c index cd5b7d71a..c5bed59f0 100644 --- a/src/rxkad/ticket5.c +++ b/src/rxkad/ticket5.c @@ -242,11 +242,6 @@ tkt_DecodeTicket5(char *ticket, afs_int32 ticket_len, v5_serv_kvno = *t5.enc_part.kvno; } - - code = (*get_key) (get_key_rock, v5_serv_kvno, &serv_key); - if (code) - goto unknown_key; - /* Check that the key type really fit into 8 bytes */ switch (t5.enc_part.etype) { case ETYPE_DES_CBC_CRC: @@ -262,6 +257,10 @@ tkt_DecodeTicket5(char *ticket, afs_int32 ticket_len, || t5.enc_part.cipher.length % 8 != 0) goto bad_ticket; + code = (*get_key) (get_key_rock, v5_serv_kvno, &serv_key); + if (code) + goto unknown_key; + /* Decrypt data here, save in plain, assume it will shrink */ code = krb5_des_decrypt(&serv_key, t5.enc_part.etype, -- 2.39.5