Fix leak in kimpersonate

This commit is contained in:
Nicolas Williams
2015-03-24 14:32:32 -05:00
parent 4ae3e7d40a
commit c2961ced3c

View File

@@ -56,11 +56,11 @@ static const char *enc_type = "aes256-cts-hmac-sha1-96";
static const char *session_enc_type = NULL;
static void
encode_ticket (krb5_context context,
EncryptionKey *skey,
krb5_enctype etype,
int skvno,
krb5_creds *cred)
encode_ticket(krb5_context context,
EncryptionKey *skey,
krb5_enctype etype,
int skvno,
krb5_creds *cred)
{
size_t len, size;
char *buf;
@@ -70,8 +70,8 @@ encode_ticket (krb5_context context,
EncTicketPart et;
Ticket ticket;
memset (&enc_part, 0, sizeof(enc_part));
memset (&ticket, 0, sizeof(ticket));
memset(&enc_part, 0, sizeof(enc_part));
memset(&ticket, 0, sizeof(ticket));
/*
* Set up `enc_part'
@@ -106,7 +106,7 @@ encode_ticket (krb5_context context,
ret = krb5_crypto_init(context, skey, etype, &crypto);
if (ret)
krb5_err(context, 1, ret, "krb5_crypto_init");
ret = krb5_encrypt_EncryptedData (context,
ret = krb5_encrypt_EncryptedData(context,
crypto,
KRB5_KU_TICKET,
buf,
@@ -129,7 +129,7 @@ encode_ticket (krb5_context context,
ASN1_MALLOC_ENCODE(Ticket, buf, len, &ticket, &size, ret);
if(ret)
krb5_err (context, 1, ret, "encode_Ticket");
krb5_err(context, 1, ret, "encode_Ticket");
krb5_data_copy(&cred->ticket, buf, len);
free(buf);
@@ -140,7 +140,7 @@ encode_ticket (krb5_context context,
*/
static int
create_krb5_tickets (krb5_context context, krb5_keytab kt)
create_krb5_tickets(krb5_context context, krb5_keytab kt)
{
krb5_error_code ret;
krb5_keytab_entry entry;
@@ -149,30 +149,29 @@ create_krb5_tickets (krb5_context context, krb5_keytab kt)
krb5_enctype session_etype;
krb5_ccache ccache;
memset (&cred, 0, sizeof(cred));
memset(&cred, 0, sizeof(cred));
ret = krb5_string_to_enctype (context, enc_type, &etype);
ret = krb5_string_to_enctype(context, enc_type, &etype);
if (ret)
krb5_err (context, 1, ret, "krb5_string_to_enctype (enc-type)");
ret = krb5_string_to_enctype (context, session_enc_type, &session_etype);
ret = krb5_string_to_enctype(context, session_enc_type, &session_etype);
if (ret)
krb5_err (context, 1, ret, "krb5_string_to_enctype (session-enc-type)");
ret = krb5_kt_get_entry (context, kt, server_principal,
0, etype, &entry);
ret = krb5_kt_get_entry(context, kt, server_principal, 0, etype, &entry);
if (ret)
krb5_err (context, 1, ret, "krb5_kt_get_entry");
krb5_err(context, 1, ret, "krb5_kt_get_entry");
/*
* setup cred
*/
ret = krb5_copy_principal (context, client_principal, &cred.client);
ret = krb5_copy_principal(context, client_principal, &cred.client);
if (ret)
krb5_err (context, 1, ret, "krb5_copy_principal");
ret = krb5_copy_principal (context, server_principal, &cred.server);
krb5_err(context, 1, ret, "krb5_copy_principal");
ret = krb5_copy_principal(context, server_principal, &cred.server);
if (ret)
krb5_err (context, 1, ret, "krb5_copy_principal");
krb5_err(context, 1, ret, "krb5_copy_principal");
krb5_generate_random_keyblock(context, session_etype, &cred.session);
cred.times.authtime = time(NULL);
@@ -181,9 +180,9 @@ create_krb5_tickets (krb5_context context, krb5_keytab kt)
cred.times.renew_till = 0;
krb5_data_zero(&cred.second_ticket);
ret = krb5_get_all_client_addrs (context, &cred.addresses);
ret = krb5_get_all_client_addrs(context, &cred.addresses);
if (ret)
krb5_err (context, 1, ret, "krb5_get_all_client_addrs");
krb5_err(context, 1, ret, "krb5_get_all_client_addrs");
cred.flags.b = ticket_flags;
@@ -191,7 +190,8 @@ create_krb5_tickets (krb5_context context, krb5_keytab kt)
* Encode encrypted part of ticket
*/
encode_ticket (context, &entry.keyblock, etype, entry.vno, &cred);
encode_ticket(context, &entry.keyblock, etype, entry.vno, &cred);
