oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Update to use new decode/encode syntax.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@1952 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
1997-07-01 23:54:55 +00:00
parent 372881f5ef
commit 405d2be7c4
14 changed files with 195 additions and 186 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
kdc/connect.c
View File

@@ -59,20 +59,15 @@ process_request(krb5_context context,
{
KDC_REQ req;
krb5_error_code err;
int i;
size_t i;
gettimeofday(&now, NULL);
if (maybe_AS_REQ(buf, len)){
i = decode_AS_REQ(buf, len, &req);
if(i >= 0){
if(decode_AS_REQ(buf, len, &req, &i) == 0){
err = as_rep(context, &req, reply);
free_AS_REQ(&req);
return err;
}
}
if (maybe_TGS_REQ(buf, len)){
i = decode_TGS_REQ(buf, len, &req);
if(i >= 0){
}else{
if(decode_TGS_REQ(buf, len, &req, &i) == 0){
err = tgs_rep(context, &req, reply);
free_TGS_REQ(&req);
return err;

63
kdc/kerberos5.c
View File

@@ -21,6 +21,7 @@ as_rep(krb5_context context,
EncTicketPart *et = calloc(1, sizeof(*et));
EncKDCRepPart *ek = calloc(1, sizeof(*ek));
krb5_principal client_princ;
int e;
client = db_fetch(context, b->cname, b->realm);
server = db_fetch(context, b->sname, b->realm);
@@ -48,9 +49,10 @@ as_rep(krb5_context context,
foo.padata_value.length = 0;
foo.padata_value.data = NULL;
len = encode_PA_DATA(buf + sizeof(buf) - 1,
encode_PA_DATA(buf + sizeof(buf) - 1,
sizeof(buf),
&foo);
&foo,
&len);
foo_data.length = len;
foo_data.data = buf + sizeof(buf) - len;
@@ -64,13 +66,14 @@ as_rep(krb5_context context,
} else {
krb5_data ts_data;
PA_ENC_TS_ENC p;
int len;
size_t len;
EncryptedData enc_data;
len = decode_EncryptedData(req->padata->val->padata_value.data,
e = decode_EncryptedData(req->padata->val->padata_value.data,
req->padata->val->padata_value.length,
&enc_data);
if (len < 0) {
&enc_data,
&len);
if (e) {
krb5_mk_error (client_princ,
KRB5KRB_AP_ERR_BAD_INTEGRITY,
"Couldn't decode",
@@ -84,10 +87,11 @@ as_rep(krb5_context context,
enc_data.cipher.length,
&client->keyblock,
&ts_data);
len = decode_PA_ENC_TS_ENC(ts_data.data,
e = decode_PA_ENC_TS_ENC(ts_data.data,
ts_data.length,
&p);
if (len < 0) {
&p,
&len);
if (e) {
krb5_mk_error (client_princ,
KRB5KRB_AP_ERR_BAD_INTEGRITY,
"Couldn't decode",
@@ -206,31 +210,31 @@ as_rep(krb5_context context,
{
unsigned char buf[1024]; /* XXX The data could be indefinite */
int len;
len = encode_EncTicketPart(buf + sizeof(buf) - 1, sizeof(buf), et);
e = encode_EncTicketPart(buf + sizeof(buf) - 1, sizeof(buf), et, &len);
free_EncTicketPart(et);
free(et);
if(len < 0)
return ASN1_OVERFLOW;
if(e)
return e;
rep.ticket.enc_part.etype = ETYPE_DES_CBC_CRC;
rep.ticket.enc_part.kvno = NULL;
krb5_encrypt(context, buf + sizeof(buf) - len, len, &server->keyblock,
&rep.ticket.enc_part.cipher);
len = encode_EncASRepPart(buf + sizeof(buf) - 1, sizeof(buf), ek);
e = encode_EncASRepPart(buf + sizeof(buf) - 1, sizeof(buf), ek, &len);
free_EncKDCRepPart(ek);
free(ek);
if(len < 0)
return ASN1_OVERFLOW;
if(e)
return e;
rep.enc_part.etype = ETYPE_DES_CBC_CRC;
rep.enc_part.kvno = NULL;
krb5_encrypt(context, buf + sizeof(buf) - len, len, &client->keyblock,
&rep.enc_part.cipher);
len = encode_AS_REP(buf + sizeof(buf) - 1, sizeof(buf), &rep);
if(len < 0)
return ASN1_OVERFLOW;
e = encode_AS_REP(buf + sizeof(buf) - 1, sizeof(buf), &rep, &len);
if(e)
return e;
free_AS_REP(&rep);
krb5_data_copy(data, buf + sizeof(buf) - len, len);
@@ -453,18 +457,21 @@ tgs_rep(krb5_context context,
{
unsigned char buf[1024]; /* XXX The data could be indefinite */
int len;
len = encode_EncTicketPart(buf + sizeof(buf) - 1, sizeof(buf), et);
if(len < 0)
return ASN1_OVERFLOW;
size_t len;
int e;
e = encode_EncTicketPart(buf + sizeof(buf) - 1,
sizeof(buf), et, &len);
if(e)
return e;
rep.ticket.enc_part.etype = ETYPE_DES_CBC_CRC;
rep.ticket.enc_part.kvno = NULL;
krb5_encrypt(context, buf + sizeof(buf) - len, len, &server->keyblock,
&rep.ticket.enc_part.cipher);
len = encode_EncTGSRepPart(buf + sizeof(buf) - 1, sizeof(buf), ek);
if(len < 0)
return ASN1_OVERFLOW;
e = encode_EncTGSRepPart(buf + sizeof(buf) - 1,
sizeof(buf), ek, &len);
if(e)
return e;
rep.enc_part.etype = ETYPE_DES_CBC_CRC;
rep.enc_part.kvno = NULL;
{
@@ -475,9 +482,9 @@ tgs_rep(krb5_context context,
&rep.enc_part.cipher);
}
len = encode_TGS_REP(buf + sizeof(buf) - 1, sizeof(buf), &rep);
if(len < 0)
return ASN1_OVERFLOW;
e = encode_TGS_REP(buf + sizeof(buf) - 1, sizeof(buf), &rep, &len);
if(e)
return e;
free_TGS_REP(&rep);
krb5_data_copy(data, buf + sizeof(buf) - len, len);
}

