oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

(init_cred_loop): handle KRB5KRB_ERR_RESPONSE_TOO_BIG and loop again,

Browse Source 
this time requesting LARGE_MSG from send to kdc, and if this is the
second time bail out; try to free memory


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12930 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2003-09-30 18:05:27 +00:00
parent bce36e1e1e
commit 2b7e870bf4
1 changed files with 36 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
lib/krb5/init_creds_pw.c
View File

@@ -1091,6 +1091,7 @@ init_cred_loop(krb5_context context,
size_t size; size_t size;
int pa_counter; int pa_counter;
METHOD_DATA md; METHOD_DATA md;
int send_to_kdc_flags = 0;
memset(&md, 0, sizeof(md)); memset(&md, 0, sizeof(md));
memset(&rep, 0, sizeof(rep)); memset(&rep, 0, sizeof(rep));
@@ -1137,7 +1138,9 @@ init_cred_loop(krb5_context context,
if(len != req.length) if(len != req.length)
krb5_abortx(context, "internal error in ASN.1 encoder"); krb5_abortx(context, "internal error in ASN.1 encoder");
ret = krb5_sendto_kdc (context, &req, &creds->client->realm, &resp); ret = krb5_sendto_kdc_flags (context, &req,
&creds->client->realm, &resp,
send_to_kdc_flags);
krb5_data_free(&req); krb5_data_free(&req);
if (ret) if (ret)
goto out; goto out;
@@ -1150,17 +1153,13 @@ init_cred_loop(krb5_context context,
} else { } else {
/* let's try to parse it as a KRB-ERROR */ /* let's try to parse it as a KRB-ERROR */
KRB_ERROR error; KRB_ERROR error;
int ret2;
ret2 = krb5_rd_error(context, &resp, &error); ret = krb5_rd_error(context, &resp, &error);
if(ret2) { if(ret && resp.data && ((char*)resp.data)[0] == 4)
if (resp.data && ((char*)resp.data)[0] == 4)
ret = KRB5KRB_AP_ERR_V4_REPLY; ret = KRB5KRB_AP_ERR_V4_REPLY;
else
ret = ret2;
krb5_data_free(&resp); krb5_data_free(&resp);
if (ret)
goto out; goto out;
}
ret = krb5_error_from_rd_error(context, &error, creds); ret = krb5_error_from_rd_error(context, &error, creds);
@@ -1169,13 +1168,7 @@ init_cred_loop(krb5_context context,
* more try. * more try.
*/ */
if (ret != KRB5KDC_ERR_PREAUTH_REQUIRED) { if (ret == KRB5KDC_ERR_PREAUTH_REQUIRED) {
krb5_free_error_contents(context, &error);
if (ret_as_reply)
ret_as_reply->error = error;
goto out;
}
free_METHOD_DATA(&md); free_METHOD_DATA(&md);
memset(&md, 0, sizeof(md)); memset(&md, 0, sizeof(md));
@@ -1185,7 +1178,23 @@ init_cred_loop(krb5_context context,
NULL); NULL);
krb5_free_error_contents(context, &error); krb5_free_error_contents(context, &error);
if (ret) { if (ret) {
krb5_set_error_string(context, "failed to decode METHOD DATA"); krb5_set_error_string(context,
"failed to decode METHOD DATA");
goto out;
}
} else if (ret == KRB5KRB_ERR_RESPONSE_TOO_BIG) {
if (send_to_kdc_flags & KRB5_KRBHST_FLAGS_LARGE_MSG) {
if (ret_as_reply)
ret_as_reply->error = error;
goto out;
}
krb5_free_error_contents(context, &error);
send_to_kdc_flags |= KRB5_KRBHST_FLAGS_LARGE_MSG;
} else {
if (ret_as_reply)
ret_as_reply->error = error;
else
krb5_free_error_contents(context, &error);
goto out; goto out;
} }
} }
@@ -1196,9 +1205,6 @@ init_cred_loop(krb5_context context,
if (ret) if (ret)
goto out; goto out;
free_METHOD_DATA(&md);
memset(&md, 0, sizeof(md));
ret = _krb5_extract_ticket(context, ret = _krb5_extract_ticket(context,
&rep, &rep,
creds, creds,
@@ -1214,6 +1220,9 @@ init_cred_loop(krb5_context context,
krb5_free_keyblock(context, key); krb5_free_keyblock(context, key);
out: out:
free_METHOD_DATA(&md);
memset(&md, 0, sizeof(md));
if (ret == 0 && ret_as_reply) if (ret == 0 && ret_as_reply)
*ret_as_reply = rep; *ret_as_reply = rep;
else else