oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

add some krb5_{set,clear}_error_string

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9937 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
2001-05-14 06:14:52 +00:00
parent ffc0237390
commit d27aa3b62e
65 changed files with 1287 additions and 481 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
lib/krb5/acl.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2000 Kungliga Tekniska H<>gskolan * Copyright (c) 2000 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -68,6 +68,7 @@ acl_parse_format(krb5_context context,
for(p = format; *p != '\0'; p++) { for(p = format; *p != '\0'; p++) {
tmp = malloc(sizeof(*tmp)); tmp = malloc(sizeof(*tmp));
if(tmp == NULL) { if(tmp == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
acl_free_list(acl); acl_free_list(acl);
return ENOMEM; return ENOMEM;
} }
@@ -133,6 +134,7 @@ krb5_acl_match_string(krb5_context context,
...) ...)
{ {
krb5_error_code ret; krb5_error_code ret;
krb5_boolean found;
struct acl_field *acl; struct acl_field *acl;
va_list ap; va_list ap;
@@ -142,10 +144,14 @@ krb5_acl_match_string(krb5_context context,
if(ret) if(ret)
return ret; return ret;
ret = acl_match_acl(context, acl, acl_string); found = acl_match_acl(context, acl, acl_string);
acl_free_list(acl); acl_free_list(acl);
return ret ? 0 : EACCES; if (found) {
return 0;
} else {
krb5_set_error_string(context, "ACL did not match");
return EACCES;
}
} }
krb5_error_code krb5_error_code
@@ -159,10 +165,16 @@ krb5_acl_match_file(krb5_context context,
char buf[256]; char buf[256];
va_list ap; va_list ap;
FILE *f; FILE *f;
krb5_boolean found;
f = fopen(file, "r"); f = fopen(file, "r");
if(f == NULL) if(f == NULL) {
return errno; int save_errno = errno;
krb5_set_error_string(context, "open(%s): %s", file,
strerror(save_errno));
return save_errno;
}
va_start(ap, format); va_start(ap, format);
ret = acl_parse_format(context, &acl, format, ap); ret = acl_parse_format(context, &acl, format, ap);
@@ -172,18 +184,22 @@ krb5_acl_match_file(krb5_context context,
return ret; return ret;
} }
ret = EACCES; /* XXX */ found = FALSE;
while(fgets(buf, sizeof(buf), f)) { while(fgets(buf, sizeof(buf), f)) {
if(buf[0] == '#') if(buf[0] == '#')
continue; continue;
if(acl_match_acl(context, acl, buf)) { if(acl_match_acl(context, acl, buf)) {
ret = 0; found = TRUE;
goto out; break;
} }
} }
out:
fclose(f); fclose(f);
acl_free_list(acl); acl_free_list(acl);
return ret; if (found) {
return 0;
} else {
krb5_set_error_string(context, "ACL did not match");
return EACCES;
}
} }

53
lib/krb5/addr_families.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997-1999 Kungliga Tekniska H<>gskolan * Copyright (c) 1997-2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -386,33 +386,45 @@ find_atype(int atype)
} }
krb5_error_code krb5_error_code
krb5_sockaddr2address (const struct sockaddr *sa, krb5_address *addr) krb5_sockaddr2address (krb5_context context,
const struct sockaddr *sa, krb5_address *addr)
{ {
struct addr_operations *a = find_af(sa->sa_family); struct addr_operations *a = find_af(sa->sa_family);
if (a == NULL) if (a == NULL) {
krb5_set_error_string (context, "Address family %d not supported",
sa->sa_family);
return KRB5_PROG_ATYPE_NOSUPP; return KRB5_PROG_ATYPE_NOSUPP;
}
return (*a->sockaddr2addr)(sa, addr); return (*a->sockaddr2addr)(sa, addr);
} }
krb5_error_code krb5_error_code
krb5_sockaddr2port (const struct sockaddr *sa, int16_t *port) krb5_sockaddr2port (krb5_context context,
const struct sockaddr *sa, int16_t *port)
{ {
struct addr_operations *a = find_af(sa->sa_family); struct addr_operations *a = find_af(sa->sa_family);
if (a == NULL) if (a == NULL) {
krb5_set_error_string (context, "Address family %d not supported",
sa->sa_family);
return KRB5_PROG_ATYPE_NOSUPP; return KRB5_PROG_ATYPE_NOSUPP;
}
return (*a->sockaddr2port)(sa, port); return (*a->sockaddr2port)(sa, port);
} }
krb5_error_code krb5_error_code
krb5_addr2sockaddr (const krb5_address *addr, krb5_addr2sockaddr (krb5_context context,
const krb5_address *addr,
struct sockaddr *sa, struct sockaddr *sa,
int *sa_size, int *sa_size,
int port) int port)
{ {
struct addr_operations *a = find_atype(addr->addr_type); struct addr_operations *a = find_atype(addr->addr_type);
if (a == NULL) if (a == NULL) {
krb5_set_error_string (context, "Address type %d not supported",
addr->addr_type);
return KRB5_PROG_ATYPE_NOSUPP; return KRB5_PROG_ATYPE_NOSUPP;
}
(*a->addr2sockaddr)(addr, sa, sa_size, port); (*a->addr2sockaddr)(addr, sa, sa_size, port);
return 0; return 0;
} }
@@ -439,37 +451,46 @@ krb5_sockaddr_uninteresting(const struct sockaddr *sa)
} }
krb5_error_code krb5_error_code
krb5_h_addr2sockaddr (int af, krb5_h_addr2sockaddr (krb5_context context,
int af,
const char *addr, struct sockaddr *sa, int *sa_size, const char *addr, struct sockaddr *sa, int *sa_size,
int port) int port)
{ {
struct addr_operations *a = find_af(af); struct addr_operations *a = find_af(af);
if (a == NULL) if (a == NULL) {
krb5_set_error_string (context, "Address family %d not supported", af);
return KRB5_PROG_ATYPE_NOSUPP; return KRB5_PROG_ATYPE_NOSUPP;
}
(*a->h_addr2sockaddr)(addr, sa, sa_size, port); (*a->h_addr2sockaddr)(addr, sa, sa_size, port);
return 0; return 0;
} }
krb5_error_code krb5_error_code
krb5_h_addr2addr (int af, krb5_h_addr2addr (krb5_context context,
int af,
const char *haddr, krb5_address *addr) const char *haddr, krb5_address *addr)
{ {
struct addr_operations *a = find_af(af); struct addr_operations *a = find_af(af);
if (a == NULL) if (a == NULL) {
krb5_set_error_string (context, "Address family %d not supported", af);
return KRB5_PROG_ATYPE_NOSUPP; return KRB5_PROG_ATYPE_NOSUPP;
}
return (*a->h_addr2addr)(haddr, addr); return (*a->h_addr2addr)(haddr, addr);
} }
krb5_error_code krb5_error_code
krb5_anyaddr (int af, krb5_anyaddr (krb5_context context,
int af,
struct sockaddr *sa, struct sockaddr *sa,
int *sa_size, int *sa_size,
int port) int port)
{ {
struct addr_operations *a = find_af (af); struct addr_operations *a = find_af (af);
if (a == NULL) if (a == NULL) {
krb5_set_error_string (context, "Address family %d not supported", af);
return KRB5_PROG_ATYPE_NOSUPP; return KRB5_PROG_ATYPE_NOSUPP;
}
(*a->anyaddr)(sa, sa_size, port); (*a->anyaddr)(sa, sa_size, port);
return 0; return 0;
@@ -522,8 +543,10 @@ krb5_parse_address(krb5_context context,
} }
error = getaddrinfo (string, NULL, NULL, &ai); error = getaddrinfo (string, NULL, NULL, &ai);
if (error) if (error) {
krb5_set_error_string (context, "%s: %s", string, gai_strerror(error));
return krb5_eai_to_heim_errno(error); return krb5_eai_to_heim_errno(error);
}
n = 0; n = 0;
for (a = ai; a != NULL; a = a->ai_next) for (a = ai; a != NULL; a = a->ai_next)
@@ -532,7 +555,7 @@ krb5_parse_address(krb5_context context,
ALLOC_SEQ(addresses, n); ALLOC_SEQ(addresses, n);
for (a = ai, i = 0; a != NULL; a = a->ai_next, ++i) { for (a = ai, i = 0; a != NULL; a = a->ai_next, ++i) {
krb5_sockaddr2address (ai->ai_addr, &addresses->val[i]); krb5_sockaddr2address (context, ai->ai_addr, &addresses->val[i]);
} }
freeaddrinfo (ai); freeaddrinfo (ai);
return 0; return 0;

14
lib/krb5/address.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 1999 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -128,8 +128,10 @@ krb5_append_addresses(krb5_context context,
int i; int i;
if(source->len > 0) { if(source->len > 0) {
tmp = realloc(dest->val, (dest->len + source->len) * sizeof(*tmp)); tmp = realloc(dest->val, (dest->len + source->len) * sizeof(*tmp));
if(tmp == NULL) if(tmp == NULL) {
krb5_set_error_string(context, "realloc: out of memory");
return ENOMEM; return ENOMEM;
}
dest->val = tmp; dest->val = tmp;
for(i = 0; i < source->len; i++) { for(i = 0; i < source->len; i++) {
/* skip duplicates */ /* skip duplicates */
@@ -151,18 +153,22 @@ krb5_append_addresses(krb5_context context,
*/ */
krb5_error_code krb5_error_code
krb5_make_addrport (krb5_address **res, const krb5_address *addr, int16_t port) krb5_make_addrport (krb5_context context,
krb5_address **res, const krb5_address *addr, int16_t port)
{ {
krb5_error_code ret; krb5_error_code ret;
size_t len = addr->address.length + 2 + 4 * 4; size_t len = addr->address.length + 2 + 4 * 4;
u_char *p; u_char *p;
*res = malloc (sizeof(**res)); *res = malloc (sizeof(**res));
if (*res == NULL) if (*res == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
(*res)->addr_type = KRB5_ADDRESS_ADDRPORT; (*res)->addr_type = KRB5_ADDRESS_ADDRPORT;
ret = krb5_data_alloc (&(*res)->address, len); ret = krb5_data_alloc (&(*res)->address, len);
if (ret) { if (ret) {
krb5_set_error_string(context, "malloc: out of memory");
free (*res); free (*res);
return ret; return ret;
} }

2
lib/krb5/appdefault.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2000, 2001 Kungliga Tekniska H<>gskolan * Copyright (c) 2000 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *

32
lib/krb5/auth_context.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -42,11 +42,14 @@ krb5_auth_con_init(krb5_context context,
krb5_auth_context p; krb5_auth_context p;
ALLOC(p, 1); ALLOC(p, 1);
if(!p) if(!p) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
memset(p, 0, sizeof(*p)); memset(p, 0, sizeof(*p));
ALLOC(p->authenticator, 1); ALLOC(p->authenticator, 1);
if (!p->authenticator) { if (!p->authenticator) {
krb5_set_error_string(context, "malloc: out of memory");
free(p); free(p);
return ENOMEM; return ENOMEM;
} }
@@ -146,11 +149,13 @@ krb5_auth_con_genaddrs(krb5_context context,
len = sizeof(ss_local); len = sizeof(ss_local);
if(getsockname(fd, local, &len) < 0) { if(getsockname(fd, local, &len) < 0) {
ret = errno; ret = errno;
krb5_set_error_string (context, "getsockname: %s",
strerror(ret));
goto out; goto out;
} }
krb5_sockaddr2address (local, &local_k_address); krb5_sockaddr2address (context, local, &local_k_address);
if(flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR) { if(flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR) {
krb5_sockaddr2port (local, &auth_context->local_port); krb5_sockaddr2port (context, local, &auth_context->local_port);
} else } else
auth_context->local_port = 0; auth_context->local_port = 0;
lptr = &local_k_address; lptr = &local_k_address;
@@ -160,11 +165,12 @@ krb5_auth_con_genaddrs(krb5_context context,
len = sizeof(ss_remote); len = sizeof(ss_remote);
if(getpeername(fd, remote, &len) < 0) { if(getpeername(fd, remote, &len) < 0) {
ret = errno; ret = errno;
krb5_set_error_string (context, "getpeername: %s", strerror(ret));
goto out; goto out;
} }
krb5_sockaddr2address (remote, &remote_k_address); krb5_sockaddr2address (context, remote, &remote_k_address);
if(flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR) { if(flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR) {
krb5_sockaddr2port (remote, &auth_context->remote_port); krb5_sockaddr2port (context, remote, &auth_context->remote_port);
} else } else
auth_context->remote_port = 0; auth_context->remote_port = 0;
rptr = &remote_k_address; rptr = &remote_k_address;
@@ -205,8 +211,10 @@ krb5_auth_con_getaddrs(krb5_context context,
if(*local_addr) if(*local_addr)
krb5_free_address (context, *local_addr); krb5_free_address (context, *local_addr);
*local_addr = malloc (sizeof(**local_addr)); *local_addr = malloc (sizeof(**local_addr));
if (*local_addr == NULL) if (*local_addr == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
krb5_copy_address(context, krb5_copy_address(context,
auth_context->local_address, auth_context->local_address,
*local_addr); *local_addr);
@@ -214,8 +222,12 @@ krb5_auth_con_getaddrs(krb5_context context,
if(*remote_addr) if(*remote_addr)
krb5_free_address (context, *remote_addr); krb5_free_address (context, *remote_addr);
*remote_addr = malloc (sizeof(**remote_addr)); *remote_addr = malloc (sizeof(**remote_addr));
if (*remote_addr == NULL) if (*remote_addr == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
krb5_free_address (context, *local_addr);
*local_addr = NULL;
return ENOMEM; return ENOMEM;
}
krb5_copy_address(context, krb5_copy_address(context,
auth_context->remote_address, auth_context->remote_address,
*remote_addr); *remote_addr);
@@ -390,8 +402,10 @@ krb5_auth_getauthenticator(krb5_context context,
krb5_authenticator *authenticator) krb5_authenticator *authenticator)
{ {
*authenticator = malloc(sizeof(**authenticator)); *authenticator = malloc(sizeof(**authenticator));
if (*authenticator == NULL) if (*authenticator == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
copy_Authenticator(auth_context->authenticator, copy_Authenticator(auth_context->authenticator,
*authenticator); *authenticator);

7
lib/krb5/build_ap_req.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 1999 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -68,9 +68,10 @@ krb5_build_ap_req (krb5_context context,
retdata->length = length_AP_REQ(&ap); retdata->length = length_AP_REQ(&ap);
retdata->data = malloc(retdata->length); retdata->data = malloc(retdata->length);
if(retdata->data == NULL) if(retdata->data == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
else } else
encode_AP_REQ((unsigned char *)retdata->data + retdata->length - 1, encode_AP_REQ((unsigned char *)retdata->data + retdata->length - 1,
retdata->length, &ap, &len); retdata->length, &ap, &len);
free_AP_REQ(&ap); free_AP_REQ(&ap);

8
lib/krb5/build_auth.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -53,8 +53,10 @@ krb5_build_authenticator (krb5_context context,
krb5_crypto crypto; krb5_crypto crypto;
auth = malloc(sizeof(*auth)); auth = malloc(sizeof(*auth));
if (auth == NULL) if (auth == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
memset (auth, 0, sizeof(*auth)); memset (auth, 0, sizeof(*auth));
auth->authenticator_vno = 5; auth->authenticator_vno = 5;
@@ -100,6 +102,7 @@ krb5_build_authenticator (krb5_context context,
buf_size = 1024; buf_size = 1024;
buf = malloc (buf_size); buf = malloc (buf_size);
if (buf == NULL) { if (buf == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
goto fail; goto fail;
} }
@@ -116,6 +119,7 @@ krb5_build_authenticator (krb5_context context,
buf_size *= 2; buf_size *= 2;
tmp = realloc (buf, buf_size); tmp = realloc (buf, buf_size);
if (tmp == NULL) { if (tmp == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
goto fail; goto fail;
} }