5
lib/krb5/build_ap_req.c
View File

@@ -11,6 +11,7 @@ krb5_build_ap_req (krb5_context context,
{
AP_REQ ap;
Ticket t;
size_t len;
ap.pvno = 5;
ap.msg_type = krb_ap_req;
@@ -30,7 +31,7 @@ krb5_build_ap_req (krb5_context context,
krb5_principal2principalname(&ap.ticket.sname, cred->server);
#endif
decode_Ticket(cred->ticket.data, cred->ticket.length, &t);
decode_Ticket(cred->ticket.data, cred->ticket.length, &t, &len);
copy_EncryptedData(&t.enc_part, &ap.ticket.enc_part);
free_Ticket(&t);
@@ -40,7 +41,7 @@ krb5_build_ap_req (krb5_context context,
ret->length = length_AP_REQ(&ap);
ret->data = malloc(ret->length);
encode_AP_REQ((char *)ret->data + ret->length - 1, ret->length, &ap);
encode_AP_REQ((char *)ret->data + ret->length - 1, ret->length, &ap, &len);
free_AP_REQ(&ap);
return 0;

2
lib/krb5/build_auth.c
View File

@@ -51,7 +51,7 @@ krb5_build_authenticator (krb5_context context,
}
memset (buf, 0, sizeof(buf));
len = encode_Authenticator (buf + sizeof(buf) - 1, sizeof(buf), auth);
ret = encode_Authenticator (buf + sizeof(buf) - 1, sizeof(buf), auth, &len);
ret = krb5_encrypt (context, buf + sizeof(buf) - len, len, &cred->session,
result);

