Fix leak in kimpersonate
This commit is contained in:
@@ -56,11 +56,11 @@ static const char *enc_type = "aes256-cts-hmac-sha1-96";
|
||||
static const char *session_enc_type = NULL;
|
||||
|
||||
static void
|
||||
encode_ticket (krb5_context context,
|
||||
EncryptionKey *skey,
|
||||
krb5_enctype etype,
|
||||
int skvno,
|
||||
krb5_creds *cred)
|
||||
encode_ticket(krb5_context context,
|
||||
EncryptionKey *skey,
|
||||
krb5_enctype etype,
|
||||
int skvno,
|
||||
krb5_creds *cred)
|
||||
{
|
||||
size_t len, size;
|
||||
char *buf;
|
||||
@@ -70,8 +70,8 @@ encode_ticket (krb5_context context,
|
||||
EncTicketPart et;
|
||||
Ticket ticket;
|
||||
|
||||
memset (&enc_part, 0, sizeof(enc_part));
|
||||
memset (&ticket, 0, sizeof(ticket));
|
||||
memset(&enc_part, 0, sizeof(enc_part));
|
||||
memset(&ticket, 0, sizeof(ticket));
|
||||
|
||||
/*
|
||||
* Set up `enc_part'
|
||||
@@ -106,7 +106,7 @@ encode_ticket (krb5_context context,
|
||||
ret = krb5_crypto_init(context, skey, etype, &crypto);
|
||||
if (ret)
|
||||
krb5_err(context, 1, ret, "krb5_crypto_init");
|
||||
ret = krb5_encrypt_EncryptedData (context,
|
||||
ret = krb5_encrypt_EncryptedData(context,
|
||||
crypto,
|
||||
KRB5_KU_TICKET,
|
||||
buf,
|
||||
@@ -129,7 +129,7 @@ encode_ticket (krb5_context context,
|
||||
|
||||
ASN1_MALLOC_ENCODE(Ticket, buf, len, &ticket, &size, ret);
|
||||
if(ret)
|
||||
krb5_err (context, 1, ret, "encode_Ticket");
|
||||
krb5_err(context, 1, ret, "encode_Ticket");
|
||||
|
||||
krb5_data_copy(&cred->ticket, buf, len);
|
||||
free(buf);
|
||||
@@ -140,7 +140,7 @@ encode_ticket (krb5_context context,
|
||||
*/
|
||||
|
||||
static int
|
||||
create_krb5_tickets (krb5_context context, krb5_keytab kt)
|
||||
create_krb5_tickets(krb5_context context, krb5_keytab kt)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
krb5_keytab_entry entry;
|
||||
@@ -149,30 +149,29 @@ create_krb5_tickets (krb5_context context, krb5_keytab kt)
|
||||
krb5_enctype session_etype;
|
||||
krb5_ccache ccache;
|
||||
|
||||
memset (&cred, 0, sizeof(cred));
|
||||
memset(&cred, 0, sizeof(cred));
|
||||
|
||||
ret = krb5_string_to_enctype (context, enc_type, &etype);
|
||||
ret = krb5_string_to_enctype(context, enc_type, &etype);
|
||||
if (ret)
|
||||
krb5_err (context, 1, ret, "krb5_string_to_enctype (enc-type)");
|
||||
ret = krb5_string_to_enctype (context, session_enc_type, &session_etype);
|
||||
ret = krb5_string_to_enctype(context, session_enc_type, &session_etype);
|
||||
if (ret)
|
||||
krb5_err (context, 1, ret, "krb5_string_to_enctype (session-enc-type)");
|
||||
ret = krb5_kt_get_entry (context, kt, server_principal,
|
||||
0, etype, &entry);
|
||||
ret = krb5_kt_get_entry(context, kt, server_principal, 0, etype, &entry);
|
||||
if (ret)
|
||||
krb5_err (context, 1, ret, "krb5_kt_get_entry");
|
||||
krb5_err(context, 1, ret, "krb5_kt_get_entry");
|
||||
|
||||
/*
|
||||
* setup cred
|
||||
*/
|
||||
|
||||
|
||||
ret = krb5_copy_principal (context, client_principal, &cred.client);
|
||||
ret = krb5_copy_principal(context, client_principal, &cred.client);
|
||||
if (ret)
|
||||
krb5_err (context, 1, ret, "krb5_copy_principal");
|
||||
ret = krb5_copy_principal (context, server_principal, &cred.server);
|
||||
krb5_err(context, 1, ret, "krb5_copy_principal");
|
||||
ret = krb5_copy_principal(context, server_principal, &cred.server);
|
||||
if (ret)
|
||||
krb5_err (context, 1, ret, "krb5_copy_principal");
|
||||
krb5_err(context, 1, ret, "krb5_copy_principal");
|
||||
krb5_generate_random_keyblock(context, session_etype, &cred.session);
|
||||
|
||||
cred.times.authtime = time(NULL);
|
||||
@@ -181,9 +180,9 @@ create_krb5_tickets (krb5_context context, krb5_keytab kt)
|
||||
cred.times.renew_till = 0;
|
||||
krb5_data_zero(&cred.second_ticket);
|
||||
|
||||
ret = krb5_get_all_client_addrs (context, &cred.addresses);
|
||||
ret = krb5_get_all_client_addrs(context, &cred.addresses);
|
||||
if (ret)
|
||||
krb5_err (context, 1, ret, "krb5_get_all_client_addrs");
|
||||
krb5_err(context, 1, ret, "krb5_get_all_client_addrs");
|
||||
cred.flags.b = ticket_flags;
|
||||
|
||||
|
||||
@@ -191,7 +190,8 @@ create_krb5_tickets (krb5_context context, krb5_keytab kt)
|
||||
* Encode encrypted part of ticket
|
||||
*/
|
||||
|
||||
encode_ticket (context, &entry.keyblock, etype, entry.vno, &cred);
|
||||
encode_ticket(context, &entry.keyblock, etype, entry.vno, &cred);
|
||||
krb5_kt_free_entry(context, &entry);
|
||||
|
||||
/*
|
||||
* Write to cc
|
||||
@@ -200,23 +200,23 @@ create_krb5_tickets (krb5_context context, krb5_keytab kt)
|
||||
if (ccache_str) {
|
||||
ret = krb5_cc_resolve(context, ccache_str, &ccache);
|
||||
if (ret)
|
||||
krb5_err (context, 1, ret, "krb5_cc_resolve");
|
||||
krb5_err(context, 1, ret, "krb5_cc_resolve");
|
||||
} else {
|
||||
ret = krb5_cc_default (context, &ccache);
|
||||
ret = krb5_cc_default(context, &ccache);
|
||||
if (ret)
|
||||
krb5_err (context, 1, ret, "krb5_cc_default");
|
||||
krb5_err(context, 1, ret, "krb5_cc_default");
|
||||
}
|
||||
|
||||
ret = krb5_cc_initialize (context, ccache, cred.client);
|
||||
ret = krb5_cc_initialize(context, ccache, cred.client);
|
||||
if (ret)
|
||||
krb5_err (context, 1, ret, "krb5_cc_initialize");
|
||||
krb5_err(context, 1, ret, "krb5_cc_initialize");
|
||||
|
||||
ret = krb5_cc_store_cred (context, ccache, &cred);
|
||||
ret = krb5_cc_store_cred(context, ccache, &cred);
|
||||
if (ret)
|
||||
krb5_err (context, 1, ret, "krb5_cc_store_cred");
|
||||
krb5_err(context, 1, ret, "krb5_cc_store_cred");
|
||||
|
||||
krb5_free_cred_contents (context, &cred);
|
||||
krb5_cc_close (context, ccache);
|
||||
krb5_free_cred_contents(context, &cred);
|
||||
krb5_cc_close(context, ccache);
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -226,28 +226,28 @@ create_krb5_tickets (krb5_context context, krb5_keytab kt)
|
||||
*/
|
||||
|
||||
static void
|
||||
setup_env (krb5_context context, krb5_keytab *kt)
|
||||
setup_env(krb5_context context, krb5_keytab *kt)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
|
||||
if (keytab_file)
|
||||
ret = krb5_kt_resolve (context, keytab_file, kt);
|
||||
ret = krb5_kt_resolve(context, keytab_file, kt);
|
||||
else
|
||||
ret = krb5_kt_default (context, kt);
|
||||
ret = krb5_kt_default(context, kt);
|
||||
if (ret)
|
||||
krb5_err (context, 1, ret, "resolving keytab");
|
||||
krb5_err(context, 1, ret, "resolving keytab");
|
||||
|
||||
if (client_principal_str == NULL)
|
||||
krb5_errx (context, 1, "missing client principal");
|
||||
ret = krb5_parse_name (context, client_principal_str, &client_principal);
|
||||
krb5_errx(context, 1, "missing client principal");
|
||||
ret = krb5_parse_name(context, client_principal_str, &client_principal);
|
||||
if (ret)
|
||||
krb5_err (context, 1, ret, "resolvning client name");
|
||||
krb5_err(context, 1, ret, "resolvning client name");
|
||||
|
||||
if (server_principal_str == NULL)
|
||||
krb5_errx (context, 1, "missing server principal");
|
||||
ret = krb5_parse_name (context, server_principal_str, &server_principal);
|
||||
krb5_errx(context, 1, "missing server principal");
|
||||
ret = krb5_parse_name(context, server_principal_str, &server_principal);
|
||||
if (ret)
|
||||
krb5_err (context, 1, ret, "resolvning server name");
|
||||
krb5_err(context, 1, ret, "resolvning server name");
|
||||
|
||||
/* If no session-enc-type specified on command line and this is an afs */
|
||||
/* service ticket, change default of session_enc_type to DES. */
|
||||
@@ -261,12 +261,12 @@ setup_env (krb5_context context, krb5_keytab *kt)
|
||||
ticket_flags_int = parse_flags(ticket_flags_str,
|
||||
asn1_TicketFlags_units(), 0);
|
||||
if (ticket_flags_int <= 0) {
|
||||
krb5_warnx (context, "bad ticket flags: `%s'", ticket_flags_str);
|
||||
print_flags_table (asn1_TicketFlags_units(), stderr);
|
||||
exit (1);
|
||||
krb5_warnx(context, "bad ticket flags: `%s'", ticket_flags_str);
|
||||
print_flags_table(asn1_TicketFlags_units(), stderr);
|
||||
exit(1);
|
||||
}
|
||||
if (ticket_flags_int)
|
||||
ticket_flags = int2TicketFlags (ticket_flags_int);
|
||||
ticket_flags = int2TicketFlags(ticket_flags_int);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -302,26 +302,26 @@ struct getargs args[] = {
|
||||
};
|
||||
|
||||
static void
|
||||
usage (int ret)
|
||||
usage(int ret)
|
||||
{
|
||||
arg_printusage (args,
|
||||
sizeof(args) / sizeof(args[0]),
|
||||
NULL,
|
||||
"");
|
||||
exit (ret);
|
||||
arg_printusage(args,
|
||||
sizeof(args) / sizeof(args[0]),
|
||||
NULL,
|
||||
"");
|
||||
exit(ret);
|
||||
}
|
||||
|
||||
int
|
||||
main (int argc, char **argv)
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
int optidx = 0;
|
||||
krb5_error_code ret;
|
||||
krb5_context context;
|
||||
krb5_keytab kt;
|
||||
|
||||
setprogname (argv[0]);
|
||||
setprogname(argv[0]);
|
||||
|
||||
ret = krb5_init_context (&context);
|
||||
ret = krb5_init_context(&context);
|
||||
if (ret)
|
||||
errx(1, "krb5_init_context failed: %u", ret);
|
||||
|
||||
|
Reference in New Issue
Block a user