krb5_kt_free_entry(context, &entry);
/*
* Write to cc
@@ -200,23 +200,23 @@ create_krb5_tickets (krb5_context context, krb5_keytab kt)
if (ccache_str) {
ret = krb5_cc_resolve(context, ccache_str, &ccache);
if (ret)
krb5_err (context, 1, ret, "krb5_cc_resolve");
krb5_err(context, 1, ret, "krb5_cc_resolve");
} else {
ret = krb5_cc_default (context, &ccache);
ret = krb5_cc_default(context, &ccache);
if (ret)
krb5_err (context, 1, ret, "krb5_cc_default");
krb5_err(context, 1, ret, "krb5_cc_default");
}
ret = krb5_cc_initialize (context, ccache, cred.client);
ret = krb5_cc_initialize(context, ccache, cred.client);
if (ret)
krb5_err (context, 1, ret, "krb5_cc_initialize");
krb5_err(context, 1, ret, "krb5_cc_initialize");
ret = krb5_cc_store_cred (context, ccache, &cred);
ret = krb5_cc_store_cred(context, ccache, &cred);
if (ret)
krb5_err (context, 1, ret, "krb5_cc_store_cred");
krb5_err(context, 1, ret, "krb5_cc_store_cred");
krb5_free_cred_contents (context, &cred);
krb5_cc_close (context, ccache);
krb5_free_cred_contents(context, &cred);
krb5_cc_close(context, ccache);
return 0;
}
@@ -226,28 +226,28 @@ create_krb5_tickets (krb5_context context, krb5_keytab kt)
*/
static void
setup_env (krb5_context context, krb5_keytab *kt)
setup_env(krb5_context context, krb5_keytab *kt)
{
krb5_error_code ret;
if (keytab_file)
ret = krb5_kt_resolve (context, keytab_file, kt);
ret = krb5_kt_resolve(context, keytab_file, kt);
else
ret = krb5_kt_default (context, kt);
ret = krb5_kt_default(context, kt);
if (ret)
krb5_err (context, 1, ret, "resolving keytab");
krb5_err(context, 1, ret, "resolving keytab");
if (client_principal_str == NULL)
krb5_errx (context, 1, "missing client principal");
ret = krb5_parse_name (context, client_principal_str, &client_principal);
krb5_errx(context, 1, "missing client principal");
ret = krb5_parse_name(context, client_principal_str, &client_principal);
if (ret)
krb5_err (context, 1, ret, "resolvning client name");
krb5_err(context, 1, ret, "resolvning client name");
if (server_principal_str == NULL)
krb5_errx (context, 1, "missing server principal");
ret = krb5_parse_name (context, server_principal_str, &server_principal);
krb5_errx(context, 1, "missing server principal");
ret = krb5_parse_name(context, server_principal_str, &server_principal);
if (ret)
krb5_err (context, 1, ret, "resolvning server name");
krb5_err(context, 1, ret, "resolvning server name");
/* If no session-enc-type specified on command line and this is an afs */
/* service ticket, change default of session_enc_type to DES. */
@@ -261,12 +261,12 @@ setup_env (krb5_context context, krb5_keytab *kt)
ticket_flags_int = parse_flags(ticket_flags_str,
asn1_TicketFlags_units(), 0);
if (ticket_flags_int <= 0) {
krb5_warnx (context, "bad ticket flags: `%s'", ticket_flags_str);
print_flags_table (asn1_TicketFlags_units(), stderr);
exit (1);
krb5_warnx(context, "bad ticket flags: `%s'", ticket_flags_str);
print_flags_table(asn1_TicketFlags_units(), stderr);
exit(1);
}
if (ticket_flags_int)
ticket_flags = int2TicketFlags (ticket_flags_int);
ticket_flags = int2TicketFlags(ticket_flags_int);
}
}
@@ -302,26 +302,26 @@ struct getargs args[] = {
};
static void
usage (int ret)
usage(int ret)
{
arg_printusage (args,
sizeof(args) / sizeof(args[0]),
NULL,
"");
exit (ret);
arg_printusage(args,
sizeof(args) / sizeof(args[0]),
NULL,
"");
exit(ret);
}
int
main (int argc, char **argv)
main(int argc, char **argv)
{
int optidx = 0;
krb5_error_code ret;
krb5_context context;
krb5_keytab kt;
setprogname (argv[0]);
setprogname(argv[0]);
ret = krb5_init_context (&context);
ret = krb5_init_context(&context);
if (ret)
errx(1, "krb5_init_context failed: %u", ret);