oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

only create you loose packets when we fail decoding and not when an

Browse Source 
operation is not performed for some reason
(decode_packet): read the service key from the hdb
(dispatch, decode_packet): return proper error messages


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@6916 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
1999-09-10 13:06:25 +00:00
parent 89e4ffd144
commit a753c13a19
1 changed files with 24 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
kadmin/version4.c
View File

@@ -46,15 +46,18 @@ RCSID("$Id$");
#define KADM_NO_OPCODE -1 #define KADM_NO_OPCODE -1
#define KADM_NO_ENCRYPT -2 #define KADM_NO_ENCRYPT -2
/*
* make an error packet if we fail encrypting
*/
static void static void
make_error_packet(int code, krb5_data *reply) make_you_loose_packet(int code, krb5_data *reply)
{ {
krb5_data_alloc(reply, KADM_VERSIZE + 4); krb5_data_alloc(reply, KADM_VERSIZE + 4);
memcpy(reply->data, KADM_ULOSE, KADM_VERSIZE); memcpy(reply->data, KADM_ULOSE, KADM_VERSIZE);
_krb5_put_int((char*)reply->data + KADM_VERSIZE, code, 4); _krb5_put_int((char*)reply->data + KADM_VERSIZE, code, 4);
} }
static int static int
ret_fields(krb5_storage *sp, char *fields) ret_fields(krb5_storage *sp, char *fields)
{ {
@@ -768,13 +771,12 @@ dispatch(krb5_context context,
} }
krb5_storage_free(sp_in); krb5_storage_free(sp_in);
if(retval) { if(retval) {
krb5_storage_free(sp_out); sp_out->seek(sp_out, KADM_VERSIZE, SEEK_SET);
make_error_packet(retval, reply); krb5_store_int32(sp_out, retval);
return retval;
} }
krb5_storage_to_data(sp_out, reply); krb5_storage_to_data(sp_out, reply);
krb5_storage_free(sp_out); krb5_storage_free(sp_out);
return 0; return retval;
} }
/* /*
@@ -804,7 +806,7 @@ decode_packet(krb5_context context,
if(message.length < KADM_VERSIZE if(message.length < KADM_VERSIZE
|| strncmp(msg, KADM_VERSTR, KADM_VERSIZE) != 0) { || strncmp(msg, KADM_VERSTR, KADM_VERSIZE) != 0) {
make_error_packet(KADM_BAD_VER, reply); make_you_loose_packet (KADM_BAD_VER, reply);
return; return;
} }
@@ -823,11 +825,11 @@ decode_packet(krb5_context context,
"changepw", "kerberos", NULL); "changepw", "kerberos", NULL);
if (ret) { if (ret) {
krb5_warn (context, ret, "krb5_make_principal"); krb5_warn (context, ret, "krb5_make_principal");
make_error_packet (KADM_NOMEM, reply); make_you_loose_packet (KADM_NOMEM, reply);
return; return;
} }
ret = krb5_kt_read_service_key(context, ret = krb5_kt_read_service_key(context,
NULL, "HDB:",
principal, principal,
0, 0,
/* ETYPE_DES_CBC_CRC,*/ /* ETYPE_DES_CBC_CRC,*/
@@ -836,10 +838,10 @@ decode_packet(krb5_context context,
krb5_free_principal(context, principal); krb5_free_principal(context, principal);
if(ret) { if(ret) {
if(ret == KRB5_KT_NOTFOUND) if(ret == KRB5_KT_NOTFOUND)
make_error_packet(KADM_NO_AUTH, reply); make_you_loose_packet(KADM_NO_AUTH, reply);
else else
/* XXX */ /* XXX */
make_error_packet(KADM_NO_AUTH, reply); make_you_loose_packet(KADM_NO_AUTH, reply);
krb5_warn(context, ret, "krb5_kt_read_service_key"); krb5_warn(context, ret, "krb5_kt_read_service_key");
return; return;
} }
@@ -855,7 +857,7 @@ decode_packet(krb5_context context,
client_addr->sin_addr.s_addr, &ad, NULL); client_addr->sin_addr.s_addr, &ad, NULL);
if(ret) { if(ret) {
make_error_packet(krb_err_base + ret, reply); make_you_loose_packet(krb_err_base + ret, reply);
krb5_warnx(context, "krb_rd_req: %d", ret); krb5_warnx(context, "krb_rd_req: %d", ret);
return; return;
} }
@@ -872,7 +874,7 @@ decode_packet(krb5_context context,
&kadm_handle); &kadm_handle);
if (ret) { if (ret) {
krb5_warn (context, ret, "kadm5_init_with_password_ctx"); krb5_warn (context, ret, "kadm5_init_with_password_ctx");
make_error_packet (KADM_NOMEM, reply); make_you_loose_packet (KADM_NOMEM, reply);
goto out; goto out;
} }
@@ -880,14 +882,14 @@ decode_packet(krb5_context context,
0, &ad.session); 0, &ad.session);
if(checksum != ad.checksum) { if(checksum != ad.checksum) {
krb5_warnx(context, "decode_packet: bad checksum"); krb5_warnx(context, "decode_packet: bad checksum");
make_error_packet (KADM_BAD_CHK, reply); make_you_loose_packet (KADM_BAD_CHK, reply);
goto out; goto out;
} }
des_set_key(&ad.session, schedule); des_set_key(&ad.session, schedule);
ret = krb_rd_priv(msg + off, rlen, schedule, &ad.session, ret = krb_rd_priv(msg + off, rlen, schedule, &ad.session,
client_addr, admin_addr, &msg_dat); client_addr, admin_addr, &msg_dat);
if (ret) { if (ret) {
make_error_packet (krb_err_base + ret, reply); make_you_loose_packet (krb_err_base + ret, reply);
krb5_warnx(context, "krb_rd_priv: %d", ret); krb5_warnx(context, "krb_rd_priv: %d", ret);
goto out; goto out;
} }
@@ -901,18 +903,13 @@ decode_packet(krb5_context context,
retval = dispatch(context, kadm_handle, retval = dispatch(context, kadm_handle,
client, client_str, d, &r); client, client_str, d, &r);
if (retval == 0) { krb5_data_alloc(reply, r.length + 26);
krb5_data_alloc(reply, r.length + 26); reply->length = krb_mk_priv(r.data, reply->data, r.length,
reply->length = krb_mk_priv(r.data, reply->data, r.length, schedule, &ad.session,
schedule, &ad.session, admin_addr, client_addr);
admin_addr, client_addr); if((ssize_t)reply->length < 0) {
if((ssize_t)reply->length < 0) { make_you_loose_packet(KADM_NO_ENCRYPT, reply);
make_error_packet(KADM_NO_ENCRYPT, reply); goto out;
goto out;
}
} else {
reply->length = r.length;
reply->data = r.data;
} }
} }
out: out: