diff --git a/kadmin/ank.c b/kadmin/ank.c index 8e378c940..24ccc077e 100644 --- a/kadmin/ank.c +++ b/kadmin/ank.c @@ -64,7 +64,7 @@ add_new_key(int argc, char **argv) int optind = 0; int mask = 0; krb5_error_code ret; - krb5_principal princ_ent; + krb5_principal princ_ent = NULL; args[0].value = &rkey; args[1].value = &password; @@ -105,6 +105,8 @@ add_new_key(int argc, char **argv) kadm5_free_principal_ent(kadm_handle, &princ); } out: + if(princ_ent) + krb5_free_principal(context, princ_ent); if(password) memset(password, 0, strlen(password)); return 0; diff --git a/kadmin/kadmin.c b/kadmin/kadmin.c index 782e707e9..47a44345b 100644 --- a/kadmin/kadmin.c +++ b/kadmin/kadmin.c @@ -166,5 +166,8 @@ main(int argc, char **argv) if (argc != 0) exit(sl_command(commands, argc, argv)); - return sl_loop(commands, "kadmin> ") != 0; + ret = sl_loop(commands, "kadmin> ") != 0; + kadm5_destroy(kadm_handle); + krb5_free_context(context); + return ret; } diff --git a/kadmin/server.c b/kadmin/server.c index cbb6f80ad..6a02279fe 100644 --- a/kadmin/server.c +++ b/kadmin/server.c @@ -80,9 +80,11 @@ kadmind_dispatch(void *kadm_handle, krb5_storage *sp) ret = kadm5_get_principal(kadm_handle, princ, &ent, mask); sp->seek(sp, 0, SEEK_SET); krb5_store_int32(sp, ret); - if(ret == 0) + if(ret == 0){ kadm5_store_principal_ent(sp, &ent); - kadm5_free_principal_ent(kadm_handle, &ent); + kadm5_free_principal_ent(kadm_handle, &ent); + } + krb5_free_principal(context->context, princ); break; } case kadm_delete:{ diff --git a/lib/kadm5/acl.c b/lib/kadm5/acl.c index b71d52f71..cc2213311 100644 --- a/lib/kadm5/acl.c +++ b/lib/kadm5/acl.c @@ -41,6 +41,7 @@ RCSID("$Id$"); static struct units acl_units[] = { + { "all", KADM5_ACL_ALL }, { "list", KADM5_ACL_LIST }, { "delete", KADM5_ACL_DELETE }, { "chpass", KADM5_ACL_CHPASS }, @@ -60,8 +61,9 @@ _kadm5_acl_init(kadm5_server_context *context) krb5_error_code ret; krb5_parse_name(context->context, KADM5_ADMIN_SERVICE, &princ); - if(krb5_principal_compare(context->context, context->caller, princ)){ - krb5_free_principal(context->context, princ); + ret = krb5_principal_compare(context->context, context->caller, princ); + krb5_free_principal(context->context, princ); + if(ret != 0){ context->acl_flags = ~0; return 0; } diff --git a/lib/kadm5/get_c.c b/lib/kadm5/get_c.c index 404f9b466..40998e37e 100644 --- a/lib/kadm5/get_c.c +++ b/lib/kadm5/get_c.c @@ -62,5 +62,6 @@ kadm5_c_get_principal(void *server_handle, ret = tmp; if(ret == 0) kadm5_ret_principal_ent(sp, out); + krb5_storage_free(sp); return ret; } diff --git a/lib/kadm5/init_c.c b/lib/kadm5/init_c.c index 4cf844d0e..5bc4766f6 100644 --- a/lib/kadm5/init_c.c +++ b/lib/kadm5/init_c.c @@ -114,6 +114,8 @@ kadm5_c_init_with_password_ctx(krb5_context context, ret = krb5_sendauth(context, &ctx->ac, &s, KADMIN_APPL_VERSION, NULL, server, AP_OPTS_MUTUAL_REQUIRED, NULL, NULL, cc, NULL, NULL, NULL); + krb5_free_principal(context, server); + krb5_cc_close(context, cc); if(ret){ close(s); return KADM5_FAILURE; diff --git a/lib/kadm5/server.c b/lib/kadm5/server.c index cbb6f80ad..6a02279fe 100644 --- a/lib/kadm5/server.c +++ b/lib/kadm5/server.c @@ -80,9 +80,11 @@ kadmind_dispatch(void *kadm_handle, krb5_storage *sp) ret = kadm5_get_principal(kadm_handle, princ, &ent, mask); sp->seek(sp, 0, SEEK_SET); krb5_store_int32(sp, ret); - if(ret == 0) + if(ret == 0){ kadm5_store_principal_ent(sp, &ent); - kadm5_free_principal_ent(kadm_handle, &ent); + kadm5_free_principal_ent(kadm_handle, &ent); + } + krb5_free_principal(context->context, princ); break; } case kadm_delete:{ diff --git a/lib/krb5/keytab.c b/lib/krb5/keytab.c index 5e0faf314..825fc60d0 100644 --- a/lib/krb5/keytab.c +++ b/lib/krb5/keytab.c @@ -149,25 +149,26 @@ krb5_kt_get_entry(krb5_context context, krb5_keytype keytype, krb5_keytab_entry *entry) { - krb5_error_code r; - krb5_kt_cursor cursor; + krb5_error_code r; + krb5_kt_cursor cursor; - r = krb5_kt_start_seq_get (context, id, &cursor); - if (r) - return KRB5_KT_NOTFOUND; /* XXX i.e. file not found */ - while (krb5_kt_next_entry(context, id, entry, &cursor) == 0) { - if ((principal == NULL - || (krb5_principal_compare(context, - principal, - entry->principal))) - && (kvno == 0 || kvno == entry->vno) - && (keytype == 0 || keytype == entry->keyblock.keytype)) { - krb5_kt_end_seq_get (context, id, &cursor); - return 0; + r = krb5_kt_start_seq_get (context, id, &cursor); + if (r) + return KRB5_KT_NOTFOUND; /* XXX i.e. file not found */ + while (krb5_kt_next_entry(context, id, entry, &cursor) == 0) { + if ((principal == NULL + || (krb5_principal_compare(context, + principal, + entry->principal))) + && (kvno == 0 || kvno == entry->vno) + && (keytype == 0 || keytype == entry->keyblock.keytype)) { + krb5_kt_end_seq_get (context, id, &cursor); + return 0; + } + krb5_kt_free_entry(context, entry); } - } - krb5_kt_end_seq_get (context, id, &cursor); - return KRB5_KT_NOTFOUND; + krb5_kt_end_seq_get (context, id, &cursor); + return KRB5_KT_NOTFOUND; } krb5_error_code diff --git a/lib/krb5/sendauth.c b/lib/krb5/sendauth.c index d6a71e930..93b1279d7 100644 --- a/lib/krb5/sendauth.c +++ b/lib/krb5/sendauth.c @@ -82,107 +82,114 @@ krb5_sendauth(krb5_context context, krb5_ap_rep_enc_part **rep_result, krb5_creds **out_creds) { - krb5_error_code ret; - int fd = *((int *)p_fd); - u_int32_t len, net_len; - const char *version = KRB5_SENDAUTH_VERSION; - u_char repl; - krb5_data ap_req, error_data; - krb5_creds this_cred; - krb5_creds *creds; + krb5_error_code ret; + int fd = *((int *)p_fd); + u_int32_t len, net_len; + const char *version = KRB5_SENDAUTH_VERSION; + u_char repl; + krb5_data ap_req, error_data; + krb5_creds this_cred; + krb5_principal this_client = NULL; + krb5_creds *creds; - len = strlen(version) + 1; - net_len = htonl(len); - if (krb5_net_write (context, fd, &net_len, 4) != 4 - || krb5_net_write (context, fd, version, len) != len) - return errno; + len = strlen(version) + 1; + net_len = htonl(len); + if (krb5_net_write (context, fd, &net_len, 4) != 4 + || krb5_net_write (context, fd, version, len) != len) + return errno; - len = strlen(appl_version) + 1; - net_len = htonl(len); - if (krb5_net_write (context, fd, &net_len, 4) != 4 - || krb5_net_write (context, fd, appl_version, len) != len) - return errno; + len = strlen(appl_version) + 1; + net_len = htonl(len); + if (krb5_net_write (context, fd, &net_len, 4) != 4 + || krb5_net_write (context, fd, appl_version, len) != len) + return errno; - if (krb5_net_read (context, fd, &repl, sizeof(repl)) != sizeof(repl)) - return errno; + if (krb5_net_read (context, fd, &repl, sizeof(repl)) != sizeof(repl)) + return errno; - if (repl != 0) - return KRB5_SENDAUTH_BADRESPONSE; /* XXX */ + if (repl != 0) + return KRB5_SENDAUTH_BADRESPONSE; /* XXX */ - if (in_creds == NULL) { - if (client == NULL) { - ret = krb5_cc_get_principal (context, ccache, &client); - if (ret) - return ret; + if (in_creds == NULL) { + if (client == NULL) { + ret = krb5_cc_get_principal (context, ccache, &this_client); + if (ret) + return ret; + client = this_client; + } + memset(&this_cred, 0, sizeof(this_cred)); + this_cred.client = client; + this_cred.server = server; + this_cred.times.endtime = 0; + this_cred.ticket.length = 0; + in_creds = &this_cred; } - memset(&this_cred, 0, sizeof(this_cred)); - this_cred.client = client; - this_cred.server = server; - this_cred.times.endtime = 0; - this_cred.ticket.length = 0; - in_creds = &this_cred; - } - if (in_creds->ticket.length == 0) { - ret = krb5_get_credentials (context, 0, ccache, in_creds, &creds); - if (ret) - return ret; - } else { - creds = in_creds; - } - if (out_creds) - *out_creds = creds; + if (in_creds->ticket.length == 0) { + ret = krb5_get_credentials (context, 0, ccache, in_creds, &creds); + if (ret) + return ret; + } else { + creds = in_creds; + } + ret = krb5_mk_req_extended (context, + auth_context, + ap_req_options, + in_data, + creds, + &ap_req); - ret = krb5_mk_req_extended (context, - auth_context, - ap_req_options, - in_data, - creds, - &ap_req); - if (ret) - return ret; + if (out_creds) + *out_creds = creds; + else + krb5_free_creds(context, creds); + if(this_client) + krb5_free_principal(context, this_client); - ret = krb5_write_message (context, - p_fd, - &ap_req); - if (ret) - return ret; - - krb5_data_free (&ap_req); - - ret = krb5_read_message (context, p_fd, &error_data); - if (ret) - return ret; - - if (error_data.length != 0) { - KRB_ERROR error; - - ret = krb5_rd_error (context, &error_data, &error); - krb5_data_free (&error_data); - if (ret == 0) { - free_KRB_ERROR(&error); - return error.error_code; - } else - return ret; - } - - if (ap_req_options & AP_OPTS_MUTUAL_REQUIRED) { - krb5_data ap_rep; - krb5_ap_rep_enc_part *ignore; - - krb5_data_zero (&ap_rep); - ret = krb5_read_message (context, - p_fd, - &ap_rep); if (ret) return ret; - ret = krb5_rd_rep (context, *auth_context, &ap_rep, - rep_result ? rep_result : &ignore); + ret = krb5_write_message (context, + p_fd, + &ap_req); if (ret) - return ret; - if (rep_result == NULL) - krb5_free_ap_rep_enc_part (context, ignore); - krb5_data_free (&ap_rep); - } - return 0; + return ret; + + krb5_data_free (&ap_req); + + ret = krb5_read_message (context, p_fd, &error_data); + if (ret) + return ret; + + if (error_data.length != 0) { + KRB_ERROR error; + + ret = krb5_rd_error (context, &error_data, &error); + krb5_data_free (&error_data); + if (ret == 0) { + free_KRB_ERROR(&error); + return error.error_code; + } else + return ret; + } + + if (ap_req_options & AP_OPTS_MUTUAL_REQUIRED) { + krb5_data ap_rep; + krb5_ap_rep_enc_part *ignore; + + krb5_data_zero (&ap_rep); + ret = krb5_read_message (context, + p_fd, + &ap_rep); + if (ret) + return ret; + + ret = krb5_rd_rep (context, *auth_context, &ap_rep, + rep_result ? rep_result : &ignore); + if (ret) + return ret; + if (rep_result == NULL) + krb5_free_ap_rep_enc_part (context, ignore); + krb5_data_free (&ap_rep); + } + return 0; } diff --git a/lib/krb5/set_default_realm.c b/lib/krb5/set_default_realm.c index f4364606a..31a5b68fc 100644 --- a/lib/krb5/set_default_realm.c +++ b/lib/krb5/set_default_realm.c @@ -73,6 +73,7 @@ krb5_set_default_realm(krb5_context context, if (tmp == NULL) return ENOMEM; + free(context->default_realm); context->default_realm = tmp; return 0; }