oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

add some krb5_{set,clear}_error_string

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9937 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
2001-05-14 06:14:52 +00:00
parent ffc0237390
commit d27aa3b62e
65 changed files with 1287 additions and 481 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
lib/krb5/acl.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 2000 Kungliga Tekniska H<>gskolan
* Copyright (c) 2000 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -68,6 +68,7 @@ acl_parse_format(krb5_context context,
for(p = format; *p != '\0'; p++) {
tmp = malloc(sizeof(*tmp));
if(tmp == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
acl_free_list(acl);
return ENOMEM;
}
@@ -133,6 +134,7 @@ krb5_acl_match_string(krb5_context context,
...)
{
krb5_error_code ret;
krb5_boolean found;
struct acl_field *acl;
va_list ap;
@@ -142,10 +144,14 @@ krb5_acl_match_string(krb5_context context,
if(ret)
return ret;
ret = acl_match_acl(context, acl, acl_string);
found = acl_match_acl(context, acl, acl_string);
acl_free_list(acl);
return ret ? 0 : EACCES;
if (found) {
return 0;
} else {
krb5_set_error_string(context, "ACL did not match");
return EACCES;
}
}
krb5_error_code
@@ -159,10 +165,16 @@ krb5_acl_match_file(krb5_context context,
char buf[256];
va_list ap;
FILE *f;
krb5_boolean found;
f = fopen(file, "r");
if(f == NULL)
return errno;
if(f == NULL) {
int save_errno = errno;
krb5_set_error_string(context, "open(%s): %s", file,
strerror(save_errno));
return save_errno;
}
va_start(ap, format);
ret = acl_parse_format(context, &acl, format, ap);
@@ -172,18 +184,22 @@ krb5_acl_match_file(krb5_context context,
return ret;
}
ret = EACCES; /* XXX */
found = FALSE;
while(fgets(buf, sizeof(buf), f)) {
if(buf[0] == '#')
continue;
if(acl_match_acl(context, acl, buf)) {
ret = 0;
goto out;
found = TRUE;
break;
}
}
out:
fclose(f);
acl_free_list(acl);
return ret;
if (found) {
return 0;
} else {
krb5_set_error_string(context, "ACL did not match");
return EACCES;
}
}

53
lib/krb5/addr_families.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997-1999 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997-2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -386,33 +386,45 @@ find_atype(int atype)
}
krb5_error_code
krb5_sockaddr2address (const struct sockaddr *sa, krb5_address *addr)
krb5_sockaddr2address (krb5_context context,
const struct sockaddr *sa, krb5_address *addr)
{
struct addr_operations *a = find_af(sa->sa_family);
if (a == NULL)
if (a == NULL) {
krb5_set_error_string (context, "Address family %d not supported",
sa->sa_family);
return KRB5_PROG_ATYPE_NOSUPP;
}
return (*a->sockaddr2addr)(sa, addr);
}
krb5_error_code
krb5_sockaddr2port (const struct sockaddr *sa, int16_t *port)
krb5_sockaddr2port (krb5_context context,
const struct sockaddr *sa, int16_t *port)
{
struct addr_operations *a = find_af(sa->sa_family);
if (a == NULL)
if (a == NULL) {
krb5_set_error_string (context, "Address family %d not supported",
sa->sa_family);
return KRB5_PROG_ATYPE_NOSUPP;
}
return (*a->sockaddr2port)(sa, port);
}
krb5_error_code
krb5_addr2sockaddr (const krb5_address *addr,
krb5_addr2sockaddr (krb5_context context,
const krb5_address *addr,
struct sockaddr *sa,
int *sa_size,
int port)
{
struct addr_operations *a = find_atype(addr->addr_type);
if (a == NULL)
if (a == NULL) {
krb5_set_error_string (context, "Address type %d not supported",
addr->addr_type);
return KRB5_PROG_ATYPE_NOSUPP;
}
(*a->addr2sockaddr)(addr, sa, sa_size, port);
return 0;
}
@@ -439,37 +451,46 @@ krb5_sockaddr_uninteresting(const struct sockaddr *sa)
}
krb5_error_code
krb5_h_addr2sockaddr (int af,
krb5_h_addr2sockaddr (krb5_context context,
int af,
const char *addr, struct sockaddr *sa, int *sa_size,
int port)
{
struct addr_operations *a = find_af(af);
if (a == NULL)
if (a == NULL) {
krb5_set_error_string (context, "Address family %d not supported", af);
return KRB5_PROG_ATYPE_NOSUPP;
}
(*a->h_addr2sockaddr)(addr, sa, sa_size, port);
return 0;
}
krb5_error_code
krb5_h_addr2addr (int af,
krb5_h_addr2addr (krb5_context context,
int af,
const char *haddr, krb5_address *addr)
{
struct addr_operations *a = find_af(af);
if (a == NULL)
if (a == NULL) {
krb5_set_error_string (context, "Address family %d not supported", af);
return KRB5_PROG_ATYPE_NOSUPP;
}
return (*a->h_addr2addr)(haddr, addr);
}
krb5_error_code
krb5_anyaddr (int af,
krb5_anyaddr (krb5_context context,
int af,
struct sockaddr *sa,
int *sa_size,
int port)
{
struct addr_operations *a = find_af (af);
if (a == NULL)
if (a == NULL) {
krb5_set_error_string (context, "Address family %d not supported", af);
return KRB5_PROG_ATYPE_NOSUPP;
}
(*a->anyaddr)(sa, sa_size, port);
return 0;
@@ -522,8 +543,10 @@ krb5_parse_address(krb5_context context,
}
error = getaddrinfo (string, NULL, NULL, &ai);
if (error)
if (error) {
krb5_set_error_string (context, "%s: %s", string, gai_strerror(error));
return krb5_eai_to_heim_errno(error);
}
n = 0;
for (a = ai; a != NULL; a = a->ai_next)
@@ -532,7 +555,7 @@ krb5_parse_address(krb5_context context,
ALLOC_SEQ(addresses, n);
for (a = ai, i = 0; a != NULL; a = a->ai_next, ++i) {
krb5_sockaddr2address (ai->ai_addr, &addresses->val[i]);
krb5_sockaddr2address (context, ai->ai_addr, &addresses->val[i]);
}
freeaddrinfo (ai);
return 0;

14
lib/krb5/address.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 1999 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -128,8 +128,10 @@ krb5_append_addresses(krb5_context context,
int i;
if(source->len > 0) {
tmp = realloc(dest->val, (dest->len + source->len) * sizeof(*tmp));
if(tmp == NULL)
if(tmp == NULL) {
krb5_set_error_string(context, "realloc: out of memory");
return ENOMEM;
}
dest->val = tmp;
for(i = 0; i < source->len; i++) {
/* skip duplicates */
@@ -151,18 +153,22 @@ krb5_append_addresses(krb5_context context,
*/
krb5_error_code
krb5_make_addrport (krb5_address **res, const krb5_address *addr, int16_t port)
krb5_make_addrport (krb5_context context,
krb5_address **res, const krb5_address *addr, int16_t port)
{
krb5_error_code ret;
size_t len = addr->address.length + 2 + 4 * 4;
u_char *p;
*res = malloc (sizeof(**res));
if (*res == NULL)
if (*res == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
(*res)->addr_type = KRB5_ADDRESS_ADDRPORT;
ret = krb5_data_alloc (&(*res)->address, len);
if (ret) {
krb5_set_error_string(context, "malloc: out of memory");
free (*res);
return ret;
}

2
lib/krb5/appdefault.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2001 Kungliga Tekniska H<>gskolan
* Copyright (c) 2000 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*

32
lib/krb5/auth_context.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -42,11 +42,14 @@ krb5_auth_con_init(krb5_context context,
krb5_auth_context p;
ALLOC(p, 1);
if(!p)
if(!p) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
memset(p, 0, sizeof(*p));
ALLOC(p->authenticator, 1);
if (!p->authenticator) {
krb5_set_error_string(context, "malloc: out of memory");
free(p);
return ENOMEM;
}
@@ -146,11 +149,13 @@ krb5_auth_con_genaddrs(krb5_context context,
len = sizeof(ss_local);
if(getsockname(fd, local, &len) < 0) {
ret = errno;
krb5_set_error_string (context, "getsockname: %s",
strerror(ret));
goto out;
}
krb5_sockaddr2address (local, &local_k_address);
krb5_sockaddr2address (context, local, &local_k_address);
if(flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR) {
krb5_sockaddr2port (local, &auth_context->local_port);
krb5_sockaddr2port (context, local, &auth_context->local_port);
} else
auth_context->local_port = 0;
lptr = &local_k_address;
@@ -160,11 +165,12 @@ krb5_auth_con_genaddrs(krb5_context context,
len = sizeof(ss_remote);
if(getpeername(fd, remote, &len) < 0) {
ret = errno;
krb5_set_error_string (context, "getpeername: %s", strerror(ret));
goto out;
}
krb5_sockaddr2address (remote, &remote_k_address);
krb5_sockaddr2address (context, remote, &remote_k_address);
if(flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR) {
krb5_sockaddr2port (remote, &auth_context->remote_port);
krb5_sockaddr2port (context, remote, &auth_context->remote_port);
} else
auth_context->remote_port = 0;
rptr = &remote_k_address;
@@ -205,8 +211,10 @@ krb5_auth_con_getaddrs(krb5_context context,
if(*local_addr)
krb5_free_address (context, *local_addr);
*local_addr = malloc (sizeof(**local_addr));
if (*local_addr == NULL)
if (*local_addr == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
krb5_copy_address(context,
auth_context->local_address,
*local_addr);
@@ -214,8 +222,12 @@ krb5_auth_con_getaddrs(krb5_context context,
if(*remote_addr)
krb5_free_address (context, *remote_addr);
*remote_addr = malloc (sizeof(**remote_addr));
if (*remote_addr == NULL)
if (*remote_addr == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
krb5_free_address (context, *local_addr);
*local_addr = NULL;
return ENOMEM;
}
krb5_copy_address(context,
auth_context->remote_address,
*remote_addr);
@@ -390,8 +402,10 @@ krb5_auth_getauthenticator(krb5_context context,
krb5_authenticator *authenticator)
{
*authenticator = malloc(sizeof(**authenticator));
if (*authenticator == NULL)
if (*authenticator == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
copy_Authenticator(auth_context->authenticator,
*authenticator);

7
lib/krb5/build_ap_req.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 1999 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -68,9 +68,10 @@ krb5_build_ap_req (krb5_context context,
retdata->length = length_AP_REQ(&ap);
retdata->data = malloc(retdata->length);
if(retdata->data == NULL)
if(retdata->data == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
else
} else
encode_AP_REQ((unsigned char *)retdata->data + retdata->length - 1,
retdata->length, &ap, &len);
free_AP_REQ(&ap);

8
lib/krb5/build_auth.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -53,8 +53,10 @@ krb5_build_authenticator (krb5_context context,
krb5_crypto crypto;
auth = malloc(sizeof(*auth));
if (auth == NULL)
if (auth == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
memset (auth, 0, sizeof(*auth));
auth->authenticator_vno = 5;
@@ -100,6 +102,7 @@ krb5_build_authenticator (krb5_context context,
buf_size = 1024;
buf = malloc (buf_size);
if (buf == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
goto fail;
}
@@ -116,6 +119,7 @@ krb5_build_authenticator (krb5_context context,
buf_size *= 2;
tmp = realloc (buf, buf_size);
if (tmp == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
goto fail;
}

42
lib/krb5/cache.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997-2000 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997-2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -46,32 +46,42 @@ krb5_cc_register(krb5_context context,
const krb5_cc_ops *ops,
krb5_boolean override)
{
char *prefix_copy;
int i;
for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
if(strcmp(context->cc_ops[i].prefix, ops->prefix) == 0) {
if(override)
free(context->cc_ops[i].prefix);
else
else {
krb5_set_error_string(context,
"ccache type %s already exists",
ops->prefix);
return KRB5_CC_TYPE_EXISTS;
}
}
}
prefix_copy = strdup(ops->prefix);
if (prefix_copy == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return KRB5_CC_NOMEM;
}
if(i == context->num_cc_ops) {
krb5_cc_ops *o = realloc(context->cc_ops,
(context->num_cc_ops + 1) *
sizeof(*context->cc_ops));
if(o == NULL)
if(o == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
free(prefix_copy);
return KRB5_CC_NOMEM;
}
context->num_cc_ops++;
context->cc_ops = o;
memset(context->cc_ops + i, 0,
(context->num_cc_ops - i) * sizeof(*context->cc_ops));
}
memcpy(&context->cc_ops[i], ops, sizeof(context->cc_ops[i]));
context->cc_ops[i].prefix = strdup(ops->prefix);
if(context->cc_ops[i].prefix == NULL)
return KRB5_CC_NOMEM;
context->cc_ops[i].prefix = prefix_copy;
return 0;
}
@@ -91,8 +101,10 @@ allocate_ccache (krb5_context context,
krb5_ccache p;
p = malloc(sizeof(*p));
if(p == NULL)
if(p == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return KRB5_CC_NOMEM;
}
p->ops = ops;
*id = p;
ret = p->ops->resolve(context, id, residual);
@@ -126,8 +138,10 @@ krb5_cc_resolve(krb5_context context,
}
if (strchr (name, ':') == NULL)
return allocate_ccache (context, &krb5_fcc_ops, name, id);
else
else {
krb5_set_error_string(context, "unknown ccache type %s", name);
return KRB5_CC_UNKNOWN_TYPE;
}
}
/*
@@ -143,8 +157,10 @@ krb5_cc_gen_new(krb5_context context,
krb5_ccache p;
p = malloc (sizeof(*p));
if (p == NULL)
if (p == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return KRB5_CC_NOMEM;
}
p->ops = ops;
*id = p;
return p->ops->gen_new(context, id);
@@ -356,8 +372,12 @@ krb5_cc_remove_cred(krb5_context context,
krb5_flags which,
krb5_creds *cred)
{
if(id->ops->remove_cred == NULL)
if(id->ops->remove_cred == NULL) {
krb5_set_error_string(context,
"ccache %s does not support remove_cred",
id->ops->prefix);
return EACCES; /* XXX */
}
return (*id->ops->remove_cred)(context, id, which, cred);
}

71
lib/krb5/changepw.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -38,12 +38,14 @@ RCSID("$Id$");
static krb5_error_code
get_kdc_address (krb5_context context,
krb5_realm realm,
struct addrinfo **ai)
struct addrinfo **ai,
char **ret_host)
{
krb5_error_code ret;
char **hostlist;
int port = 0;
int error;
char *host;
ret = krb5_get_krb_changepw_hst (context,
&realm,
@@ -51,12 +53,22 @@ get_kdc_address (krb5_context context,
if (ret)
return ret;
port = ntohs(krb5_getportbyname (context, "kpasswd", "udp", KPASSWD_PORT));
error = roken_getaddrinfo_hostspec2(*hostlist, SOCK_DGRAM, port, ai);
host = strdup(*hostlist);
krb5_free_krbhst(context, hostlist);
if (host == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
krb5_free_krbhst (context, hostlist);
if(error)
port = ntohs(krb5_getportbyname (context, "kpasswd", "udp", KPASSWD_PORT));
error = roken_getaddrinfo_hostspec2(host, SOCK_DGRAM, port, ai);
if(error) {
krb5_set_error_string(context, "resolving %s: %s",
host, gai_strerror(error));
return krb5_eai_to_heim_errno(error);
}
*ret_host = host;
return 0;
}
@@ -67,7 +79,8 @@ send_request (krb5_context context,
int sock,
struct sockaddr *sa,
int sa_size,
char *passwd)
char *passwd,
const char *host)
{
krb5_error_code ret;
krb5_data ap_req_data;
@@ -129,8 +142,10 @@ send_request (krb5_context context,
iov[2].iov_base = krb_priv_data.data;
iov[2].iov_len = krb_priv_data.length;
if (sendmsg (sock, &msghdr, 0) < 0)
if (sendmsg (sock, &msghdr, 0) < 0) {
ret = errno;
krb5_set_error_string(context, "sendmsg %s: %s", host, strerror(ret));
}
krb5_data_free (&krb_priv_data);
out2:
@@ -161,17 +176,23 @@ process_reply (krb5_context context,
int sock,
int *result_code,
krb5_data *result_code_string,
krb5_data *result_string)
krb5_data *result_string,
const char *host)
{
krb5_error_code ret;
u_char reply[BUFSIZ];
size_t len;
u_int16_t pkt_len, pkt_ver;
krb5_data ap_rep_data;
int save_errno;
ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL);
if (ret < 0)
return errno;
if (ret < 0) {
save_errno = errno;
krb5_set_error_string(context, "recvfrom %s: %s",
host, strerror(save_errno));
return save_errno;
}
len = ret;
pkt_len = (reply[0] << 8) | (reply[1]);
@@ -243,7 +264,7 @@ process_reply (krb5_context context,
}
if (error.e_data->length < 2) {
krb5_warnx (context, "too short e_data to print anything usable");
return 1;
return 1; /* XXX */
}
p = error.e_data->data;
@@ -255,6 +276,12 @@ process_reply (krb5_context context,
}
}
/*
* change the password using the credentials in `creds' (for the
* principal indicated in them) to `newpw', storing the result of
* the operation in `result_*' and an error code or 0.
*/
krb5_error_code
krb5_change_password (krb5_context context,
krb5_creds *creds,
@@ -269,12 +296,13 @@ krb5_change_password (krb5_context context,
int i;
struct addrinfo *ai, *a;
int done = 0;
char *host = NULL;
ret = krb5_auth_con_init (context, &auth_context);
if (ret)
return ret;
ret = get_kdc_address (context, creds->client->realm, &ai);
ret = get_kdc_address (context, creds->client->realm, &ai, &host);
if (ret)
goto out;
@@ -297,7 +325,8 @@ krb5_change_password (krb5_context context,
sock,
a->ai_addr,
a->ai_addrlen,
newpw);
newpw,
host);
if (ret) {
close(sock);
goto out;
@@ -305,6 +334,7 @@ krb5_change_password (krb5_context context,
}
if (sock >= FD_SETSIZE) {
krb5_set_error_string(context, "fd %d too large", sock);
ret = ERANGE;
close (sock);
goto out;
@@ -326,7 +356,8 @@ krb5_change_password (krb5_context context,
sock,
result_code,
result_code_string,
result_string);
result_string,
host);
if (ret == 0)
done = 1;
else if (i > 0 && ret == KRB5KRB_AP_ERR_MUT_FAIL)
@@ -341,8 +372,16 @@ krb5_change_password (krb5_context context,
out:
krb5_auth_con_free (context, auth_context);
free (host);
if (done)
return 0;
else
else {
if (ret == KRB5_KDC_UNREACH)
krb5_set_error_string(context,
"failed to reach kpasswd server %s "
"in realm %s",
host, creds->client->realm);
return ret;
}
}

57
lib/krb5/config_file.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 1998, 1999, 2000 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -36,15 +36,16 @@ RCSID("$Id$");
#ifndef HAVE_NETINFO
static int parse_section(char *p, krb5_config_section **s,
krb5_config_section **res,
char **error_message);
static int parse_binding(FILE *f, unsigned *lineno, char *p,
krb5_config_binding **b,
krb5_config_binding **parent,
char **error_message);
static int parse_list(FILE *f, unsigned *lineno, krb5_config_binding **parent,
char **error_message);
static krb5_error_code parse_section(char *p, krb5_config_section **s,
krb5_config_section **res,
char **error_message);
static krb5_error_code parse_binding(FILE *f, unsigned *lineno, char *p,
krb5_config_binding **b,
krb5_config_binding **parent,
char **error_message);
static krb5_error_code parse_list(FILE *f, unsigned *lineno,
krb5_config_binding **parent,
char **error_message);
/*
* Parse a section:
@@ -61,7 +62,7 @@ static int parse_list(FILE *f, unsigned *lineno, krb5_config_binding **parent,
* Store the error message in `error_message'.
*/
static int
static krb5_error_code
parse_section(char *p, krb5_config_section **s, krb5_config_section **parent,
char **error_message)
{
@@ -71,18 +72,18 @@ parse_section(char *p, krb5_config_section **s, krb5_config_section **parent,
p1 = strchr (p + 1, ']');
if (p1 == NULL) {
*error_message = "missing ]";
return -1;
return KRB5_CONFIG_BADFORMAT;
}
*p1 = '\0';
tmp = malloc(sizeof(*tmp));
if (tmp == NULL) {
*error_message = "out of memory";
return -1;
return KRB5_CONFIG_BADFORMAT;
}
tmp->name = strdup(p+1);
if (tmp->name == NULL) {
*error_message = "out of memory";
return -1;
return KRB5_CONFIG_BADFORMAT;
}
tmp->type = krb5_config_list;
tmp->u.list = NULL;
@@ -133,7 +134,7 @@ parse_list(FILE *f, unsigned *lineno, krb5_config_binding **parent,
}
*lineno = beg_lineno;
*error_message = "unclosed {";
return -1;
return KRB5_CONFIG_BADFORMAT;
}
/*
@@ -154,14 +155,14 @@ parse_binding(FILE *f, unsigned *lineno, char *p,
++p;
if (*p == '\0') {
*error_message = "no =";
return -1;
return KRB5_CONFIG_BADFORMAT;
}
p2 = p;
while (isspace((unsigned char)*p))
++p;
if (*p != '=') {
*error_message = "no =";
return -1;
return KRB5_CONFIG_BADFORMAT;
}
++p;
while(isspace((unsigned char)*p))
@@ -169,7 +170,7 @@ parse_binding(FILE *f, unsigned *lineno, char *p,
tmp = malloc(sizeof(*tmp));
if (tmp == NULL) {
*error_message = "out of memory";
return -1;
return KRB5_CONFIG_BADFORMAT;
}
*p2 = '\0';
tmp->name = strdup(p1);
@@ -200,7 +201,7 @@ parse_binding(FILE *f, unsigned *lineno, char *p,
* returning error messages in `error_message'
*/
krb5_error_code
static krb5_error_code
krb5_config_parse_file_debug (const char *fname,
krb5_config_section **res,
unsigned *lineno,
@@ -210,7 +211,7 @@ krb5_config_parse_file_debug (const char *fname,
krb5_config_section *s;
krb5_config_binding *b;
char buf[BUFSIZ];
int ret = 0;
krb5_error_code ret = 0;
s = NULL;
b = NULL;
@@ -240,7 +241,7 @@ krb5_config_parse_file_debug (const char *fname,
b = NULL;
} else if (*p == '}') {
*error_message = "unmatched }";
ret = -1;
ret = EINVAL; /* XXX */
goto out;
} else if(*p != '\0') {
ret = parse_binding(f, lineno, p, &b, &s->u.list, error_message);
@@ -254,12 +255,20 @@ out:
}
krb5_error_code
krb5_config_parse_file (const char *fname, krb5_config_section **res)
krb5_config_parse_file (krb5_context context,
const char *fname,
krb5_config_section **res)
{
char *foo;
char *str;
unsigned lineno;
krb5_error_code ret;
return krb5_config_parse_file_debug (fname, res, &lineno, &foo);
ret = krb5_config_parse_file_debug (fname, res, &lineno, &str);
if (ret) {
krb5_set_error_string (context, "%s:%u: %s", fname, lineno, str);
return ret;
}
return 0;
}
#endif /* !HAVE_NETINFO */

6
lib/krb5/config_file_netinfo.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -131,7 +131,9 @@ ni_idlist2binding(void *ni, ni_idlist *idlist, krb5_config_section **ret)
}
krb5_error_code
krb5_config_parse_file (const char *fname, krb5_config_section **res)
krb5_config_parse_file (krb5_context context,
const char *fname,
krb5_config_section **res)
{
void *ni = NULL, *lastni = NULL;
int i;

39
lib/krb5/context.c
View File

@@ -60,6 +60,7 @@ set_etypes (krb5_context context,
etypes = malloc((i+1) * sizeof(*etypes));
if (etypes == NULL) {
krb5_config_free_strings (etypes_str);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
for(j = 0, k = 0; j < i; j++) {
@@ -172,7 +173,7 @@ krb5_init_context(krb5_context *context)
if (config_file == NULL)
config_file = krb5_config_file;
ret = krb5_config_parse_file (config_file, &tmp_cf);
ret = krb5_config_parse_file (p, config_file, &tmp_cf);
if (ret == 0)
p->cf = tmp_cf;
@@ -214,7 +215,7 @@ krb5_free_context(krb5_context context)
*/
static krb5_error_code
default_etypes(krb5_enctype **etype)
default_etypes(krb5_context context, krb5_enctype **etype)
{
krb5_enctype p[] = {
ETYPE_DES3_CBC_SHA1,
@@ -225,9 +226,12 @@ default_etypes(krb5_enctype **etype)
ETYPE_DES_CBC_CRC,
ETYPE_NULL
};
*etype = malloc(sizeof(p));
if(*etype == NULL)
if(*etype == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
memcpy(*etype, p, sizeof(p));
return 0;
}
@@ -240,14 +244,18 @@ krb5_set_default_in_tkt_etypes(krb5_context context,
krb5_enctype *p = NULL;
if(etypes) {
i = 0;
while(etypes[i])
if(!krb5_enctype_valid(context, etypes[i++]))
for (i = 0; etypes[i]; ++i)
if(!krb5_enctype_valid(context, etypes[i])) {
krb5_set_error_string(context, "enctype %d not supported",
etypes[i]);
return KRB5_PROG_ETYPE_NOSUPP;
}
++i;
ALLOC(p, i);
if(!p)
if(!p) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
memmove(p, etypes, i * sizeof(krb5_enctype));
}
if(context->etypes)
@@ -263,17 +271,22 @@ krb5_get_default_in_tkt_etypes(krb5_context context,
{
krb5_enctype *p;
int i;
krb5_error_code ret;
if(context->etypes) {
for(i = 0; context->etypes[i]; i++);
++i;
ALLOC(p, i);
if(!p)
if(!p) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
memmove(p, context->etypes, i * sizeof(krb5_enctype));
} else
if(default_etypes(&p))
return ENOMEM;
} else {
ret = default_etypes(context, &p);
if (ret)
return ret;
}
*etypes = p;
return 0;
}
@@ -329,8 +342,10 @@ krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses)
}
if(context->extra_addresses == NULL) {
context->extra_addresses = malloc(sizeof(*context->extra_addresses));
if(context->extra_addresses == NULL)
if(context->extra_addresses == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
}
return krb5_copy_addresses(context, addresses, context->extra_addresses);
}

15
lib/krb5/convert_creds.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 1999, 2001 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -196,6 +196,7 @@ krb524_convert_creds_kdc(krb5_context context,
sp = krb5_storage_from_mem(reply.data, reply.length);
if(sp == NULL) {
ret = ENOMEM;
krb5_set_error_string (context, "malloc: out of memory");
goto out2;
}
krb5_ret_int32(sp, &tmp);
@@ -203,10 +204,12 @@ krb524_convert_creds_kdc(krb5_context context,
if(ret == 0) {
memset(v4creds, 0, sizeof(*v4creds));
ret = krb5_ret_int32(sp, &tmp);
if(ret) goto out;
if(ret)
goto out;
v4creds->kvno = tmp;
ret = krb5_ret_data(sp, &ticket);
if(ret) goto out;
if(ret)
goto out;
v4creds->ticket_st.length = ticket.length;
memcpy(v4creds->ticket_st.dat, ticket.data, ticket.length);
krb5_data_free(&ticket);
@@ -215,7 +218,8 @@ krb524_convert_creds_kdc(krb5_context context,
v4creds->service,
v4creds->instance,
v4creds->realm);
if(ret) goto out;
if(ret)
goto out;
v4creds->issue_date = v5_creds->times.authtime;
v4creds->lifetime = _krb_time_to_life(v4creds->issue_date,
v5_creds->times.endtime);
@@ -223,7 +227,8 @@ krb524_convert_creds_kdc(krb5_context context,
v4creds->pname,
v4creds->pinst,
realm);
if(ret) goto out;
if(ret)
goto out;
memcpy(v4creds->session, v5_creds->session.keyvalue.data, 8);
}
out:

7
lib/krb5/copy_host_realm.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1999 Kungliga Tekniska H<>gskolan
* Copyright (c) 1999 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -51,14 +51,17 @@ krb5_copy_host_realm(krb5_context context,
++n;
++n;
*to = malloc (n * sizeof(**to));
if (*to == NULL)
if (*to == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
for (i = 0; i < n; ++i)
(*to)[i] = NULL;
for (i = 0, p = from; *p != NULL; ++p, ++i) {
(*to)[i] = strdup(*p);
if ((*to)[i] == NULL) {
krb5_free_host_realm (context, *to);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
}

6
lib/krb5/creds.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -108,8 +108,10 @@ krb5_copy_creds (krb5_context context,
krb5_creds *c;
c = malloc (sizeof (*c));
if (c == NULL)
if (c == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
memset (c, 0, sizeof(*c));
*outcred = c;
return krb5_copy_creds_contents (context, incred, c);

274
lib/krb5/crypto.c
View File

@@ -115,7 +115,8 @@ struct encryption_type {
struct checksum_type *checksum;
struct checksum_type *keyed_checksum;
unsigned flags;
krb5_error_code (*encrypt)(struct key_data *key,
krb5_error_code (*encrypt)(krb5_context context,
struct key_data *key,
void *data, size_t len,
krb5_boolean encrypt,
int usage,
@@ -168,8 +169,10 @@ DES_string_to_key(krb5_context context,
len = password.length + salt.saltvalue.length + 1;
s = malloc(len);
if(s == NULL)
if(s == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
memcpy(s, password.data, password.length);
memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length);
s[len - 1] = '\0';
@@ -335,8 +338,10 @@ DES3_string_to_key(krb5_context context,
len = password.length + salt.saltvalue.length;
str = malloc(len);
if(len != 0 && str == NULL)
if(len != 0 && str == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
memcpy(str, password.data, password.length);
memcpy(str + password.length, salt.saltvalue.data, salt.saltvalue.length);
{
@@ -387,8 +392,10 @@ DES3_string_to_key_derived(krb5_context context,
char *s;
s = malloc(len);
if(len != 0 && s == NULL)
if(len != 0 && s == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
memcpy(s, password.data, password.length);
memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length);
ret = krb5_string_to_key_derived(context,
@@ -433,8 +440,10 @@ ARCFOUR_string_to_key(krb5_context context,
len = 2 * password.length;
s = malloc (len);
if (len != 0 && s == NULL)
if (len != 0 && s == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
for (p = s, i = 0; i < password.length; ++i) {
*p++ = ((char *)password.data)[i];
*p++ = 0;
@@ -579,16 +588,22 @@ krb5_salttype_to_string (krb5_context context,
struct salt_type *st;
e = _find_enctype (etype);
if (e == NULL)
if (e == NULL) {
krb5_set_error_string(context, "encryption type %d not supported",
etype);
return KRB5_PROG_ETYPE_NOSUPP;
}
for (st = e->keytype->string_to_key; st && st->type; st++) {
if (st->type == stype) {
*string = strdup (st->name);
if (*string == NULL)
if (*string == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
return 0;
}
}
krb5_set_error_string(context, "salttype %d not supported", stype);
return HEIM_ERR_SALTTYPE_NOSUPP;
}
@@ -602,14 +617,18 @@ krb5_string_to_salttype (krb5_context context,
struct salt_type *st;
e = _find_enctype (etype);
if (e == NULL)
if (e == NULL) {
krb5_set_error_string(context, "encryption type %d not supported",
etype);
return KRB5_PROG_ETYPE_NOSUPP;
}
for (st = e->keytype->string_to_key; st && st->type; st++) {
if (strcasecmp (st->name, string) == 0) {
*salttype = st->type;
return 0;
}
}
krb5_set_error_string(context, "salttype %s not supported", string);
return HEIM_ERR_SALTTYPE_NOSUPP;
}
@@ -695,11 +714,16 @@ krb5_string_to_key_data_salt (krb5_context context,
{
struct encryption_type *et =_find_enctype(enctype);
struct salt_type *st;
if(et == NULL)
if(et == NULL) {
krb5_set_error_string(context, "encryption type %d not supported",
enctype);
return KRB5_PROG_ETYPE_NOSUPP;
}
for(st = et->keytype->string_to_key; st && st->type; st++)
if(st->type == salt.salttype)
return (*st->string_to_key)(context, enctype, password, salt, key);
krb5_set_error_string(context, "salt type %d not supported",
salt.salttype);
return HEIM_ERR_SALTTYPE_NOSUPP;
}
@@ -728,11 +752,15 @@ krb5_keytype_to_string(krb5_context context,
char **string)
{
struct key_type *kt = _find_keytype(keytype);
if(kt == NULL)
if(kt == NULL) {
krb5_set_error_string(context, "key type %d not supported", keytype);
return KRB5_PROG_KEYTYPE_NOSUPP;
}
*string = strdup(kt->name);
if(*string == NULL)
if(*string == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
return 0;
}
@@ -747,6 +775,7 @@ krb5_string_to_keytype(krb5_context context,
*keytype = keytypes[i]->type;
return 0;
}
krb5_set_error_string(context, "key type %s not supported", string);
return KRB5_PROG_KEYTYPE_NOSUPP;
}
@@ -757,8 +786,11 @@ krb5_generate_random_keyblock(krb5_context context,
{
krb5_error_code ret;
struct encryption_type *et = _find_enctype(type);
if(et == NULL)
if(et == NULL) {
krb5_set_error_string(context, "encryption type %d not supported",
type);
return KRB5_PROG_ETYPE_NOSUPP;
}
ret = krb5_data_alloc(&key->keyvalue, et->keytype->size);
if(ret)
return ret;
@@ -784,8 +816,10 @@ _key_schedule(krb5_context context,
if (key->schedule != NULL)
return 0;
ALLOC(key->schedule, 1);
if(key->schedule == NULL)
if(key->schedule == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
ret = krb5_data_alloc(key->schedule, kt->schedule_size);
if(ret) {
free(key->schedule);
@@ -894,8 +928,10 @@ RSA_MD4_DES_verify(krb5_context context,
MD4_Update (&md4, tmp, 8); /* confounder */
MD4_Update (&md4, data, len);
MD4_Final (res, &md4);
if(memcmp(res, tmp + 8, sizeof(res)) != 0)
if(memcmp(res, tmp + 8, sizeof(res)) != 0) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
}
memset(tmp, 0, sizeof(tmp));
memset(res, 0, sizeof(res));
return ret;
@@ -968,8 +1004,10 @@ RSA_MD5_DES_verify(krb5_context context,
MD5_Update (&md5, tmp, 8); /* confounder */
MD5_Update (&md5, data, len);
MD5_Final (res, &md5);
if(memcmp(res, tmp + 8, sizeof(res)) != 0)
if(memcmp(res, tmp + 8, sizeof(res)) != 0) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
}
memset(tmp, 0, sizeof(tmp));
memset(res, 0, sizeof(res));
return ret;
@@ -1028,8 +1066,10 @@ RSA_MD5_DES3_verify(krb5_context context,
MD5_Update (&md5, tmp, 8); /* confounder */
MD5_Update (&md5, data, len);
MD5_Final (res, &md5);
if(memcmp(res, tmp + 8, sizeof(res)) != 0)
if(memcmp(res, tmp + 8, sizeof(res)) != 0) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
}
memset(tmp, 0, sizeof(tmp));
memset(res, 0, sizeof(res));
return ret;
@@ -1357,8 +1397,10 @@ get_checksum_key(krb5_context context,
int i;
*key = _new_derived_key(crypto, 0xff/* KRB5_KU_RFC1510_VARIANT */);
if(*key == NULL)
if(*key == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
ret = krb5_copy_keyblock(context, crypto->key.key, &(*key)->key);
if(ret)
return ret;
@@ -1386,8 +1428,10 @@ do_checksum (krb5_context context,
int keyed_checksum;
keyed_checksum = (ct->flags & F_KEYED) != 0;
if(keyed_checksum && crypto == NULL)
if(keyed_checksum && crypto == NULL) {
krb5_clear_error_string (context);
return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */
}
if(keyed_checksum) {
ret = get_checksum_key(context, crypto, usage, ct, &dkey);
if (ret)
@@ -1419,8 +1463,11 @@ create_checksum(krb5_context context,
ct = crypto->et->checksum;
}
if(ct == NULL)
if(ct == NULL) {
krb5_set_error_string (context, "checksum type %d not supported",
type);
return KRB5_PROG_SUMTYPE_NOSUPP;
}
return do_checksum (context, ct, crypto, usage, data, len, result);
}
@@ -1453,13 +1500,20 @@ verify_checksum(krb5_context context,
struct checksum_type *ct;
ct = _find_checksum(cksum->cksumtype);
if(ct == NULL)
if(ct == NULL) {
krb5_set_error_string (context, "checksum type %d not supported",
cksum->cksumtype);
return KRB5_PROG_SUMTYPE_NOSUPP;
if(ct->checksumsize != cksum->checksum.length)
}
if(ct->checksumsize != cksum->checksum.length) {
krb5_clear_error_string (context);
return KRB5KRB_AP_ERR_BAD_INTEGRITY; /* XXX */
}
keyed_checksum = (ct->flags & F_KEYED) != 0;
if(keyed_checksum && crypto == NULL)
if(keyed_checksum && crypto == NULL) {
krb5_clear_error_string (context);
return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */
}
if(keyed_checksum)
ret = get_checksum_key(context, crypto, usage, ct, &dkey);
else
@@ -1474,10 +1528,12 @@ verify_checksum(krb5_context context,
(*ct->checksum)(context, dkey, data, len, usage, &c);
if(c.checksum.length != cksum->checksum.length ||
memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length))
memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
else
} else {
ret = 0;
}
krb5_data_free (&c.checksum);
return ret;
}
@@ -1500,8 +1556,11 @@ krb5_checksumsize(krb5_context context,
size_t *size)
{
struct checksum_type *ct = _find_checksum(type);
if(ct == NULL)
if(ct == NULL) {
krb5_set_error_string (context, "checksum type %d not supported",
type);
return KRB5_PROG_SUMTYPE_NOSUPP;
}
*size = ct->checksumsize;
return 0;
}
@@ -1511,8 +1570,11 @@ krb5_checksum_is_keyed(krb5_context context,
krb5_cksumtype type)
{
struct checksum_type *ct = _find_checksum(type);
if(ct == NULL)
if(ct == NULL) {
krb5_set_error_string (context, "checksum type %d not supported",
type);
return KRB5_PROG_SUMTYPE_NOSUPP;
}
return ct->flags & F_KEYED;
}
@@ -1521,8 +1583,11 @@ krb5_checksum_is_collision_proof(krb5_context context,
krb5_cksumtype type)
{
struct checksum_type *ct = _find_checksum(type);
if(ct == NULL)
if(ct == NULL) {
krb5_set_error_string (context, "checksum type %d not supported",
type);
return KRB5_PROG_SUMTYPE_NOSUPP;
}
return ct->flags & F_CPROOF;
}
@@ -1531,7 +1596,8 @@ krb5_checksum_is_collision_proof(krb5_context context,
************************************************************/
static krb5_error_code
NULL_encrypt(struct key_data *key,
NULL_encrypt(krb5_context context,
struct key_data *key,
void *data,
size_t len,
krb5_boolean encrypt,
@@ -1542,7 +1608,8 @@ NULL_encrypt(struct key_data *key,
}
static krb5_error_code
DES_CBC_encrypt_null_ivec(struct key_data *key,
DES_CBC_encrypt_null_ivec(krb5_context context,
struct key_data *key,
void *data,
size_t len,
krb5_boolean encrypt,
@@ -1557,7 +1624,8 @@ DES_CBC_encrypt_null_ivec(struct key_data *key,
}
static krb5_error_code
DES_CBC_encrypt_key_ivec(struct key_data *key,
DES_CBC_encrypt_key_ivec(krb5_context context,
struct key_data *key,
void *data,
size_t len,
krb5_boolean encrypt,
@@ -1572,7 +1640,8 @@ DES_CBC_encrypt_key_ivec(struct key_data *key,
}
static krb5_error_code
DES3_CBC_encrypt(struct key_data *key,
DES3_CBC_encrypt(krb5_context context,
struct key_data *key,
void *data,
size_t len,
krb5_boolean encrypt,
@@ -1587,7 +1656,8 @@ DES3_CBC_encrypt(struct key_data *key,
}
static krb5_error_code
DES3_CBC_encrypt_ivec(struct key_data *key,
DES3_CBC_encrypt_ivec(krb5_context context,
struct key_data *key,
void *data,
size_t len,
krb5_boolean encrypt,
@@ -1601,7 +1671,8 @@ DES3_CBC_encrypt_ivec(struct key_data *key,
}
static krb5_error_code
DES_CFB64_encrypt_null_ivec(struct key_data *key,
DES_CFB64_encrypt_null_ivec(krb5_context context,
struct key_data *key,
void *data,
size_t len,
krb5_boolean encrypt,
@@ -1618,7 +1689,8 @@ DES_CFB64_encrypt_null_ivec(struct key_data *key,
}
static krb5_error_code
DES_PCBC_encrypt_key_ivec(struct key_data *key,
DES_PCBC_encrypt_key_ivec(krb5_context context,
struct key_data *key,
void *data,
size_t len,
krb5_boolean encrypt,
@@ -1640,7 +1712,8 @@ DES_PCBC_encrypt_key_ivec(struct key_data *key,
*/
static krb5_error_code
ARCFOUR_subencrypt(struct key_data *key,
ARCFOUR_subencrypt(krb5_context context,
struct key_data *key,
void *data,
size_t len,
int usage,
@@ -1695,7 +1768,8 @@ ARCFOUR_subencrypt(struct key_data *key,
}
static krb5_error_code
ARCFOUR_subdecrypt(struct key_data *key,
ARCFOUR_subdecrypt(krb5_context context,
struct key_data *key,
void *data,
size_t len,
int usage,
@@ -1749,10 +1823,12 @@ ARCFOUR_subdecrypt(struct key_data *key,
memset (k2_c_data, 0, sizeof(k2_c_data));
memset (k3_c_data, 0, sizeof(k3_c_data));
if (memcmp (cksum.checksum.data, data, 16) != 0)
if (memcmp (cksum.checksum.data, data, 16) != 0) {
krb5_clear_error_string (context);
return KRB5KRB_AP_ERR_BAD_INTEGRITY;
else
} else {
return 0;
}
}
/*
@@ -1802,7 +1878,8 @@ usage2arcfour (int usage)
}
static krb5_error_code
ARCFOUR_encrypt(struct key_data *key,
ARCFOUR_encrypt(krb5_context context,
struct key_data *key,
void *data,
size_t len,
krb5_boolean encrypt,
@@ -1812,9 +1889,9 @@ ARCFOUR_encrypt(struct key_data *key,
usage = usage2arcfour (usage);
if (encrypt)
return ARCFOUR_subencrypt (key, data, len, usage, ivec);
return ARCFOUR_subencrypt (context, key, data, len, usage, ivec);
else
return ARCFOUR_subdecrypt (key, data, len, usage, ivec);
return ARCFOUR_subdecrypt (context, key, data, len, usage, ivec);
}
@@ -2003,11 +2080,16 @@ krb5_enctype_to_string(krb5_context context,
{
struct encryption_type *e;
e = _find_enctype(etype);
if(e == NULL)
if(e == NULL) {
krb5_set_error_string (context, "encryption type %d not supported",
etype);
return KRB5_PROG_ETYPE_NOSUPP;
}
*string = strdup(e->name);
if(*string == NULL)
if(*string == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
return 0;
}
@@ -2022,6 +2104,8 @@ krb5_string_to_enctype(krb5_context context,
*etype = etypes[i]->type;
return 0;
}
krb5_set_error_string (context, "encryption type %s not supported",
string);
return KRB5_PROG_ETYPE_NOSUPP;
}
@@ -2031,8 +2115,11 @@ krb5_enctype_to_keytype(krb5_context context,
krb5_keytype *keytype)
{
struct encryption_type *e = _find_enctype(etype);
if(e == NULL)
if(e == NULL) {
krb5_set_error_string (context, "encryption type %d not supported",
etype);
return KRB5_PROG_ETYPE_NOSUPP;
}
*keytype = e->keytype->type; /* XXX */
return 0;
}
@@ -2068,8 +2155,10 @@ krb5_keytype_to_enctypes (krb5_context context,
++n;
}
ret = malloc(n * sizeof(int));
if (ret == NULL && n != 0)
if (ret == NULL && n != 0) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
n = 0;
for (i = num_etypes - 1; i >= 0; --i) {
if (etypes[i]->keytype->type == keytype
@@ -2101,8 +2190,10 @@ krb5_keytype_to_enctypes_default (krb5_context context,
for (n = 0; context->etypes_des[n]; ++n)
;
ret = malloc (n * sizeof(*ret));
if (ret == NULL && n != 0)
if (ret == NULL && n != 0) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
for (i = 0; i < n; ++i)
ret[i] = context->etypes_des[i];
*len = n;
@@ -2183,6 +2274,7 @@ encrypt_internal_derived(krb5_context context,
&cksum);
if(ret == 0 && cksum.checksum.length != checksum_sz) {
free_Checksum (&cksum);
krb5_clear_error_string (context);
ret = KRB5_CRYPTO_INTERNAL;
}
if(ret) {
@@ -2207,7 +2299,7 @@ encrypt_internal_derived(krb5_context context,
#ifdef CRYPTO_DEBUG
krb5_crypto_debug(context, 1, block_sz, dkey->key);
#endif
(*et->encrypt)(dkey, p, block_sz, 1, usage, ivec);
(*et->encrypt)(context, dkey, p, block_sz, 1, usage, ivec);
result->data = p;
result->length = block_sz + checksum_sz;
return 0;
@@ -2232,8 +2324,10 @@ encrypt_internal(krb5_context context,
sz = et->confoundersize + checksum_sz + len;
block_sz = (sz + et->blocksize - 1) &~ (et->blocksize - 1); /* pad */
p = calloc(1, block_sz);
if(p == NULL)
if(p == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
q = p;
krb5_generate_random_block(q, et->confoundersize); /* XXX */
@@ -2249,8 +2343,10 @@ encrypt_internal(krb5_context context,
p,
block_sz,
&cksum);
if(ret == 0 && cksum.checksum.length != checksum_sz)
if(ret == 0 && cksum.checksum.length != checksum_sz) {
krb5_clear_error_string (context);
ret = KRB5_CRYPTO_INTERNAL;
}
if(ret) {
memset(p, 0, block_sz);
free(p);
@@ -2268,7 +2364,7 @@ encrypt_internal(krb5_context context,
#ifdef CRYPTO_DEBUG
krb5_crypto_debug(context, 1, block_sz, crypto->key.key);
#endif
(*et->encrypt)(&crypto->key, p, block_sz, 1, 0, ivec);
(*et->encrypt)(context, &crypto->key, p, block_sz, 1, 0, ivec);
result->data = p;
result->length = block_sz;
return 0;
@@ -2289,15 +2385,17 @@ encrypt_internal_special(krb5_context context,
char *tmp, *p;
tmp = malloc (sz);
if (tmp == NULL)
if (tmp == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
p = tmp;
memset (p, 0, cksum_sz);
p += cksum_sz;
krb5_generate_random_block(p, et->confoundersize);
p += et->confoundersize;
memcpy (p, data, len);
(*et->encrypt)(&crypto->key, tmp, sz, TRUE, usage, ivec);
(*et->encrypt)(context, &crypto->key, tmp, sz, TRUE, usage, ivec);
result->data = tmp;
result->length = sz;
return 0;
@@ -2321,12 +2419,16 @@ decrypt_internal_derived(krb5_context context,
unsigned long l;
checksum_sz = CHECKSUMSIZE(et->keyed_checksum);
if (len < checksum_sz)
return EINVAL; /* better error code? */
if (len < checksum_sz) {
krb5_clear_error_string (context);
return EINVAL; /* XXX - better error code? */
}
p = malloc(len);
if(len != 0 && p == NULL)
if(len != 0 && p == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
memcpy(p, data, len);
len -= checksum_sz;
@@ -2344,7 +2446,7 @@ decrypt_internal_derived(krb5_context context,
#ifdef CRYPTO_DEBUG
krb5_crypto_debug(context, 0, len, dkey->key);
#endif
(*et->encrypt)(dkey, p, len, 0, usage, ivec);
(*et->encrypt)(context, dkey, p, len, 0, usage, ivec);
cksum.checksum.data = p + len;
cksum.checksum.length = checksum_sz;
@@ -2363,8 +2465,9 @@ decrypt_internal_derived(krb5_context context,
l = len - et->confoundersize;
memmove(p, p + et->confoundersize, l);
result->data = realloc(p, l);
if(p == NULL) {
if(result->data == NULL) {
free(p);
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
result->length = l;
@@ -2387,8 +2490,10 @@ decrypt_internal(krb5_context context,
checksum_sz = CHECKSUMSIZE(et->checksum);
p = malloc(len);
if(len != 0 && p == NULL)
if(len != 0 && p == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
memcpy(p, data, len);
ret = _key_schedule(context, &crypto->key);
@@ -2399,7 +2504,7 @@ decrypt_internal(krb5_context context,
#ifdef CRYPTO_DEBUG
krb5_crypto_debug(context, 0, len, crypto->key.key);
#endif
(*et->encrypt)(&crypto->key, p, len, 0, 0, ivec);
(*et->encrypt)(context, &crypto->key, p, len, 0, 0, ivec);
ret = krb5_data_copy(&cksum.checksum, p + et->confoundersize, checksum_sz);
if(ret) {
free(p);
@@ -2418,6 +2523,7 @@ decrypt_internal(krb5_context context,
result->data = realloc(p, l);
if(result->data == NULL) {
free(p);
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
result->length = l;
@@ -2440,10 +2546,12 @@ decrypt_internal_special(krb5_context context,
char *tmp;
tmp = malloc (sz);
if (tmp == NULL)
if (tmp == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
(*et->encrypt)(&crypto->key, data, len, FALSE, usage, ivec);
(*et->encrypt)(context, &crypto->key, data, len, FALSE, usage, ivec);
memcpy (tmp, cdata + cksum_sz + et->confoundersize, sz);
@@ -2695,29 +2803,36 @@ derive_key(krb5_context context,
len != et->blocksize) {
nblocks = (kt->bits + et->blocksize * 8 - 1) / (et->blocksize * 8);
k = malloc(nblocks * et->blocksize);
if(k == NULL)
if(k == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
_krb5_n_fold(constant, len, k, et->blocksize);
for(i = 0; i < nblocks; i++) {
if(i > 0)
memcpy(k + i * et->blocksize,
k + (i - 1) * et->blocksize,
et->blocksize);
(*et->encrypt)(key, k + i * et->blocksize, et->blocksize, 1, 0,
NULL);
(*et->encrypt)(context, key, k + i * et->blocksize, et->blocksize,
1, 0, NULL);
}
} else {
/* this case is probably broken, but won't be run anyway */
void *c = malloc(len);
size_t res_len = (kt->bits + 7) / 8;
if(len != 0 && c == NULL)
if(len != 0 && c == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
memcpy(c, constant, len);
(*et->encrypt)(key, c, len, 1, 0, NULL);
(*et->encrypt)(context, key, c, len, 1, 0, NULL);
k = malloc(res_len);
if(res_len != 0 && k == NULL)
if(res_len != 0 && k == NULL) {
free(c);
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
_krb5_n_fold(c, len, k, res_len);
free(c);
}
@@ -2728,8 +2843,9 @@ derive_key(krb5_context context,
DES3_postproc(context, k, nblocks * et->blocksize, key);
break;
default:
krb5_warnx(context, "derive_key() called with unknown keytype (%u)",
kt->type);
krb5_set_error_string(context,
"derive_key() called with unknown keytype (%u)",
kt->type);
ret = KRB5_CRYPTO_INTERNAL;
break;
}
@@ -2765,8 +2881,11 @@ krb5_derive_key(krb5_context context,
struct key_data d;
et = _find_enctype (etype);
if (et == NULL)
if (et == NULL) {
krb5_set_error_string(context, "encryption type %d not supported",
etype);
return KRB5_PROG_ETYPE_NOSUPP;
}
ret = krb5_copy_keyblock(context, key, derived_key);
if (ret)
@@ -2797,8 +2916,10 @@ _get_derived_key(krb5_context context,
return 0;
}
d = _new_derived_key(crypto, usage);
if(d == NULL)
if(d == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
krb5_copy_keyblock(context, crypto->key.key, &d->key);
_krb5_put_int(constant, usage, 5);
derive_key(context, crypto->et, d, constant, sizeof(constant));
@@ -2815,13 +2936,17 @@ krb5_crypto_init(krb5_context context,
{
krb5_error_code ret;
ALLOC(*crypto, 1);
if(*crypto == NULL)
if(*crypto == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
if(etype == ETYPE_NULL)
etype = key->keytype;
(*crypto)->et = _find_enctype(etype);
if((*crypto)->et == NULL) {
free(*crypto);
krb5_set_error_string (context, "encryption type %d not supported",
etype);
return KRB5_PROG_ETYPE_NOSUPP;
}
ret = krb5_copy_keyblock(context, key, &(*crypto)->key.key);
@@ -2877,8 +3002,11 @@ krb5_string_to_key_derived(krb5_context context,
struct key_data kd;
u_char *tmp;
if(et == NULL)
if(et == NULL) {
krb5_set_error_string (context, "encryption type %d not supported",
etype);
return KRB5_PROG_ETYPE_NOSUPP;
}
ALLOC(kd.key, 1);
kd.key->keytype = etype;
tmp = malloc (et->keytype->bits / 8);

10
lib/krb5/data.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 1999 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -100,10 +100,14 @@ krb5_copy_data(krb5_context context,
{
krb5_error_code ret;
ALLOC(*outdata, 1);
if(*outdata == NULL)
if(*outdata == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
ret = copy_octet_string(indata, *outdata);
if(ret)
if(ret) {
krb5_clear_error_string (context);
free(*outdata);
}
return ret;
}

12
lib/krb5/expand_hostname.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1999 - 2000 Kungliga Tekniska H<>gskolan
* Copyright (c) 1999 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -41,8 +41,10 @@ copy_hostname(krb5_context context,
char **new_hostname)
{
*new_hostname = strdup (orig_hostname);
if (*new_hostname == NULL)
if (*new_hostname == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
strlwr (*new_hostname);
return 0;
}
@@ -70,10 +72,12 @@ krb5_expand_hostname (krb5_context context,
if (a->ai_canonname != NULL) {
*new_hostname = strdup (a->ai_canonname);
freeaddrinfo (ai);
if (*new_hostname == NULL)
if (*new_hostname == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
else
} else {
return 0;
}
}
}
freeaddrinfo (ai);

25
lib/krb5/fcache.c
View File

@@ -70,11 +70,14 @@ fcc_resolve(krb5_context context, krb5_ccache *id, const char *res)
{
krb5_fcache *f;
f = malloc(sizeof(*f));
if(f == NULL)
if(f == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return KRB5_CC_NOMEM;
}
f->filename = strdup(res);
if(f->filename == NULL){
free(f);
krb5_set_error_string(context, "malloc: out of memory");
return KRB5_CC_NOMEM;
}
f->version = 0;
@@ -171,18 +174,23 @@ fcc_gen_new(krb5_context context, krb5_ccache *id)
krb5_fcache *f;
int fd;
char *file;
f = malloc(sizeof(*f));
if(f == NULL)
if(f == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return KRB5_CC_NOMEM;
}
asprintf (&file, "%sXXXXXX", KRB5_DEFAULT_CCFILE_ROOT);
if(file == NULL) {
free(f);
krb5_set_error_string(context, "malloc: out of memory");
return KRB5_CC_NOMEM;
}
fd = mkstemp(file);
if(fd < 0) {
free(f);
free(file);
krb5_set_error_string(context, "mkstemp %s", file);
return errno;
}
close(fd);
@@ -263,8 +271,11 @@ fcc_initialize(krb5_context context,
krb5_storage_free(sp);
}
if(close(fd) < 0)
if (ret == 0)
if (ret == 0) {
ret = errno;
krb5_set_error_string (context, "close %s: %s", filename,
strerror(ret));
}
return ret;
}
@@ -315,8 +326,10 @@ fcc_store_cred(krb5_context context,
krb5_storage_free(sp);
}
if (close(fd) < 0)
if (ret == 0)
if (ret == 0) {
ret = errno;
krb5_set_error_string (context, "close %s: %s", f, strerror(ret));
}
return ret;
}
@@ -354,8 +367,10 @@ init_fcc (krb5_context context,
}
sp = krb5_storage_from_fd(fd);
ret = krb5_ret_int8(sp, &pvno);
if(ret == KRB5_CC_END)
if(ret == KRB5_CC_END) {
return ENOENT;
}
if(ret)
return ret;
if(pvno != 5) {

6
lib/krb5/generate_subkey.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -43,8 +43,10 @@ krb5_generate_subkey(krb5_context context,
krb5_error_code ret;
ALLOC(*subkey, 1);
if (*subkey == NULL)
if (*subkey == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
ret = krb5_generate_random_keyblock(context, key->keytype, *subkey);
if(ret)
free(*subkey);

47
lib/krb5/get_addrs.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -46,30 +46,39 @@ struct mbuf;
#include <ifaddrs.h>
static krb5_error_code
gethostname_fallback (krb5_addresses *res)
gethostname_fallback (krb5_context context, krb5_addresses *res)
{
krb5_error_code err;
krb5_error_code ret;
char hostname[MAXHOSTNAMELEN];
struct hostent *hostent;
if (gethostname (hostname, sizeof(hostname)))
return errno;
if (gethostname (hostname, sizeof(hostname))) {
ret = errno;
krb5_set_error_string (context, "gethostname: %s", strerror(ret));
return ret;
}
hostent = roken_gethostbyname (hostname);
if (hostent == NULL)
return errno;
if (hostent == NULL) {
ret = errno;
krb5_set_error_string (context, "gethostbyname %s: %s",
hostname, strerror(ret));
return ret;
}
res->len = 1;
res->val = malloc (sizeof(*res->val));
if (res->val == NULL)
if (res->val == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
res->val[0].addr_type = hostent->h_addrtype;
res->val[0].address.data = NULL;
res->val[0].address.length = 0;
err = krb5_data_copy (&res->val[0].address,
ret = krb5_data_copy (&res->val[0].address,
hostent->h_addr,
hostent->h_length);
if (err) {
if (ret) {
free (res->val);
return err;
return ret;
}
return 0;
}
@@ -96,8 +105,11 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags)
res->val = NULL;
if (getifaddrs(&ifa0) == -1)
return (errno);
if (getifaddrs(&ifa0) == -1) {
ret = errno;
krb5_set_error_string(context, "getifaddrs: %s", strerror(ret));
return (ret);
}
memset(&sa_zero, 0, sizeof(sa_zero));
@@ -107,6 +119,7 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags)
if (num == 0) {
freeifaddrs(ifa0);
krb5_set_error_string(context, "no addresses found");
return (ENXIO);
}
@@ -114,6 +127,7 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags)
res->val = calloc(num, sizeof(*res->val));
if (res->val == NULL) {
freeifaddrs(ifa0);
krb5_set_error_string (context, "malloc: out of memory");
return (ENOMEM);
}
@@ -132,7 +146,7 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags)
continue;
}
ret = krb5_sockaddr2address(ifa->ifa_addr, &res->val[idx]);
ret = krb5_sockaddr2address(context, ifa->ifa_addr, &res->val[idx]);
if (ret) {
/*
* The most likely error here is going to be "Program
@@ -159,7 +173,8 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags)
continue;
if ((ifa->ifa_flags & IFF_LOOPBACK) != 0) {
ret = krb5_sockaddr2address(ifa->ifa_addr, &res->val[idx]);
ret = krb5_sockaddr2address(context,
ifa->ifa_addr, &res->val[idx]);
if (ret) {
/*
* See comment above.
@@ -187,7 +202,7 @@ get_addrs_int (krb5_context context, krb5_addresses *res, int flags)
if (flags & SCAN_INTERFACES) {
ret = find_all_addresses (context, res, flags);
if(ret || res->len == 0)
ret = gethostname_fallback (res);
ret = gethostname_fallback (context, res);
} else
ret = 0;

70
lib/krb5/get_cred.c
View File

@@ -56,8 +56,10 @@ make_pa_tgs_req(krb5_context context,
buf_size = 1024;
buf = malloc (buf_size);
if (buf == NULL)
if (buf == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
do {
ret = encode_KDC_REQ_BODY(buf + buf_size - 1, buf_size,
@@ -69,6 +71,7 @@ make_pa_tgs_req(krb5_context context,
buf_size *= 2;
tmp = realloc (buf, buf_size);
if (tmp == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
goto out;
}
@@ -112,8 +115,10 @@ set_auth_data (krb5_context context,
len = length_AuthorizationData(authdata);
buf = malloc(len);
if (buf == NULL)
if (buf == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
ret = encode_AuthorizationData(buf + len - 1,
len, authdata, &len);
if (ret) {
@@ -124,7 +129,8 @@ set_auth_data (krb5_context context,
ALLOC(req_body->enc_authorization_data, 1);
if (req_body->enc_authorization_data == NULL) {
free (buf);
return ret;
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
ret = krb5_crypto_init(context, key, 0, &crypto);
if (ret) {
@@ -193,6 +199,7 @@ init_tgs_req (krb5_context context,
ALLOC(t->req_body.sname, 1);
if (t->req_body.sname == NULL) {
ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto fail;
}
@@ -208,6 +215,7 @@ init_tgs_req (krb5_context context,
ALLOC(t->req_body.till, 1);
if(t->req_body.till == NULL){
ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto fail;
}
*t->req_body.till = in_creds->times.endtime;
@@ -217,11 +225,13 @@ init_tgs_req (krb5_context context,
ALLOC(t->req_body.additional_tickets, 1);
if (t->req_body.additional_tickets == NULL) {
ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto fail;
}
ALLOC_SEQ(t->req_body.additional_tickets, 1);
if (t->req_body.additional_tickets->val == NULL) {
ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto fail;
}
ret = copy_Ticket(second_ticket, t->req_body.additional_tickets->val);
@@ -231,11 +241,13 @@ init_tgs_req (krb5_context context,
ALLOC(t->padata, 1);
if (t->padata == NULL) {
ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto fail;
}
ALLOC_SEQ(t->padata, 1);
if (t->padata->val == NULL) {
ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto fail;
}
@@ -422,6 +434,7 @@ get_cred_kdc_usage(krb5_context context,
buf_size = 1024;
buf = malloc (buf_size);
if (buf == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
goto out;
}
@@ -436,6 +449,7 @@ get_cred_kdc_usage(krb5_context context,
buf_size *= 2;
tmp = realloc (buf, buf_size);
if (tmp == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
goto out;
}
@@ -493,13 +507,16 @@ get_cred_kdc_usage(krb5_context context,
krb5_free_kdc_rep(context, &rep);
if (ret)
goto out;
}else if(krb5_rd_error(context, &resp, &error) == 0){
ret = error.error_code;
free_KRB_ERROR(&error);
}else if(resp.data && ((char*)resp.data)[0] == 4)
} else if(krb5_rd_error(context, &resp, &error) == 0) {
ret = krb5_error_from_rd_error(context, &error, in_creds);
krb5_free_error_contents(context, &error);
} else if(resp.data && ((char*)resp.data)[0] == 4) {
ret = KRB5KRB_AP_ERR_V4_REPLY;
else
krb5_clear_error_string(context);
} else {
ret = KRB5KRB_AP_ERR_MSG_TYPE;
krb5_clear_error_string(context);
}
krb5_data_free(&resp);
out:
if(subkey){
@@ -525,9 +542,11 @@ get_cred_kdc(krb5_context context,
ret = get_cred_kdc_usage(context, id, flags, addresses, in_creds,
krbtgt, out_creds, KRB5_KU_TGS_REQ_AUTH);
if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY)
if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
krb5_clear_error_string (context);
ret = get_cred_kdc_usage(context, id, flags, addresses, in_creds,
krbtgt, out_creds, KRB5_KU_AP_REQ_AUTH);
}
return ret;
}
@@ -560,9 +579,12 @@ krb5_get_kdc_cred(krb5_context context,
{
krb5_error_code ret;
krb5_creds *krbtgt;
*out_creds = calloc(1, sizeof(**out_creds));
if(*out_creds == NULL)
if(*out_creds == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
ret = get_krbtgt (context,
id,
in_creds->server->realm,
@@ -602,6 +624,7 @@ find_cred(krb5_context context,
}
tgts++;
}
krb5_clear_error_string(context);
return KRB5_CC_NOTFOUND;
}
@@ -611,10 +634,13 @@ add_cred(krb5_context context, krb5_creds ***tgts, krb5_creds *tkt)
int i;
krb5_error_code ret;
krb5_creds **tmp = *tgts;
for(i = 0; tmp && tmp[i]; i++); /* XXX */
tmp = realloc(tmp, (i+2)*sizeof(*tmp));
if(tmp == NULL)
if(tmp == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
*tgts = tmp;
ret = krb5_copy_creds(context, tkt, &tmp[i]);
tmp[i+1] = NULL;
@@ -679,9 +705,10 @@ get_cred_from_kdc_flags(krb5_context context,
*ret_tgts, &tgts);
if(ret == 0){
*out_creds = calloc(1, sizeof(**out_creds));
if(*out_creds == NULL)
if(*out_creds == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
else {
} else {
ret = get_cred_kdc_la(context, ccache, flags,
in_creds, &tgts, *out_creds);
if (ret) {
@@ -695,8 +722,10 @@ get_cred_from_kdc_flags(krb5_context context,
return ret;
}
}
if(krb5_realm_compare(context, in_creds->client, in_creds->server))
if(krb5_realm_compare(context, in_creds->client, in_creds->server)) {
krb5_clear_error_string (context);
return KRB5_CC_NOTFOUND;
}
/* XXX this can loop forever */
while(1){
general_string tgt_inst;
@@ -736,9 +765,10 @@ get_cred_from_kdc_flags(krb5_context context,
krb5_free_principal(context, tmp_creds.server);
krb5_free_principal(context, tmp_creds.client);
*out_creds = calloc(1, sizeof(**out_creds));
if(*out_creds == NULL)
if(*out_creds == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
else {
} else {
ret = get_cred_kdc_la(context, ccache, flags,
in_creds, tgt, *out_creds);
if (ret) {
@@ -791,8 +821,10 @@ krb5_get_credentials_with_flags(krb5_context context,
*out_creds = NULL;
res_creds = calloc(1, sizeof(*res_creds));
if (res_creds == NULL)
if (res_creds == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
ret = krb5_cc_retrieve_cred(context,
ccache,
@@ -806,8 +838,10 @@ krb5_get_credentials_with_flags(krb5_context context,
free(res_creds);
if(ret != KRB5_CC_END)
return ret;
if(options & KRB5_GC_CACHED)
if(options & KRB5_GC_CACHED) {
krb5_clear_error_string (context);
return KRB5_CC_NOTFOUND;
}
if(options & KRB5_GC_USER_USER)
flags.b.enc_tkt_in_skey = 1;
tgts = NULL;

7
lib/krb5/get_default_principal.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 1999, 2001 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -86,8 +86,11 @@ krb5_get_default_principal (krb5_context context,
if(user == NULL)
user = getlogin();
}
if(user == NULL)
if(user == NULL) {
krb5_set_error_string(context,
"unable to figure out current principal");
return ENOTTY; /* XXX */
}
ret = krb5_make_principal(context, princ, NULL, user, NULL);
}

6
lib/krb5/get_default_realm.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -73,8 +73,10 @@ krb5_get_default_realm(krb5_context context,
}
res = strdup (context->default_realms[0]);
if (res == NULL)
if (res == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
*realm = res;
return 0;
}

26
lib/krb5/get_for_creds.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -53,6 +53,7 @@ add_addrs(krb5_context context,
addr->len += n;
tmp = realloc(addr->val, addr->len * sizeof(*addr->val));
if (tmp == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
goto fail;
}
@@ -62,10 +63,12 @@ add_addrs(krb5_context context,
krb5_data_zero(&addr->val[i].address);
}
for (a = ai; a != NULL; a = a->ai_next) {
ret = krb5_sockaddr2address (a->ai_addr, &addr->val[i]);
ret = krb5_sockaddr2address (context, a->ai_addr, &addr->val[i]);
if (ret == 0)
++i;
else if (ret != KRB5_PROG_ATYPE_NOSUPP)
else if (ret == KRB5_PROG_ATYPE_NOSUPP)
krb5_clear_error_string (context);
else
goto fail;
}
addr->len = i;
@@ -143,8 +146,11 @@ krb5_get_forwarded_creds (krb5_context context,
addrs.val = NULL;
ret = getaddrinfo (hostname, NULL, NULL, &ai);
if (ret)
if (ret) {
krb5_set_error_string(context, "resolving %s: %s",
hostname, gai_strerror(ret));
return krb5_eai_to_heim_errno(ret);
}
ret = add_addrs (context, &addrs, ai);
freeaddrinfo (ai);
@@ -171,6 +177,7 @@ krb5_get_forwarded_creds (krb5_context context,
ALLOC_SEQ(&cred.tickets, 1);
if (cred.tickets.val == NULL) {
ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto out2;
}
ret = decode_Ticket(out_creds->ticket.data,
@@ -183,6 +190,7 @@ krb5_get_forwarded_creds (krb5_context context,
ALLOC_SEQ(&enc_krb_cred_part.ticket_info, 1);
if (enc_krb_cred_part.ticket_info.val == NULL) {
ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto out4;
}
@@ -191,18 +199,21 @@ krb5_get_forwarded_creds (krb5_context context,
ALLOC(enc_krb_cred_part.timestamp, 1);
if (enc_krb_cred_part.timestamp == NULL) {
ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto out4;
}
*enc_krb_cred_part.timestamp = sec;
ALLOC(enc_krb_cred_part.usec, 1);
if (enc_krb_cred_part.usec == NULL) {
ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto out4;
}
*enc_krb_cred_part.usec = usec;
if (auth_context->local_address && auth_context->local_port) {
ret = krb5_make_addrport (&enc_krb_cred_part.s_address,
ret = krb5_make_addrport (context,
&enc_krb_cred_part.s_address,
auth_context->local_address,
auth_context->local_port);
if (ret)
@@ -213,6 +224,7 @@ krb5_get_forwarded_creds (krb5_context context,
ALLOC(enc_krb_cred_part.r_address, 1);
if (enc_krb_cred_part.r_address == NULL) {
ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto out4;
}
@@ -288,8 +300,10 @@ krb5_get_forwarded_creds (krb5_context context,
return ret;
out_data->length = len;
out_data->data = malloc(len);
if (out_data->data == NULL)
if (out_data->data == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
memcpy (out_data->data, buf + sizeof(buf) - len, len);
return 0;
out4:

6
lib/krb5/get_host_realm.c
View File

@@ -161,18 +161,22 @@ krb5_get_host_realm_int (krb5_context context,
if(p != NULL) {
p++;
*realms = malloc(2 * sizeof(krb5_realm));
if (*realms == NULL)
if (*realms == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
(*realms)[0] = strdup(p);
if((*realms)[0] == NULL) {
free(*realms);
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
strupr((*realms)[0]);
(*realms)[1] = NULL;
return 0;
}
krb5_set_error_string(context, "unable to find realm of host %s", host);
return KRB5_ERR_HOST_REALM_UNKNOWN;
}

61
lib/krb5/get_in_tkt.c
View File

@@ -61,6 +61,7 @@ krb5_init_etype (krb5_context context,
*val = malloc(i * sizeof(int));
if (i != 0 && *val == NULL) {
ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto cleanup;
}
memmove (*val,
@@ -148,6 +149,7 @@ _krb5_extract_ticket(krb5_context context,
tmp = krb5_principal_compare (context, tmp_principal, creds->client);
if (!tmp) {
krb5_free_principal (context, tmp_principal);
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_MODIFIED;
goto out;
}
@@ -163,6 +165,7 @@ _krb5_extract_ticket(krb5_context context,
len = length_Ticket(&rep->kdc_rep.ticket);
buf = malloc(len);
if(buf == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
goto out;
}
@@ -189,6 +192,7 @@ _krb5_extract_ticket(krb5_context context,
krb5_free_principal (context, tmp_principal);
if (!tmp) {
ret = KRB5KRB_AP_ERR_MODIFIED;
krb5_clear_error_string (context);
goto out;
}
}
@@ -213,6 +217,7 @@ _krb5_extract_ticket(krb5_context context,
if (nonce != rep->enc_part.nonce) {
ret = KRB5KRB_AP_ERR_MODIFIED;
krb5_set_error_string(context, "malloc: out of memory");
goto out;
}
@@ -238,11 +243,16 @@ _krb5_extract_ticket(krb5_context context,
if (creds->times.starttime == 0
&& abs(tmp_time - sec_now) > context->max_skew) {
ret = KRB5KRB_AP_ERR_SKEW;
krb5_set_error_string (context,
"time skew (%d) larger than max (%d)",
abs(tmp_time - sec_now),
(int)context->max_skew);
goto out;
}
if (creds->times.starttime != 0
&& tmp_time != creds->times.starttime) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_MODIFIED;
goto out;
}
@@ -256,6 +266,7 @@ _krb5_extract_ticket(krb5_context context,
if (creds->times.renew_till != 0
&& tmp_time > creds->times.renew_till) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_MODIFIED;
goto out;
}
@@ -266,6 +277,7 @@ _krb5_extract_ticket(krb5_context context,
if (creds->times.endtime != 0
&& rep->enc_part.endtime > creds->times.endtime) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_MODIFIED;
goto out;
}
@@ -380,8 +392,10 @@ add_padata(krb5_context context,
netypes++;
}
pa2 = realloc (md->val, (md->len + netypes) * sizeof(*md->val));
if (pa2 == NULL)
if (pa2 == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
md->val = pa2;
for (i = 0; i < netypes; ++i) {
@@ -426,11 +440,13 @@ init_as_req (krb5_context context,
a->req_body.cname = malloc(sizeof(*a->req_body.cname));
if (a->req_body.cname == NULL) {
ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto fail;
}
a->req_body.sname = malloc(sizeof(*a->req_body.sname));
if (a->req_body.sname == NULL) {
ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto fail;
}
ret = krb5_principal2principalname (a->req_body.cname, creds->client);
@@ -447,6 +463,7 @@ init_as_req (krb5_context context,
a->req_body.from = malloc(sizeof(*a->req_body.from));
if (a->req_body.from == NULL) {
ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto fail;
}
*a->req_body.from = creds->times.starttime;
@@ -459,6 +476,7 @@ init_as_req (krb5_context context,
a->req_body.rtime = malloc(sizeof(*a->req_body.rtime));
if (a->req_body.rtime == NULL) {
ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto fail;
}
*a->req_body.rtime = creds->times.renew_till;
@@ -481,6 +499,7 @@ init_as_req (krb5_context context,
a->req_body.addresses = malloc(sizeof(*a->req_body.addresses));
if (a->req_body.addresses == NULL) {
ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto fail;
}
@@ -500,6 +519,7 @@ init_as_req (krb5_context context,
ALLOC(a->padata, 1);
if(a->padata == NULL) {
ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto fail;
}
for(i = 0; i < preauth->len; i++) {
@@ -511,6 +531,7 @@ init_as_req (krb5_context context,
sizeof(*a->padata->val));
if(tmp == NULL) {
ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto fail;
}
a->padata->val = tmp;
@@ -542,6 +563,7 @@ init_as_req (krb5_context context,
ALLOC(a->padata, 1);
if (a->padata == NULL) {
ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto fail;
}
a->padata->len = 0;
@@ -559,6 +581,8 @@ init_as_req (krb5_context context,
key_proc, keyseed, a->req_body.etype.val,
a->req_body.etype.len, &salt);
} else {
krb5_set_error_string (context, "pre-auth type %d not supported",
*ptypes);
ret = KRB5_PREAUTH_BAD_TYPE;
goto fail;
}
@@ -690,7 +714,7 @@ krb5_get_in_cred(krb5_context context,
ret = KRB5KRB_AP_ERR_V4_REPLY;
krb5_data_free(&resp);
if (ret2 == 0) {
ret = error.error_code;
ret = krb5_error_from_rd_error(context, &error, creds);
/* if no preauth was set and KDC requires it, give it
one more try */
if (!ptypes && !preauth
@@ -701,40 +725,9 @@ krb5_get_in_cred(krb5_context context,
&& set_ptypes(context, &error, &ptypes, &my_preauth)) {
done = 0;
preauth = my_preauth;
free_KRB_ERROR(&error);
krb5_free_error_contents(context, &error);
continue;
}
if (error.e_text != NULL) {
krb5_set_error_string(context, "%s", *error.e_text);
} else {
char clientname[256], servername[256];
krb5_unparse_name_fixed(context, creds->client,
clientname, sizeof(clientname));
krb5_unparse_name_fixed(context, creds->server,
servername, sizeof(servername));
switch (ret) {
case KRB5KDC_ERR_NAME_EXP :
krb5_set_error_string(context, "Client (%s) expired",
clientname);
break;
case KRB5KDC_ERR_SERVICE_EXP :
krb5_set_error_string(context, "Server (%s) expired",
servername);
break;
case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN :
krb5_set_error_string(context, "Client (%s) unknown",
clientname);
break;
case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN :
krb5_set_error_string(context, "Server (%s) unknown",
servername);
break;
default :
;
}
}
if(ret_as_reply)
ret_as_reply->error = error;
else

7
lib/krb5/get_in_tkt_pw.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 1999 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -47,11 +47,14 @@ krb5_password_key_proc (krb5_context context,
char buf[BUFSIZ];
*key = malloc (sizeof (**key));
if (*key == NULL)
if (*key == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
if (password == NULL) {
if(des_read_pw_string (buf, sizeof(buf), "Password: ", 0)) {
free (*key);
krb5_clear_error_string(context);
return KRB5_LIBOS_PWDINTR;
}
password = buf;

6
lib/krb5/get_in_tkt_with_keytab.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 1998 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -82,8 +82,10 @@ krb5_get_in_tkt_with_keytab (krb5_context context,
krb5_keytab_key_proc_args *a;
a = malloc(sizeof(*a));
if (a == NULL)
if (a == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
a->principal = creds->client;
a->keytab = keytab;

18
lib/krb5/init_creds_pw.c
View File

@@ -175,7 +175,7 @@ print_expire (krb5_context context,
7 * 24 * 60 * 60);
for (i = 0; i < lr->len; ++i) {
if (lr->val[i].lr_type == 6
if (abs(lr->val[i].lr_type) == LR_PW_EXPTIME
&& lr->val[i].lr_value <= t) {
char *p;
time_t tmp = lr->val[i].lr_value;
@@ -252,8 +252,10 @@ get_init_creds_common(krb5_context context,
if (options->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST) {
*etypes = malloc((options->etype_list_length + 1)
* sizeof(krb5_enctype));
if (*etypes == NULL)
if (*etypes == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
memcpy (*etypes, options->etype_list,
options->etype_list_length * sizeof(krb5_enctype));
(*etypes)[options->etype_list_length] = ETYPE_NULL;
@@ -261,8 +263,10 @@ get_init_creds_common(krb5_context context,
if (options->flags & KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST) {
*pre_auth_types = malloc((options->preauth_list_length + 1)
* sizeof(krb5_preauthtype));
if (*pre_auth_types == NULL)
if (*pre_auth_types == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
memcpy (*pre_auth_types, options->preauth_list,
options->preauth_list_length * sizeof(krb5_preauthtype));
(*pre_auth_types)[options->preauth_list_length] = KRB5_PADATA_NONE;
@@ -370,8 +374,10 @@ change_password (krb5_context context,
if (result_code == 0) {
strlcpy (newpw, buf1, newpw_sz);
ret = 0;
} else
} else {
krb5_set_error_string (context, "failed changing password");
ret = ENOTTY;
}
out:
memset (buf1, 0, sizeof(buf1));
@@ -429,6 +435,7 @@ krb5_get_init_creds_password(krb5_context context,
if (ret) {
memset (buf, 0, sizeof(buf));
ret = KRB5_LIBOS_PWDINTR;
krb5_clear_error_string (context);
goto out;
}
password = password_data.data;
@@ -456,6 +463,8 @@ krb5_get_init_creds_password(krb5_context context,
case KRB5KDC_ERR_KEY_EXPIRED :
/* try to avoid recursion */
krb5_clear_error_string (context);
if (in_tkt_service != NULL
&& strcmp (in_tkt_service, "kadmin/changepw") == 0)
goto out;
@@ -533,6 +542,7 @@ krb5_get_init_creds_keytab(krb5_context context,
a = malloc (sizeof(*a));
if (a == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
goto out;
}

6
lib/krb5/keyblock.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -72,8 +72,10 @@ krb5_copy_keyblock (krb5_context context,
krb5_keyblock *k;
k = malloc (sizeof(*k));
if (k == NULL)
if (k == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
*to = k;
return krb5_copy_keyblock_contents (context, inblock, k);
}

29
lib/krb5/keytab.c
View File

@@ -48,8 +48,10 @@ krb5_kt_register(krb5_context context,
tmp = realloc(context->kt_types,
(context->num_kt_types + 1) * sizeof(*context->kt_types));
if(tmp == NULL)
if(tmp == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
memcpy(&tmp[context->num_kt_types], ops,
sizeof(tmp[context->num_kt_types]));
context->kt_types = tmp;
@@ -96,8 +98,10 @@ krb5_kt_resolve(krb5_context context,
}
k = malloc (sizeof(*k));
if (k == NULL)
if (k == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
memcpy(k, &context->kt_types[i], sizeof(*k));
k->data = NULL;
ret = (*k->resolve)(context, residual, k);
@@ -117,8 +121,10 @@ krb5_kt_resolve(krb5_context context,
krb5_error_code
krb5_kt_default_name(krb5_context context, char *name, size_t namesize)
{
if (strlcpy (name, context->default_keytab, namesize) >= namesize)
if (strlcpy (name, context->default_keytab, namesize) >= namesize) {
krb5_clear_error_string (context);
return KRB5_CONFIG_NOTENUFSPACE;
}
return 0;
}
@@ -130,8 +136,10 @@ krb5_kt_default_name(krb5_context context, char *name, size_t namesize)
krb5_error_code
krb5_kt_default_modify_name(krb5_context context, char *name, size_t namesize)
{
if (strlcpy (name, context->default_keytab_modify, namesize) >= namesize)
if (strlcpy (name, context->default_keytab_modify, namesize) >= namesize) {
krb5_clear_error_string (context);
return KRB5_CONFIG_NOTENUFSPACE;
}
return 0;
}
@@ -277,10 +285,19 @@ krb5_kt_get_entry(krb5_context context,
krb5_kt_free_entry(context, &tmp);
}
krb5_kt_end_seq_get (context, id, &cursor);
if (entry->vno)
if (entry->vno) {
return 0;
else
} else {
char princ[256], kt_name[256];
krb5_unparse_name_fixed (context, principal, princ, sizeof(princ));
krb5_kt_get_name (context, id, kt_name, sizeof(kt_name));
krb5_set_error_string (context,
"failed to find %s in keytab %s",
princ, kt_name);
return KRB5_KT_NOTFOUND;
}
}
/*

14
lib/krb5/keytab_any.c
View File

@@ -70,6 +70,7 @@ any_resolve(krb5_context context, const char *name, krb5_keytab id)
a0 = a;
a->name = strdup(name);
if (a->name == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
goto fail;
}
@@ -83,8 +84,10 @@ any_resolve(krb5_context context, const char *name, krb5_keytab id)
goto fail;
prev = a;
}
if (a0 == NULL)
if (a0 == NULL) {
krb5_set_error_string(context, "empty ANY: keytab");
return ENOENT;
}
id->data = a0;
return 0;
fail:
@@ -128,8 +131,10 @@ any_start_seq_get(krb5_context context,
krb5_error_code ret;
c->data = malloc (sizeof(struct any_cursor_extra_data));
if(c->data == NULL)
if(c->data == NULL){
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
ed = (struct any_cursor_extra_data *)c->data;
ed->a = a;
ret = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor);
@@ -137,6 +142,7 @@ any_start_seq_get(krb5_context context,
free (ed);
free (c->data);
c->data = NULL;
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
return 0;
@@ -161,8 +167,10 @@ any_next_entry (krb5_context context,
if (ret2)
return ret2;
ed->a = ed->a->next;
if (ed->a == NULL)
if (ed->a == NULL) {
krb5_clear_error_string (context);
return KRB5_CC_END;
}
ret2 = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor);
if (ret2)
return ret2;

74
lib/krb5/keytab_file.c
View File

@@ -46,7 +46,8 @@ struct fkt_data {
};
static krb5_error_code
krb5_kt_ret_data(krb5_storage *sp,
krb5_kt_ret_data(krb5_context context,
krb5_storage *sp,
krb5_data *data)
{
int ret;
@@ -56,8 +57,10 @@ krb5_kt_ret_data(krb5_storage *sp,
return ret;
data->length = size;
data->data = malloc(size);
if (data->data == NULL)
if (data->data == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
ret = sp->fetch(sp, data->data, size);
if(ret != size)
return (ret < 0)? errno : KRB5_KT_END;
@@ -65,7 +68,8 @@ krb5_kt_ret_data(krb5_storage *sp,
}
static krb5_error_code
krb5_kt_ret_string(krb5_storage *sp,
krb5_kt_ret_string(krb5_context context,
krb5_storage *sp,
general_string *data)
{
int ret;
@@ -74,8 +78,10 @@ krb5_kt_ret_string(krb5_storage *sp,
if(ret)
return ret;
*data = malloc(size + 1);
if (*data == NULL)
if (*data == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
ret = sp->fetch(sp, *data, size);
(*data)[size] = '\0';
if(ret != size)
@@ -84,7 +90,8 @@ krb5_kt_ret_string(krb5_storage *sp,
}
static krb5_error_code
krb5_kt_store_data(krb5_storage *sp,
krb5_kt_store_data(krb5_context context,
krb5_storage *sp,
krb5_data data)
{
int ret;
@@ -119,7 +126,7 @@ krb5_kt_store_string(krb5_storage *sp,
}
static krb5_error_code
krb5_kt_ret_keyblock(krb5_storage *sp, krb5_keyblock *p)
krb5_kt_ret_keyblock(krb5_context context, krb5_storage *sp, krb5_keyblock *p)
{
int ret;
int16_t tmp;
@@ -127,25 +134,27 @@ krb5_kt_ret_keyblock(krb5_storage *sp, krb5_keyblock *p)
ret = krb5_ret_int16(sp, &tmp); /* keytype + etype */
if(ret) return ret;
p->keytype = tmp;
ret = krb5_kt_ret_data(sp, &p->keyvalue);
ret = krb5_kt_ret_data(context, sp, &p->keyvalue);
return ret;
}
static krb5_error_code
krb5_kt_store_keyblock(krb5_storage *sp,
krb5_kt_store_keyblock(krb5_context context,
krb5_storage *sp,
krb5_keyblock *p)
{
int ret;
ret = krb5_store_int16(sp, p->keytype); /* keytype + etype */
if(ret) return ret;
ret = krb5_kt_store_data(sp, p->keyvalue);
ret = krb5_kt_store_data(context, sp, p->keyvalue);
return ret;
}
static krb5_error_code
krb5_kt_ret_principal(krb5_storage *sp,
krb5_kt_ret_principal(krb5_context context,
krb5_storage *sp,
krb5_principal *princ)
{
int i;
@@ -154,8 +163,10 @@ krb5_kt_ret_principal(krb5_storage *sp,
int16_t tmp;
ALLOC(p, 1);
if(p == NULL)
if(p == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
ret = krb5_ret_int16(sp, &tmp);
if(ret)
@@ -163,15 +174,19 @@ krb5_kt_ret_principal(krb5_storage *sp,
if (sp->flags & KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS)
tmp--;
p->name.name_string.len = tmp;
ret = krb5_kt_ret_string(sp, &p->realm);
if(ret) return ret;
ret = krb5_kt_ret_string(context, sp, &p->realm);
if(ret)
return ret;
p->name.name_string.val = calloc(p->name.name_string.len,
sizeof(*p->name.name_string.val));
if(p->name.name_string.val == NULL)
if(p->name.name_string.val == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
for(i = 0; i < p->name.name_string.len; i++){
ret = krb5_kt_ret_string(sp, p->name.name_string.val + i);
if(ret) return ret;
ret = krb5_kt_ret_string(context, sp, p->name.name_string.val + i);
if(ret)
return ret;
}
if (krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE))
p->name.name_type = KRB5_NT_UNKNOWN;
@@ -187,7 +202,8 @@ krb5_kt_ret_principal(krb5_storage *sp,
}
static krb5_error_code
krb5_kt_store_principal(krb5_storage *sp,
krb5_kt_store_principal(krb5_context context,
krb5_storage *sp,
krb5_principal p)
{
int i;
@@ -202,7 +218,8 @@ krb5_kt_store_principal(krb5_storage *sp,
if(ret) return ret;
for(i = 0; i < p->name.name_string.len; i++){
ret = krb5_kt_store_string(sp, p->name.name_string.val[i]);
if(ret) return ret;
if(ret)
return ret;
}
if(!krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) {
ret = krb5_store_int32(sp, p->name.name_type);
@@ -217,12 +234,16 @@ static krb5_error_code
fkt_resolve(krb5_context context, const char *name, krb5_keytab id)
{
struct fkt_data *d;
d = malloc(sizeof(*d));
if(d == NULL)
if(d == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
d->filename = strdup(name);
if(d->filename == NULL) {
free(d);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
id->data = d;
@@ -296,6 +317,7 @@ fkt_start_seq_get_int(krb5_context context,
if(pvno != 5) {
krb5_storage_free(c->sp);
close(c->fd);
krb5_clear_error_string (context);
return KRB5_KEYTAB_BADVNO;
}
ret = krb5_ret_int8(c->sp, &tag);
@@ -340,7 +362,7 @@ loop:
pos = cursor->sp->seek(cursor->sp, -len, SEEK_CUR);
goto loop;
}
ret = krb5_kt_ret_principal (cursor->sp, &entry->principal);
ret = krb5_kt_ret_principal (context, cursor->sp, &entry->principal);
if (ret)
goto out;
ret = krb5_ret_int32(cursor->sp, &tmp32);
@@ -351,7 +373,7 @@ loop:
if (ret)
goto out;
entry->vno = tmp8;
ret = krb5_kt_ret_keyblock (cursor->sp, &entry->keyblock);
ret = krb5_kt_ret_keyblock (context, cursor->sp, &entry->keyblock);
if (ret)
goto out;
if(start) *start = pos;
@@ -429,6 +451,7 @@ fkt_add_entry(krb5_context context,
if(pvno != 5) {
krb5_storage_free(sp);
close(fd);
krb5_clear_error_string (context);
return KRB5_KEYTAB_BADVNO;
}
ret = krb5_ret_int8 (sp, &tag);
@@ -446,9 +469,10 @@ fkt_add_entry(krb5_context context,
emem = krb5_storage_emem();
if(emem == NULL) {
ret = ENOMEM;
krb5_set_error_string (context, "malloc: out of memory");
goto out;
}
ret = krb5_kt_store_principal(emem, entry->principal);
ret = krb5_kt_store_principal(context, emem, entry->principal);
if(ret) {
krb5_storage_free(emem);
goto out;
@@ -463,7 +487,7 @@ fkt_add_entry(krb5_context context,
krb5_storage_free(emem);
goto out;
}
ret = krb5_kt_store_keyblock (emem, &entry->keyblock);
ret = krb5_kt_store_keyblock (context, emem, &entry->keyblock);
if(ret) {
krb5_storage_free(emem);
goto out;
@@ -529,8 +553,10 @@ fkt_remove_entry(krb5_context context,
}
}
krb5_kt_end_seq_get(context, id, &cursor);
if (!found)
if (!found) {
krb5_clear_error_string (context);
return KRB5_KT_NOTFOUND;
}
return 0;
}

64
lib/krb5/keytab_keyfile.c
View File

@@ -63,16 +63,23 @@ struct akf_data {
*/
static int
get_cell_and_realm (struct akf_data *d)
get_cell_and_realm (krb5_context context,
struct akf_data *d)
{
FILE *f;
char buf[BUFSIZ], *cp;
int ret;
f = fopen (AFS_SERVERTHISCELL, "r");
if (f == NULL)
return errno;
if (f == NULL) {
ret = errno;
krb5_set_error_string (context, "open %s: %s", AFS_SERVERTHISCELL,
strerror(ret));
return ret;
}
if (fgets (buf, sizeof(buf), f) == NULL) {
fclose (f);
krb5_set_error_string (context, "no cell in %s", AFS_SERVERTHISCELL);
return EINVAL;
}
if (buf[strlen(buf) - 1] == '\n')
@@ -80,13 +87,17 @@ get_cell_and_realm (struct akf_data *d)
fclose(f);
d->cell = strdup (buf);
if (d->cell == NULL)
return errno;
if (d->cell == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
f = fopen (AFS_SERVERMAGICKRBCONF, "r");
if (f != NULL) {
if (fgets (buf, sizeof(buf), f) == NULL) {
fclose (f);
krb5_set_error_string (context, "no realm in %s",
AFS_SERVERMAGICKRBCONF);
return EINVAL;
}
if (buf[strlen(buf)-1] == '\n')
@@ -100,7 +111,8 @@ get_cell_and_realm (struct akf_data *d)
d->realm = strdup (buf);
if (d->realm == NULL) {
free (d->cell);
return errno;
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
return 0;
}
@@ -115,11 +127,13 @@ akf_resolve(krb5_context context, const char *name, krb5_keytab id)
int ret;
struct akf_data *d = malloc(sizeof (struct akf_data));
if (d == NULL)
return errno;
if (d == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
d->num_entries = 0;
ret = get_cell_and_realm (d);
ret = get_cell_and_realm (context, d);
if (ret) {
free (d);
return ret;
@@ -129,6 +143,7 @@ akf_resolve(krb5_context context, const char *name, krb5_keytab id)
free (d->cell);
free (d->realm);
free (d);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
id->data = d;
@@ -180,14 +195,19 @@ akf_start_seq_get(krb5_context context,
struct akf_data *d = id->data;
c->fd = open (d->filename, O_RDONLY|O_BINARY, 0600);
if (c->fd < 0)
return errno;
if (c->fd < 0) {
ret = errno;
krb5_set_error_string(context, "open(%s): %s", d->filename,
strerror(ret));
return ret;
}
c->sp = krb5_storage_from_fd(c->fd);
ret = krb5_ret_int32(c->sp, &d->num_entries);
if(ret) {
krb5_storage_free(c->sp);
close(c->fd);
krb5_clear_error_string (context);
if(ret == KRB5_CC_END)
return KRB5_KT_NOTFOUND;
return ret;
@@ -230,6 +250,7 @@ akf_next_entry(krb5_context context,
entry->keyblock.keyvalue.data = malloc (8);
if (entry->keyblock.keyvalue.data == NULL) {
krb5_free_principal (context, entry->principal);
krb5_set_error_string (context, "malloc: out of memory");
ret = ENOMEM;
goto out;
}
@@ -270,8 +291,12 @@ akf_add_entry(krb5_context context,
if (fd < 0) {
fd = open (d->filename,
O_RDWR | O_BINARY | O_CREAT, 0600);
if (fd < 0)
return errno;
if (fd < 0) {
ret = errno;
krb5_set_error_string(context, "open(%s): %s", d->filename,
strerror(ret));
return ret;
}
created = 1;
}
@@ -284,15 +309,18 @@ akf_add_entry(krb5_context context,
sp = krb5_storage_from_fd(fd);
if(sp == NULL) {
close(fd);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
if (created)
len = 0;
else {
if((*sp->seek)(sp, 0, SEEK_SET) < 0) {
ret = errno;
krb5_storage_free(sp);
close(fd);
return errno;
krb5_set_error_string (context, "seek: %s", strerror(ret));
return ret;
}
ret = krb5_ret_int32(sp, &len);
@@ -305,9 +333,11 @@ akf_add_entry(krb5_context context,
len++;
if((*sp->seek)(sp, 0, SEEK_SET) < 0) {
ret = errno;
krb5_storage_free(sp);
close(fd);
return errno;
krb5_set_error_string (context, "seek: %s", strerror(ret));
return ret;
}
ret = krb5_store_int32(sp, len);
@@ -319,9 +349,11 @@ akf_add_entry(krb5_context context,
if((*sp->seek)(sp, (len - 1) * (8 + 4), SEEK_CUR) < 0) {
ret = errno;
krb5_storage_free(sp);
close(fd);
return errno;
krb5_set_error_string (context, "seek: %s", strerror(ret));
return ret;
}
ret = krb5_store_int32(sp, entry->vno);

25
lib/krb5/keytab_krb4.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -45,11 +45,14 @@ krb4_kt_resolve(krb5_context context, const char *name, krb5_keytab id)
struct krb4_kt_data *d;
d = malloc (sizeof(*d));
if (d == NULL)
if (d == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
d->filename = strdup (name);
if (d->filename == NULL) {
free(d);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
id->data = d;
@@ -92,17 +95,23 @@ krb4_kt_start_seq_get_int (krb5_context context,
{
struct krb4_kt_data *d = id->data;
struct krb4_cursor_extra_data *ed;
int ret;
ed = malloc (sizeof(*ed));
if (ed == NULL)
if (ed == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
ed->entry.principal = NULL;
ed->num = -1;
c->data = ed;
c->fd = open (d->filename, flags);
if (c->fd < 0) {
ret = errno;
free (ed);
return errno;
krb5_set_error_string(context, "open(%s): %s", d->filename,
strerror(ret));
return ret;
}
c->sp = krb5_storage_from_fd(c->fd);
return 0;
@@ -238,8 +247,12 @@ krb4_kt_add_entry (krb5_context context,
if (fd < 0) {
fd = open (d->filename,
O_WRONLY | O_APPEND | O_BINARY | O_CREAT, 0600);
if (fd < 0)
return errno;
if (fd < 0) {
ret = errno;
krb5_set_error_string(context, "open(%s): %s", d->filename,
strerror(ret));
return ret;
}
}
ret = krb5_524_conv_principal (context, entry->principal,
service, instance, realm);

10
lib/krb5/keytab_memory.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -47,8 +47,10 @@ mkt_resolve(krb5_context context, const char *name, krb5_keytab id)
{
struct mkt_data *d;
d = malloc(sizeof(*d));
if(d == NULL)
if(d == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
d->entries = NULL;
d->num_entries = 0;
id->data = d;
@@ -115,8 +117,10 @@ mkt_add_entry(krb5_context context,
struct mkt_data *d = id->data;
krb5_keytab_entry *tmp;
tmp = realloc(d->entries, (d->num_entries + 1) * sizeof(*d->entries));
if(tmp == NULL)
if(tmp == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
d->entries = tmp;
return krb5_kt_copy_entry_contents(context, entry,
&d->entries[d->num_entries++]);

22
lib/krb5/krbhst.c
View File

@@ -41,17 +41,21 @@ RCSID("$Id$");
*/
static int
add_string(char ***res, int *count, const char *string)
add_string(krb5_context context, char ***res, int *count, const char *string)
{
char **tmp = realloc(*res, (*count + 1) * sizeof(**res));
if(tmp == NULL)
if(tmp == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
*res = tmp;
if(string) {
tmp[*count] = strdup(string);
if(tmp[*count] == NULL)
if(tmp[*count] == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
} else
tmp[*count] = NULL;
(*count)++;
@@ -94,19 +98,21 @@ srv_find_realm(krb5_context context, char ***res, int *count,
char **tmp;
tmp = realloc(*res, (*count + 1) * sizeof(**res));
if (tmp == NULL)
if (tmp == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
*res = tmp;
snprintf (buf, sizeof(buf),
"%s/%s:%u",
proto,
rr->u.srv->target,
rr->u.srv->port);
ret = add_string(res, count, buf);
ret = add_string(context, res, count, buf);
if(ret)
return ret;
}else if(rr->type == T_TXT) {
ret = add_string(res, count, rr->u.txt);
ret = add_string(context, res, count, rr->u.txt);
if(ret)
return ret;
}
@@ -151,13 +157,13 @@ get_krbhst (krb5_context context,
if(count == 0) {
char buf[1024];
snprintf(buf, sizeof(buf), "kerberos.%s", *realm);
ret = add_string(&res, &count, buf);
ret = add_string(context, &res, &count, buf);
if(ret) {
krb5_config_free_strings(res);
return ret;
}
}
add_string(&res, &count, NULL);
add_string(context, &res, &count, NULL);
*hostlist = res;
return 0;
}

44
lib/krb5/log.c
View File

@@ -120,11 +120,14 @@ krb5_initlog(krb5_context context,
krb5_log_facility **fac)
{
krb5_log_facility *f = calloc(1, sizeof(*f));
if(f == NULL)
if(f == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
f->program = strdup(program);
if(f->program == NULL){
free(f);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
*fac = f;
@@ -141,8 +144,10 @@ krb5_addlog_func(krb5_context context,
void *data)
{
struct facility *fp = log_realloc(fac);
if(fp == NULL)
if(fp == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
fp->min = min;
fp->max = max;
fp->log = log;
@@ -181,8 +186,10 @@ open_syslog(krb5_context context,
struct syslog_data *sd = malloc(sizeof(*sd));
int i;
if(sd == NULL)
if(sd == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
i = find_value(sev, syslogvals);
if(i == -1)
i = LOG_ERR;
@@ -232,8 +239,10 @@ open_file(krb5_context context, krb5_log_facility *fac, int min, int max,
char *filename, char *mode, FILE *f, int keep_open)
{
struct file_data *fd = malloc(sizeof(*fd));
if(fd == NULL)
if(fd == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
fd->filename = filename;
fd->mode = mode;
fd->fd = f;
@@ -245,11 +254,13 @@ open_file(krb5_context context, krb5_log_facility *fac, int min, int max,
krb5_error_code
krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *p)
krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig)
{
krb5_error_code ret = 0;
int min = 0, max = -1, n;
char c;
const char *p = orig;
n = sscanf(p, "%d%c%d/", &min, &c, &max);
if(n == 2){
if(c == '/') {
@@ -263,7 +274,10 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *p)
}
if(n){
p = strchr(p, '/');
if(p == NULL) return HEIM_ERR_LOG_PARSE;
if(p == NULL) {
krb5_set_error_string (context, "failed to parse \"%s\"", orig);
return HEIM_ERR_LOG_PARSE;
}
p++;
}
if(strcmp(p, "STDERR") == 0){
@@ -275,17 +289,26 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *p)
FILE *file = NULL;
int keep_open = 0;
fn = strdup(p + 5);
if(fn == NULL)
if(fn == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
if(p[4] == '='){
int i = open(fn, O_WRONLY | O_CREAT |
O_TRUNC | O_APPEND, 0666);
if(i < 0)
return errno;
if(i < 0) {
ret = errno;
krb5_set_error_string (context, "open(%s): %s", fn,
strerror(ret));
return ret;
}
file = fdopen(i, "a");
if(file == NULL){
ret = errno;
close(i);
return errno;
krb5_set_error_string (context, "fdopen(%s): %s", fn,
strerror(ret));
return ret;
}
keep_open = 1;
}
@@ -303,6 +326,7 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *p)
facility = "AUTH";
ret = open_syslog(context, f, min, max, severity, facility);
}else{
krb5_set_error_string (context, "unknown log type: %s", p);
ret = HEIM_ERR_LOG_PARSE; /* XXX */
}
return ret;

13
lib/krb5/mcache.c
View File

@@ -65,6 +65,7 @@ static krb5_mcache *
mcc_alloc(const char *name)
{
krb5_mcache *m;
ALLOC(m, 1);
if(m == NULL)
return NULL;
@@ -101,8 +102,10 @@ mcc_resolve(krb5_context context, krb5_ccache *id, const char *res)
}
m = mcc_alloc(res);
if (m == NULL)
if (m == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return KRB5_CC_NOMEM;
}
(*id)->data.data = m;
(*id)->data.length = sizeof(*m);
@@ -118,8 +121,10 @@ mcc_gen_new(krb5_context context, krb5_ccache *id)
m = mcc_alloc(NULL);
if (m == NULL)
if (m == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return KRB5_CC_NOMEM;
}
(*id)->data.data = m;
(*id)->data.length = sizeof(*m);
@@ -203,8 +208,10 @@ mcc_store_cred(krb5_context context,
return ENOENT;
l = malloc (sizeof(*l));
if (l == NULL)
if (l == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return KRB5_CC_NOMEM;
}
l->next = m->creds;
m->creds = l;
memset (&l->cred, 0, sizeof(l->cred));

6
lib/krb5/mk_error.c
View File

@@ -86,8 +86,10 @@ krb5_mk_error(krb5_context context,
buf_size = 1024;
buf = malloc (buf_size);
if (buf == NULL)
if (buf == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
do {
ret = encode_KRB_ERROR(buf + buf_size - 1,
@@ -101,6 +103,7 @@ krb5_mk_error(krb5_context context,
buf_size *= 2;
tmp = realloc (buf, buf_size);
if (tmp == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
ret = ENOMEM;
goto out;
}
@@ -114,6 +117,7 @@ krb5_mk_error(krb5_context context,
reply->length = len;
reply->data = malloc(len);
if (reply->data == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
ret = ENOMEM;
goto out;
}

9
lib/krb5/mk_priv.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -87,8 +87,10 @@ krb5_mk_priv(krb5_context context,
buf_size = 1024;
buf = malloc (buf_size);
if (buf == NULL)
if (buf == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
krb5_data_zero (&s.enc_part.cipher);
@@ -102,6 +104,7 @@ krb5_mk_priv(krb5_context context,
buf_size *= 2;
tmp = realloc (buf, buf_size);
if (tmp == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
ret = ENOMEM;
goto fail;
}
@@ -144,6 +147,7 @@ krb5_mk_priv(krb5_context context,
buf_size *= 2;
tmp = realloc (buf, buf_size);
if (tmp == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
ret = ENOMEM;
goto fail;
}
@@ -158,6 +162,7 @@ krb5_mk_priv(krb5_context context,
outbuf->length = len;
outbuf->data = malloc (len);
if (outbuf->data == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
free(buf);
return ENOMEM;
}

8
lib/krb5/mk_rep.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -61,8 +61,10 @@ krb5_mk_rep(krb5_context context,
auth_context->keyblock,
&auth_context->local_seqnumber);
body.seq_number = malloc (sizeof(*body.seq_number));
if (body.seq_number == NULL)
if (body.seq_number == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
*(body.seq_number) = auth_context->local_seqnumber;
} else
body.seq_number = NULL;
@@ -74,6 +76,7 @@ krb5_mk_rep(krb5_context context,
buf = malloc (buf_size);
if (buf == NULL) {
free_EncAPRepPart (&body);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
@@ -106,6 +109,7 @@ krb5_mk_rep(krb5_context context,
buf = realloc(buf, buf_size);
if(buf == NULL) {
free_AP_REP (&ap);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
ret = encode_AP_REP (buf + buf_size - 1, buf_size, &ap, &len);

2
lib/krb5/mk_req.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*

14
lib/krb5/mk_safe.c
View File

@@ -48,6 +48,7 @@ krb5_mk_safe(krb5_context context,
KerberosTime sec2;
int usec2;
u_char *buf = NULL;
void *tmp;
size_t buf_size;
size_t len;
u_int32_t tmp_seq;
@@ -78,8 +79,10 @@ krb5_mk_safe(krb5_context context,
buf_size = length_KRB_SAFE(&s);
buf = malloc(buf_size + 128); /* add some for checksum */
if(buf == NULL)
if(buf == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
ret = encode_KRB_SAFE (buf + buf_size - 1, buf_size, &s, &len);
if (ret) {
free (buf);
@@ -104,9 +107,13 @@ krb5_mk_safe(krb5_context context,
}
buf_size = length_KRB_SAFE(&s);
buf = realloc(buf, buf_size);
if(buf == NULL)
tmp = realloc(buf, buf_size);
if(tmp == NULL) {
free(buf);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
buf = tmp;
ret = encode_KRB_SAFE (buf + buf_size - 1, buf_size, &s, &len);
free_Checksum (&s.cksum);
@@ -115,6 +122,7 @@ krb5_mk_safe(krb5_context context,
outbuf->data = malloc (len);
if (outbuf->data == NULL) {
free (buf);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
memcpy (outbuf->data, buf + buf_size - len, len);

74
lib/krb5/principal.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997-2000 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997-2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -82,20 +82,26 @@ krb5_parse_name(krb5_context context,
ncomp = 1;
for(p = (char*)name; *p; p++){
if(*p=='\\'){
if(!p[1])
if(!p[1]) {
krb5_set_error_string (context,
"trailing \\ in principal name");
return KRB5_PARSE_MALFORMED;
}
p++;
} else if(*p == '/')
ncomp++;
}
comp = calloc(ncomp, sizeof(*comp));
if (comp == NULL)
if (comp == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
n = 0;
start = q = p = s = strdup(name);
if (start == NULL) {
free (comp);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
while(*p){
@@ -112,11 +118,14 @@ krb5_parse_name(krb5_context context,
c = '\0';
}else if(c == '/' || c == '@'){
if(got_realm){
krb5_set_error_string (context,
"part after realm in principal name");
ret = KRB5_PARSE_MALFORMED;
goto exit;
}else{
comp[n] = malloc(q - start + 1);
if (comp[n] == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
ret = ENOMEM;
goto exit;
}
@@ -130,6 +139,8 @@ krb5_parse_name(krb5_context context,
continue;
}
if(got_realm && (c == ':' || c == '/' || c == '\0')) {
krb5_set_error_string (context,
"part after realm in principal name");
ret = KRB5_PARSE_MALFORMED;
goto exit;
}
@@ -138,6 +149,7 @@ krb5_parse_name(krb5_context context,
if(got_realm){
realm = malloc(q - start + 1);
if (realm == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
ret = ENOMEM;
goto exit;
}
@@ -150,6 +162,7 @@ krb5_parse_name(krb5_context context,
comp[n] = malloc(q - start + 1);
if (comp[n] == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
ret = ENOMEM;
goto exit;
}
@@ -159,6 +172,7 @@ krb5_parse_name(krb5_context context,
}
*principal = malloc(sizeof(**principal));
if (*principal == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
ret = ENOMEM;
goto exit;
}
@@ -278,8 +292,10 @@ unparse_name(krb5_context context,
len++;
}
*name = malloc(len);
if(len != 0 && *name == NULL)
if(len != 0 && *name == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
ret = unparse_name_fixed(context, principal, *name, len, short_flag);
if(ret)
free(*name);
@@ -356,12 +372,16 @@ append_component(krb5_context context, krb5_principal p,
size_t len = princ_num_comp(p);
tmp = realloc(princ_comp(p), (len + 1) * sizeof(*tmp));
if(tmp == NULL)
if(tmp == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
princ_comp(p) = tmp;
princ_ncomp(p, len) = malloc(comp_len + 1);
if (princ_ncomp(p, len) == NULL)
if (princ_ncomp(p, len) == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
memcpy (princ_ncomp(p, len), comp, comp_len);
princ_ncomp(p, len)[comp_len] = '\0';
princ_num_comp(p)++;
@@ -406,13 +426,16 @@ build_principal(krb5_context context,
krb5_principal p;
p = calloc(1, sizeof(*p));
if (p == NULL)
if (p == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
princ_type(p) = KRB5_NT_PRINCIPAL;
princ_realm(p) = strdup(realm);
if(p->realm == NULL){
free(p);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
@@ -487,10 +510,15 @@ krb5_copy_principal(krb5_context context,
krb5_principal *outprinc)
{
krb5_principal p = malloc(sizeof(*p));
if (p == NULL)
if (p == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
if(copy_Principal(inprinc, p))
}
if(copy_Principal(inprinc, p)) {
free(p);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
*outprinc = p;
return 0;
}
@@ -667,6 +695,7 @@ krb5_425_conv_principal_ext(krb5_context context,
}
krb5_free_principal(context, pr);
*princ = NULL;
krb5_clear_error_string (context);
return HEIM_ERR_V4_PRINC_NO_CONV;
}
if(resolve){
@@ -688,6 +717,7 @@ krb5_425_conv_principal_ext(krb5_context context,
#ifdef USE_RESOLVER
dns_free_data(r);
#endif
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
ret = krb5_make_principal(context, &pr, realm, name, low_inst,
@@ -731,6 +761,7 @@ krb5_425_conv_principal_ext(krb5_context context,
"default_domain", NULL);
if(p == NULL){
/* this should be an error, just faking a name is not good */
krb5_clear_error_string (context);
return HEIM_ERR_V4_PRINC_NO_CONV;
}
@@ -743,6 +774,7 @@ krb5_425_conv_principal_ext(krb5_context context,
return 0;
}
krb5_free_principal(context, pr);
krb5_clear_error_string (context);
return HEIM_ERR_V4_PRINC_NO_CONV;
no_host:
p = krb5_config_get_string(context, NULL,
@@ -768,6 +800,7 @@ no_host:
return 0;
}
krb5_free_principal(context, pr);
krb5_clear_error_string (context);
return HEIM_ERR_V4_PRINC_NO_CONV;
}
@@ -888,6 +921,9 @@ krb5_524_conv_principal(krb5_context context,
i = principal->name.name_string.val[1];
break;
default:
krb5_set_error_string (context,
"cannot convert a %d component principal",
principal->name.name_string.len);
return KRB5_PARSE_MALFORMED;
}
@@ -910,12 +946,21 @@ krb5_524_conv_principal(krb5_context context,
i = tmpinst;
}
if (strlcpy (name, n, aname_sz) >= aname_sz)
if (strlcpy (name, n, aname_sz) >= aname_sz) {
krb5_set_error_string (context,
"too long name component to convert");
return KRB5_PARSE_MALFORMED;
if (strlcpy (instance, i, aname_sz) >= aname_sz)
}
if (strlcpy (instance, i, aname_sz) >= aname_sz) {
krb5_set_error_string (context,
"too long instance component to convert");
return KRB5_PARSE_MALFORMED;
if (strlcpy (realm, r, aname_sz) >= aname_sz)
}
if (strlcpy (realm, r, aname_sz) >= aname_sz) {
krb5_set_error_string (context,
"too long realm component to convert");
return KRB5_PARSE_MALFORMED;
}
return 0;
}
@@ -934,8 +979,11 @@ krb5_sname_to_principal (krb5_context context,
char localhost[MAXHOSTNAMELEN];
char **realms, *host = NULL;
if(type != KRB5_NT_SRV_HST && type != KRB5_NT_UNKNOWN)
if(type != KRB5_NT_SRV_HST && type != KRB5_NT_UNKNOWN) {
krb5_set_error_string (context, "unsupported name type %d",
type);
return KRB5_SNAME_UNSUPP_NAMETYPE;
}
if(hostname == NULL) {
gethostname(localhost, sizeof(localhost));
hostname = localhost;

8
lib/krb5/rd_cred.c
View File

@@ -59,11 +59,13 @@ krb5_rd_cred(krb5_context context,
if (cred.pvno != 5) {
ret = KRB5KRB_AP_ERR_BADVERSION;
krb5_clear_error_string (context);
goto out;
}
if (cred.msg_type != krb_cred) {
ret = KRB5KRB_AP_ERR_MSG_TYPE;
krb5_clear_error_string (context);
goto out;
}
@@ -110,7 +112,7 @@ krb5_rd_cred(krb5_context context,
krb5_address *a;
int cmp;
ret = krb5_make_addrport (&a,
ret = krb5_make_addrport (context, &a,
auth_context->remote_address,
auth_context->remote_port);
if (ret)
@@ -125,6 +127,7 @@ krb5_rd_cred(krb5_context context,
free (a);
if (cmp == 0) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BADADDR;
goto out;
}
@@ -137,6 +140,7 @@ krb5_rd_cred(krb5_context context,
&& !krb5_address_compare (context,
auth_context->local_address,
enc_krb_cred_part.r_address)) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BADADDR;
goto out;
}
@@ -151,6 +155,7 @@ krb5_rd_cred(krb5_context context,
enc_krb_cred_part.usec == NULL ||
abs(*enc_krb_cred_part.timestamp - sec)
> context->max_skew) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_SKEW;
goto out;
}
@@ -185,6 +190,7 @@ krb5_rd_cred(krb5_context context,
creds = calloc(1, sizeof(*creds));
if(creds == NULL) {
ret = ENOMEM;
krb5_set_error_string (context, "malloc: out of memory");
goto out;
}

58
lib/krb5/rd_error.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -43,11 +43,12 @@ krb5_rd_error(krb5_context context,
size_t len;
krb5_error_code ret;
ret = decode_KRB_ERROR(msg->data, msg->length, result, &len);
if(ret)
return ret;
result->error_code += KRB5KDC_ERR_NONE;
return 0;
return 0;
}
void
@@ -64,3 +65,56 @@ krb5_free_error (krb5_context context,
krb5_free_error_contents (context, error);
free (error);
}
krb5_error_code
krb5_error_from_rd_error(krb5_context context,
const krb5_error *error,
const krb5_creds *creds)
{
krb5_error_code ret;
ret = error->error_code;
if (error->e_text != NULL) {
krb5_set_error_string(context, "%s", *error->e_text);
} else {
char clientname[256], servername[256];
if (creds != NULL) {
krb5_unparse_name_fixed(context, creds->client,
clientname, sizeof(clientname));
krb5_unparse_name_fixed(context, creds->server,
servername, sizeof(servername));
}
switch (ret) {
case KRB5KDC_ERR_NAME_EXP :
krb5_set_error_string(context, "Client %s%s%s expired",
creds ? "(" : "",
creds ? clientname : "",
creds ? "(" : "");
break;
case KRB5KDC_ERR_SERVICE_EXP :
krb5_set_error_string(context, "Server %s%s%s expired",
creds ? "(" : "",
creds ? servername : "",
creds ? "(" : "");
break;
case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN :
krb5_set_error_string(context, "Client %s%s%s unknown",
creds ? "(" : "",
creds ? clientname : "",
creds ? "(" : "");
break;
case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN :
krb5_set_error_string(context, "Server %s%s%s unknown",
creds ? "(" : "",
creds ? servername : "",
creds ? "(" : "");
break;
default :
krb5_clear_error_string(context);
break;
}
}
return ret;
}

6
lib/krb5/rd_priv.c
View File

@@ -55,10 +55,12 @@ krb5_rd_priv(krb5_context context,
if (ret)
goto failure;
if (priv.pvno != 5) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BADVERSION;
goto failure;
}
if (priv.msg_type != krb_priv) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_MSG_TYPE;
goto failure;
}
@@ -96,6 +98,7 @@ krb5_rd_priv(krb5_context context,
&& !krb5_address_compare (context,
auth_context->remote_address,
part.s_address)) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BADADDR;
goto failure_part;
}
@@ -107,6 +110,7 @@ krb5_rd_priv(krb5_context context,
&& !krb5_address_compare (context,
auth_context->local_address,
part.r_address)) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BADADDR;
goto failure_part;
}
@@ -119,6 +123,7 @@ krb5_rd_priv(krb5_context context,
if (part.timestamp == NULL ||
part.usec == NULL ||
abs(*part.timestamp - sec) > context->max_skew) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_SKEW;
goto failure_part;
}
@@ -135,6 +140,7 @@ krb5_rd_priv(krb5_context context,
&& auth_context->remote_seqnumber != 0)
|| (part.seq_number != NULL
&& *part.seq_number != auth_context->remote_seqnumber)) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BADORDER;
goto failure_part;
}

6
lib/krb5/rd_rep.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 1998 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -55,10 +55,12 @@ krb5_rd_rep(krb5_context context,
return ret;
if (ap_rep.pvno != 5) {
ret = KRB5KRB_AP_ERR_BADVERSION;
krb5_clear_error_string (context);
goto out;
}
if (ap_rep.msg_type != krb_ap_rep) {
ret = KRB5KRB_AP_ERR_MSG_TYPE;
krb5_clear_error_string (context);
goto out;
}
@@ -77,6 +79,7 @@ krb5_rd_rep(krb5_context context,
*repl = malloc(sizeof(**repl));
if (*repl == NULL) {
ret = ENOMEM;
krb5_set_error_string (context, "malloc: out of memory");
goto out;
}
ret = krb5_decode_EncAPRepPart(context,
@@ -90,6 +93,7 @@ krb5_rd_rep(krb5_context context,
if ((*repl)->ctime != auth_context->authenticator->ctime ||
(*repl)->cusec != auth_context->authenticator->cusec) {
ret = KRB5KRB_AP_ERR_MUT_FAIL;
krb5_clear_error_string (context);
goto out;
}
if ((*repl)->seq_number)

9
lib/krb5/rd_req.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -113,14 +113,17 @@ krb5_decode_ap_req(krb5_context context,
return ret;
if (ap_req->pvno != 5){
free_AP_REQ(ap_req);
krb5_clear_error_string (context);
return KRB5KRB_AP_ERR_BADVERSION;
}
if (ap_req->msg_type != krb_ap_req){
free_AP_REQ(ap_req);
krb5_clear_error_string (context);
return KRB5KRB_AP_ERR_MSG_TYPE;
}
if (ap_req->ticket.tkt_vno != 5){
free_AP_REQ(ap_req);
krb5_clear_error_string (context);
return KRB5KRB_AP_ERR_BADVERSION;
}
return 0;
@@ -150,10 +153,12 @@ krb5_decrypt_ticket(krb5_context context,
|| (t.flags.invalid
&& !(flags & KRB5_VERIFY_AP_REQ_IGNORE_INVALID))) {
free_EncTicketPart(&t);
krb5_clear_error_string (context);
return KRB5KRB_AP_ERR_TKT_NYV;
}
if(now - t.endtime > context->max_skew) {
free_EncTicketPart(&t);
krb5_clear_error_string (context);
return KRB5KRB_AP_ERR_TKT_EXPIRED;
}
}
@@ -320,6 +325,7 @@ krb5_verify_ap_req2(krb5_context context,
krb5_free_principal (context, p2);
if (!res) {
ret = KRB5KRB_AP_ERR_BADMATCH;
krb5_clear_error_string (context);
goto out2;
}
}
@@ -332,6 +338,7 @@ krb5_verify_ap_req2(krb5_context context,
ac->remote_address,
t.ticket.caddr)) {
ret = KRB5KRB_AP_ERR_BADADDR;
krb5_clear_error_string (context);
goto out2;
}

9
lib/krb5/rd_safe.c
View File

@@ -58,6 +58,7 @@ verify_checksum(krb5_context context,
if (buf == NULL) {
ret = ENOMEM;
krb5_set_error_string (context, "malloc: out of memory");
goto out;
}
@@ -97,15 +98,18 @@ krb5_rd_safe(krb5_context context,
return ret;
if (safe.pvno != 5) {
ret = KRB5KRB_AP_ERR_BADVERSION;
krb5_clear_error_string (context);
goto failure;
}
if (safe.msg_type != krb_safe) {
ret = KRB5KRB_AP_ERR_MSG_TYPE;
krb5_clear_error_string (context);
goto failure;
}
if (!krb5_checksum_is_keyed(context, safe.cksum.cksumtype)
|| !krb5_checksum_is_collision_proof(context, safe.cksum.cksumtype)) {
ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
krb5_clear_error_string (context);
goto failure;
}
@@ -117,6 +121,7 @@ krb5_rd_safe(krb5_context context,
auth_context->remote_address,
safe.safe_body.s_address)) {
ret = KRB5KRB_AP_ERR_BADADDR;
krb5_clear_error_string (context);
goto failure;
}
@@ -128,6 +133,7 @@ krb5_rd_safe(krb5_context context,
auth_context->local_address,
safe.safe_body.r_address)) {
ret = KRB5KRB_AP_ERR_BADADDR;
krb5_clear_error_string (context);
goto failure;
}
@@ -141,6 +147,7 @@ krb5_rd_safe(krb5_context context,
safe.safe_body.usec == NULL ||
abs(*safe.safe_body.timestamp - sec) > context->max_skew) {
ret = KRB5KRB_AP_ERR_SKEW;
krb5_clear_error_string (context);
goto failure;
}
}
@@ -157,6 +164,7 @@ krb5_rd_safe(krb5_context context,
&& *safe.safe_body.seq_number !=
auth_context->remote_seqnumber)) {
ret = KRB5KRB_AP_ERR_BADORDER;
krb5_clear_error_string (context);
goto failure;
}
auth_context->remote_seqnumber++;
@@ -170,6 +178,7 @@ krb5_rd_safe(krb5_context context,
outbuf->data = malloc(outbuf->length);
if (outbuf->data == NULL) {
ret = ENOMEM;
krb5_set_error_string (context, "malloc: out of memory");
goto failure;
}
memcpy (outbuf->data, safe.safe_body.user_data.data, outbuf->length);

17
lib/krb5/read_message.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 1998 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -45,8 +45,11 @@ krb5_read_message (krb5_context context,
u_int8_t buf[4];
ret = krb5_net_read (context, p_fd, buf, 4);
if(ret == -1)
return errno;
if(ret == -1) {
ret = errno;
krb5_clear_error_string (context);
return ret;
}
if(ret < 4) {
data->length = 0;
return HEIM_ERR_EOF;
@@ -56,8 +59,10 @@ krb5_read_message (krb5_context context,
if (ret)
return ret;
if (krb5_net_read (context, p_fd, data->data, len) != len) {
ret = errno;
krb5_data_free (data);
return errno;
krb5_clear_error_string (context);
return ret;
}
return 0;
}
@@ -76,8 +81,6 @@ krb5_read_priv_message(krb5_context context,
return ret;
ret = krb5_rd_priv (context, ac, &packet, data, NULL);
krb5_data_free(&packet);
if(ret)
return ret;
return ret;
}
@@ -95,7 +98,5 @@ krb5_read_safe_message(krb5_context context,
return ret;
ret = krb5_rd_safe (context, ac, &packet, data, NULL);
krb5_data_free(&packet);
if(ret)
return ret;
return ret;
}

40
lib/krb5/recvauth.c
View File

@@ -101,44 +101,61 @@ krb5_recvauth_match_version(krb5_context context,
if(!(flags & KRB5_RECVAUTH_IGNORE_VERSION)) {
n = krb5_net_read (context, p_fd, &len, 4);
if (n < 0)
return errno;
if (n == 0)
if (n < 0) {
ret = errno;
krb5_set_error_string (context, "read: %s", strerror(errno));
return ret;
}
if (n == 0) {
krb5_clear_error_string (context);
return KRB5_SENDAUTH_BADAUTHVERS;
}
len = ntohl(len);
if (len != sizeof(her_version)
|| krb5_net_read (context, p_fd, her_version, len) != len
|| strncmp (version, her_version, len)) {
repl = 1;
krb5_net_write (context, p_fd, &repl, 1);
krb5_clear_error_string (context);
return KRB5_SENDAUTH_BADAUTHVERS;
}
}
n = krb5_net_read (context, p_fd, &len, 4);
if (n < 0)
return errno;
if (n == 0)
if (n < 0) {
ret = errno;
krb5_set_error_string (context, "read: %s", strerror(errno));
return ret;
}
if (n == 0) {
krb5_clear_error_string (context);
return KRB5_SENDAUTH_BADAPPLVERS;
}
len = ntohl(len);
her_appl_version = malloc (len);
if (her_appl_version == NULL) {
repl = 2;
krb5_net_write (context, p_fd, &repl, 1);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
if (krb5_net_read (context, p_fd, her_appl_version, len) != len
|| !(*match_appl_version)(match_data, her_appl_version)) {
repl = 2;
krb5_net_write (context, p_fd, &repl, 1);
krb5_set_error_string (context, "wrong sendauth version (%s)",
her_appl_version);
free (her_appl_version);
return KRB5_SENDAUTH_BADAPPLVERS;
}
free (her_appl_version);
repl = 0;
if (krb5_net_write (context, p_fd, &repl, 1) != 1)
return errno;
if (krb5_net_write (context, p_fd, &repl, 1) != 1) {
ret = errno;
krb5_set_error_string (context, "write: %s", strerror(errno));
return ret;
}
krb5_data_zero (&data);
ret = krb5_read_message (context, p_fd, &data);
@@ -174,8 +191,11 @@ krb5_recvauth_match_version(krb5_context context,
}
len = 0;
if (krb5_net_write (context, p_fd, &len, 4) != 4)
return errno;
if (krb5_net_write (context, p_fd, &len, 4) != 4) {
ret = errno;
krb5_set_error_string (context, "write: %s", strerror(errno));
return ret;
}
if (ap_options & AP_OPTS_MUTUAL_REQUIRED) {
ret = krb5_mk_rep (context, *auth_context, &data);

68
lib/krb5/replay.c
View File

@@ -46,8 +46,10 @@ krb5_rc_resolve(krb5_context context,
const char *name)
{
id->name = strdup(name);
if(id->name == NULL)
if(id->name == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return KRB5_RC_MALLOC;
}
return 0;
}
@@ -56,11 +58,16 @@ krb5_rc_resolve_type(krb5_context context,
krb5_rcache *id,
const char *type)
{
if(strcmp(type, "FILE"))
if(strcmp(type, "FILE")) {
krb5_set_error_string (context, "replay cache type %s not supported",
type);
return KRB5_RC_TYPE_NOTFOUND;
}
*id = calloc(1, sizeof(**id));
if(*id == NULL)
if(*id == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return KRB5_RC_MALLOC;
}
return 0;
}
@@ -70,8 +77,11 @@ krb5_rc_resolve_full(krb5_context context,
const char *string_name)
{
krb5_error_code ret;
if(strncmp(string_name, "FILE:", 5))
if(strncmp(string_name, "FILE:", 5)) {
krb5_set_error_string (context, "replay cache type %s not supported",
string_name);
return KRB5_RC_TYPE_NOTFOUND;
}
ret = krb5_rc_resolve_type(context, id, "FILE");
if(ret)
return ret;
@@ -110,8 +120,14 @@ krb5_rc_initialize(krb5_context context,
{
FILE *f = fopen(id->name, "w");
struct rc_entry tmp;
if(f == NULL)
return errno;
int ret;
if(f == NULL) {
ret = errno;
krb5_set_error_string (context, "open(%s): %s", id->name,
strerror(ret));
return ret;
}
tmp.stamp = auth_lifespan;
fwrite(&tmp, 1, sizeof(tmp), f);
fclose(f);
@@ -129,8 +145,14 @@ krb5_error_code
krb5_rc_destroy(krb5_context context,
krb5_rcache id)
{
if(remove(id->name) < 0)
return errno;
int ret;
if(remove(id->name) < 0) {
ret = errno;
krb5_set_error_string (context, "remove(%s): %s", id->name,
strerror(ret));
return ret;
}
return krb5_rc_close(context, id);
}
@@ -167,11 +189,17 @@ krb5_rc_store(krb5_context context,
struct rc_entry ent, tmp;
time_t t;
FILE *f;
int ret;
ent.stamp = time(NULL);
checksum_authenticator(rep, ent.data);
f = fopen(id->name, "r");
if(f == NULL)
return errno;
if(f == NULL) {
ret = errno;
krb5_set_error_string (context, "open(%s): %s", id->name,
strerror(ret));
return ret;
}
fread(&tmp, sizeof(ent), 1, f);
t = ent.stamp - tmp.stamp;
while(fread(&tmp, sizeof(ent), 1, f)){
@@ -179,17 +207,23 @@ krb5_rc_store(krb5_context context,
continue;
if(memcmp(tmp.data, ent.data, sizeof(ent.data)) == 0){
fclose(f);
krb5_clear_error_string (context);
return KRB5_RC_REPLAY;
}
}
if(ferror(f)){
ret = errno;
fclose(f);
return errno;
krb5_set_error_string (context, "%s: %s", id->name, strerror(ret));
return ret;
}
fclose(f);
f = fopen(id->name, "a");
if(f == NULL)
if(f == NULL) {
krb5_set_error_string (context, "open(%s): %s", id->name,
strerror(errno));
return KRB5_RC_IO_UNKNOWN;
}
fwrite(&ent, 1, sizeof(ent), f);
fclose(f);
return 0;
@@ -216,6 +250,7 @@ krb5_rc_get_lifespan(krb5_context context,
*auth_lifespan = ent.stamp;
return 0;
}
krb5_clear_error_string (context);
return KRB5_RC_IO_UNKNOWN;
}
@@ -243,8 +278,11 @@ krb5_get_server_rcache(krb5_context context,
char *tmp = malloc(4 * piece->length + 1);
char *name;
if(tmp == NULL)
if(tmp == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
strvisx(tmp, piece->data, piece->length, VIS_WHITE | VIS_OCTAL);
#ifdef HAVE_GETEUID
asprintf(&name, "FILE:rc_%s_%u", tmp, geteuid());
@@ -252,8 +290,10 @@ krb5_get_server_rcache(krb5_context context,
asprintf(&name, "FILE:rc_%s", tmp);
#endif
free(tmp);
if(name == NULL)
if(name == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
ret = krb5_rc_resolve_full(context, &rcache, name);
free(name);

1
lib/krb5/send_to_kdc.c
View File

@@ -386,6 +386,7 @@ krb5_sendto (krb5_context context,
freeaddrinfo(ai);
}
}
krb5_clear_error_string (context);
ret = KRB5_KDC_UNREACH;
out:
return ret;

41
lib/krb5/sendauth.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -90,23 +90,35 @@ krb5_sendauth(krb5_context context,
len = strlen(version) + 1;
net_len = htonl(len);
if (krb5_net_write (context, p_fd, &net_len, 4) != 4
|| krb5_net_write (context, p_fd, version, len) != len)
return errno;
|| krb5_net_write (context, p_fd, version, len) != len) {
ret = errno;
krb5_set_error_string (context, "write: %s", strerror(ret));
return ret;
}
len = strlen(appl_version) + 1;
net_len = htonl(len);
if (krb5_net_write (context, p_fd, &net_len, 4) != 4
|| krb5_net_write (context, p_fd, appl_version, len) != len)
return errno;
|| krb5_net_write (context, p_fd, appl_version, len) != len) {
ret = errno;
krb5_set_error_string (context, "write: %s", strerror(ret));
return ret;
}
sret = krb5_net_read (context, p_fd, &repl, sizeof(repl));
if (sret < 0)
return errno;
else if (sret != sizeof(repl))
if (sret < 0) {
ret = errno;
krb5_set_error_string (context, "read: %s", strerror(ret));
return ret;
} else if (sret != sizeof(repl)) {
krb5_clear_error_string (context);
return KRB5_SENDAUTH_BADRESPONSE;
}
if (repl != 0)
if (repl != 0) {
krb5_clear_error_string (context);
return KRB5_SENDAUTH_REJECTED;
}
if (in_creds == NULL) {
if (ccache == NULL) {
@@ -170,19 +182,22 @@ krb5_sendauth(krb5_context context,
ret = krb5_rd_error (context, &error_data, &error);
krb5_data_free (&error_data);
if (ret == 0) {
ret = krb5_error_from_rd_error(context, &error, NULL);
if (ret_error != NULL) {
*ret_error = malloc (sizeof(krb5_error));
if (*ret_error == NULL) {
free_KRB_ERROR(&error);
krb5_free_error_contents (context, &error);
} else {
**ret_error = error;
}
} else {
free_KRB_ERROR(&error);
krb5_free_error_contents (context, &error);
}
return error.error_code;
} else
return ret;
} else {
krb5_clear_error_string(context);
return ret;
}
}
if (ap_req_options & AP_OPTS_MUTUAL_REQUIRED) {

11
lib/krb5/set_default_realm.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -41,15 +41,18 @@ RCSID("$Id$");
*/
static krb5_error_code
string_to_list (const char *s, krb5_realm **list)
string_to_list (krb5_context context, const char *s, krb5_realm **list)
{
*list = malloc (2 * sizeof(**list));
if (*list == NULL)
if (*list == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
(*list)[0] = strdup (s);
if ((*list)[0] == NULL) {
free (*list);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
(*list)[1] = NULL;
@@ -77,7 +80,7 @@ krb5_set_default_realm(krb5_context context,
if (realms == NULL)
ret = krb5_get_host_realm(context, NULL, &realms);
} else {
ret = string_to_list (realm, &realms);
ret = string_to_list (context, realm, &realms);
}
if (ret)
return ret;

14
lib/krb5/sock_principal.c
View File

@@ -51,11 +51,14 @@ krb5_sock_to_principal (krb5_context context,
int family;
char *hname = NULL;
if (getsockname (sock, sa, &len) < 0)
return errno;
if (getsockname (sock, sa, &len) < 0) {
ret = errno;
krb5_set_error_string (context, "getsockname: %s", strerror(ret));
return ret;
}
family = sa->sa_family;
ret = krb5_sockaddr2address (sa, &address);
ret = krb5_sockaddr2address (context, sa, &address);
if (ret)
return ret;
@@ -63,8 +66,11 @@ krb5_sock_to_principal (krb5_context context,
address.address.length,
family);
if (hostent == NULL)
if (hostent == NULL) {
krb5_set_error_string (context, "gethostbyaddr: %s",
hstrerror(h_errno));
return krb5_h_errno_to_heim_errno(h_errno);
}
hname = hostent->h_name;
if (strchr(hname, '.') == NULL) {
char **a;

6
lib/krb5/ticket.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -52,8 +52,10 @@ krb5_copy_ticket(krb5_context context,
{
krb5_error_code ret;
krb5_ticket *tmp = malloc(sizeof(*tmp));
if(tmp == NULL)
if(tmp == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
if((ret = copy_EncTicketPart(&from->ticket, &tmp->ticket))){
free(tmp);
return ret;

42
lib/krb5/transited.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -61,7 +61,8 @@ free_realms(struct tr_realm *r)
}
static int
make_path(struct tr_realm *r, const char *from, const char *to)
make_path(krb5_context context, struct tr_realm *r,
const char *from, const char *to)
{
const char *p;
struct tr_realm *path = r->next;
@@ -78,8 +79,10 @@ make_path(struct tr_realm *r, const char *from, const char *to)
p = from;
while(1){
p = strchr(p, '.');
if(p == NULL)
if(p == NULL) {
krb5_clear_error_string (context);
return KRB5KDC_ERR_POLICY;
}
p++;
if(strcmp(p, to) == 0)
break;
@@ -89,6 +92,7 @@ make_path(struct tr_realm *r, const char *from, const char *to)
path->realm = strdup(p);
if(path->realm == NULL){
r->next = path; /* XXX */
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;;
}
}
@@ -106,21 +110,25 @@ make_path(struct tr_realm *r, const char *from, const char *to)
path->realm = malloc(p - from + 1);
if(path->realm == NULL){
r->next = path; /* XXX */
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
memcpy(path->realm, from, p - from);
path->realm[p - from] = '\0';
p--;
}
}else
} else {
krb5_clear_error_string (context);
return KRB5KDC_ERR_POLICY;
}
r->next = path;
return 0;
}
static int
make_paths(struct tr_realm *realms, const char *client_realm,
make_paths(krb5_context context,
struct tr_realm *realms, const char *client_realm,
const char *server_realm)
{
struct tr_realm *r;
@@ -138,7 +146,7 @@ make_paths(struct tr_realm *realms, const char *client_realm,
next_realm = r->next->realm;
else
next_realm = server_realm;
ret = make_path(r, prev_realm, next_realm);
ret = make_path(context, r, prev_realm, next_realm);
if(ret){
free_realms(realms);
return ret;
@@ -150,7 +158,8 @@ make_paths(struct tr_realm *realms, const char *client_realm,
}
static int
expand_realms(struct tr_realm *realms, const char *client_realm)
expand_realms(krb5_context context,
struct tr_realm *realms, const char *client_realm)
{
struct tr_realm *r;
const char *prev_realm = NULL;
@@ -162,6 +171,7 @@ expand_realms(struct tr_realm *realms, const char *client_realm)
tmp = realloc(r->realm, strlen(r->realm) + strlen(prev_realm) + 1);
if(tmp == NULL){
free_realms(realms);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
r->realm = tmp;
@@ -173,6 +183,7 @@ expand_realms(struct tr_realm *realms, const char *client_realm)
tmp = malloc(strlen(r->realm) + strlen(prev_realm) + 1);
if(tmp == NULL){
free_realms(realms);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
strcpy(tmp, prev_realm);
@@ -236,7 +247,8 @@ append_realm(struct tr_realm *head, struct tr_realm *r)
}
static int
decode_realms(const char *tr, int length, struct tr_realm **realms)
decode_realms(krb5_context context,
const char *tr, int length, struct tr_realm **realms)
{
struct tr_realm *r = NULL;
@@ -261,6 +273,7 @@ decode_realms(const char *tr, int length, struct tr_realm **realms)
r = make_realm(tmp);
if(r == NULL){
free_realms(*realms);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
*realms = append_realm(*realms, r);
@@ -273,6 +286,7 @@ decode_realms(const char *tr, int length, struct tr_realm **realms)
r = make_realm(tmp);
if(r == NULL){
free_realms(*realms);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
*realms = append_realm(*realms, r);
@@ -282,7 +296,8 @@ decode_realms(const char *tr, int length, struct tr_realm **realms)
krb5_error_code
krb5_domain_x500_decode(krb5_data tr, char ***realms, int *num_realms,
krb5_domain_x500_decode(krb5_context context,
krb5_data tr, char ***realms, int *num_realms,
const char *client_realm, const char *server_realm)
{
struct tr_realm *r = NULL;
@@ -290,16 +305,16 @@ krb5_domain_x500_decode(krb5_data tr, char ***realms, int *num_realms,
int ret;
/* split string in components */
ret = decode_realms(tr.data, tr.length, &r);
ret = decode_realms(context, tr.data, tr.length, &r);
if(ret)
return ret;
/* apply prefix rule */
ret = expand_realms(r, client_realm);
ret = expand_realms(context, r, client_realm);
if(ret)
return ret;
ret = make_paths(r, client_realm, server_realm);
ret = make_paths(context, r, client_realm, server_realm);
if(ret)
return ret;
@@ -324,6 +339,7 @@ krb5_domain_x500_decode(krb5_data tr, char ***realms, int *num_realms,
R = realloc(*realms, (*num_realms + 1) * sizeof(**realms));
if(R == NULL) {
free(*realms);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
R[*num_realms] = r->realm;
@@ -382,6 +398,8 @@ krb5_check_transited_realms(krb5_context context,
char **p;
for(p = bad_realms; *p; p++)
if(strcmp(*p, realms[i]) == 0) {
krb5_set_error_string (context, "no transit through realm %s",
*p);
ret = KRB5KRB_AP_ERR_ILL_CR_TKT;
if(bad_realm)
*bad_realm = i;

8
lib/krb5/verify_init.c
View File

@@ -92,8 +92,12 @@ krb5_verify_init_creds(krb5_context context,
if (ap_req_server == NULL) {
char local_hostname[MAXHOSTNAMELEN];
if (gethostname (local_hostname, sizeof(local_hostname)) < 0)
return errno;
if (gethostname (local_hostname, sizeof(local_hostname)) < 0) {
ret = errno;
krb5_set_error_string (context, "getsockname: %s",
strerror(ret));
return ret;
}
ret = krb5_sname_to_principal (context,
local_hostname,

14
lib/krb5/verify_krb5_conf.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1999 Kungliga Tekniska H<>gskolan
* Copyright (c) 1999 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -60,15 +60,18 @@ usage (int ret)
int
main(int argc, char **argv)
{
krb5_context context;
const char *config_file = NULL;
krb5_error_code ret;
krb5_config_section *tmp_cf;
unsigned lineno;
char *error_message;
int optind = 0;
setprogname (argv[0]);
ret = krb5_init_context(&context);
if (ret)
errx (1, "krb5_init_context failed");
if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
usage(1);
@@ -93,10 +96,9 @@ main(int argc, char **argv)
usage (1);
}
ret = krb5_config_parse_file_debug (config_file, &tmp_cf, &lineno,
&error_message);
ret = krb5_config_parse_file (context, config_file, &tmp_cf);
if (ret == 0)
return 0;
fprintf (stderr, "%s:%u: %s\n", config_file, lineno, error_message);
krb5_warn (context, ret, "krb5_config_parse_file");
return 1;
}

7
lib/krb5/verify_user.c
View File

@@ -50,7 +50,8 @@ verify_common (krb5_context context,
ret = krb5_sname_to_principal (context, NULL, service, KRB5_NT_SRV_HST,
&server);
if(ret) return ret;
if(ret)
return ret;
krb5_verify_init_creds_opt_init(&vopt);
krb5_verify_init_creds_opt_set_ap_req_nofail(&vopt, secure);
@@ -62,7 +63,8 @@ verify_common (krb5_context context,
NULL,
&vopt);
krb5_free_principal(context, server);
if(ret) return ret;
if(ret)
return ret;
if(ccache == NULL)
ret = krb5_cc_default (context, &id);
else
@@ -150,6 +152,7 @@ krb5_verify_user_lrealm(krb5_context context,
if (tmp == NULL) {
krb5_free_host_realm (context, realms);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
free (*krb5_princ_realm (context, principal));

11
lib/krb5/write_message.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -42,12 +42,16 @@ krb5_write_message (krb5_context context,
{
u_int32_t len;
u_int8_t buf[4];
int ret;
len = data->length;
_krb5_put_int(buf, len, 4);
if (krb5_net_write (context, p_fd, buf, 4) != 4
|| krb5_net_write (context, p_fd, data->data, len) != len)
return errno;
|| krb5_net_write (context, p_fd, data->data, len) != len) {
ret = errno;
krb5_set_error_string (context, "write: %s", strerror(ret));
return ret;
}
return 0;
}
@@ -59,6 +63,7 @@ krb5_write_priv_message(krb5_context context,
{
krb5_error_code ret;
krb5_data packet;
ret = krb5_mk_priv (context, ac, data, &packet, NULL);
if(ret)
return ret;