73
lib/krb5/get_cred.c
View File

@@ -27,7 +27,7 @@ krb5_get_credentials (krb5_context context,
krb5_creds *in_creds,
krb5_creds **out_creds)
{
krb5_error_code err;
krb5_error_code ret;
TGS_REQ a;
Authenticator auth;
krb5_data authenticator;
@@ -50,12 +50,12 @@ krb5_get_credentials (krb5_context context,
*out_creds = malloc(sizeof(**out_creds));
memset(*out_creds, 0, sizeof(**out_creds));
err = krb5_cc_retrieve_cred(context, ccache, 0, in_creds, *out_creds);
if (err == 0)
return err;
else if (err != KRB5_CC_END) {
ret = krb5_cc_retrieve_cred(context, ccache, 0, in_creds, *out_creds);
if (ret == 0)
return ret;
else if (ret != KRB5_CC_END) {
free(*out_creds);
return err;
return ret;
}
/*
@@ -64,18 +64,18 @@ krb5_get_credentials (krb5_context context,
memset(&a, 0, sizeof(a));
err = krb5_get_default_in_tkt_etypes (context,
ret = krb5_get_default_in_tkt_etypes (context,
(krb5_enctype**)&a.req_body.etype.val);
if (err)
return err;
if (ret)
return ret;
a.req_body.etype.len = 1;
a.req_body.addresses = malloc(sizeof(*a.req_body.addresses));
err = krb5_get_all_client_addrs ((krb5_addresses*)a.req_body.addresses);
if (err)
return err;
ret = krb5_get_all_client_addrs ((krb5_addresses*)a.req_body.addresses);
if (ret)
return ret;
a.pvno = 5;
a.msg_type = krb_tgs_req;
@@ -111,38 +111,38 @@ krb5_get_credentials (krb5_context context,
int len;
krb5_creds tmp_cred;
len = encode_KDC_REQ_BODY(buf + sizeof(buf) - 1, sizeof(buf),
&a.req_body);
ret = encode_KDC_REQ_BODY(buf + sizeof(buf) - 1, sizeof(buf),
&a.req_body, &len);
in_data.length = len;
in_data.data = buf + sizeof(buf) - len;
tmp_cred.client = NULL;
err = krb5_build_principal(context,
ret = krb5_build_principal(context,
&tmp_cred.server,
strlen(a.req_body.realm),
a.req_body.realm,
"krbtgt",
a.req_body.realm,
NULL);
if (err)
return err;
if (ret)
return ret;
err = krb5_get_credentials (context,
ret = krb5_get_credentials (context,
0,
ccache,
&tmp_cred,
out_creds);
if (err)
return err;
if (ret)
return ret;
err = krb5_mk_req_extended(context,
ret = krb5_mk_req_extended(context,
&ac,
0,
&in_data,
*out_creds,
&foo.padata_value);
if(err)
return err;
if(ret)
return ret;
foo.padata_type = pa_tgs_req;
}
@@ -155,7 +155,7 @@ krb5_get_credentials (krb5_context context,
* Encode
*/
req.length = encode_TGS_REQ (buf + sizeof (buf) - 1, sizeof(buf), &a);
encode_TGS_REQ (buf + sizeof (buf) - 1, sizeof(buf), &a, &req.length);
req.data = buf + sizeof(buf) - req.length;
for (i = 0; i < a.req_body.addresses->len; ++i)
@@ -168,21 +168,21 @@ krb5_get_credentials (krb5_context context,
{
TGS_REQ xx;
decode_TGS_REQ (req.data, req.length, &xx);
size_t size;
decode_TGS_REQ (req.data, req.length, &xx, &size);
req.length = req.length;
}
err = krb5_sendto_kdc (context, &req, &in_creds->server->realm, &resp);
if (err) {
return err;
ret = krb5_sendto_kdc (context, &req, &in_creds->server->realm, &resp);
if (ret) {
return ret;
}
switch(((unsigned char*)resp.data)[0] & 0x1f){
case krb_error:{
krb5_principal princ;
char *name;
len = decode_KRB_ERROR(resp.data, resp.length, &error);
if(len < 0)
return ASN1_PARSE_ERROR;
ret = decode_KRB_ERROR(resp.data, resp.length, &error, &len);
if(ret) return ret;
principalname2krb5_principal(&princ, error.sname, error.realm);
krb5_unparse_name(context, princ, &name);
fprintf(stderr, "Error: %s", name);
@@ -193,16 +193,15 @@ krb5_get_credentials (krb5_context context,
break;
}
case krb_tgs_rep:
len = decode_TGS_REP(resp.data, resp.length, &rep.part1);
if(len < 0)
return ASN1_PARSE_ERROR;
err = extract_ticket(context, &rep, *out_creds,
ret = decode_TGS_REP(resp.data, resp.length, &rep.part1, &len);
if(ret) return ret;
ret = extract_ticket(context, &rep, *out_creds,
&(*out_creds)->session,
NULL,
NULL,
NULL);
if(err)
return err;
if(ret)
return ret;
return krb5_cc_store_cred (context, ccache, *out_creds);
break;
}

