diff --git a/appl/popper/pop_pass.c b/appl/popper/pop_pass.c index 09b5b3baa..6bb25470b 100644 --- a/appl/popper/pop_pass.c +++ b/appl/popper/pop_pass.c @@ -37,15 +37,20 @@ static int krb5_verify_password (POP *p) { krb5_preauthtype pre_auth_types[] = {KRB5_PADATA_ENC_TIMESTAMP}; - krb5_get_init_creds_opt get_options; + krb5_get_init_creds_opt *get_options; krb5_verify_init_creds_opt verify_options; krb5_error_code ret; krb5_principal client, server; krb5_creds creds; - krb5_get_init_creds_opt_init (&get_options); + ret = krb5_get_init_creds_opt_alloc (&get_options); + if (ret) { + pop_log(p, POP_PRIORITY, "krb5_get_init_creds_opt_init: %s", + krb5_get_err_text (p->context, ret)); + return 1; + } - krb5_get_init_creds_opt_set_preauth_list (&get_options, + krb5_get_init_creds_opt_set_preauth_list (get_options, pre_auth_types, 1); @@ -66,7 +71,8 @@ krb5_verify_password (POP *p) NULL, 0, NULL, - &get_options); + get_options); + krb5_get_init_creds_opt_free(get_options); if (ret) { pop_log(p, POP_PRIORITY, "krb5_get_init_creds_password: %s", diff --git a/kpasswd/kpasswd-generator.c b/kpasswd/kpasswd-generator.c index 630e53c11..ce5f614f2 100644 --- a/kpasswd/kpasswd-generator.c +++ b/kpasswd/kpasswd-generator.c @@ -88,17 +88,17 @@ generate_requests (const char *filename, unsigned nreq) for (i = 0; i < nreq; ++i) { char *name = words[rand() % nwords]; - krb5_get_init_creds_opt opt; + krb5_get_init_creds_opt *opt; krb5_creds cred; krb5_principal principal; int result_code; krb5_data result_code_string, result_string; char *old_pwd, *new_pwd; - krb5_get_init_creds_opt_init (&opt); - krb5_get_init_creds_opt_set_tkt_life (&opt, 300); - krb5_get_init_creds_opt_set_forwardable (&opt, FALSE); - krb5_get_init_creds_opt_set_proxiable (&opt, FALSE); + krb5_get_init_creds_opt_alloc (&opt); + krb5_get_init_creds_opt_set_tkt_life (opt, 300); + krb5_get_init_creds_opt_set_forwardable (opt, FALSE); + krb5_get_init_creds_opt_set_proxiable (opt, FALSE); ret = krb5_parse_name (context, name, &principal); if (ret) @@ -115,7 +115,7 @@ generate_requests (const char *filename, unsigned nreq) NULL, 0, "kadmin/changepw", - &opt); + opt); if( ret == KRB5KRB_AP_ERR_BAD_INTEGRITY || ret == KRB5KRB_AP_ERR_MODIFIED) { char *tmp; @@ -132,7 +132,7 @@ generate_requests (const char *filename, unsigned nreq) NULL, 0, "kadmin/changepw", - &opt); + opt); } if (ret) krb5_err (context, 1, ret, "krb5_get_init_creds_password"); @@ -149,6 +149,7 @@ generate_requests (const char *filename, unsigned nreq) free (old_pwd); free (new_pwd); krb5_free_creds_contents (context, &cred); + krb5_get_init_creds_opt_free(opt); } } diff --git a/kpasswd/kpasswd.c b/kpasswd/kpasswd.c index 01c14ed2d..6f71f8cf6 100644 --- a/kpasswd/kpasswd.c +++ b/kpasswd/kpasswd.c @@ -119,7 +119,7 @@ main (int argc, char **argv) krb5_principal principal; krb5_principal admin_principal; int optind = 0; - krb5_get_init_creds_opt opt; + krb5_get_init_creds_opt *opt; krb5_creds cred; krb5_ccache id; int exit_value; @@ -135,12 +135,6 @@ main (int argc, char **argv) exit(0); } - krb5_get_init_creds_opt_init (&opt); - - krb5_get_init_creds_opt_set_tkt_life (&opt, 300); - krb5_get_init_creds_opt_set_forwardable (&opt, FALSE); - krb5_get_init_creds_opt_set_proxiable (&opt, FALSE); - admin_principal = NULL; argc -= optind; @@ -150,6 +144,14 @@ main (int argc, char **argv) if (ret) errx (1, "krb5_init_context failed: %d", ret); + ret = krb5_get_init_creds_opt_alloc (&opt); + if (ret) + krb5_err(context, 1, ret, "krb5_get_init_creds_opt_alloc"); + + krb5_get_init_creds_opt_set_tkt_life (opt, 300); + krb5_get_init_creds_opt_set_forwardable (opt, FALSE); + krb5_get_init_creds_opt_set_proxiable (opt, FALSE); + if (admin_principal_str) { ret = krb5_parse_name (context, admin_principal_str, &admin_principal); if (ret) @@ -174,7 +176,7 @@ main (int argc, char **argv) NULL, 0, "kadmin/changepw", - &opt); + opt); switch (ret) { case 0: break; @@ -188,6 +190,8 @@ main (int argc, char **argv) krb5_err(context, 1, ret, "krb5_get_init_creds"); } + krb5_get_init_creds_opt_free(opt); + ret = krb5_cc_initialize(context, id, admin_principal); if (ret) krb5_err(context, 1, ret, "krb5_cc_initialize"); diff --git a/kuser/kverify.c b/kuser/kverify.c index d5655b92a..b33ba92b1 100644 --- a/kuser/kverify.c +++ b/kuser/kverify.c @@ -60,7 +60,7 @@ main(int argc, char **argv) krb5_error_code ret; krb5_creds cred; krb5_preauthtype pre_auth_types[] = {KRB5_PADATA_ENC_TIMESTAMP}; - krb5_get_init_creds_opt get_options; + krb5_get_init_creds_opt *get_options; krb5_verify_init_creds_opt verify_options; int optind = 0; @@ -81,9 +81,11 @@ main(int argc, char **argv) if (ret) errx (1, "krb5_init_context failed: %d", ret); - krb5_get_init_creds_opt_init (&get_options); + ret = krb5_get_init_creds_opt_alloc (&get_options); + if (ret) + krb5_err(context, 1, ret, "krb5_get_init_creds_opt_alloc"); - krb5_get_init_creds_opt_set_preauth_list (&get_options, + krb5_get_init_creds_opt_set_preauth_list (get_options, pre_auth_types, 1); @@ -97,7 +99,7 @@ main(int argc, char **argv) NULL, 0, NULL, - &get_options); + get_options); if (ret) errx (1, "krb5_get_init_creds: %s", krb5_get_err_text(context, ret)); diff --git a/lib/gssapi/acquire_cred.c b/lib/gssapi/acquire_cred.c index 4e39215c6..b14173622 100644 --- a/lib/gssapi/acquire_cred.c +++ b/lib/gssapi/acquire_cred.c @@ -71,7 +71,7 @@ static OM_uint32 acquire_initiator_cred OM_uint32 ret; krb5_creds cred; krb5_principal def_princ; - krb5_get_init_creds_opt opt; + krb5_get_init_creds_opt *opt; krb5_ccache ccache; krb5_keytab keytab; krb5_error_code kret; @@ -117,9 +117,12 @@ static OM_uint32 acquire_initiator_cred kret = get_keytab(&keytab); if (kret) goto end; - krb5_get_init_creds_opt_init(&opt); + kret = krb5_get_init_creds_opt_alloc(&opt); + if (ret) + goto end; kret = krb5_get_init_creds_keytab(gssapi_krb5_context, &cred, - handle->principal, keytab, 0, NULL, &opt); + handle->principal, keytab, 0, NULL, opt); + krb5_get_init_creds_opt_free(opt); if (kret) goto end; kret = krb5_cc_gen_new(gssapi_krb5_context, &krb5_mcc_ops, diff --git a/lib/gssapi/krb5/acquire_cred.c b/lib/gssapi/krb5/acquire_cred.c index 4e39215c6..b14173622 100644 --- a/lib/gssapi/krb5/acquire_cred.c +++ b/lib/gssapi/krb5/acquire_cred.c @@ -71,7 +71,7 @@ static OM_uint32 acquire_initiator_cred OM_uint32 ret; krb5_creds cred; krb5_principal def_princ; - krb5_get_init_creds_opt opt; + krb5_get_init_creds_opt *opt; krb5_ccache ccache; krb5_keytab keytab; krb5_error_code kret; @@ -117,9 +117,12 @@ static OM_uint32 acquire_initiator_cred kret = get_keytab(&keytab); if (kret) goto end; - krb5_get_init_creds_opt_init(&opt); + kret = krb5_get_init_creds_opt_alloc(&opt); + if (ret) + goto end; kret = krb5_get_init_creds_keytab(gssapi_krb5_context, &cred, - handle->principal, keytab, 0, NULL, &opt); + handle->principal, keytab, 0, NULL, opt); + krb5_get_init_creds_opt_free(opt); if (kret) goto end; kret = krb5_cc_gen_new(gssapi_krb5_context, &krb5_mcc_ops, diff --git a/lib/kadm5/init_c.c b/lib/kadm5/init_c.c index f142ec153..f90cfd72b 100644 --- a/lib/kadm5/init_c.c +++ b/lib/kadm5/init_c.c @@ -141,19 +141,21 @@ get_new_cache(krb5_context context, { krb5_error_code ret; krb5_creds cred; - krb5_get_init_creds_opt opt; + krb5_get_init_creds_opt *opt; krb5_ccache id; - krb5_get_init_creds_opt_init (&opt); + ret = krb5_get_init_creds_opt_alloc (&opt); + if (ret) + return ret; krb5_get_init_creds_opt_set_default_flags(context, "kadmin", krb5_principal_get_realm(context, client), - &opt); + opt); - krb5_get_init_creds_opt_set_forwardable (&opt, FALSE); - krb5_get_init_creds_opt_set_proxiable (&opt, FALSE); + krb5_get_init_creds_opt_set_forwardable (opt, FALSE); + krb5_get_init_creds_opt_set_proxiable (opt, FALSE); if(password == NULL && prompter == NULL) { krb5_keytab kt; @@ -161,15 +163,17 @@ get_new_cache(krb5_context context, ret = krb5_kt_default(context, &kt); else ret = krb5_kt_resolve(context, keytab, &kt); - if(ret) + if(ret) { + krb5_get_init_creds_opt_free(opt); return ret; + } ret = krb5_get_init_creds_keytab (context, &cred, client, kt, 0, server_name, - &opt); + opt); krb5_kt_close(context, kt); } else { ret = krb5_get_init_creds_password (context, @@ -180,8 +184,9 @@ get_new_cache(krb5_context context, NULL, 0, server_name, - &opt); + opt); } + krb5_get_init_creds_opt_free(opt); switch(ret){ case 0: break; diff --git a/lib/kadm5/ipropd_slave.c b/lib/kadm5/ipropd_slave.c index 3ec49aa6b..be375a177 100644 --- a/lib/kadm5/ipropd_slave.c +++ b/lib/kadm5/ipropd_slave.c @@ -69,7 +69,7 @@ get_creds(krb5_context context, const char *keytab_str, krb5_keytab keytab; krb5_principal client; krb5_error_code ret; - krb5_get_init_creds_opt init_opts; + krb5_get_init_creds_opt *init_opts; krb5_creds creds; char *server; char keytab_buf[256]; @@ -89,15 +89,17 @@ get_creds(krb5_context context, const char *keytab_str, KRB5_NT_SRV_HST, &client); if (ret) krb5_err(context, 1, ret, "krb5_sname_to_principal"); - krb5_get_init_creds_opt_init(&init_opts); + ret = krb5_get_init_creds_opt_alloc(&init_opts); + if (ret) krb5_err(context, 1, ret, "krb5_get_init_creds_opt_alloc"); asprintf (&server, "%s/%s", IPROP_NAME, host); if (server == NULL) krb5_errx (context, 1, "malloc: no memory"); ret = krb5_get_init_creds_keytab(context, &creds, client, keytab, - 0, server, &init_opts); + 0, server, init_opts); free (server); + krb5_get_init_creds_opt_free(init_opts); if(ret) krb5_err(context, 1, ret, "krb5_get_init_creds"); ret = krb5_kt_close(context, keytab); diff --git a/lib/krb5/verify_user.c b/lib/krb5/verify_user.c index bc49e019c..c710408ed 100644 --- a/lib/krb5/verify_user.c +++ b/lib/krb5/verify_user.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -136,13 +136,15 @@ verify_user_opt_int(krb5_context context, { krb5_error_code ret; - krb5_get_init_creds_opt opt; + krb5_get_init_creds_opt *opt; krb5_creds cred; - krb5_get_init_creds_opt_init (&opt); + ret = krb5_get_init_creds_opt_alloc (&opt); + if (ret) + return ret; krb5_get_init_creds_opt_set_default_flags(context, NULL, *krb5_princ_realm(context, principal), - &opt); + opt); ret = krb5_get_init_creds_password (context, &cred, principal, @@ -151,7 +153,8 @@ verify_user_opt_int(krb5_context context, NULL, 0, NULL, - &opt); + opt); + krb5_get_init_creds_opt_free(opt); if(ret) return ret; #define OPT(V, D) ((vopt && (vopt->V)) ? (vopt->V) : (D))