oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Fixed (preemptively) a double free and added password history based on key history.

Browse Source
This commit is contained in:
Nicolas Williams
2011-07-13 01:49:44 -05:00
committed by Nicolas Williams
parent 34189a23fe
commit 51e9da4a66
3 changed files with 61 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
lib/hdb/keys.c
View File

@@ -210,6 +210,14 @@ parse_key_set(krb5_context context, const char *key,
} }
/**
* This function adds an HDB entry's current keyset to the entry's key
* history. The current keyset is left alone; the caller is responsible
* for freeing it.
*
* @param context Context
* @param entry HDB entry
*/
krb5_error_code krb5_error_code
hdb_add_current_keys_to_history(krb5_context context, hdb_entry *entry) hdb_add_current_keys_to_history(krb5_context context, hdb_entry *entry)
{ {
@@ -217,7 +225,8 @@ hdb_add_current_keys_to_history(krb5_context context, hdb_entry *entry)
HDB_extension *ext; HDB_extension *ext;
HDB_Ext_KeySet *hist_keys; HDB_Ext_KeySet *hist_keys;
hdb_keyset *tmp_keysets; hdb_keyset *tmp_keysets;
int add = 0; size_t i;
size_t add = 0;
ext = hdb_find_extension(entry, choice_HDB_extension_data_hist_keys); ext = hdb_find_extension(entry, choice_HDB_extension_data_hist_keys);
if (ext != NULL) { if (ext != NULL) {
@@ -244,15 +253,21 @@ hdb_add_current_keys_to_history(krb5_context context, hdb_entry *entry)
hist_keys->len = 1; hist_keys->len = 1;
} }
hist_keys->val[0].keys.val = entry->keys.val; hist_keys->val[0].keys.len = 0;
hist_keys->val[0].keys.len = entry->keys.len; hist_keys->val[0].keys.val = calloc(entry->keys.len,
sizeof (*hist_keys->val[0].keys.val));
for (i = 0; i < entry->keys.len; i++, hist_keys->val[0].keys.len++) {
ret = copy_Key(&entry->keys.val[i], &hist_keys->val[0].keys.val[i]);
if (ret) {
free_HDB_extension(ext);
return ret;
}
}
hist_keys->val[0].kvno = entry->kvno; hist_keys->val[0].kvno = entry->kvno;
(void) hdb_entry_get_pw_change_time(entry, &hist_keys->val[0].set_time); (void) hdb_entry_get_pw_change_time(entry, &hist_keys->val[0].set_time);
entry->keys.val = NULL;
entry->keys.len = 0;
if (add) { if (add) {
/* XXX hdb_replace_extension() deep-copies ext; what a waste */
ret = hdb_replace_extension(context, entry, ext); ret = hdb_replace_extension(context, entry, ext);
if (ret) { if (ret) {
free_HDB_extension(ext); free_HDB_extension(ext);

17
lib/kadm5/chpass_s.c
View File

@@ -77,15 +77,20 @@ change(void *server_handle,
ret = _kadm5_set_keys(context, &ent.entry, password); ret = _kadm5_set_keys(context, &ent.entry, password);
if(ret) { if(ret) {
_kadm5_free_keys (context->context, num_keys, keys); _kadm5_free_keys(context->context, num_keys, keys);
goto out2; goto out2;
} }
_kadm5_free_keys(context->context, num_keys, keys);
if (cond) if (cond) {
existsp = _kadm5_exists_keys (ent.entry.keys.val, HDB_extension *ext;
ent.entry.keys.len,
keys, num_keys); ext = hdb_find_extension(&ent.entry, choice_HDB_extension_data_hist_keys);
_kadm5_free_keys (context->context, num_keys, keys); if (ext != NULL)
existsp = _kadm5_exists_keys_hist(ent.entry.keys.val,
ent.entry.keys.len,
&ext->data.u.hist_keys);
}
if (existsp) { if (existsp) {
ret = KADM5_PASS_REUSE; ret = KADM5_PASS_REUSE;

32
lib/kadm5/keys.c
View File

@@ -63,16 +63,36 @@ _kadm5_init_keys (Key *keys, int len)
} }
} }
/*
* return 1 if any key in `keys1, len1' exists in hist_keys
*/
int
_kadm5_exists_keys_hist(Key *keys1, int len1, HDB_Ext_KeySet *hist_keys)
{
size_t i;
for (i = 0; i < hist_keys->len; i++) {
if (_kadm5_exists_keys(keys1, len1,
hist_keys->val[i].keys.val,
hist_keys->val[i].keys.len))
return 1;
}
return 0;
}
/* /*
* return 1 if any key in `keys1, len1' exists in `keys2, len2' * return 1 if any key in `keys1, len1' exists in `keys2, len2'
*/ */
int int
_kadm5_exists_keys(Key *keys1, int len1, Key *keys2, int len2) _kadm5_exists_keys(Key *keys1, int len1, Key *keys2, int len2)
{ {
int i, j; size_t i, j;
size_t checked_all_this_enctype;
for (i = 0; i < len1; ++i) { for (i = 0; i < len1; ++i) {
checked_all_this_enctype = 1;
for (j = 0; j < len2; j++) { for (j = 0; j < len2; j++) {
if ((keys1[i].salt != NULL && keys2[j].salt == NULL) if ((keys1[i].salt != NULL && keys2[j].salt == NULL)
|| (keys1[i].salt == NULL && keys2[j].salt != NULL)) || (keys1[i].salt == NULL && keys2[j].salt != NULL))
@@ -87,8 +107,10 @@ _kadm5_exists_keys(Key *keys1, int len1, Key *keys2, int len2)
keys1[i].salt->salt.length) != 0) keys1[i].salt->salt.length) != 0)
continue; continue;
} }
if (keys1[i].key.keytype != keys2[j].key.keytype) if (keys1[i].key.keytype != keys2[j].key.keytype) {
checked_all_this_enctype = 0;
continue; continue;
}
if (keys1[i].key.keyvalue.length != keys2[j].key.keyvalue.length) if (keys1[i].key.keyvalue.length != keys2[j].key.keyvalue.length)
continue; continue;
if (memcmp (keys1[i].key.keyvalue.data, keys2[j].key.keyvalue.data, if (memcmp (keys1[i].key.keyvalue.data, keys2[j].key.keyvalue.data,
@@ -97,6 +119,10 @@ _kadm5_exists_keys(Key *keys1, int len1, Key *keys2, int len2)
return 1; return 1;
} }
/* Optimization */
if (checked_all_this_enctype)
return 0;
} }
return 0; return 0;
} }