104
lib/krb5/get_in_tkt.c
View File

@@ -10,6 +10,7 @@ decrypt_tkt (krb5_context context,
{
krb5_error_code ret;
krb5_data data;
size_t size;
ret = krb5_decrypt (context,
dec_rep->part1.enc_part.cipher.data,
@@ -21,14 +22,15 @@ decrypt_tkt (krb5_context context,
ret = decode_EncASRepPart(data.data,
data.length,
&dec_rep->part2);
if (ret < 0)
&dec_rep->part2,
&size);
if (ret)
ret = decode_EncTGSRepPart(data.data,
data.length,
&dec_rep->part2);
&dec_rep->part2,
&size);
krb5_data_free (&data);
if (ret < 0)
return ASN1_PARSE_ERROR;
if (ret) return ret;
return 0;
}
@@ -51,8 +53,8 @@ extract_ticket(krb5_context context,
{
char buf[1024];
int len;
len = encode_Ticket(buf + sizeof(buf) - 1, sizeof(buf),
&rep->part1.ticket);
encode_Ticket(buf + sizeof(buf) - 1, sizeof(buf),
&rep->part1.ticket, &len);
creds->ticket.data = malloc(len);
memcpy(creds->ticket.data, buf + sizeof(buf) - len, len);
creds->ticket.length = len;
@@ -144,7 +146,7 @@ krb5_get_in_tkt(krb5_context context,
krb5_ccache ccache,
krb5_kdc_rep **ret_as_reply)
{
krb5_error_code err;
krb5_error_code ret;
AS_REQ a;
krb5_kdc_rep rep;
krb5_data req, resp;
@@ -152,6 +154,7 @@ krb5_get_in_tkt(krb5_context context,
char buf[BUFSIZ];
krb5_data salt;
krb5_keyblock *key;
size_t size;
memset(&a, 0, sizeof(a));
@@ -175,10 +178,10 @@ krb5_get_in_tkt(krb5_context context,
if (etypes)
abort ();
else {
err = krb5_get_default_in_tkt_etypes (context,
ret = krb5_get_default_in_tkt_etypes (context,
(krb5_enctype**)&a.req_body.etype.val);
if (err)
return err;
if (ret)
return ret;
a.req_body.etype.len = 1;
}
if (addrs){
@@ -186,9 +189,9 @@ krb5_get_in_tkt(krb5_context context,
} else {
a.req_body.addresses = malloc(sizeof(*a.req_body.addresses));
err = krb5_get_all_client_addrs ((krb5_addresses*)a.req_body.addresses);
if (err)
return err;
ret = krb5_get_all_client_addrs ((krb5_addresses*)a.req_body.addresses);
if (ret)
return ret;
}
a.req_body.enc_authorization_data = NULL;
a.req_body.additional_tickets = NULL;
@@ -202,16 +205,16 @@ krb5_get_in_tkt(krb5_context context,
salt.length = 0;
salt.data = NULL;
err = krb5_get_salt (creds->client, &salt);
ret = krb5_get_salt (creds->client, &salt);
if (err)
return err;
if (ret)
return ret;
err = (*key_proc)(context, *(a.req_body.etype.val), &salt,
ret = (*key_proc)(context, *(a.req_body.etype.val), &salt,
keyseed, &key);
krb5_data_free (&salt);
if (err)
return err;
if (ret)
return ret;
/* not sure this is the way to use `ptypes' */
if (ptypes == NULL || *ptypes == KRB5_PADATA_NONE)
@@ -220,7 +223,7 @@ krb5_get_in_tkt(krb5_context context,
PA_ENC_TS_ENC p;
u_char buf[1024];
struct timeval tv;
int len;
size_t len;
unsigned foo;
EncryptedData encdata;
@@ -229,11 +232,12 @@ krb5_get_in_tkt(krb5_context context,
foo = tv.tv_usec;
p.pausec = &foo;
len = encode_PA_ENC_TS_ENC(buf + sizeof(buf) - 1,
ret = encode_PA_ENC_TS_ENC(buf + sizeof(buf) - 1,
sizeof(buf),
&p);
if (len < 0)
return ASN1_PARSE_ERROR;
&p,
&len);
if (ret)
return ret;
a.padata = malloc(sizeof(*a.padata));
a.padata->len = 1;
@@ -243,59 +247,63 @@ krb5_get_in_tkt(krb5_context context,
encdata.etype = ETYPE_DES_CBC_CRC;
encdata.kvno = NULL;
err = krb5_encrypt (context,
ret = krb5_encrypt (context,
buf + sizeof(buf) - len,
len,
key,
&encdata.cipher);
if (err)
return err;
if (ret)
return ret;
len = encode_EncryptedData(buf + sizeof(buf) - 1,
ret = encode_EncryptedData(buf + sizeof(buf) - 1,
sizeof(buf),
&encdata);
&encdata,
&len);
krb5_data_free(&encdata.cipher);
if (len < 0)
return ASN1_PARSE_ERROR;
if (ret)
return ret;
krb5_data_copy(&a.padata->val->padata_value,
buf + sizeof(buf) - len,
len);
} else
return KRB5_PREAUTH_BAD_TYPE;
req.length = encode_AS_REQ ((unsigned char*)buf + sizeof(buf) - 1,
ret = encode_AS_REQ ((unsigned char*)buf + sizeof(buf) - 1,
sizeof(buf),
&a);
if (req.length < 0){
&a,
&req.length);
if (ret){
free_AS_REQ(&a);
return ASN1_PARSE_ERROR;
return ret;
}
free_AS_REQ(&a);
req.data = buf + sizeof(buf) - req.length;
err = krb5_sendto_kdc (context, &req, &creds->client->realm, &resp);
if (err) {
return err;
ret = krb5_sendto_kdc (context, &req, &creds->client->realm, &resp);
if (ret) {
return ret;
}
if(decode_AS_REP(resp.data, resp.length, &rep.part1) < 0){
if((ret = decode_AS_REP(resp.data, resp.length, &rep.part1, &size))){
/* let's try to parse it as a KRB-ERROR */
KRB_ERROR error;
int ret2;
if (decode_KRB_ERROR(resp.data, resp.length, &error) >= 0) {
ret2 = decode_KRB_ERROR(resp.data, resp.length, &error, &size);
krb5_data_free(&resp);
if (ret2 == 0) {
/* XXX */
fprintf (stderr, "get_in_tkt: KRB_ERROR: %s\n",
*(error.e_text));
fprintf (stderr, "get_in_tkt: KRB_ERROR: %s\n", *(error.e_text));
return error.error_code;
}
krb5_data_free(&resp);
return ASN1_PARSE_ERROR;
return ret;
}
krb5_data_free(&resp);
err = extract_ticket(context, &rep, creds, key, keyseed,
ret = extract_ticket(context, &rep, creds, key, keyseed,
decrypt_proc, decryptarg);
free_KDC_REP(&rep.part1);
if(err)
return err;
if(ret)
return ret;
return krb5_cc_store_cred (context, ccache, creds);
}

2
lib/krb5/mk_error.c
View File

@@ -27,7 +27,7 @@ krb5_mk_error(krb5_principal princ,
msg.e_text = &e_text;
if (e_data)
msg.e_data = e_data;
err->length = encode_KRB_ERROR(buf + sizeof(buf) - 1, sizeof(buf), &msg);
encode_KRB_ERROR(buf + sizeof(buf) - 1, sizeof(buf), &msg, &err->length);
err->data = malloc(err->length);
memcpy(err->data, buf + sizeof(buf) - err->length, err->length);
return 0;

12
lib/krb5/mk_priv.c
View File

@@ -36,10 +36,10 @@ krb5_mk_priv(krb5_context context,
part.s_address.address = addr.addrs[0].address;
part.r_address = NULL;
len = encode_EncKrbPrivPart (buf + sizeof(buf) - 1, sizeof(buf), &part);
r = encode_EncKrbPrivPart (buf + sizeof(buf) - 1, sizeof(buf), &part, &len);
free (part.seq_number);
if (len < 0)
return ASN1_PARSE_ERROR;
if (r)
return r;
s.pvno = 5;
s.msg_type = krb_priv;
@@ -51,9 +51,9 @@ krb5_mk_priv(krb5_context context,
if (r)
return r;
len = encode_KRB_PRIV (buf + sizeof(buf) - 1, sizeof(buf), &s);
if (len < 0)
return ASN1_PARSE_ERROR;
r = encode_KRB_PRIV (buf + sizeof(buf) - 1, sizeof(buf), &s, &len);
if (r)
return r;
outbuf->length = len;
outbuf->data = malloc (len);
if (outbuf->data == NULL)

6
lib/krb5/mk_rep.c
View File

@@ -32,15 +32,13 @@ krb5_mk_rep(krb5_context context,
ap.enc_part.etype = (*auth_context)->key.keytype;
ap.enc_part.kvno = NULL;
len = encode_EncAPRepPart (buf + sizeof(buf) - 1,
sizeof(buf), &body);
encode_EncAPRepPart (buf + sizeof(buf) - 1, sizeof(buf), &body, &len);
ret = krb5_encrypt (context, buf + sizeof(buf) - len, len,
&(*auth_context)->key, &ap.enc_part.cipher);
if (ret)
return ret;
len = encode_AP_REP (buf + sizeof(buf) - 1,
sizeof(buf), &ap);
encode_AP_REP (buf + sizeof(buf) - 1, sizeof(buf), &ap, &len);
free (ap.enc_part.cipher.data);
outbuf->length = len;
outbuf->data = malloc(len);

6
lib/krb5/mk_safe.c
View File

@@ -45,10 +45,10 @@ krb5_mk_safe(krb5_context context,
s.safe_body.s_address = addr.addrs[0];
s.safe_body.r_address = NULL;
len = encode_KRB_SAFE (buf + sizeof(buf) - 1, sizeof(buf), &s);
r = encode_KRB_SAFE (buf + sizeof(buf) - 1, sizeof(buf), &s, &len);
free(s.safe_body.seq_number);
if (len < 0)
return ASN1_PARSE_ERROR;
if (r)
return r;
outbuf->length = len;
outbuf->data = malloc (len);
if (outbuf->data == NULL)

14
lib/krb5/rd_priv.c
View File

@@ -12,12 +12,12 @@ krb5_rd_priv(krb5_context context,
krb5_error_code r;
KRB_PRIV priv;
EncKrbPrivPart part;
int len;
size_t len;
krb5_data plain;
len = decode_KRB_PRIV (inbuf->data, inbuf->length, &priv);
if (len < 0)
return ASN1_PARSE_ERROR;
r = decode_KRB_PRIV (inbuf->data, inbuf->length, &priv, &len);
if (r)
return r;
if (priv.pvno != 5)
return KRB5KRB_AP_ERR_BADVERSION;
if (priv.msg_type != krb_safe)
@@ -31,9 +31,9 @@ krb5_rd_priv(krb5_context context,
if (r)
return r;
len = decode_EncKrbPrivPart (plain.data, plain.length, &part);
if (len < 0)
return ASN1_PARSE_ERROR;
r = decode_EncKrbPrivPart (plain.data, plain.length, &part, &len);
if (r)
return r;
/* check timestamp */
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {

15
lib/krb5/rd_rep.c
View File

@@ -16,9 +16,9 @@ krb5_rd_rep(krb5_context context,
int i;
krb5_data data;
len = decode_AP_REP(inbuf->data, inbuf->length, &ap_rep);
if (len < 0)
return ASN1_PARSE_ERROR;
ret = decode_AP_REP(inbuf->data, inbuf->length, &ap_rep, &len);
if (ret)
return ret;
if (ap_rep.pvno != 5)
return KRB5KRB_AP_ERR_BADVERSION;
if (ap_rep.msg_type != krb_ap_rep)
@@ -35,11 +35,12 @@ krb5_rd_rep(krb5_context context,
*repl = malloc(sizeof(**repl));
if (*repl == NULL)
return ENOMEM;
i = decode_EncAPRepPart(data.data,
ret = decode_EncAPRepPart(data.data,
data.length,
*repl);
if (i < 0)
return ASN1_PARSE_ERROR;
*repl,
&i);
if (ret)
return ret;
if ((*repl)->ctime != auth_context->authenticator->ctime ||
(*repl)->cusec != auth_context->authenticator->cusec) {
printf("KRB5KRB_AP_ERR_MUT_FAIL\n");

20
lib/krb5/rd_req.c
View File

@@ -16,10 +16,10 @@ decrypt_tkt_enc_part (krb5_context context,
if (ret)
return ret;
len = decode_EncTicketPart(plain.data, plain.length, decr_part);
ret = decode_EncTicketPart(plain.data, plain.length, decr_part, &len);
krb5_data_free (&plain);
if (len < 0)
return ASN1_PARSE_ERROR;
if (ret)
return ret;
return 0;
}
@@ -31,16 +31,16 @@ decrypt_authenticator (krb5_context context,
{
krb5_error_code ret;
krb5_data plain;
int len;
size_t len;
ret = krb5_decrypt (context, enc_part->cipher.data, enc_part->cipher.length, key, &plain);
if (ret)
return ret;
len = decode_Authenticator(plain.data, plain.length, authenticator);
ret = decode_Authenticator(plain.data, plain.length, authenticator, &len);
krb5_data_free (&plain);
if (len < 0)
return ASN1_PARSE_ERROR;
if (ret)
return ret;
return 0;
}
@@ -64,9 +64,9 @@ krb5_rd_req_with_keyblock(krb5_context context,
return ret;
}
len = decode_AP_REQ(inbuf->data, inbuf->length, &ap_req);
if (len < 0)
return ASN1_PARSE_ERROR;
ret = decode_AP_REQ(inbuf->data, inbuf->length, &ap_req, &len);
if (ret)
return ret;
if (ap_req.pvno != 5)
return KRB5KRB_AP_ERR_BADVERSION;
if (ap_req.msg_type != krb_ap_req)

8
lib/krb5/rd_safe.c
View File

@@ -11,11 +11,11 @@ krb5_rd_safe(krb5_context context,
{
krb5_error_code r;
KRB_SAFE safe;
int len;
size_t len;
len = decode_KRB_SAFE (inbuf->data, inbuf->length, &safe);
if (len < 0)
return ASN1_PARSE_ERROR;
r = decode_KRB_SAFE (inbuf->data, inbuf->length, &safe, &len);
if (r)
return r;
if (safe.pvno != 5)
return KRB5KRB_AP_ERR_BADVERSION;
if (safe.msg_type != krb_safe)