42
lib/krb5/cache.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997-2000 Kungliga Tekniska H<>gskolan * Copyright (c) 1997-2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -46,32 +46,42 @@ krb5_cc_register(krb5_context context,
const krb5_cc_ops *ops, const krb5_cc_ops *ops,
krb5_boolean override) krb5_boolean override)
{ {
char *prefix_copy;
int i; int i;
for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) { for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
if(strcmp(context->cc_ops[i].prefix, ops->prefix) == 0) { if(strcmp(context->cc_ops[i].prefix, ops->prefix) == 0) {
if(override) if(override)
free(context->cc_ops[i].prefix); free(context->cc_ops[i].prefix);
else else {
krb5_set_error_string(context,
"ccache type %s already exists",
ops->prefix);
return KRB5_CC_TYPE_EXISTS; return KRB5_CC_TYPE_EXISTS;
} }
} }
}
prefix_copy = strdup(ops->prefix);
if (prefix_copy == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return KRB5_CC_NOMEM;
}
if(i == context->num_cc_ops) { if(i == context->num_cc_ops) {
krb5_cc_ops *o = realloc(context->cc_ops, krb5_cc_ops *o = realloc(context->cc_ops,
(context->num_cc_ops + 1) * (context->num_cc_ops + 1) *
sizeof(*context->cc_ops)); sizeof(*context->cc_ops));
if(o == NULL) if(o == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
free(prefix_copy);
return KRB5_CC_NOMEM; return KRB5_CC_NOMEM;
}
context->num_cc_ops++; context->num_cc_ops++;
context->cc_ops = o; context->cc_ops = o;
memset(context->cc_ops + i, 0, memset(context->cc_ops + i, 0,
(context->num_cc_ops - i) * sizeof(*context->cc_ops)); (context->num_cc_ops - i) * sizeof(*context->cc_ops));
} }
memcpy(&context->cc_ops[i], ops, sizeof(context->cc_ops[i])); memcpy(&context->cc_ops[i], ops, sizeof(context->cc_ops[i]));
context->cc_ops[i].prefix = strdup(ops->prefix); context->cc_ops[i].prefix = prefix_copy;
if(context->cc_ops[i].prefix == NULL)
return KRB5_CC_NOMEM;
return 0; return 0;
} }
@@ -91,8 +101,10 @@ allocate_ccache (krb5_context context,
krb5_ccache p; krb5_ccache p;
p = malloc(sizeof(*p)); p = malloc(sizeof(*p));
if(p == NULL) if(p == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return KRB5_CC_NOMEM; return KRB5_CC_NOMEM;
}
p->ops = ops; p->ops = ops;
*id = p; *id = p;
ret = p->ops->resolve(context, id, residual); ret = p->ops->resolve(context, id, residual);
@@ -126,8 +138,10 @@ krb5_cc_resolve(krb5_context context,
} }
if (strchr (name, ':') == NULL) if (strchr (name, ':') == NULL)
return allocate_ccache (context, &krb5_fcc_ops, name, id); return allocate_ccache (context, &krb5_fcc_ops, name, id);
else else {
krb5_set_error_string(context, "unknown ccache type %s", name);
return KRB5_CC_UNKNOWN_TYPE; return KRB5_CC_UNKNOWN_TYPE;
}
} }
/* /*
@@ -143,8 +157,10 @@ krb5_cc_gen_new(krb5_context context,
krb5_ccache p; krb5_ccache p;
p = malloc (sizeof(*p)); p = malloc (sizeof(*p));
if (p == NULL) if (p == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return KRB5_CC_NOMEM; return KRB5_CC_NOMEM;
}
p->ops = ops; p->ops = ops;
*id = p; *id = p;
return p->ops->gen_new(context, id); return p->ops->gen_new(context, id);
@@ -356,8 +372,12 @@ krb5_cc_remove_cred(krb5_context context,
krb5_flags which, krb5_flags which,
krb5_creds *cred) krb5_creds *cred)
{ {
if(id->ops->remove_cred == NULL) if(id->ops->remove_cred == NULL) {
krb5_set_error_string(context,
"ccache %s does not support remove_cred",
id->ops->prefix);
return EACCES; /* XXX */ return EACCES; /* XXX */
}
return (*id->ops->remove_cred)(context, id, which, cred); return (*id->ops->remove_cred)(context, id, which, cred);
} }

71
lib/krb5/changepw.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -38,12 +38,14 @@ RCSID("$Id$");
static krb5_error_code static krb5_error_code
get_kdc_address (krb5_context context, get_kdc_address (krb5_context context,
krb5_realm realm, krb5_realm realm,
struct addrinfo **ai) struct addrinfo **ai,
char **ret_host)
{ {
krb5_error_code ret; krb5_error_code ret;
char **hostlist; char **hostlist;
int port = 0; int port = 0;
int error; int error;
char *host;
ret = krb5_get_krb_changepw_hst (context, ret = krb5_get_krb_changepw_hst (context,
&realm, &realm,
@@ -51,12 +53,22 @@ get_kdc_address (krb5_context context,
if (ret) if (ret)
return ret; return ret;
port = ntohs(krb5_getportbyname (context, "kpasswd", "udp", KPASSWD_PORT)); host = strdup(*hostlist);
error = roken_getaddrinfo_hostspec2(*hostlist, SOCK_DGRAM, port, ai); krb5_free_krbhst(context, hostlist);
if (host == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
krb5_free_krbhst (context, hostlist); port = ntohs(krb5_getportbyname (context, "kpasswd", "udp", KPASSWD_PORT));
if(error) error = roken_getaddrinfo_hostspec2(host, SOCK_DGRAM, port, ai);
if(error) {
krb5_set_error_string(context, "resolving %s: %s",
host, gai_strerror(error));
return krb5_eai_to_heim_errno(error); return krb5_eai_to_heim_errno(error);
}
*ret_host = host;
return 0; return 0;
} }
@@ -67,7 +79,8 @@ send_request (krb5_context context,
int sock, int sock,
struct sockaddr *sa, struct sockaddr *sa,
int sa_size, int sa_size,
char *passwd) char *passwd,
const char *host)
{ {
krb5_error_code ret; krb5_error_code ret;
krb5_data ap_req_data; krb5_data ap_req_data;
@@ -129,8 +142,10 @@ send_request (krb5_context context,
iov[2].iov_base = krb_priv_data.data; iov[2].iov_base = krb_priv_data.data;
iov[2].iov_len = krb_priv_data.length; iov[2].iov_len = krb_priv_data.length;
if (sendmsg (sock, &msghdr, 0) < 0) if (sendmsg (sock, &msghdr, 0) < 0) {
ret = errno; ret = errno;
krb5_set_error_string(context, "sendmsg %s: %s", host, strerror(ret));
}
krb5_data_free (&krb_priv_data); krb5_data_free (&krb_priv_data);
out2: out2:
@@ -161,17 +176,23 @@ process_reply (krb5_context context,
int sock, int sock,
int *result_code, int *result_code,
krb5_data *result_code_string, krb5_data *result_code_string,
krb5_data *result_string) krb5_data *result_string,
const char *host)
{ {
krb5_error_code ret; krb5_error_code ret;
u_char reply[BUFSIZ]; u_char reply[BUFSIZ];
size_t len; size_t len;
u_int16_t pkt_len, pkt_ver; u_int16_t pkt_len, pkt_ver;
krb5_data ap_rep_data; krb5_data ap_rep_data;
int save_errno;
ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL); ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL);
if (ret < 0) if (ret < 0) {
return errno; save_errno = errno;
krb5_set_error_string(context, "recvfrom %s: %s",
host, strerror(save_errno));
return save_errno;
}
len = ret; len = ret;
pkt_len = (reply[0] << 8) | (reply[1]); pkt_len = (reply[0] << 8) | (reply[1]);
@@ -243,7 +264,7 @@ process_reply (krb5_context context,
} }
if (error.e_data->length < 2) { if (error.e_data->length < 2) {
krb5_warnx (context, "too short e_data to print anything usable"); krb5_warnx (context, "too short e_data to print anything usable");
return 1; return 1; /* XXX */
} }
p = error.e_data->data; p = error.e_data->data;
@@ -255,6 +276,12 @@ process_reply (krb5_context context,
} }
} }
/*
* change the password using the credentials in `creds' (for the
* principal indicated in them) to `newpw', storing the result of
* the operation in `result_*' and an error code or 0.
*/
krb5_error_code krb5_error_code
krb5_change_password (krb5_context context, krb5_change_password (krb5_context context,
krb5_creds *creds, krb5_creds *creds,
@@ -269,12 +296,13 @@ krb5_change_password (krb5_context context,
int i; int i;
struct addrinfo *ai, *a; struct addrinfo *ai, *a;
int done = 0; int done = 0;
char *host = NULL;
ret = krb5_auth_con_init (context, &auth_context); ret = krb5_auth_con_init (context, &auth_context);
if (ret) if (ret)
return ret; return ret;
ret = get_kdc_address (context, creds->client->realm, &ai); ret = get_kdc_address (context, creds->client->realm, &ai, &host);
if (ret) if (ret)
goto out; goto out;
@@ -297,7 +325,8 @@ krb5_change_password (krb5_context context,
sock, sock,
a->ai_addr, a->ai_addr,
a->ai_addrlen, a->ai_addrlen,
newpw); newpw,
host);
if (ret) { if (ret) {
close(sock); close(sock);
goto out; goto out;
@@ -305,6 +334,7 @@ krb5_change_password (krb5_context context,
} }
if (sock >= FD_SETSIZE) { if (sock >= FD_SETSIZE) {
krb5_set_error_string(context, "fd %d too large", sock);
ret = ERANGE; ret = ERANGE;
close (sock); close (sock);
goto out; goto out;
@@ -326,7 +356,8 @@ krb5_change_password (krb5_context context,
sock, sock,
result_code, result_code,
result_code_string, result_code_string,
result_string); result_string,
host);
if (ret == 0) if (ret == 0)
done = 1; done = 1;
else if (i > 0 && ret == KRB5KRB_AP_ERR_MUT_FAIL) else if (i > 0 && ret == KRB5KRB_AP_ERR_MUT_FAIL)
@@ -341,8 +372,16 @@ krb5_change_password (krb5_context context,
out: out:
krb5_auth_con_free (context, auth_context); krb5_auth_con_free (context, auth_context);
free (host);
if (done) if (done)
return 0; return 0;
else else {
if (ret == KRB5_KDC_UNREACH)
krb5_set_error_string(context,
"failed to reach kpasswd server %s "
"in realm %s",
host, creds->client->realm);
return ret; return ret;
}
} }

45
lib/krb5/config_file.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 1998, 1999, 2000 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -36,14 +36,15 @@ RCSID("$Id$");
#ifndef HAVE_NETINFO #ifndef HAVE_NETINFO
static int parse_section(char *p, krb5_config_section **s, static krb5_error_code parse_section(char *p, krb5_config_section **s,
krb5_config_section **res, krb5_config_section **res,
char **error_message); char **error_message);
static int parse_binding(FILE *f, unsigned *lineno, char *p, static krb5_error_code parse_binding(FILE *f, unsigned *lineno, char *p,
krb5_config_binding **b, krb5_config_binding **b,
krb5_config_binding **parent, krb5_config_binding **parent,
char **error_message); char **error_message);
static int parse_list(FILE *f, unsigned *lineno, krb5_config_binding **parent, static krb5_error_code parse_list(FILE *f, unsigned *lineno,
krb5_config_binding **parent,
char **error_message); char **error_message);
/* /*
@@ -61,7 +62,7 @@ static int parse_list(FILE *f, unsigned *lineno, krb5_config_binding **parent,
* Store the error message in `error_message'. * Store the error message in `error_message'.
*/ */
static int static krb5_error_code
parse_section(char *p, krb5_config_section **s, krb5_config_section **parent, parse_section(char *p, krb5_config_section **s, krb5_config_section **parent,
char **error_message) char **error_message)
{ {
@@ -71,18 +72,18 @@ parse_section(char *p, krb5_config_section **s, krb5_config_section **parent,
p1 = strchr (p + 1, ']'); p1 = strchr (p + 1, ']');
if (p1 == NULL) { if (p1 == NULL) {
*error_message = "missing ]"; *error_message = "missing ]";
return -1; return KRB5_CONFIG_BADFORMAT;
} }
*p1 = '\0'; *p1 = '\0';
tmp = malloc(sizeof(*tmp)); tmp = malloc(sizeof(*tmp));
if (tmp == NULL) { if (tmp == NULL) {
*error_message = "out of memory"; *error_message = "out of memory";
return -1; return KRB5_CONFIG_BADFORMAT;
} }
tmp->name = strdup(p+1); tmp->name = strdup(p+1);
if (tmp->name == NULL) { if (tmp->name == NULL) {
*error_message = "out of memory"; *error_message = "out of memory";
return -1; return KRB5_CONFIG_BADFORMAT;
} }
tmp->type = krb5_config_list; tmp->type = krb5_config_list;
tmp->u.list = NULL; tmp->u.list = NULL;
@@ -133,7 +134,7 @@ parse_list(FILE *f, unsigned *lineno, krb5_config_binding **parent,
} }
*lineno = beg_lineno; *lineno = beg_lineno;
*error_message = "unclosed {"; *error_message = "unclosed {";
return -1; return KRB5_CONFIG_BADFORMAT;
} }
/* /*
@@ -154,14 +155,14 @@ parse_binding(FILE *f, unsigned *lineno, char *p,
++p; ++p;
if (*p == '\0') { if (*p == '\0') {
*error_message = "no ="; *error_message = "no =";
return -1; return KRB5_CONFIG_BADFORMAT;
} }
p2 = p; p2 = p;
while (isspace((unsigned char)*p)) while (isspace((unsigned char)*p))
++p; ++p;
if (*p != '=') { if (*p != '=') {
*error_message = "no ="; *error_message = "no =";
return -1; return KRB5_CONFIG_BADFORMAT;
} }
++p; ++p;
while(isspace((unsigned char)*p)) while(isspace((unsigned char)*p))
@@ -169,7 +170,7 @@ parse_binding(FILE *f, unsigned *lineno, char *p,
tmp = malloc(sizeof(*tmp)); tmp = malloc(sizeof(*tmp));
if (tmp == NULL) { if (tmp == NULL) {
*error_message = "out of memory"; *error_message = "out of memory";
return -1; return KRB5_CONFIG_BADFORMAT;
} }
*p2 = '\0'; *p2 = '\0';
tmp->name = strdup(p1); tmp->name = strdup(p1);
@@ -200,7 +201,7 @@ parse_binding(FILE *f, unsigned *lineno, char *p,
* returning error messages in `error_message' * returning error messages in `error_message'
*/ */
krb5_error_code static krb5_error_code
krb5_config_parse_file_debug (const char *fname, krb5_config_parse_file_debug (const char *fname,
krb5_config_section **res, krb5_config_section **res,
unsigned *lineno, unsigned *lineno,
@@ -210,7 +211,7 @@ krb5_config_parse_file_debug (const char *fname,
krb5_config_section *s; krb5_config_section *s;
krb5_config_binding *b; krb5_config_binding *b;
char buf[BUFSIZ]; char buf[BUFSIZ];
int ret = 0; krb5_error_code ret = 0;
s = NULL; s = NULL;
b = NULL; b = NULL;
@@ -240,7 +241,7 @@ krb5_config_parse_file_debug (const char *fname,
b = NULL; b = NULL;
} else if (*p == '}') { } else if (*p == '}') {
*error_message = "unmatched }"; *error_message = "unmatched }";
ret = -1; ret = EINVAL; /* XXX */
goto out; goto out;
} else if(*p != '\0') { } else if(*p != '\0') {
ret = parse_binding(f, lineno, p, &b, &s->u.list, error_message); ret = parse_binding(f, lineno, p, &b, &s->u.list, error_message);
@@ -254,12 +255,20 @@ out:
} }
krb5_error_code krb5_error_code
krb5_config_parse_file (const char *fname, krb5_config_section **res) krb5_config_parse_file (krb5_context context,
const char *fname,
krb5_config_section **res)
{ {
char *foo; char *str;
unsigned lineno; unsigned lineno;
krb5_error_code ret;
return krb5_config_parse_file_debug (fname, res, &lineno, &foo); ret = krb5_config_parse_file_debug (fname, res, &lineno, &str);
if (ret) {
krb5_set_error_string (context, "%s:%u: %s", fname, lineno, str);
return ret;
}
return 0;
} }
#endif /* !HAVE_NETINFO */ #endif /* !HAVE_NETINFO */

6
lib/krb5/config_file_netinfo.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -131,7 +131,9 @@ ni_idlist2binding(void *ni, ni_idlist *idlist, krb5_config_section **ret)
} }
krb5_error_code krb5_error_code
krb5_config_parse_file (const char *fname, krb5_config_section **res) krb5_config_parse_file (krb5_context context,
const char *fname,
krb5_config_section **res)
{ {
void *ni = NULL, *lastni = NULL; void *ni = NULL, *lastni = NULL;
int i; int i;

39
lib/krb5/context.c
View File

@@ -60,6 +60,7 @@ set_etypes (krb5_context context,
etypes = malloc((i+1) * sizeof(*etypes)); etypes = malloc((i+1) * sizeof(*etypes));
if (etypes == NULL) { if (etypes == NULL) {
krb5_config_free_strings (etypes_str); krb5_config_free_strings (etypes_str);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
for(j = 0, k = 0; j < i; j++) { for(j = 0, k = 0; j < i; j++) {
@@ -172,7 +173,7 @@ krb5_init_context(krb5_context *context)
if (config_file == NULL) if (config_file == NULL)
config_file = krb5_config_file; config_file = krb5_config_file;
ret = krb5_config_parse_file (config_file, &tmp_cf); ret = krb5_config_parse_file (p, config_file, &tmp_cf);
if (ret == 0) if (ret == 0)
p->cf = tmp_cf; p->cf = tmp_cf;
@@ -214,7 +215,7 @@ krb5_free_context(krb5_context context)
*/ */
static krb5_error_code static krb5_error_code
default_etypes(krb5_enctype **etype) default_etypes(krb5_context context, krb5_enctype **etype)
{ {
krb5_enctype p[] = { krb5_enctype p[] = {
ETYPE_DES3_CBC_SHA1, ETYPE_DES3_CBC_SHA1,
@@ -225,9 +226,12 @@ default_etypes(krb5_enctype **etype)
ETYPE_DES_CBC_CRC, ETYPE_DES_CBC_CRC,
ETYPE_NULL ETYPE_NULL
}; };
*etype = malloc(sizeof(p)); *etype = malloc(sizeof(p));
if(*etype == NULL) if(*etype == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
memcpy(*etype, p, sizeof(p)); memcpy(*etype, p, sizeof(p));
return 0; return 0;
} }
@@ -240,14 +244,18 @@ krb5_set_default_in_tkt_etypes(krb5_context context,
krb5_enctype *p = NULL; krb5_enctype *p = NULL;
if(etypes) { if(etypes) {
i = 0; for (i = 0; etypes[i]; ++i)
while(etypes[i]) if(!krb5_enctype_valid(context, etypes[i])) {
if(!krb5_enctype_valid(context, etypes[i++])) krb5_set_error_string(context, "enctype %d not supported",
etypes[i]);
return KRB5_PROG_ETYPE_NOSUPP; return KRB5_PROG_ETYPE_NOSUPP;
}
++i; ++i;
ALLOC(p, i); ALLOC(p, i);
if(!p) if(!p) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
memmove(p, etypes, i * sizeof(krb5_enctype)); memmove(p, etypes, i * sizeof(krb5_enctype));
} }
if(context->etypes) if(context->etypes)
@@ -263,17 +271,22 @@ krb5_get_default_in_tkt_etypes(krb5_context context,
{ {
krb5_enctype *p; krb5_enctype *p;
int i; int i;
krb5_error_code ret;
if(context->etypes) { if(context->etypes) {
for(i = 0; context->etypes[i]; i++); for(i = 0; context->etypes[i]; i++);
++i; ++i;
ALLOC(p, i); ALLOC(p, i);
if(!p) if(!p) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
memmove(p, context->etypes, i * sizeof(krb5_enctype)); memmove(p, context->etypes, i * sizeof(krb5_enctype));
} else } else {
if(default_etypes(&p)) ret = default_etypes(context, &p);
return ENOMEM; if (ret)
return ret;
}
*etypes = p; *etypes = p;
return 0; return 0;
} }
@@ -329,9 +342,11 @@ krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses)
} }
if(context->extra_addresses == NULL) { if(context->extra_addresses == NULL) {
context->extra_addresses = malloc(sizeof(*context->extra_addresses)); context->extra_addresses = malloc(sizeof(*context->extra_addresses));
if(context->extra_addresses == NULL) if(context->extra_addresses == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
}
return krb5_copy_addresses(context, addresses, context->extra_addresses); return krb5_copy_addresses(context, addresses, context->extra_addresses);
} }

15
lib/krb5/convert_creds.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 1999, 2001 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -196,6 +196,7 @@ krb524_convert_creds_kdc(krb5_context context,
sp = krb5_storage_from_mem(reply.data, reply.length); sp = krb5_storage_from_mem(reply.data, reply.length);
if(sp == NULL) { if(sp == NULL) {
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string (context, "malloc: out of memory");
goto out2; goto out2;
} }
krb5_ret_int32(sp, &tmp); krb5_ret_int32(sp, &tmp);
@@ -203,10 +204,12 @@ krb524_convert_creds_kdc(krb5_context context,
if(ret == 0) { if(ret == 0) {
memset(v4creds, 0, sizeof(*v4creds)); memset(v4creds, 0, sizeof(*v4creds));
ret = krb5_ret_int32(sp, &tmp); ret = krb5_ret_int32(sp, &tmp);
if(ret) goto out; if(ret)
goto out;
v4creds->kvno = tmp; v4creds->kvno = tmp;
ret = krb5_ret_data(sp, &ticket); ret = krb5_ret_data(sp, &ticket);
if(ret) goto out; if(ret)
goto out;
v4creds->ticket_st.length = ticket.length; v4creds->ticket_st.length = ticket.length;
memcpy(v4creds->ticket_st.dat, ticket.data, ticket.length); memcpy(v4creds->ticket_st.dat, ticket.data, ticket.length);
krb5_data_free(&ticket); krb5_data_free(&ticket);
@@ -215,7 +218,8 @@ krb524_convert_creds_kdc(krb5_context context,
v4creds->service, v4creds->service,
v4creds->instance, v4creds->instance,
v4creds->realm); v4creds->realm);
if(ret) goto out; if(ret)
goto out;
v4creds->issue_date = v5_creds->times.authtime; v4creds->issue_date = v5_creds->times.authtime;
v4creds->lifetime = _krb_time_to_life(v4creds->issue_date, v4creds->lifetime = _krb_time_to_life(v4creds->issue_date,
v5_creds->times.endtime); v5_creds->times.endtime);
@@ -223,7 +227,8 @@ krb524_convert_creds_kdc(krb5_context context,
v4creds->pname, v4creds->pname,
v4creds->pinst, v4creds->pinst,
realm); realm);
if(ret) goto out; if(ret)
goto out;
memcpy(v4creds->session, v5_creds->session.keyvalue.data, 8); memcpy(v4creds->session, v5_creds->session.keyvalue.data, 8);
} }
out: out:

7
lib/krb5/copy_host_realm.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1999 Kungliga Tekniska H<>gskolan * Copyright (c) 1999 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -51,14 +51,17 @@ krb5_copy_host_realm(krb5_context context,
++n; ++n;
++n; ++n;
*to = malloc (n * sizeof(**to)); *to = malloc (n * sizeof(**to));
if (*to == NULL) if (*to == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
for (i = 0; i < n; ++i) for (i = 0; i < n; ++i)
(*to)[i] = NULL; (*to)[i] = NULL;
for (i = 0, p = from; *p != NULL; ++p, ++i) { for (i = 0, p = from; *p != NULL; ++p, ++i) {
(*to)[i] = strdup(*p); (*to)[i] = strdup(*p);
if ((*to)[i] == NULL) { if ((*to)[i] == NULL) {
krb5_free_host_realm (context, *to); krb5_free_host_realm (context, *to);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
} }

6
lib/krb5/creds.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -108,8 +108,10 @@ krb5_copy_creds (krb5_context context,
krb5_creds *c; krb5_creds *c;
c = malloc (sizeof (*c)); c = malloc (sizeof (*c));
if (c == NULL) if (c == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
memset (c, 0, sizeof(*c)); memset (c, 0, sizeof(*c));
*outcred = c; *outcred = c;
return krb5_copy_creds_contents (context, incred, c); return krb5_copy_creds_contents (context, incred, c);

272
lib/krb5/crypto.c
View File

@@ -115,7 +115,8 @@ struct encryption_type {
struct checksum_type *checksum; struct checksum_type *checksum;
struct checksum_type *keyed_checksum; struct checksum_type *keyed_checksum;
unsigned flags; unsigned flags;
krb5_error_code (*encrypt)(struct key_data *key, krb5_error_code (*encrypt)(krb5_context context,
struct key_data *key,
void *data, size_t len, void *data, size_t len,
krb5_boolean encrypt, krb5_boolean encrypt,
int usage, int usage,
@@ -168,8 +169,10 @@ DES_string_to_key(krb5_context context,
len = password.length + salt.saltvalue.length + 1; len = password.length + salt.saltvalue.length + 1;
s = malloc(len); s = malloc(len);
if(s == NULL) if(s == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
memcpy(s, password.data, password.length); memcpy(s, password.data, password.length);
memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length); memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length);
s[len - 1] = '\0'; s[len - 1] = '\0';
@@ -335,8 +338,10 @@ DES3_string_to_key(krb5_context context,
len = password.length + salt.saltvalue.length; len = password.length + salt.saltvalue.length;
str = malloc(len); str = malloc(len);
if(len != 0 && str == NULL) if(len != 0 && str == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
memcpy(str, password.data, password.length); memcpy(str, password.data, password.length);
memcpy(str + password.length, salt.saltvalue.data, salt.saltvalue.length); memcpy(str + password.length, salt.saltvalue.data, salt.saltvalue.length);
{ {
@@ -387,8 +392,10 @@ DES3_string_to_key_derived(krb5_context context,
char *s; char *s;
s = malloc(len); s = malloc(len);
if(len != 0 && s == NULL) if(len != 0 && s == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
memcpy(s, password.data, password.length); memcpy(s, password.data, password.length);
memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length); memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length);
ret = krb5_string_to_key_derived(context, ret = krb5_string_to_key_derived(context,
@@ -433,8 +440,10 @@ ARCFOUR_string_to_key(krb5_context context,
len = 2 * password.length; len = 2 * password.length;
s = malloc (len); s = malloc (len);
if (len != 0 && s == NULL) if (len != 0 && s == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
for (p = s, i = 0; i < password.length; ++i) { for (p = s, i = 0; i < password.length; ++i) {
*p++ = ((char *)password.data)[i]; *p++ = ((char *)password.data)[i];
*p++ = 0; *p++ = 0;
@@ -579,16 +588,22 @@ krb5_salttype_to_string (krb5_context context,
struct salt_type *st; struct salt_type *st;
e = _find_enctype (etype); e = _find_enctype (etype);
if (e == NULL) if (e == NULL) {
krb5_set_error_string(context, "encryption type %d not supported",
etype);
return KRB5_PROG_ETYPE_NOSUPP; return KRB5_PROG_ETYPE_NOSUPP;
}
for (st = e->keytype->string_to_key; st && st->type; st++) { for (st = e->keytype->string_to_key; st && st->type; st++) {
if (st->type == stype) { if (st->type == stype) {
*string = strdup (st->name); *string = strdup (st->name);
if (*string == NULL) if (*string == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
return 0; return 0;
} }
} }
krb5_set_error_string(context, "salttype %d not supported", stype);
return HEIM_ERR_SALTTYPE_NOSUPP; return HEIM_ERR_SALTTYPE_NOSUPP;
} }
@@ -602,14 +617,18 @@ krb5_string_to_salttype (krb5_context context,
struct salt_type *st; struct salt_type *st;
e = _find_enctype (etype); e = _find_enctype (etype);
if (e == NULL) if (e == NULL) {
krb5_set_error_string(context, "encryption type %d not supported",
etype);
return KRB5_PROG_ETYPE_NOSUPP; return KRB5_PROG_ETYPE_NOSUPP;
}
for (st = e->keytype->string_to_key; st && st->type; st++) { for (st = e->keytype->string_to_key; st && st->type; st++) {
if (strcasecmp (st->name, string) == 0) { if (strcasecmp (st->name, string) == 0) {
*salttype = st->type; *salttype = st->type;
return 0; return 0;
} }
} }
krb5_set_error_string(context, "salttype %s not supported", string);
return HEIM_ERR_SALTTYPE_NOSUPP; return HEIM_ERR_SALTTYPE_NOSUPP;
} }
@@ -695,11 +714,16 @@ krb5_string_to_key_data_salt (krb5_context context,
{ {
struct encryption_type *et =_find_enctype(enctype); struct encryption_type *et =_find_enctype(enctype);
struct salt_type *st; struct salt_type *st;
if(et == NULL) if(et == NULL) {
krb5_set_error_string(context, "encryption type %d not supported",
enctype);
return KRB5_PROG_ETYPE_NOSUPP; return KRB5_PROG_ETYPE_NOSUPP;
}
for(st = et->keytype->string_to_key; st && st->type; st++) for(st = et->keytype->string_to_key; st && st->type; st++)
if(st->type == salt.salttype) if(st->type == salt.salttype)
return (*st->string_to_key)(context, enctype, password, salt, key); return (*st->string_to_key)(context, enctype, password, salt, key);
krb5_set_error_string(context, "salt type %d not supported",
salt.salttype);
return HEIM_ERR_SALTTYPE_NOSUPP; return HEIM_ERR_SALTTYPE_NOSUPP;
} }
@@ -728,11 +752,15 @@ krb5_keytype_to_string(krb5_context context,
char **string) char **string)
{ {
struct key_type *kt = _find_keytype(keytype); struct key_type *kt = _find_keytype(keytype);
if(kt == NULL) if(kt == NULL) {
krb5_set_error_string(context, "key type %d not supported", keytype);
return KRB5_PROG_KEYTYPE_NOSUPP; return KRB5_PROG_KEYTYPE_NOSUPP;
}
*string = strdup(kt->name); *string = strdup(kt->name);
if(*string == NULL) if(*string == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
return 0; return 0;
} }
@@ -747,6 +775,7 @@ krb5_string_to_keytype(krb5_context context,
*keytype = keytypes[i]->type; *keytype = keytypes[i]->type;
return 0; return 0;
} }
krb5_set_error_string(context, "key type %s not supported", string);
return KRB5_PROG_KEYTYPE_NOSUPP; return KRB5_PROG_KEYTYPE_NOSUPP;
} }
@@ -757,8 +786,11 @@ krb5_generate_random_keyblock(krb5_context context,
{ {
krb5_error_code ret; krb5_error_code ret;
struct encryption_type *et = _find_enctype(type); struct encryption_type *et = _find_enctype(type);
if(et == NULL) if(et == NULL) {
krb5_set_error_string(context, "encryption type %d not supported",
type);
return KRB5_PROG_ETYPE_NOSUPP; return KRB5_PROG_ETYPE_NOSUPP;
}
ret = krb5_data_alloc(&key->keyvalue, et->keytype->size); ret = krb5_data_alloc(&key->keyvalue, et->keytype->size);
if(ret) if(ret)
return ret; return ret;
@@ -784,8 +816,10 @@ _key_schedule(krb5_context context,
if (key->schedule != NULL) if (key->schedule != NULL)
return 0; return 0;
ALLOC(key->schedule, 1); ALLOC(key->schedule, 1);
if(key->schedule == NULL) if(key->schedule == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
ret = krb5_data_alloc(key->schedule, kt->schedule_size); ret = krb5_data_alloc(key->schedule, kt->schedule_size);
if(ret) { if(ret) {
free(key->schedule); free(key->schedule);
@@ -894,8 +928,10 @@ RSA_MD4_DES_verify(krb5_context context,
MD4_Update (&md4, tmp, 8); /* confounder */ MD4_Update (&md4, tmp, 8); /* confounder */
MD4_Update (&md4, data, len); MD4_Update (&md4, data, len);
MD4_Final (res, &md4); MD4_Final (res, &md4);
if(memcmp(res, tmp + 8, sizeof(res)) != 0) if(memcmp(res, tmp + 8, sizeof(res)) != 0) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
}
memset(tmp, 0, sizeof(tmp)); memset(tmp, 0, sizeof(tmp));
memset(res, 0, sizeof(res)); memset(res, 0, sizeof(res));
return ret; return ret;
@@ -968,8 +1004,10 @@ RSA_MD5_DES_verify(krb5_context context,
MD5_Update (&md5, tmp, 8); /* confounder */ MD5_Update (&md5, tmp, 8); /* confounder */
MD5_Update (&md5, data, len); MD5_Update (&md5, data, len);
MD5_Final (res, &md5); MD5_Final (res, &md5);
if(memcmp(res, tmp + 8, sizeof(res)) != 0) if(memcmp(res, tmp + 8, sizeof(res)) != 0) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
}
memset(tmp, 0, sizeof(tmp)); memset(tmp, 0, sizeof(tmp));
memset(res, 0, sizeof(res)); memset(res, 0, sizeof(res));
return ret; return ret;
@@ -1028,8 +1066,10 @@ RSA_MD5_DES3_verify(krb5_context context,
MD5_Update (&md5, tmp, 8); /* confounder */ MD5_Update (&md5, tmp, 8); /* confounder */
MD5_Update (&md5, data, len); MD5_Update (&md5, data, len);
MD5_Final (res, &md5); MD5_Final (res, &md5);
if(memcmp(res, tmp + 8, sizeof(res)) != 0) if(memcmp(res, tmp + 8, sizeof(res)) != 0) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
}
memset(tmp, 0, sizeof(tmp)); memset(tmp, 0, sizeof(tmp));
memset(res, 0, sizeof(res)); memset(res, 0, sizeof(res));
return ret; return ret;
@@ -1357,8 +1397,10 @@ get_checksum_key(krb5_context context,
int i; int i;
*key = _new_derived_key(crypto, 0xff/* KRB5_KU_RFC1510_VARIANT */); *key = _new_derived_key(crypto, 0xff/* KRB5_KU_RFC1510_VARIANT */);
if(*key == NULL) if(*key == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
ret = krb5_copy_keyblock(context, crypto->key.key, &(*key)->key); ret = krb5_copy_keyblock(context, crypto->key.key, &(*key)->key);
if(ret) if(ret)
return ret; return ret;
@@ -1386,8 +1428,10 @@ do_checksum (krb5_context context,
int keyed_checksum; int keyed_checksum;
keyed_checksum = (ct->flags & F_KEYED) != 0; keyed_checksum = (ct->flags & F_KEYED) != 0;
if(keyed_checksum && crypto == NULL) if(keyed_checksum && crypto == NULL) {
krb5_clear_error_string (context);
return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */
}
if(keyed_checksum) { if(keyed_checksum) {
ret = get_checksum_key(context, crypto, usage, ct, &dkey); ret = get_checksum_key(context, crypto, usage, ct, &dkey);
if (ret) if (ret)
@@ -1419,8 +1463,11 @@ create_checksum(krb5_context context,
ct = crypto->et->checksum; ct = crypto->et->checksum;
} }
if(ct == NULL) if(ct == NULL) {
krb5_set_error_string (context, "checksum type %d not supported",
type);
return KRB5_PROG_SUMTYPE_NOSUPP; return KRB5_PROG_SUMTYPE_NOSUPP;
}
return do_checksum (context, ct, crypto, usage, data, len, result); return do_checksum (context, ct, crypto, usage, data, len, result);
} }
@@ -1453,13 +1500,20 @@ verify_checksum(krb5_context context,
struct checksum_type *ct; struct checksum_type *ct;
ct = _find_checksum(cksum->cksumtype); ct = _find_checksum(cksum->cksumtype);
if(ct == NULL) if(ct == NULL) {
krb5_set_error_string (context, "checksum type %d not supported",
cksum->cksumtype);
return KRB5_PROG_SUMTYPE_NOSUPP; return KRB5_PROG_SUMTYPE_NOSUPP;
if(ct->checksumsize != cksum->checksum.length) }
if(ct->checksumsize != cksum->checksum.length) {
krb5_clear_error_string (context);
return KRB5KRB_AP_ERR_BAD_INTEGRITY; /* XXX */ return KRB5KRB_AP_ERR_BAD_INTEGRITY; /* XXX */
}
keyed_checksum = (ct->flags & F_KEYED) != 0; keyed_checksum = (ct->flags & F_KEYED) != 0;
if(keyed_checksum && crypto == NULL) if(keyed_checksum && crypto == NULL) {
krb5_clear_error_string (context);
return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */
}
if(keyed_checksum) if(keyed_checksum)
ret = get_checksum_key(context, crypto, usage, ct, &dkey); ret = get_checksum_key(context, crypto, usage, ct, &dkey);
else else
@@ -1474,10 +1528,12 @@ verify_checksum(krb5_context context,
(*ct->checksum)(context, dkey, data, len, usage, &c); (*ct->checksum)(context, dkey, data, len, usage, &c);
if(c.checksum.length != cksum->checksum.length || if(c.checksum.length != cksum->checksum.length ||
memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
else } else {
ret = 0; ret = 0;
}
krb5_data_free (&c.checksum); krb5_data_free (&c.checksum);
return ret; return ret;
} }
@@ -1500,8 +1556,11 @@ krb5_checksumsize(krb5_context context,
size_t *size) size_t *size)
{ {
struct checksum_type *ct = _find_checksum(type); struct checksum_type *ct = _find_checksum(type);
if(ct == NULL) if(ct == NULL) {
krb5_set_error_string (context, "checksum type %d not supported",
type);
return KRB5_PROG_SUMTYPE_NOSUPP; return KRB5_PROG_SUMTYPE_NOSUPP;
}
*size = ct->checksumsize; *size = ct->checksumsize;
return 0; return 0;
} }
@@ -1511,8 +1570,11 @@ krb5_checksum_is_keyed(krb5_context context,
krb5_cksumtype type) krb5_cksumtype type)
{ {
struct checksum_type *ct = _find_checksum(type); struct checksum_type *ct = _find_checksum(type);
if(ct == NULL) if(ct == NULL) {
krb5_set_error_string (context, "checksum type %d not supported",
type);
return KRB5_PROG_SUMTYPE_NOSUPP; return KRB5_PROG_SUMTYPE_NOSUPP;
}
return ct->flags & F_KEYED; return ct->flags & F_KEYED;
} }
@@ -1521,8 +1583,11 @@ krb5_checksum_is_collision_proof(krb5_context context,
krb5_cksumtype type) krb5_cksumtype type)
{ {
struct checksum_type *ct = _find_checksum(type); struct checksum_type *ct = _find_checksum(type);
if(ct == NULL) if(ct == NULL) {
krb5_set_error_string (context, "checksum type %d not supported",
type);
return KRB5_PROG_SUMTYPE_NOSUPP; return KRB5_PROG_SUMTYPE_NOSUPP;
}
return ct->flags & F_CPROOF; return ct->flags & F_CPROOF;
} }
@@ -1531,7 +1596,8 @@ krb5_checksum_is_collision_proof(krb5_context context,
************************************************************/ ************************************************************/
static krb5_error_code static krb5_error_code
NULL_encrypt(struct key_data *key, NULL_encrypt(krb5_context context,
struct key_data *key,
void *data, void *data,
size_t len, size_t len,
krb5_boolean encrypt, krb5_boolean encrypt,
@@ -1542,7 +1608,8 @@ NULL_encrypt(struct key_data *key,
} }
static krb5_error_code static krb5_error_code
DES_CBC_encrypt_null_ivec(struct key_data *key, DES_CBC_encrypt_null_ivec(krb5_context context,
struct key_data *key,
void *data, void *data,
size_t len, size_t len,
krb5_boolean encrypt, krb5_boolean encrypt,
@@ -1557,7 +1624,8 @@ DES_CBC_encrypt_null_ivec(struct key_data *key,
} }
static krb5_error_code static krb5_error_code
DES_CBC_encrypt_key_ivec(struct key_data *key, DES_CBC_encrypt_key_ivec(krb5_context context,
struct key_data *key,
void *data, void *data,
size_t len, size_t len,
krb5_boolean encrypt, krb5_boolean encrypt,
@@ -1572,7 +1640,8 @@ DES_CBC_encrypt_key_ivec(struct key_data *key,
} }
static krb5_error_code static krb5_error_code
DES3_CBC_encrypt(struct key_data *key, DES3_CBC_encrypt(krb5_context context,
struct key_data *key,
void *data, void *data,
size_t len, size_t len,
krb5_boolean encrypt, krb5_boolean encrypt,
@@ -1587,7 +1656,8 @@ DES3_CBC_encrypt(struct key_data *key,
} }
static krb5_error_code static krb5_error_code
DES3_CBC_encrypt_ivec(struct key_data *key, DES3_CBC_encrypt_ivec(krb5_context context,
struct key_data *key,
void *data, void *data,
size_t len, size_t len,
krb5_boolean encrypt, krb5_boolean encrypt,
@@ -1601,7 +1671,8 @@ DES3_CBC_encrypt_ivec(struct key_data *key,
} }
static krb5_error_code static krb5_error_code
DES_CFB64_encrypt_null_ivec(struct key_data *key, DES_CFB64_encrypt_null_ivec(krb5_context context,
struct key_data *key,
void *data, void *data,
size_t len, size_t len,
krb5_boolean encrypt, krb5_boolean encrypt,
@@ -1618,7 +1689,8 @@ DES_CFB64_encrypt_null_ivec(struct key_data *key,
} }
static krb5_error_code static krb5_error_code
DES_PCBC_encrypt_key_ivec(struct key_data *key, DES_PCBC_encrypt_key_ivec(krb5_context context,
struct key_data *key,
void *data, void *data,
size_t len, size_t len,
krb5_boolean encrypt, krb5_boolean encrypt,
@@ -1640,7 +1712,8 @@ DES_PCBC_encrypt_key_ivec(struct key_data *key,
*/ */
static krb5_error_code static krb5_error_code
ARCFOUR_subencrypt(struct key_data *key, ARCFOUR_subencrypt(krb5_context context,
struct key_data *key,
void *data, void *data,
size_t len, size_t len,
int usage, int usage,
@@ -1695,7 +1768,8 @@ ARCFOUR_subencrypt(struct key_data *key,
} }
static krb5_error_code static krb5_error_code
ARCFOUR_subdecrypt(struct key_data *key, ARCFOUR_subdecrypt(krb5_context context,
struct key_data *key,
void *data, void *data,
size_t len, size_t len,
int usage, int usage,
@@ -1749,10 +1823,12 @@ ARCFOUR_subdecrypt(struct key_data *key,
memset (k2_c_data, 0, sizeof(k2_c_data)); memset (k2_c_data, 0, sizeof(k2_c_data));
memset (k3_c_data, 0, sizeof(k3_c_data)); memset (k3_c_data, 0, sizeof(k3_c_data));
if (memcmp (cksum.checksum.data, data, 16) != 0) if (memcmp (cksum.checksum.data, data, 16) != 0) {
krb5_clear_error_string (context);
return KRB5KRB_AP_ERR_BAD_INTEGRITY; return KRB5KRB_AP_ERR_BAD_INTEGRITY;
else } else {
return 0; return 0;
}
} }
/* /*
@@ -1802,7 +1878,8 @@ usage2arcfour (int usage)
} }
static krb5_error_code static krb5_error_code
ARCFOUR_encrypt(struct key_data *key, ARCFOUR_encrypt(krb5_context context,
struct key_data *key,
void *data, void *data,
size_t len, size_t len,
krb5_boolean encrypt, krb5_boolean encrypt,
@@ -1812,9 +1889,9 @@ ARCFOUR_encrypt(struct key_data *key,
usage = usage2arcfour (usage); usage = usage2arcfour (usage);
if (encrypt) if (encrypt)
return ARCFOUR_subencrypt (key, data, len, usage, ivec); return ARCFOUR_subencrypt (context, key, data, len, usage, ivec);
else else
return ARCFOUR_subdecrypt (key, data, len, usage, ivec); return ARCFOUR_subdecrypt (context, key, data, len, usage, ivec);
} }
@@ -2003,11 +2080,16 @@ krb5_enctype_to_string(krb5_context context,
{ {
struct encryption_type *e; struct encryption_type *e;
e = _find_enctype(etype); e = _find_enctype(etype);
if(e == NULL) if(e == NULL) {
krb5_set_error_string (context, "encryption type %d not supported",
etype);
return KRB5_PROG_ETYPE_NOSUPP; return KRB5_PROG_ETYPE_NOSUPP;
}
*string = strdup(e->name); *string = strdup(e->name);
if(*string == NULL) if(*string == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
return 0; return 0;
} }
@@ -2022,6 +2104,8 @@ krb5_string_to_enctype(krb5_context context,
*etype = etypes[i]->type; *etype = etypes[i]->type;
return 0; return 0;
} }
krb5_set_error_string (context, "encryption type %s not supported",
string);
return KRB5_PROG_ETYPE_NOSUPP; return KRB5_PROG_ETYPE_NOSUPP;
} }
@@ -2031,8 +2115,11 @@ krb5_enctype_to_keytype(krb5_context context,
krb5_keytype *keytype) krb5_keytype *keytype)
{ {
struct encryption_type *e = _find_enctype(etype); struct encryption_type *e = _find_enctype(etype);
if(e == NULL) if(e == NULL) {
krb5_set_error_string (context, "encryption type %d not supported",
etype);
return KRB5_PROG_ETYPE_NOSUPP; return KRB5_PROG_ETYPE_NOSUPP;
}
*keytype = e->keytype->type; /* XXX */ *keytype = e->keytype->type; /* XXX */
return 0; return 0;
} }
@@ -2068,8 +2155,10 @@ krb5_keytype_to_enctypes (krb5_context context,
++n; ++n;
} }
ret = malloc(n * sizeof(int)); ret = malloc(n * sizeof(int));
if (ret == NULL && n != 0) if (ret == NULL && n != 0) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
n = 0; n = 0;
for (i = num_etypes - 1; i >= 0; --i) { for (i = num_etypes - 1; i >= 0; --i) {
if (etypes[i]->keytype->type == keytype if (etypes[i]->keytype->type == keytype
@@ -2101,8 +2190,10 @@ krb5_keytype_to_enctypes_default (krb5_context context,
for (n = 0; context->etypes_des[n]; ++n) for (n = 0; context->etypes_des[n]; ++n)
; ;
ret = malloc (n * sizeof(*ret)); ret = malloc (n * sizeof(*ret));
if (ret == NULL && n != 0) if (ret == NULL && n != 0) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
for (i = 0; i < n; ++i) for (i = 0; i < n; ++i)
ret[i] = context->etypes_des[i]; ret[i] = context->etypes_des[i];
*len = n; *len = n;
@@ -2183,6 +2274,7 @@ encrypt_internal_derived(krb5_context context,
&cksum); &cksum);
if(ret == 0 && cksum.checksum.length != checksum_sz) { if(ret == 0 && cksum.checksum.length != checksum_sz) {
free_Checksum (&cksum); free_Checksum (&cksum);
krb5_clear_error_string (context);
ret = KRB5_CRYPTO_INTERNAL; ret = KRB5_CRYPTO_INTERNAL;
} }
if(ret) { if(ret) {
@@ -2207,7 +2299,7 @@ encrypt_internal_derived(krb5_context context,
#ifdef CRYPTO_DEBUG #ifdef CRYPTO_DEBUG
krb5_crypto_debug(context, 1, block_sz, dkey->key); krb5_crypto_debug(context, 1, block_sz, dkey->key);
#endif #endif
(*et->encrypt)(dkey, p, block_sz, 1, usage, ivec); (*et->encrypt)(context, dkey, p, block_sz, 1, usage, ivec);
result->data = p; result->data = p;
result->length = block_sz + checksum_sz; result->length = block_sz + checksum_sz;
return 0; return 0;
@@ -2232,8 +2324,10 @@ encrypt_internal(krb5_context context,
sz = et->confoundersize + checksum_sz + len; sz = et->confoundersize + checksum_sz + len;
block_sz = (sz + et->blocksize - 1) &~ (et->blocksize - 1); /* pad */ block_sz = (sz + et->blocksize - 1) &~ (et->blocksize - 1); /* pad */
p = calloc(1, block_sz); p = calloc(1, block_sz);
if(p == NULL) if(p == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
q = p; q = p;
krb5_generate_random_block(q, et->confoundersize); /* XXX */ krb5_generate_random_block(q, et->confoundersize); /* XXX */
@@ -2249,8 +2343,10 @@ encrypt_internal(krb5_context context,
p, p,
block_sz, block_sz,
&cksum); &cksum);
if(ret == 0 && cksum.checksum.length != checksum_sz) if(ret == 0 && cksum.checksum.length != checksum_sz) {
krb5_clear_error_string (context);
ret = KRB5_CRYPTO_INTERNAL; ret = KRB5_CRYPTO_INTERNAL;
}
if(ret) { if(ret) {
memset(p, 0, block_sz); memset(p, 0, block_sz);
free(p); free(p);
@@ -2268,7 +2364,7 @@ encrypt_internal(krb5_context context,
#ifdef CRYPTO_DEBUG #ifdef CRYPTO_DEBUG
krb5_crypto_debug(context, 1, block_sz, crypto->key.key); krb5_crypto_debug(context, 1, block_sz, crypto->key.key);
#endif #endif
(*et->encrypt)(&crypto->key, p, block_sz, 1, 0, ivec); (*et->encrypt)(context, &crypto->key, p, block_sz, 1, 0, ivec);
result->data = p; result->data = p;
result->length = block_sz; result->length = block_sz;
return 0; return 0;
@@ -2289,15 +2385,17 @@ encrypt_internal_special(krb5_context context,
char *tmp, *p; char *tmp, *p;
tmp = malloc (sz); tmp = malloc (sz);
if (tmp == NULL) if (tmp == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
p = tmp; p = tmp;
memset (p, 0, cksum_sz); memset (p, 0, cksum_sz);
p += cksum_sz; p += cksum_sz;
krb5_generate_random_block(p, et->confoundersize); krb5_generate_random_block(p, et->confoundersize);
p += et->confoundersize; p += et->confoundersize;
memcpy (p, data, len); memcpy (p, data, len);
(*et->encrypt)(&crypto->key, tmp, sz, TRUE, usage, ivec); (*et->encrypt)(context, &crypto->key, tmp, sz, TRUE, usage, ivec);
result->data = tmp; result->data = tmp;
result->length = sz; result->length = sz;
return 0; return 0;
@@ -2321,12 +2419,16 @@ decrypt_internal_derived(krb5_context context,
unsigned long l; unsigned long l;
checksum_sz = CHECKSUMSIZE(et->keyed_checksum); checksum_sz = CHECKSUMSIZE(et->keyed_checksum);
if (len < checksum_sz) if (len < checksum_sz) {
return EINVAL; /* better error code? */ krb5_clear_error_string (context);
return EINVAL; /* XXX - better error code? */
}
p = malloc(len); p = malloc(len);
if(len != 0 && p == NULL) if(len != 0 && p == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
memcpy(p, data, len); memcpy(p, data, len);
len -= checksum_sz; len -= checksum_sz;
@@ -2344,7 +2446,7 @@ decrypt_internal_derived(krb5_context context,
#ifdef CRYPTO_DEBUG #ifdef CRYPTO_DEBUG
krb5_crypto_debug(context, 0, len, dkey->key); krb5_crypto_debug(context, 0, len, dkey->key);
#endif #endif
(*et->encrypt)(dkey, p, len, 0, usage, ivec); (*et->encrypt)(context, dkey, p, len, 0, usage, ivec);
cksum.checksum.data = p + len; cksum.checksum.data = p + len;
cksum.checksum.length = checksum_sz; cksum.checksum.length = checksum_sz;
@@ -2363,8 +2465,9 @@ decrypt_internal_derived(krb5_context context,
l = len - et->confoundersize; l = len - et->confoundersize;
memmove(p, p + et->confoundersize, l); memmove(p, p + et->confoundersize, l);
result->data = realloc(p, l); result->data = realloc(p, l);
if(p == NULL) { if(result->data == NULL) {
free(p); free(p);
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
result->length = l; result->length = l;
@@ -2387,8 +2490,10 @@ decrypt_internal(krb5_context context,
checksum_sz = CHECKSUMSIZE(et->checksum); checksum_sz = CHECKSUMSIZE(et->checksum);
p = malloc(len); p = malloc(len);
if(len != 0 && p == NULL) if(len != 0 && p == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
memcpy(p, data, len); memcpy(p, data, len);
ret = _key_schedule(context, &crypto->key); ret = _key_schedule(context, &crypto->key);
@@ -2399,7 +2504,7 @@ decrypt_internal(krb5_context context,
#ifdef CRYPTO_DEBUG #ifdef CRYPTO_DEBUG
krb5_crypto_debug(context, 0, len, crypto->key.key); krb5_crypto_debug(context, 0, len, crypto->key.key);
#endif #endif
(*et->encrypt)(&crypto->key, p, len, 0, 0, ivec); (*et->encrypt)(context, &crypto->key, p, len, 0, 0, ivec);
ret = krb5_data_copy(&cksum.checksum, p + et->confoundersize, checksum_sz); ret = krb5_data_copy(&cksum.checksum, p + et->confoundersize, checksum_sz);
if(ret) { if(ret) {
free(p); free(p);
@@ -2418,6 +2523,7 @@ decrypt_internal(krb5_context context,
result->data = realloc(p, l); result->data = realloc(p, l);
if(result->data == NULL) { if(result->data == NULL) {
free(p); free(p);
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
result->length = l; result->length = l;
@@ -2440,10 +2546,12 @@ decrypt_internal_special(krb5_context context,
char *tmp; char *tmp;
tmp = malloc (sz); tmp = malloc (sz);
if (tmp == NULL) if (tmp == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
(*et->encrypt)(&crypto->key, data, len, FALSE, usage, ivec); (*et->encrypt)(context, &crypto->key, data, len, FALSE, usage, ivec);
memcpy (tmp, cdata + cksum_sz + et->confoundersize, sz); memcpy (tmp, cdata + cksum_sz + et->confoundersize, sz);
@@ -2695,29 +2803,36 @@ derive_key(krb5_context context,
len != et->blocksize) { len != et->blocksize) {
nblocks = (kt->bits + et->blocksize * 8 - 1) / (et->blocksize * 8); nblocks = (kt->bits + et->blocksize * 8 - 1) / (et->blocksize * 8);
k = malloc(nblocks * et->blocksize); k = malloc(nblocks * et->blocksize);
if(k == NULL) if(k == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
_krb5_n_fold(constant, len, k, et->blocksize); _krb5_n_fold(constant, len, k, et->blocksize);
for(i = 0; i < nblocks; i++) { for(i = 0; i < nblocks; i++) {
if(i > 0) if(i > 0)
memcpy(k + i * et->blocksize, memcpy(k + i * et->blocksize,
k + (i - 1) * et->blocksize, k + (i - 1) * et->blocksize,
et->blocksize); et->blocksize);
(*et->encrypt)(key, k + i * et->blocksize, et->blocksize, 1, 0, (*et->encrypt)(context, key, k + i * et->blocksize, et->blocksize,
NULL); 1, 0, NULL);
} }
} else { } else {
/* this case is probably broken, but won't be run anyway */ /* this case is probably broken, but won't be run anyway */
void *c = malloc(len); void *c = malloc(len);
size_t res_len = (kt->bits + 7) / 8; size_t res_len = (kt->bits + 7) / 8;
if(len != 0 && c == NULL) if(len != 0 && c == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
memcpy(c, constant, len); memcpy(c, constant, len);
(*et->encrypt)(key, c, len, 1, 0, NULL); (*et->encrypt)(context, key, c, len, 1, 0, NULL);
k = malloc(res_len); k = malloc(res_len);
if(res_len != 0 && k == NULL) if(res_len != 0 && k == NULL) {
free(c);
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
_krb5_n_fold(c, len, k, res_len); _krb5_n_fold(c, len, k, res_len);
free(c); free(c);
} }
@@ -2728,7 +2843,8 @@ derive_key(krb5_context context,
DES3_postproc(context, k, nblocks * et->blocksize, key); DES3_postproc(context, k, nblocks * et->blocksize, key);
break; break;
default: default:
krb5_warnx(context, "derive_key() called with unknown keytype (%u)", krb5_set_error_string(context,
"derive_key() called with unknown keytype (%u)",
kt->type); kt->type);
ret = KRB5_CRYPTO_INTERNAL; ret = KRB5_CRYPTO_INTERNAL;
break; break;
@@ -2765,8 +2881,11 @@ krb5_derive_key(krb5_context context,
struct key_data d; struct key_data d;
et = _find_enctype (etype); et = _find_enctype (etype);
if (et == NULL) if (et == NULL) {
krb5_set_error_string(context, "encryption type %d not supported",
etype);
return KRB5_PROG_ETYPE_NOSUPP; return KRB5_PROG_ETYPE_NOSUPP;
}
ret = krb5_copy_keyblock(context, key, derived_key); ret = krb5_copy_keyblock(context, key, derived_key);
if (ret) if (ret)
@@ -2797,8 +2916,10 @@ _get_derived_key(krb5_context context,
return 0; return 0;
} }
d = _new_derived_key(crypto, usage); d = _new_derived_key(crypto, usage);
if(d == NULL) if(d == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
krb5_copy_keyblock(context, crypto->key.key, &d->key); krb5_copy_keyblock(context, crypto->key.key, &d->key);
_krb5_put_int(constant, usage, 5); _krb5_put_int(constant, usage, 5);
derive_key(context, crypto->et, d, constant, sizeof(constant)); derive_key(context, crypto->et, d, constant, sizeof(constant));
@@ -2815,13 +2936,17 @@ krb5_crypto_init(krb5_context context,
{ {
krb5_error_code ret; krb5_error_code ret;
ALLOC(*crypto, 1); ALLOC(*crypto, 1);
if(*crypto == NULL) if(*crypto == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
if(etype == ETYPE_NULL) if(etype == ETYPE_NULL)
etype = key->keytype; etype = key->keytype;
(*crypto)->et = _find_enctype(etype); (*crypto)->et = _find_enctype(etype);
if((*crypto)->et == NULL) { if((*crypto)->et == NULL) {
free(*crypto); free(*crypto);
krb5_set_error_string (context, "encryption type %d not supported",
etype);
return KRB5_PROG_ETYPE_NOSUPP; return KRB5_PROG_ETYPE_NOSUPP;
} }
ret = krb5_copy_keyblock(context, key, &(*crypto)->key.key); ret = krb5_copy_keyblock(context, key, &(*crypto)->key.key);
@@ -2877,8 +3002,11 @@ krb5_string_to_key_derived(krb5_context context,
struct key_data kd; struct key_data kd;
u_char *tmp; u_char *tmp;
if(et == NULL) if(et == NULL) {
krb5_set_error_string (context, "encryption type %d not supported",
etype);
return KRB5_PROG_ETYPE_NOSUPP; return KRB5_PROG_ETYPE_NOSUPP;
}
ALLOC(kd.key, 1); ALLOC(kd.key, 1);
kd.key->keytype = etype; kd.key->keytype = etype;
tmp = malloc (et->keytype->bits / 8); tmp = malloc (et->keytype->bits / 8);

10
lib/krb5/data.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 1999 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -100,10 +100,14 @@ krb5_copy_data(krb5_context context,
{ {
krb5_error_code ret; krb5_error_code ret;
ALLOC(*outdata, 1); ALLOC(*outdata, 1);
if(*outdata == NULL) if(*outdata == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
ret = copy_octet_string(indata, *outdata); ret = copy_octet_string(indata, *outdata);
if(ret) if(ret) {
krb5_clear_error_string (context);
free(*outdata); free(*outdata);
}
return ret; return ret;
} }

12
lib/krb5/expand_hostname.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1999 - 2000 Kungliga Tekniska H<>gskolan * Copyright (c) 1999 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -41,8 +41,10 @@ copy_hostname(krb5_context context,
char **new_hostname) char **new_hostname)
{ {
*new_hostname = strdup (orig_hostname); *new_hostname = strdup (orig_hostname);
if (*new_hostname == NULL) if (*new_hostname == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
strlwr (*new_hostname); strlwr (*new_hostname);
return 0; return 0;
} }
@@ -70,12 +72,14 @@ krb5_expand_hostname (krb5_context context,
if (a->ai_canonname != NULL) { if (a->ai_canonname != NULL) {
*new_hostname = strdup (a->ai_canonname); *new_hostname = strdup (a->ai_canonname);
freeaddrinfo (ai); freeaddrinfo (ai);
if (*new_hostname == NULL) if (*new_hostname == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
else } else {
return 0; return 0;
} }
} }
}
freeaddrinfo (ai); freeaddrinfo (ai);
return copy_hostname (context, orig_hostname, new_hostname); return copy_hostname (context, orig_hostname, new_hostname);
} }

25
lib/krb5/fcache.c
View File

@@ -70,11 +70,14 @@ fcc_resolve(krb5_context context, krb5_ccache *id, const char *res)
{ {
krb5_fcache *f; krb5_fcache *f;
f = malloc(sizeof(*f)); f = malloc(sizeof(*f));
if(f == NULL) if(f == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return KRB5_CC_NOMEM; return KRB5_CC_NOMEM;
}
f->filename = strdup(res); f->filename = strdup(res);
if(f->filename == NULL){ if(f->filename == NULL){
free(f); free(f);
krb5_set_error_string(context, "malloc: out of memory");
return KRB5_CC_NOMEM; return KRB5_CC_NOMEM;
} }
f->version = 0; f->version = 0;
@@ -171,18 +174,23 @@ fcc_gen_new(krb5_context context, krb5_ccache *id)
krb5_fcache *f; krb5_fcache *f;
int fd; int fd;
char *file; char *file;
f = malloc(sizeof(*f)); f = malloc(sizeof(*f));
if(f == NULL) if(f == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return KRB5_CC_NOMEM; return KRB5_CC_NOMEM;
}
asprintf (&file, "%sXXXXXX", KRB5_DEFAULT_CCFILE_ROOT); asprintf (&file, "%sXXXXXX", KRB5_DEFAULT_CCFILE_ROOT);
if(file == NULL) { if(file == NULL) {
free(f); free(f);
krb5_set_error_string(context, "malloc: out of memory");
return KRB5_CC_NOMEM; return KRB5_CC_NOMEM;
} }
fd = mkstemp(file); fd = mkstemp(file);
if(fd < 0) { if(fd < 0) {
free(f); free(f);
free(file); free(file);
krb5_set_error_string(context, "mkstemp %s", file);
return errno; return errno;
} }
close(fd); close(fd);
@@ -263,8 +271,11 @@ fcc_initialize(krb5_context context,
krb5_storage_free(sp); krb5_storage_free(sp);
} }
if(close(fd) < 0) if(close(fd) < 0)
if (ret == 0) if (ret == 0) {
ret = errno; ret = errno;
krb5_set_error_string (context, "close %s: %s", filename,
strerror(ret));
}
return ret; return ret;
} }
@@ -315,8 +326,10 @@ fcc_store_cred(krb5_context context,
krb5_storage_free(sp); krb5_storage_free(sp);
} }
if (close(fd) < 0) if (close(fd) < 0)
if (ret == 0) if (ret == 0) {
ret = errno; ret = errno;
krb5_set_error_string (context, "close %s: %s", f, strerror(ret));
}
return ret; return ret;
} }
@@ -354,8 +367,10 @@ init_fcc (krb5_context context,
} }
sp = krb5_storage_from_fd(fd); sp = krb5_storage_from_fd(fd);
ret = krb5_ret_int8(sp, &pvno); ret = krb5_ret_int8(sp, &pvno);
if(ret == KRB5_CC_END) if(ret == KRB5_CC_END) {
return ENOENT; return ENOENT;
}
if(ret) if(ret)
return ret; return ret;
if(pvno != 5) { if(pvno != 5) {

6
lib/krb5/generate_subkey.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -43,8 +43,10 @@ krb5_generate_subkey(krb5_context context,
krb5_error_code ret; krb5_error_code ret;
ALLOC(*subkey, 1); ALLOC(*subkey, 1);
if (*subkey == NULL) if (*subkey == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
ret = krb5_generate_random_keyblock(context, key->keytype, *subkey); ret = krb5_generate_random_keyblock(context, key->keytype, *subkey);
if(ret) if(ret)
free(*subkey); free(*subkey);

47
lib/krb5/get_addrs.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -46,30 +46,39 @@ struct mbuf;
#include <ifaddrs.h> #include <ifaddrs.h>
static krb5_error_code static krb5_error_code
gethostname_fallback (krb5_addresses *res) gethostname_fallback (krb5_context context, krb5_addresses *res)
{ {
krb5_error_code err; krb5_error_code ret;
char hostname[MAXHOSTNAMELEN]; char hostname[MAXHOSTNAMELEN];
struct hostent *hostent; struct hostent *hostent;
if (gethostname (hostname, sizeof(hostname))) if (gethostname (hostname, sizeof(hostname))) {
return errno; ret = errno;
krb5_set_error_string (context, "gethostname: %s", strerror(ret));
return ret;
}
hostent = roken_gethostbyname (hostname); hostent = roken_gethostbyname (hostname);
if (hostent == NULL) if (hostent == NULL) {
return errno; ret = errno;
krb5_set_error_string (context, "gethostbyname %s: %s",
hostname, strerror(ret));
return ret;
}
res->len = 1; res->len = 1;
res->val = malloc (sizeof(*res->val)); res->val = malloc (sizeof(*res->val));
if (res->val == NULL) if (res->val == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
res->val[0].addr_type = hostent->h_addrtype; res->val[0].addr_type = hostent->h_addrtype;
res->val[0].address.data = NULL; res->val[0].address.data = NULL;
res->val[0].address.length = 0; res->val[0].address.length = 0;
err = krb5_data_copy (&res->val[0].address, ret = krb5_data_copy (&res->val[0].address,
hostent->h_addr, hostent->h_addr,
hostent->h_length); hostent->h_length);
if (err) { if (ret) {
free (res->val); free (res->val);
return err; return ret;
} }
return 0; return 0;
} }
@@ -96,8 +105,11 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags)
res->val = NULL; res->val = NULL;
if (getifaddrs(&ifa0) == -1) if (getifaddrs(&ifa0) == -1) {
return (errno); ret = errno;
krb5_set_error_string(context, "getifaddrs: %s", strerror(ret));
return (ret);
}
memset(&sa_zero, 0, sizeof(sa_zero)); memset(&sa_zero, 0, sizeof(sa_zero));
@@ -107,6 +119,7 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags)
if (num == 0) { if (num == 0) {
freeifaddrs(ifa0); freeifaddrs(ifa0);
krb5_set_error_string(context, "no addresses found");
return (ENXIO); return (ENXIO);
} }
@@ -114,6 +127,7 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags)
res->val = calloc(num, sizeof(*res->val)); res->val = calloc(num, sizeof(*res->val));
if (res->val == NULL) { if (res->val == NULL) {
freeifaddrs(ifa0); freeifaddrs(ifa0);
krb5_set_error_string (context, "malloc: out of memory");
return (ENOMEM); return (ENOMEM);
} }
@@ -132,7 +146,7 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags)
continue; continue;
} }
ret = krb5_sockaddr2address(ifa->ifa_addr, &res->val[idx]); ret = krb5_sockaddr2address(context, ifa->ifa_addr, &res->val[idx]);
if (ret) { if (ret) {
/* /*
* The most likely error here is going to be "Program * The most likely error here is going to be "Program
@@ -159,7 +173,8 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags)
continue; continue;
if ((ifa->ifa_flags & IFF_LOOPBACK) != 0) { if ((ifa->ifa_flags & IFF_LOOPBACK) != 0) {
ret = krb5_sockaddr2address(ifa->ifa_addr, &res->val[idx]); ret = krb5_sockaddr2address(context,
ifa->ifa_addr, &res->val[idx]);
if (ret) { if (ret) {
/* /*
* See comment above. * See comment above.
@@ -187,7 +202,7 @@ get_addrs_int (krb5_context context, krb5_addresses *res, int flags)
if (flags & SCAN_INTERFACES) { if (flags & SCAN_INTERFACES) {
ret = find_all_addresses (context, res, flags); ret = find_all_addresses (context, res, flags);
if(ret || res->len == 0) if(ret || res->len == 0)
ret = gethostname_fallback (res); ret = gethostname_fallback (context, res);
} else } else
ret = 0; ret = 0;

70
lib/krb5/get_cred.c
View File

@@ -56,8 +56,10 @@ make_pa_tgs_req(krb5_context context,
buf_size = 1024; buf_size = 1024;
buf = malloc (buf_size); buf = malloc (buf_size);
if (buf == NULL) if (buf == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
do { do {
ret = encode_KDC_REQ_BODY(buf + buf_size - 1, buf_size, ret = encode_KDC_REQ_BODY(buf + buf_size - 1, buf_size,
@@ -69,6 +71,7 @@ make_pa_tgs_req(krb5_context context,
buf_size *= 2; buf_size *= 2;
tmp = realloc (buf, buf_size); tmp = realloc (buf, buf_size);
if (tmp == NULL) { if (tmp == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
goto out; goto out;
} }
@@ -112,8 +115,10 @@ set_auth_data (krb5_context context,
len = length_AuthorizationData(authdata); len = length_AuthorizationData(authdata);
buf = malloc(len); buf = malloc(len);
if (buf == NULL) if (buf == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
ret = encode_AuthorizationData(buf + len - 1, ret = encode_AuthorizationData(buf + len - 1,
len, authdata, &len); len, authdata, &len);
if (ret) { if (ret) {
@@ -124,7 +129,8 @@ set_auth_data (krb5_context context,
ALLOC(req_body->enc_authorization_data, 1); ALLOC(req_body->enc_authorization_data, 1);
if (req_body->enc_authorization_data == NULL) { if (req_body->enc_authorization_data == NULL) {
free (buf); free (buf);
return ret; krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
} }
ret = krb5_crypto_init(context, key, 0, &crypto); ret = krb5_crypto_init(context, key, 0, &crypto);
if (ret) { if (ret) {
@@ -193,6 +199,7 @@ init_tgs_req (krb5_context context,
ALLOC(t->req_body.sname, 1); ALLOC(t->req_body.sname, 1);
if (t->req_body.sname == NULL) { if (t->req_body.sname == NULL) {
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto fail; goto fail;
} }
@@ -208,6 +215,7 @@ init_tgs_req (krb5_context context,
ALLOC(t->req_body.till, 1); ALLOC(t->req_body.till, 1);
if(t->req_body.till == NULL){ if(t->req_body.till == NULL){
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto fail; goto fail;
} }
*t->req_body.till = in_creds->times.endtime; *t->req_body.till = in_creds->times.endtime;
@@ -217,11 +225,13 @@ init_tgs_req (krb5_context context,
ALLOC(t->req_body.additional_tickets, 1); ALLOC(t->req_body.additional_tickets, 1);
if (t->req_body.additional_tickets == NULL) { if (t->req_body.additional_tickets == NULL) {
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto fail; goto fail;
} }
ALLOC_SEQ(t->req_body.additional_tickets, 1); ALLOC_SEQ(t->req_body.additional_tickets, 1);
if (t->req_body.additional_tickets->val == NULL) { if (t->req_body.additional_tickets->val == NULL) {
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto fail; goto fail;
} }
ret = copy_Ticket(second_ticket, t->req_body.additional_tickets->val); ret = copy_Ticket(second_ticket, t->req_body.additional_tickets->val);
@@ -231,11 +241,13 @@ init_tgs_req (krb5_context context,
ALLOC(t->padata, 1); ALLOC(t->padata, 1);
if (t->padata == NULL) { if (t->padata == NULL) {
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto fail; goto fail;
} }
ALLOC_SEQ(t->padata, 1); ALLOC_SEQ(t->padata, 1);
if (t->padata->val == NULL) { if (t->padata->val == NULL) {
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto fail; goto fail;
} }
@@ -422,6 +434,7 @@ get_cred_kdc_usage(krb5_context context,
buf_size = 1024; buf_size = 1024;
buf = malloc (buf_size); buf = malloc (buf_size);
if (buf == NULL) { if (buf == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
goto out; goto out;
} }
@@ -436,6 +449,7 @@ get_cred_kdc_usage(krb5_context context,
buf_size *= 2; buf_size *= 2;
tmp = realloc (buf, buf_size); tmp = realloc (buf, buf_size);
if (tmp == NULL) { if (tmp == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
goto out; goto out;
} }
@@ -493,13 +507,16 @@ get_cred_kdc_usage(krb5_context context,
krb5_free_kdc_rep(context, &rep); krb5_free_kdc_rep(context, &rep);
if (ret) if (ret)
goto out; goto out;
}else if(krb5_rd_error(context, &resp, &error) == 0){ } else if(krb5_rd_error(context, &resp, &error) == 0) {
ret = error.error_code; ret = krb5_error_from_rd_error(context, &error, in_creds);
free_KRB_ERROR(&error); krb5_free_error_contents(context, &error);
}else if(resp.data && ((char*)resp.data)[0] == 4) } else if(resp.data && ((char*)resp.data)[0] == 4) {
ret = KRB5KRB_AP_ERR_V4_REPLY; ret = KRB5KRB_AP_ERR_V4_REPLY;
else krb5_clear_error_string(context);
} else {
ret = KRB5KRB_AP_ERR_MSG_TYPE; ret = KRB5KRB_AP_ERR_MSG_TYPE;
krb5_clear_error_string(context);
}
krb5_data_free(&resp); krb5_data_free(&resp);
out: out:
if(subkey){ if(subkey){
@@ -525,9 +542,11 @@ get_cred_kdc(krb5_context context,
ret = get_cred_kdc_usage(context, id, flags, addresses, in_creds, ret = get_cred_kdc_usage(context, id, flags, addresses, in_creds,
krbtgt, out_creds, KRB5_KU_TGS_REQ_AUTH); krbtgt, out_creds, KRB5_KU_TGS_REQ_AUTH);
if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
krb5_clear_error_string (context);
ret = get_cred_kdc_usage(context, id, flags, addresses, in_creds, ret = get_cred_kdc_usage(context, id, flags, addresses, in_creds,
krbtgt, out_creds, KRB5_KU_AP_REQ_AUTH); krbtgt, out_creds, KRB5_KU_AP_REQ_AUTH);
}
return ret; return ret;
} }
@@ -560,9 +579,12 @@ krb5_get_kdc_cred(krb5_context context,
{ {
krb5_error_code ret; krb5_error_code ret;
krb5_creds *krbtgt; krb5_creds *krbtgt;
*out_creds = calloc(1, sizeof(**out_creds)); *out_creds = calloc(1, sizeof(**out_creds));
if(*out_creds == NULL) if(*out_creds == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
ret = get_krbtgt (context, ret = get_krbtgt (context,
id, id,
in_creds->server->realm, in_creds->server->realm,
@@ -602,6 +624,7 @@ find_cred(krb5_context context,
} }
tgts++; tgts++;
} }
krb5_clear_error_string(context);
return KRB5_CC_NOTFOUND; return KRB5_CC_NOTFOUND;
} }
@@ -611,10 +634,13 @@ add_cred(krb5_context context, krb5_creds ***tgts, krb5_creds *tkt)
int i; int i;
krb5_error_code ret; krb5_error_code ret;
krb5_creds **tmp = *tgts; krb5_creds **tmp = *tgts;
for(i = 0; tmp && tmp[i]; i++); /* XXX */ for(i = 0; tmp && tmp[i]; i++); /* XXX */
tmp = realloc(tmp, (i+2)*sizeof(*tmp)); tmp = realloc(tmp, (i+2)*sizeof(*tmp));
if(tmp == NULL) if(tmp == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
*tgts = tmp; *tgts = tmp;
ret = krb5_copy_creds(context, tkt, &tmp[i]); ret = krb5_copy_creds(context, tkt, &tmp[i]);
tmp[i+1] = NULL; tmp[i+1] = NULL;
@@ -679,9 +705,10 @@ get_cred_from_kdc_flags(krb5_context context,
*ret_tgts, &tgts); *ret_tgts, &tgts);
if(ret == 0){ if(ret == 0){
*out_creds = calloc(1, sizeof(**out_creds)); *out_creds = calloc(1, sizeof(**out_creds));
if(*out_creds == NULL) if(*out_creds == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
else { } else {
ret = get_cred_kdc_la(context, ccache, flags, ret = get_cred_kdc_la(context, ccache, flags,
in_creds, &tgts, *out_creds); in_creds, &tgts, *out_creds);
if (ret) { if (ret) {
@@ -695,8 +722,10 @@ get_cred_from_kdc_flags(krb5_context context,
return ret; return ret;
} }
} }
if(krb5_realm_compare(context, in_creds->client, in_creds->server)) if(krb5_realm_compare(context, in_creds->client, in_creds->server)) {
krb5_clear_error_string (context);
return KRB5_CC_NOTFOUND; return KRB5_CC_NOTFOUND;
}
/* XXX this can loop forever */ /* XXX this can loop forever */
while(1){ while(1){
general_string tgt_inst; general_string tgt_inst;
@@ -736,9 +765,10 @@ get_cred_from_kdc_flags(krb5_context context,
krb5_free_principal(context, tmp_creds.server); krb5_free_principal(context, tmp_creds.server);
krb5_free_principal(context, tmp_creds.client); krb5_free_principal(context, tmp_creds.client);
*out_creds = calloc(1, sizeof(**out_creds)); *out_creds = calloc(1, sizeof(**out_creds));
if(*out_creds == NULL) if(*out_creds == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
else { } else {
ret = get_cred_kdc_la(context, ccache, flags, ret = get_cred_kdc_la(context, ccache, flags,
in_creds, tgt, *out_creds); in_creds, tgt, *out_creds);
if (ret) { if (ret) {
@@ -791,8 +821,10 @@ krb5_get_credentials_with_flags(krb5_context context,
*out_creds = NULL; *out_creds = NULL;
res_creds = calloc(1, sizeof(*res_creds)); res_creds = calloc(1, sizeof(*res_creds));
if (res_creds == NULL) if (res_creds == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
ret = krb5_cc_retrieve_cred(context, ret = krb5_cc_retrieve_cred(context,
ccache, ccache,
@@ -806,8 +838,10 @@ krb5_get_credentials_with_flags(krb5_context context,
free(res_creds); free(res_creds);
if(ret != KRB5_CC_END) if(ret != KRB5_CC_END)
return ret; return ret;
if(options & KRB5_GC_CACHED) if(options & KRB5_GC_CACHED) {
krb5_clear_error_string (context);
return KRB5_CC_NOTFOUND; return KRB5_CC_NOTFOUND;
}
if(options & KRB5_GC_USER_USER) if(options & KRB5_GC_USER_USER)
flags.b.enc_tkt_in_skey = 1; flags.b.enc_tkt_in_skey = 1;
tgts = NULL; tgts = NULL;

7
lib/krb5/get_default_principal.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 1999, 2001 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -86,8 +86,11 @@ krb5_get_default_principal (krb5_context context,
if(user == NULL) if(user == NULL)
user = getlogin(); user = getlogin();
} }
if(user == NULL) if(user == NULL) {
krb5_set_error_string(context,
"unable to figure out current principal");
return ENOTTY; /* XXX */ return ENOTTY; /* XXX */
}
ret = krb5_make_principal(context, princ, NULL, user, NULL); ret = krb5_make_principal(context, princ, NULL, user, NULL);
} }

6
lib/krb5/get_default_realm.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -73,8 +73,10 @@ krb5_get_default_realm(krb5_context context,
} }
res = strdup (context->default_realms[0]); res = strdup (context->default_realms[0]);
if (res == NULL) if (res == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
*realm = res; *realm = res;
return 0; return 0;
} }

26
lib/krb5/get_for_creds.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -53,6 +53,7 @@ add_addrs(krb5_context context,
addr->len += n; addr->len += n;
tmp = realloc(addr->val, addr->len * sizeof(*addr->val)); tmp = realloc(addr->val, addr->len * sizeof(*addr->val));
if (tmp == NULL) { if (tmp == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
goto fail; goto fail;
} }
@@ -62,10 +63,12 @@ add_addrs(krb5_context context,
krb5_data_zero(&addr->val[i].address); krb5_data_zero(&addr->val[i].address);
} }
for (a = ai; a != NULL; a = a->ai_next) { for (a = ai; a != NULL; a = a->ai_next) {
ret = krb5_sockaddr2address (a->ai_addr, &addr->val[i]); ret = krb5_sockaddr2address (context, a->ai_addr, &addr->val[i]);
if (ret == 0) if (ret == 0)
++i; ++i;
else if (ret != KRB5_PROG_ATYPE_NOSUPP) else if (ret == KRB5_PROG_ATYPE_NOSUPP)
krb5_clear_error_string (context);
else
goto fail; goto fail;
} }
addr->len = i; addr->len = i;
@@ -143,8 +146,11 @@ krb5_get_forwarded_creds (krb5_context context,
addrs.val = NULL; addrs.val = NULL;
ret = getaddrinfo (hostname, NULL, NULL, &ai); ret = getaddrinfo (hostname, NULL, NULL, &ai);
if (ret) if (ret) {
krb5_set_error_string(context, "resolving %s: %s",
hostname, gai_strerror(ret));
return krb5_eai_to_heim_errno(ret); return krb5_eai_to_heim_errno(ret);
}
ret = add_addrs (context, &addrs, ai); ret = add_addrs (context, &addrs, ai);
freeaddrinfo (ai); freeaddrinfo (ai);
@@ -171,6 +177,7 @@ krb5_get_forwarded_creds (krb5_context context,
ALLOC_SEQ(&cred.tickets, 1); ALLOC_SEQ(&cred.tickets, 1);
if (cred.tickets.val == NULL) { if (cred.tickets.val == NULL) {
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto out2; goto out2;
} }
ret = decode_Ticket(out_creds->ticket.data, ret = decode_Ticket(out_creds->ticket.data,
@@ -183,6 +190,7 @@ krb5_get_forwarded_creds (krb5_context context,
ALLOC_SEQ(&enc_krb_cred_part.ticket_info, 1); ALLOC_SEQ(&enc_krb_cred_part.ticket_info, 1);
if (enc_krb_cred_part.ticket_info.val == NULL) { if (enc_krb_cred_part.ticket_info.val == NULL) {
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto out4; goto out4;
} }
@@ -191,18 +199,21 @@ krb5_get_forwarded_creds (krb5_context context,
ALLOC(enc_krb_cred_part.timestamp, 1); ALLOC(enc_krb_cred_part.timestamp, 1);
if (enc_krb_cred_part.timestamp == NULL) { if (enc_krb_cred_part.timestamp == NULL) {
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto out4; goto out4;
} }
*enc_krb_cred_part.timestamp = sec; *enc_krb_cred_part.timestamp = sec;
ALLOC(enc_krb_cred_part.usec, 1); ALLOC(enc_krb_cred_part.usec, 1);
if (enc_krb_cred_part.usec == NULL) { if (enc_krb_cred_part.usec == NULL) {
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto out4; goto out4;
} }
*enc_krb_cred_part.usec = usec; *enc_krb_cred_part.usec = usec;
if (auth_context->local_address && auth_context->local_port) { if (auth_context->local_address && auth_context->local_port) {
ret = krb5_make_addrport (&enc_krb_cred_part.s_address, ret = krb5_make_addrport (context,
&enc_krb_cred_part.s_address,
auth_context->local_address, auth_context->local_address,
auth_context->local_port); auth_context->local_port);
if (ret) if (ret)
@@ -213,6 +224,7 @@ krb5_get_forwarded_creds (krb5_context context,
ALLOC(enc_krb_cred_part.r_address, 1); ALLOC(enc_krb_cred_part.r_address, 1);
if (enc_krb_cred_part.r_address == NULL) { if (enc_krb_cred_part.r_address == NULL) {
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto out4; goto out4;
} }
@@ -288,8 +300,10 @@ krb5_get_forwarded_creds (krb5_context context,
return ret; return ret;
out_data->length = len; out_data->length = len;
out_data->data = malloc(len); out_data->data = malloc(len);
if (out_data->data == NULL) if (out_data->data == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
memcpy (out_data->data, buf + sizeof(buf) - len, len); memcpy (out_data->data, buf + sizeof(buf) - len, len);
return 0; return 0;
out4: out4:

6
lib/krb5/get_host_realm.c
View File

@@ -161,18 +161,22 @@ krb5_get_host_realm_int (krb5_context context,
if(p != NULL) { if(p != NULL) {
p++; p++;
*realms = malloc(2 * sizeof(krb5_realm)); *realms = malloc(2 * sizeof(krb5_realm));
if (*realms == NULL) if (*realms == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
(*realms)[0] = strdup(p); (*realms)[0] = strdup(p);
if((*realms)[0] == NULL) { if((*realms)[0] == NULL) {
free(*realms); free(*realms);
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
strupr((*realms)[0]); strupr((*realms)[0]);
(*realms)[1] = NULL; (*realms)[1] = NULL;
return 0; return 0;
} }
krb5_set_error_string(context, "unable to find realm of host %s", host);
return KRB5_ERR_HOST_REALM_UNKNOWN; return KRB5_ERR_HOST_REALM_UNKNOWN;
} }

61
lib/krb5/get_in_tkt.c
View File

@@ -61,6 +61,7 @@ krb5_init_etype (krb5_context context,
*val = malloc(i * sizeof(int)); *val = malloc(i * sizeof(int));
if (i != 0 && *val == NULL) { if (i != 0 && *val == NULL) {
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto cleanup; goto cleanup;
} }
memmove (*val, memmove (*val,
@@ -148,6 +149,7 @@ _krb5_extract_ticket(krb5_context context,
tmp = krb5_principal_compare (context, tmp_principal, creds->client); tmp = krb5_principal_compare (context, tmp_principal, creds->client);
if (!tmp) { if (!tmp) {
krb5_free_principal (context, tmp_principal); krb5_free_principal (context, tmp_principal);
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_MODIFIED; ret = KRB5KRB_AP_ERR_MODIFIED;
goto out; goto out;
} }
@@ -163,6 +165,7 @@ _krb5_extract_ticket(krb5_context context,
len = length_Ticket(&rep->kdc_rep.ticket); len = length_Ticket(&rep->kdc_rep.ticket);
buf = malloc(len); buf = malloc(len);
if(buf == NULL) { if(buf == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
goto out; goto out;
} }
@@ -189,6 +192,7 @@ _krb5_extract_ticket(krb5_context context,
krb5_free_principal (context, tmp_principal); krb5_free_principal (context, tmp_principal);
if (!tmp) { if (!tmp) {
ret = KRB5KRB_AP_ERR_MODIFIED; ret = KRB5KRB_AP_ERR_MODIFIED;
krb5_clear_error_string (context);
goto out; goto out;
} }
} }
@@ -213,6 +217,7 @@ _krb5_extract_ticket(krb5_context context,
if (nonce != rep->enc_part.nonce) { if (nonce != rep->enc_part.nonce) {
ret = KRB5KRB_AP_ERR_MODIFIED; ret = KRB5KRB_AP_ERR_MODIFIED;
krb5_set_error_string(context, "malloc: out of memory");
goto out; goto out;
} }
@@ -238,11 +243,16 @@ _krb5_extract_ticket(krb5_context context,
if (creds->times.starttime == 0 if (creds->times.starttime == 0
&& abs(tmp_time - sec_now) > context->max_skew) { && abs(tmp_time - sec_now) > context->max_skew) {
ret = KRB5KRB_AP_ERR_SKEW; ret = KRB5KRB_AP_ERR_SKEW;
krb5_set_error_string (context,
"time skew (%d) larger than max (%d)",
abs(tmp_time - sec_now),
(int)context->max_skew);
goto out; goto out;
} }
if (creds->times.starttime != 0 if (creds->times.starttime != 0
&& tmp_time != creds->times.starttime) { && tmp_time != creds->times.starttime) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_MODIFIED; ret = KRB5KRB_AP_ERR_MODIFIED;
goto out; goto out;
} }
@@ -256,6 +266,7 @@ _krb5_extract_ticket(krb5_context context,
if (creds->times.renew_till != 0 if (creds->times.renew_till != 0
&& tmp_time > creds->times.renew_till) { && tmp_time > creds->times.renew_till) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_MODIFIED; ret = KRB5KRB_AP_ERR_MODIFIED;
goto out; goto out;
} }
@@ -266,6 +277,7 @@ _krb5_extract_ticket(krb5_context context,
if (creds->times.endtime != 0 if (creds->times.endtime != 0
&& rep->enc_part.endtime > creds->times.endtime) { && rep->enc_part.endtime > creds->times.endtime) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_MODIFIED; ret = KRB5KRB_AP_ERR_MODIFIED;
goto out; goto out;
} }
@@ -380,8 +392,10 @@ add_padata(krb5_context context,
netypes++; netypes++;
} }
pa2 = realloc (md->val, (md->len + netypes) * sizeof(*md->val)); pa2 = realloc (md->val, (md->len + netypes) * sizeof(*md->val));
if (pa2 == NULL) if (pa2 == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
md->val = pa2; md->val = pa2;
for (i = 0; i < netypes; ++i) { for (i = 0; i < netypes; ++i) {
@@ -426,11 +440,13 @@ init_as_req (krb5_context context,
a->req_body.cname = malloc(sizeof(*a->req_body.cname)); a->req_body.cname = malloc(sizeof(*a->req_body.cname));
if (a->req_body.cname == NULL) { if (a->req_body.cname == NULL) {
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto fail; goto fail;
} }
a->req_body.sname = malloc(sizeof(*a->req_body.sname)); a->req_body.sname = malloc(sizeof(*a->req_body.sname));
if (a->req_body.sname == NULL) { if (a->req_body.sname == NULL) {
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto fail; goto fail;
} }
ret = krb5_principal2principalname (a->req_body.cname, creds->client); ret = krb5_principal2principalname (a->req_body.cname, creds->client);
@@ -447,6 +463,7 @@ init_as_req (krb5_context context,
a->req_body.from = malloc(sizeof(*a->req_body.from)); a->req_body.from = malloc(sizeof(*a->req_body.from));
if (a->req_body.from == NULL) { if (a->req_body.from == NULL) {
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto fail; goto fail;
} }
*a->req_body.from = creds->times.starttime; *a->req_body.from = creds->times.starttime;
@@ -459,6 +476,7 @@ init_as_req (krb5_context context,
a->req_body.rtime = malloc(sizeof(*a->req_body.rtime)); a->req_body.rtime = malloc(sizeof(*a->req_body.rtime));
if (a->req_body.rtime == NULL) { if (a->req_body.rtime == NULL) {
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto fail; goto fail;
} }
*a->req_body.rtime = creds->times.renew_till; *a->req_body.rtime = creds->times.renew_till;
@@ -481,6 +499,7 @@ init_as_req (krb5_context context,
a->req_body.addresses = malloc(sizeof(*a->req_body.addresses)); a->req_body.addresses = malloc(sizeof(*a->req_body.addresses));
if (a->req_body.addresses == NULL) { if (a->req_body.addresses == NULL) {
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto fail; goto fail;
} }
@@ -500,6 +519,7 @@ init_as_req (krb5_context context,
ALLOC(a->padata, 1); ALLOC(a->padata, 1);
if(a->padata == NULL) { if(a->padata == NULL) {
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto fail; goto fail;
} }
for(i = 0; i < preauth->len; i++) { for(i = 0; i < preauth->len; i++) {
@@ -511,6 +531,7 @@ init_as_req (krb5_context context,
sizeof(*a->padata->val)); sizeof(*a->padata->val));
if(tmp == NULL) { if(tmp == NULL) {
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto fail; goto fail;
} }
a->padata->val = tmp; a->padata->val = tmp;
@@ -542,6 +563,7 @@ init_as_req (krb5_context context,
ALLOC(a->padata, 1); ALLOC(a->padata, 1);
if (a->padata == NULL) { if (a->padata == NULL) {
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto fail; goto fail;
} }
a->padata->len = 0; a->padata->len = 0;
@@ -559,6 +581,8 @@ init_as_req (krb5_context context,
key_proc, keyseed, a->req_body.etype.val, key_proc, keyseed, a->req_body.etype.val,
a->req_body.etype.len, &salt); a->req_body.etype.len, &salt);
} else { } else {
krb5_set_error_string (context, "pre-auth type %d not supported",
*ptypes);
ret = KRB5_PREAUTH_BAD_TYPE; ret = KRB5_PREAUTH_BAD_TYPE;
goto fail; goto fail;
} }
@@ -690,7 +714,7 @@ krb5_get_in_cred(krb5_context context,
ret = KRB5KRB_AP_ERR_V4_REPLY; ret = KRB5KRB_AP_ERR_V4_REPLY;
krb5_data_free(&resp); krb5_data_free(&resp);
if (ret2 == 0) { if (ret2 == 0) {
ret = error.error_code; ret = krb5_error_from_rd_error(context, &error, creds);
/* if no preauth was set and KDC requires it, give it /* if no preauth was set and KDC requires it, give it
one more try */ one more try */
if (!ptypes && !preauth if (!ptypes && !preauth
@@ -701,40 +725,9 @@ krb5_get_in_cred(krb5_context context,
&& set_ptypes(context, &error, &ptypes, &my_preauth)) { && set_ptypes(context, &error, &ptypes, &my_preauth)) {
done = 0; done = 0;
preauth = my_preauth; preauth = my_preauth;
free_KRB_ERROR(&error); krb5_free_error_contents(context, &error);
continue; continue;
} }
if (error.e_text != NULL) {
krb5_set_error_string(context, "%s", *error.e_text);
} else {
char clientname[256], servername[256];
krb5_unparse_name_fixed(context, creds->client,
clientname, sizeof(clientname));
krb5_unparse_name_fixed(context, creds->server,
servername, sizeof(servername));
switch (ret) {
case KRB5KDC_ERR_NAME_EXP :
krb5_set_error_string(context, "Client (%s) expired",
clientname);
break;
case KRB5KDC_ERR_SERVICE_EXP :
krb5_set_error_string(context, "Server (%s) expired",
servername);
break;
case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN :
krb5_set_error_string(context, "Client (%s) unknown",
clientname);
break;
case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN :
krb5_set_error_string(context, "Server (%s) unknown",
servername);
break;
default :
;
}
}
if(ret_as_reply) if(ret_as_reply)
ret_as_reply->error = error; ret_as_reply->error = error;
else else

7
lib/krb5/get_in_tkt_pw.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 1999 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -47,11 +47,14 @@ krb5_password_key_proc (krb5_context context,
char buf[BUFSIZ]; char buf[BUFSIZ];
*key = malloc (sizeof (**key)); *key = malloc (sizeof (**key));
if (*key == NULL) if (*key == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
if (password == NULL) { if (password == NULL) {
if(des_read_pw_string (buf, sizeof(buf), "Password: ", 0)) { if(des_read_pw_string (buf, sizeof(buf), "Password: ", 0)) {
free (*key); free (*key);
krb5_clear_error_string(context);
return KRB5_LIBOS_PWDINTR; return KRB5_LIBOS_PWDINTR;
} }
password = buf; password = buf;

6
lib/krb5/get_in_tkt_with_keytab.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 1998 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -82,8 +82,10 @@ krb5_get_in_tkt_with_keytab (krb5_context context,
krb5_keytab_key_proc_args *a; krb5_keytab_key_proc_args *a;
a = malloc(sizeof(*a)); a = malloc(sizeof(*a));
if (a == NULL) if (a == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
a->principal = creds->client; a->principal = creds->client;
a->keytab = keytab; a->keytab = keytab;

18
lib/krb5/init_creds_pw.c
View File

@@ -175,7 +175,7 @@ print_expire (krb5_context context,
7 * 24 * 60 * 60); 7 * 24 * 60 * 60);
for (i = 0; i < lr->len; ++i) { for (i = 0; i < lr->len; ++i) {
if (lr->val[i].lr_type == 6 if (abs(lr->val[i].lr_type) == LR_PW_EXPTIME
&& lr->val[i].lr_value <= t) { && lr->val[i].lr_value <= t) {
char *p; char *p;
time_t tmp = lr->val[i].lr_value; time_t tmp = lr->val[i].lr_value;
@@ -252,8 +252,10 @@ get_init_creds_common(krb5_context context,
if (options->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST) { if (options->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST) {
*etypes = malloc((options->etype_list_length + 1) *etypes = malloc((options->etype_list_length + 1)
* sizeof(krb5_enctype)); * sizeof(krb5_enctype));
if (*etypes == NULL) if (*etypes == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
memcpy (*etypes, options->etype_list, memcpy (*etypes, options->etype_list,
options->etype_list_length * sizeof(krb5_enctype)); options->etype_list_length * sizeof(krb5_enctype));
(*etypes)[options->etype_list_length] = ETYPE_NULL; (*etypes)[options->etype_list_length] = ETYPE_NULL;
@@ -261,8 +263,10 @@ get_init_creds_common(krb5_context context,
if (options->flags & KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST) { if (options->flags & KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST) {
*pre_auth_types = malloc((options->preauth_list_length + 1) *pre_auth_types = malloc((options->preauth_list_length + 1)
* sizeof(krb5_preauthtype)); * sizeof(krb5_preauthtype));
if (*pre_auth_types == NULL) if (*pre_auth_types == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
memcpy (*pre_auth_types, options->preauth_list, memcpy (*pre_auth_types, options->preauth_list,
options->preauth_list_length * sizeof(krb5_preauthtype)); options->preauth_list_length * sizeof(krb5_preauthtype));
(*pre_auth_types)[options->preauth_list_length] = KRB5_PADATA_NONE; (*pre_auth_types)[options->preauth_list_length] = KRB5_PADATA_NONE;
@@ -370,8 +374,10 @@ change_password (krb5_context context,
if (result_code == 0) { if (result_code == 0) {
strlcpy (newpw, buf1, newpw_sz); strlcpy (newpw, buf1, newpw_sz);
ret = 0; ret = 0;
} else } else {
krb5_set_error_string (context, "failed changing password");
ret = ENOTTY; ret = ENOTTY;
}
out: out:
memset (buf1, 0, sizeof(buf1)); memset (buf1, 0, sizeof(buf1));
@@ -429,6 +435,7 @@ krb5_get_init_creds_password(krb5_context context,
if (ret) { if (ret) {
memset (buf, 0, sizeof(buf)); memset (buf, 0, sizeof(buf));
ret = KRB5_LIBOS_PWDINTR; ret = KRB5_LIBOS_PWDINTR;
krb5_clear_error_string (context);
goto out; goto out;
} }
password = password_data.data; password = password_data.data;
@@ -456,6 +463,8 @@ krb5_get_init_creds_password(krb5_context context,
case KRB5KDC_ERR_KEY_EXPIRED : case KRB5KDC_ERR_KEY_EXPIRED :
/* try to avoid recursion */ /* try to avoid recursion */
krb5_clear_error_string (context);
if (in_tkt_service != NULL if (in_tkt_service != NULL
&& strcmp (in_tkt_service, "kadmin/changepw") == 0) && strcmp (in_tkt_service, "kadmin/changepw") == 0)
goto out; goto out;
@@ -533,6 +542,7 @@ krb5_get_init_creds_keytab(krb5_context context,
a = malloc (sizeof(*a)); a = malloc (sizeof(*a));
if (a == NULL) { if (a == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
goto out; goto out;
} }

6
lib/krb5/keyblock.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -72,8 +72,10 @@ krb5_copy_keyblock (krb5_context context,
krb5_keyblock *k; krb5_keyblock *k;
k = malloc (sizeof(*k)); k = malloc (sizeof(*k));
if (k == NULL) if (k == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
*to = k; *to = k;
return krb5_copy_keyblock_contents (context, inblock, k); return krb5_copy_keyblock_contents (context, inblock, k);
} }

29
lib/krb5/keytab.c
View File

@@ -48,8 +48,10 @@ krb5_kt_register(krb5_context context,
tmp = realloc(context->kt_types, tmp = realloc(context->kt_types,
(context->num_kt_types + 1) * sizeof(*context->kt_types)); (context->num_kt_types + 1) * sizeof(*context->kt_types));
if(tmp == NULL) if(tmp == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
memcpy(&tmp[context->num_kt_types], ops, memcpy(&tmp[context->num_kt_types], ops,
sizeof(tmp[context->num_kt_types])); sizeof(tmp[context->num_kt_types]));
context->kt_types = tmp; context->kt_types = tmp;
@@ -96,8 +98,10 @@ krb5_kt_resolve(krb5_context context,
} }
k = malloc (sizeof(*k)); k = malloc (sizeof(*k));
if (k == NULL) if (k == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
memcpy(k, &context->kt_types[i], sizeof(*k)); memcpy(k, &context->kt_types[i], sizeof(*k));
k->data = NULL; k->data = NULL;
ret = (*k->resolve)(context, residual, k); ret = (*k->resolve)(context, residual, k);
@@ -117,8 +121,10 @@ krb5_kt_resolve(krb5_context context,
krb5_error_code krb5_error_code
krb5_kt_default_name(krb5_context context, char *name, size_t namesize) krb5_kt_default_name(krb5_context context, char *name, size_t namesize)
{ {
if (strlcpy (name, context->default_keytab, namesize) >= namesize) if (strlcpy (name, context->default_keytab, namesize) >= namesize) {
krb5_clear_error_string (context);
return KRB5_CONFIG_NOTENUFSPACE; return KRB5_CONFIG_NOTENUFSPACE;
}
return 0; return 0;
} }
@@ -130,8 +136,10 @@ krb5_kt_default_name(krb5_context context, char *name, size_t namesize)
krb5_error_code krb5_error_code
krb5_kt_default_modify_name(krb5_context context, char *name, size_t namesize) krb5_kt_default_modify_name(krb5_context context, char *name, size_t namesize)
{ {
if (strlcpy (name, context->default_keytab_modify, namesize) >= namesize) if (strlcpy (name, context->default_keytab_modify, namesize) >= namesize) {
krb5_clear_error_string (context);
return KRB5_CONFIG_NOTENUFSPACE; return KRB5_CONFIG_NOTENUFSPACE;
}
return 0; return 0;
} }
@@ -277,10 +285,19 @@ krb5_kt_get_entry(krb5_context context,
krb5_kt_free_entry(context, &tmp); krb5_kt_free_entry(context, &tmp);
} }
krb5_kt_end_seq_get (context, id, &cursor); krb5_kt_end_seq_get (context, id, &cursor);
if (entry->vno) if (entry->vno) {
return 0; return 0;
else } else {
char princ[256], kt_name[256];
krb5_unparse_name_fixed (context, principal, princ, sizeof(princ));
krb5_kt_get_name (context, id, kt_name, sizeof(kt_name));
krb5_set_error_string (context,
"failed to find %s in keytab %s",
princ, kt_name);
return KRB5_KT_NOTFOUND; return KRB5_KT_NOTFOUND;
}
} }
/* /*

14
lib/krb5/keytab_any.c
View File

@@ -70,6 +70,7 @@ any_resolve(krb5_context context, const char *name, krb5_keytab id)
a0 = a; a0 = a;
a->name = strdup(name); a->name = strdup(name);
if (a->name == NULL) { if (a->name == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
goto fail; goto fail;
} }
@@ -83,8 +84,10 @@ any_resolve(krb5_context context, const char *name, krb5_keytab id)
goto fail; goto fail;
prev = a; prev = a;
} }
if (a0 == NULL) if (a0 == NULL) {
krb5_set_error_string(context, "empty ANY: keytab");
return ENOENT; return ENOENT;
}
id->data = a0; id->data = a0;
return 0; return 0;
fail: fail:
@@ -128,8 +131,10 @@ any_start_seq_get(krb5_context context,
krb5_error_code ret; krb5_error_code ret;
c->data = malloc (sizeof(struct any_cursor_extra_data)); c->data = malloc (sizeof(struct any_cursor_extra_data));
if(c->data == NULL) if(c->data == NULL){
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
ed = (struct any_cursor_extra_data *)c->data; ed = (struct any_cursor_extra_data *)c->data;
ed->a = a; ed->a = a;
ret = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor); ret = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor);
@@ -137,6 +142,7 @@ any_start_seq_get(krb5_context context,
free (ed); free (ed);
free (c->data); free (c->data);
c->data = NULL; c->data = NULL;
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
return 0; return 0;
@@ -161,8 +167,10 @@ any_next_entry (krb5_context context,
if (ret2) if (ret2)
return ret2; return ret2;
ed->a = ed->a->next; ed->a = ed->a->next;
if (ed->a == NULL) if (ed->a == NULL) {
krb5_clear_error_string (context);
return KRB5_CC_END; return KRB5_CC_END;
}
ret2 = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor); ret2 = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor);
if (ret2) if (ret2)
return ret2; return ret2;

74
lib/krb5/keytab_file.c
View File

@@ -46,7 +46,8 @@ struct fkt_data {
}; };
static krb5_error_code static krb5_error_code
krb5_kt_ret_data(krb5_storage *sp, krb5_kt_ret_data(krb5_context context,
krb5_storage *sp,
krb5_data *data) krb5_data *data)
{ {
int ret; int ret;
@@ -56,8 +57,10 @@ krb5_kt_ret_data(krb5_storage *sp,
return ret; return ret;
data->length = size; data->length = size;
data->data = malloc(size); data->data = malloc(size);
if (data->data == NULL) if (data->data == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
ret = sp->fetch(sp, data->data, size); ret = sp->fetch(sp, data->data, size);
if(ret != size) if(ret != size)
return (ret < 0)? errno : KRB5_KT_END; return (ret < 0)? errno : KRB5_KT_END;
@@ -65,7 +68,8 @@ krb5_kt_ret_data(krb5_storage *sp,
} }
static krb5_error_code static krb5_error_code
krb5_kt_ret_string(krb5_storage *sp, krb5_kt_ret_string(krb5_context context,
krb5_storage *sp,
general_string *data) general_string *data)
{ {
int ret; int ret;
@@ -74,8 +78,10 @@ krb5_kt_ret_string(krb5_storage *sp,
if(ret) if(ret)
return ret; return ret;
*data = malloc(size + 1); *data = malloc(size + 1);
if (*data == NULL) if (*data == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
ret = sp->fetch(sp, *data, size); ret = sp->fetch(sp, *data, size);
(*data)[size] = '\0'; (*data)[size] = '\0';
if(ret != size) if(ret != size)
@@ -84,7 +90,8 @@ krb5_kt_ret_string(krb5_storage *sp,
} }
static krb5_error_code static krb5_error_code
krb5_kt_store_data(krb5_storage *sp, krb5_kt_store_data(krb5_context context,
krb5_storage *sp,
krb5_data data) krb5_data data)
{ {
int ret; int ret;
@@ -119,7 +126,7 @@ krb5_kt_store_string(krb5_storage *sp,
} }
static krb5_error_code static krb5_error_code
krb5_kt_ret_keyblock(krb5_storage *sp, krb5_keyblock *p) krb5_kt_ret_keyblock(krb5_context context, krb5_storage *sp, krb5_keyblock *p)
{ {
int ret; int ret;
int16_t tmp; int16_t tmp;
@@ -127,25 +134,27 @@ krb5_kt_ret_keyblock(krb5_storage *sp, krb5_keyblock *p)
ret = krb5_ret_int16(sp, &tmp); /* keytype + etype */ ret = krb5_ret_int16(sp, &tmp); /* keytype + etype */
if(ret) return ret; if(ret) return ret;
p->keytype = tmp; p->keytype = tmp;
ret = krb5_kt_ret_data(sp, &p->keyvalue); ret = krb5_kt_ret_data(context, sp, &p->keyvalue);
return ret; return ret;
} }
static krb5_error_code static krb5_error_code
krb5_kt_store_keyblock(krb5_storage *sp, krb5_kt_store_keyblock(krb5_context context,
krb5_storage *sp,
krb5_keyblock *p) krb5_keyblock *p)
{ {
int ret; int ret;
ret = krb5_store_int16(sp, p->keytype); /* keytype + etype */ ret = krb5_store_int16(sp, p->keytype); /* keytype + etype */
if(ret) return ret; if(ret) return ret;
ret = krb5_kt_store_data(sp, p->keyvalue); ret = krb5_kt_store_data(context, sp, p->keyvalue);
return ret; return ret;
} }
static krb5_error_code static krb5_error_code
krb5_kt_ret_principal(krb5_storage *sp, krb5_kt_ret_principal(krb5_context context,
krb5_storage *sp,
krb5_principal *princ) krb5_principal *princ)
{ {
int i; int i;
@@ -154,8 +163,10 @@ krb5_kt_ret_principal(krb5_storage *sp,
int16_t tmp; int16_t tmp;
ALLOC(p, 1); ALLOC(p, 1);
if(p == NULL) if(p == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
ret = krb5_ret_int16(sp, &tmp); ret = krb5_ret_int16(sp, &tmp);
if(ret) if(ret)
@@ -163,15 +174,19 @@ krb5_kt_ret_principal(krb5_storage *sp,
if (sp->flags & KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS) if (sp->flags & KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS)
tmp--; tmp--;
p->name.name_string.len = tmp; p->name.name_string.len = tmp;
ret = krb5_kt_ret_string(sp, &p->realm); ret = krb5_kt_ret_string(context, sp, &p->realm);
if(ret) return ret; if(ret)
return ret;
p->name.name_string.val = calloc(p->name.name_string.len, p->name.name_string.val = calloc(p->name.name_string.len,
sizeof(*p->name.name_string.val)); sizeof(*p->name.name_string.val));
if(p->name.name_string.val == NULL) if(p->name.name_string.val == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
for(i = 0; i < p->name.name_string.len; i++){ for(i = 0; i < p->name.name_string.len; i++){
ret = krb5_kt_ret_string(sp, p->name.name_string.val + i); ret = krb5_kt_ret_string(context, sp, p->name.name_string.val + i);
if(ret) return ret; if(ret)
return ret;
} }
if (krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) if (krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE))
p->name.name_type = KRB5_NT_UNKNOWN; p->name.name_type = KRB5_NT_UNKNOWN;
@@ -187,7 +202,8 @@ krb5_kt_ret_principal(krb5_storage *sp,
} }
static krb5_error_code static krb5_error_code
krb5_kt_store_principal(krb5_storage *sp, krb5_kt_store_principal(krb5_context context,
krb5_storage *sp,
krb5_principal p) krb5_principal p)
{ {
int i; int i;
@@ -202,7 +218,8 @@ krb5_kt_store_principal(krb5_storage *sp,
if(ret) return ret; if(ret) return ret;
for(i = 0; i < p->name.name_string.len; i++){ for(i = 0; i < p->name.name_string.len; i++){
ret = krb5_kt_store_string(sp, p->name.name_string.val[i]); ret = krb5_kt_store_string(sp, p->name.name_string.val[i]);
if(ret) return ret; if(ret)
return ret;
} }
if(!krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) { if(!krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) {
ret = krb5_store_int32(sp, p->name.name_type); ret = krb5_store_int32(sp, p->name.name_type);
@@ -217,12 +234,16 @@ static krb5_error_code
fkt_resolve(krb5_context context, const char *name, krb5_keytab id) fkt_resolve(krb5_context context, const char *name, krb5_keytab id)
{ {
struct fkt_data *d; struct fkt_data *d;
d = malloc(sizeof(*d)); d = malloc(sizeof(*d));
if(d == NULL) if(d == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
d->filename = strdup(name); d->filename = strdup(name);
if(d->filename == NULL) { if(d->filename == NULL) {
free(d); free(d);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
id->data = d; id->data = d;
@@ -296,6 +317,7 @@ fkt_start_seq_get_int(krb5_context context,
if(pvno != 5) { if(pvno != 5) {
krb5_storage_free(c->sp); krb5_storage_free(c->sp);
close(c->fd); close(c->fd);
krb5_clear_error_string (context);
return KRB5_KEYTAB_BADVNO; return KRB5_KEYTAB_BADVNO;
} }
ret = krb5_ret_int8(c->sp, &tag); ret = krb5_ret_int8(c->sp, &tag);
@@ -340,7 +362,7 @@ loop:
pos = cursor->sp->seek(cursor->sp, -len, SEEK_CUR); pos = cursor->sp->seek(cursor->sp, -len, SEEK_CUR);
goto loop; goto loop;
} }
ret = krb5_kt_ret_principal (cursor->sp, &entry->principal); ret = krb5_kt_ret_principal (context, cursor->sp, &entry->principal);
if (ret) if (ret)
goto out; goto out;
ret = krb5_ret_int32(cursor->sp, &tmp32); ret = krb5_ret_int32(cursor->sp, &tmp32);
@@ -351,7 +373,7 @@ loop:
if (ret) if (ret)
goto out; goto out;
entry->vno = tmp8; entry->vno = tmp8;
ret = krb5_kt_ret_keyblock (cursor->sp, &entry->keyblock); ret = krb5_kt_ret_keyblock (context, cursor->sp, &entry->keyblock);
if (ret) if (ret)
goto out; goto out;
if(start) *start = pos; if(start) *start = pos;
@@ -429,6 +451,7 @@ fkt_add_entry(krb5_context context,
if(pvno != 5) { if(pvno != 5) {
krb5_storage_free(sp); krb5_storage_free(sp);
close(fd); close(fd);
krb5_clear_error_string (context);
return KRB5_KEYTAB_BADVNO; return KRB5_KEYTAB_BADVNO;
} }
ret = krb5_ret_int8 (sp, &tag); ret = krb5_ret_int8 (sp, &tag);
@@ -446,9 +469,10 @@ fkt_add_entry(krb5_context context,
emem = krb5_storage_emem(); emem = krb5_storage_emem();
if(emem == NULL) { if(emem == NULL) {
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string (context, "malloc: out of memory");
goto out; goto out;
} }
ret = krb5_kt_store_principal(emem, entry->principal); ret = krb5_kt_store_principal(context, emem, entry->principal);
if(ret) { if(ret) {
krb5_storage_free(emem); krb5_storage_free(emem);
goto out; goto out;
@@ -463,7 +487,7 @@ fkt_add_entry(krb5_context context,
krb5_storage_free(emem); krb5_storage_free(emem);
goto out; goto out;
} }
ret = krb5_kt_store_keyblock (emem, &entry->keyblock); ret = krb5_kt_store_keyblock (context, emem, &entry->keyblock);
if(ret) { if(ret) {
krb5_storage_free(emem); krb5_storage_free(emem);
goto out; goto out;
@@ -529,8 +553,10 @@ fkt_remove_entry(krb5_context context,
} }
} }
krb5_kt_end_seq_get(context, id, &cursor); krb5_kt_end_seq_get(context, id, &cursor);
if (!found) if (!found) {
krb5_clear_error_string (context);
return KRB5_KT_NOTFOUND; return KRB5_KT_NOTFOUND;
}
return 0; return 0;
} }

64
lib/krb5/keytab_keyfile.c
View File

@@ -63,16 +63,23 @@ struct akf_data {
*/ */
static int static int
get_cell_and_realm (struct akf_data *d) get_cell_and_realm (krb5_context context,
struct akf_data *d)
{ {
FILE *f; FILE *f;
char buf[BUFSIZ], *cp; char buf[BUFSIZ], *cp;
int ret;
f = fopen (AFS_SERVERTHISCELL, "r"); f = fopen (AFS_SERVERTHISCELL, "r");
if (f == NULL) if (f == NULL) {
return errno; ret = errno;
krb5_set_error_string (context, "open %s: %s", AFS_SERVERTHISCELL,
strerror(ret));
return ret;
}
if (fgets (buf, sizeof(buf), f) == NULL) { if (fgets (buf, sizeof(buf), f) == NULL) {
fclose (f); fclose (f);
krb5_set_error_string (context, "no cell in %s", AFS_SERVERTHISCELL);
return EINVAL; return EINVAL;
} }
if (buf[strlen(buf) - 1] == '\n') if (buf[strlen(buf) - 1] == '\n')
@@ -80,13 +87,17 @@ get_cell_and_realm (struct akf_data *d)
fclose(f); fclose(f);
d->cell = strdup (buf); d->cell = strdup (buf);
if (d->cell == NULL) if (d->cell == NULL) {
return errno; krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
f = fopen (AFS_SERVERMAGICKRBCONF, "r"); f = fopen (AFS_SERVERMAGICKRBCONF, "r");
if (f != NULL) { if (f != NULL) {
if (fgets (buf, sizeof(buf), f) == NULL) { if (fgets (buf, sizeof(buf), f) == NULL) {
fclose (f); fclose (f);
krb5_set_error_string (context, "no realm in %s",
AFS_SERVERMAGICKRBCONF);
return EINVAL; return EINVAL;
} }
if (buf[strlen(buf)-1] == '\n') if (buf[strlen(buf)-1] == '\n')
@@ -100,7 +111,8 @@ get_cell_and_realm (struct akf_data *d)
d->realm = strdup (buf); d->realm = strdup (buf);
if (d->realm == NULL) { if (d->realm == NULL) {
free (d->cell); free (d->cell);
return errno; krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
} }
return 0; return 0;
} }
@@ -115,11 +127,13 @@ akf_resolve(krb5_context context, const char *name, krb5_keytab id)
int ret; int ret;
struct akf_data *d = malloc(sizeof (struct akf_data)); struct akf_data *d = malloc(sizeof (struct akf_data));
if (d == NULL) if (d == NULL) {
return errno; krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
d->num_entries = 0; d->num_entries = 0;
ret = get_cell_and_realm (d); ret = get_cell_and_realm (context, d);
if (ret) { if (ret) {
free (d); free (d);
return ret; return ret;
@@ -129,6 +143,7 @@ akf_resolve(krb5_context context, const char *name, krb5_keytab id)
free (d->cell); free (d->cell);
free (d->realm); free (d->realm);
free (d); free (d);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
id->data = d; id->data = d;
@@ -180,14 +195,19 @@ akf_start_seq_get(krb5_context context,
struct akf_data *d = id->data; struct akf_data *d = id->data;
c->fd = open (d->filename, O_RDONLY|O_BINARY, 0600); c->fd = open (d->filename, O_RDONLY|O_BINARY, 0600);
if (c->fd < 0) if (c->fd < 0) {
return errno; ret = errno;
krb5_set_error_string(context, "open(%s): %s", d->filename,
strerror(ret));
return ret;
}
c->sp = krb5_storage_from_fd(c->fd); c->sp = krb5_storage_from_fd(c->fd);
ret = krb5_ret_int32(c->sp, &d->num_entries); ret = krb5_ret_int32(c->sp, &d->num_entries);
if(ret) { if(ret) {
krb5_storage_free(c->sp); krb5_storage_free(c->sp);
close(c->fd); close(c->fd);
krb5_clear_error_string (context);
if(ret == KRB5_CC_END) if(ret == KRB5_CC_END)
return KRB5_KT_NOTFOUND; return KRB5_KT_NOTFOUND;
return ret; return ret;
@@ -230,6 +250,7 @@ akf_next_entry(krb5_context context,
entry->keyblock.keyvalue.data = malloc (8); entry->keyblock.keyvalue.data = malloc (8);
if (entry->keyblock.keyvalue.data == NULL) { if (entry->keyblock.keyvalue.data == NULL) {
krb5_free_principal (context, entry->principal); krb5_free_principal (context, entry->principal);
krb5_set_error_string (context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
goto out; goto out;
} }
@@ -270,8 +291,12 @@ akf_add_entry(krb5_context context,
if (fd < 0) { if (fd < 0) {
fd = open (d->filename, fd = open (d->filename,
O_RDWR | O_BINARY | O_CREAT, 0600); O_RDWR | O_BINARY | O_CREAT, 0600);
if (fd < 0) if (fd < 0) {
return errno; ret = errno;
krb5_set_error_string(context, "open(%s): %s", d->filename,
strerror(ret));
return ret;
}
created = 1; created = 1;
} }
@@ -284,15 +309,18 @@ akf_add_entry(krb5_context context,
sp = krb5_storage_from_fd(fd); sp = krb5_storage_from_fd(fd);
if(sp == NULL) { if(sp == NULL) {
close(fd); close(fd);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
if (created) if (created)
len = 0; len = 0;
else { else {
if((*sp->seek)(sp, 0, SEEK_SET) < 0) { if((*sp->seek)(sp, 0, SEEK_SET) < 0) {
ret = errno;
krb5_storage_free(sp); krb5_storage_free(sp);
close(fd); close(fd);
return errno; krb5_set_error_string (context, "seek: %s", strerror(ret));
return ret;
} }
ret = krb5_ret_int32(sp, &len); ret = krb5_ret_int32(sp, &len);
@@ -305,9 +333,11 @@ akf_add_entry(krb5_context context,
len++; len++;
if((*sp->seek)(sp, 0, SEEK_SET) < 0) { if((*sp->seek)(sp, 0, SEEK_SET) < 0) {
ret = errno;
krb5_storage_free(sp); krb5_storage_free(sp);
close(fd); close(fd);
return errno; krb5_set_error_string (context, "seek: %s", strerror(ret));
return ret;
} }
ret = krb5_store_int32(sp, len); ret = krb5_store_int32(sp, len);
@@ -319,9 +349,11 @@ akf_add_entry(krb5_context context,
if((*sp->seek)(sp, (len - 1) * (8 + 4), SEEK_CUR) < 0) { if((*sp->seek)(sp, (len - 1) * (8 + 4), SEEK_CUR) < 0) {
ret = errno;
krb5_storage_free(sp); krb5_storage_free(sp);
close(fd); close(fd);
return errno; krb5_set_error_string (context, "seek: %s", strerror(ret));
return ret;
} }
ret = krb5_store_int32(sp, entry->vno); ret = krb5_store_int32(sp, entry->vno);

25
lib/krb5/keytab_krb4.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -45,11 +45,14 @@ krb4_kt_resolve(krb5_context context, const char *name, krb5_keytab id)
struct krb4_kt_data *d; struct krb4_kt_data *d;
d = malloc (sizeof(*d)); d = malloc (sizeof(*d));
if (d == NULL) if (d == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
d->filename = strdup (name); d->filename = strdup (name);
if (d->filename == NULL) { if (d->filename == NULL) {
free(d); free(d);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
id->data = d; id->data = d;
@@ -92,17 +95,23 @@ krb4_kt_start_seq_get_int (krb5_context context,
{ {
struct krb4_kt_data *d = id->data; struct krb4_kt_data *d = id->data;
struct krb4_cursor_extra_data *ed; struct krb4_cursor_extra_data *ed;
int ret;
ed = malloc (sizeof(*ed)); ed = malloc (sizeof(*ed));
if (ed == NULL) if (ed == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
ed->entry.principal = NULL; ed->entry.principal = NULL;
ed->num = -1; ed->num = -1;
c->data = ed; c->data = ed;
c->fd = open (d->filename, flags); c->fd = open (d->filename, flags);
if (c->fd < 0) { if (c->fd < 0) {
ret = errno;
free (ed); free (ed);
return errno; krb5_set_error_string(context, "open(%s): %s", d->filename,
strerror(ret));
return ret;
} }
c->sp = krb5_storage_from_fd(c->fd); c->sp = krb5_storage_from_fd(c->fd);
return 0; return 0;
@@ -238,8 +247,12 @@ krb4_kt_add_entry (krb5_context context,
if (fd < 0) { if (fd < 0) {
fd = open (d->filename, fd = open (d->filename,
O_WRONLY | O_APPEND | O_BINARY | O_CREAT, 0600); O_WRONLY | O_APPEND | O_BINARY | O_CREAT, 0600);
if (fd < 0) if (fd < 0) {
return errno; ret = errno;
krb5_set_error_string(context, "open(%s): %s", d->filename,
strerror(ret));
return ret;
}
} }
ret = krb5_524_conv_principal (context, entry->principal, ret = krb5_524_conv_principal (context, entry->principal,
service, instance, realm); service, instance, realm);

10
lib/krb5/keytab_memory.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -47,8 +47,10 @@ mkt_resolve(krb5_context context, const char *name, krb5_keytab id)
{ {
struct mkt_data *d; struct mkt_data *d;
d = malloc(sizeof(*d)); d = malloc(sizeof(*d));
if(d == NULL) if(d == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
d->entries = NULL; d->entries = NULL;
d->num_entries = 0; d->num_entries = 0;
id->data = d; id->data = d;
@@ -115,8 +117,10 @@ mkt_add_entry(krb5_context context,
struct mkt_data *d = id->data; struct mkt_data *d = id->data;
krb5_keytab_entry *tmp; krb5_keytab_entry *tmp;
tmp = realloc(d->entries, (d->num_entries + 1) * sizeof(*d->entries)); tmp = realloc(d->entries, (d->num_entries + 1) * sizeof(*d->entries));
if(tmp == NULL) if(tmp == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
d->entries = tmp; d->entries = tmp;
return krb5_kt_copy_entry_contents(context, entry, return krb5_kt_copy_entry_contents(context, entry,
&d->entries[d->num_entries++]); &d->entries[d->num_entries++]);

22
lib/krb5/krbhst.c
View File

@@ -41,17 +41,21 @@ RCSID("$Id$");
*/ */
static int static int
add_string(char ***res, int *count, const char *string) add_string(krb5_context context, char ***res, int *count, const char *string)
{ {
char **tmp = realloc(*res, (*count + 1) * sizeof(**res)); char **tmp = realloc(*res, (*count + 1) * sizeof(**res));
if(tmp == NULL) if(tmp == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
*res = tmp; *res = tmp;
if(string) { if(string) {
tmp[*count] = strdup(string); tmp[*count] = strdup(string);
if(tmp[*count] == NULL) if(tmp[*count] == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
} else } else
tmp[*count] = NULL; tmp[*count] = NULL;
(*count)++; (*count)++;
@@ -94,19 +98,21 @@ srv_find_realm(krb5_context context, char ***res, int *count,
char **tmp; char **tmp;
tmp = realloc(*res, (*count + 1) * sizeof(**res)); tmp = realloc(*res, (*count + 1) * sizeof(**res));
if (tmp == NULL) if (tmp == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
*res = tmp; *res = tmp;
snprintf (buf, sizeof(buf), snprintf (buf, sizeof(buf),
"%s/%s:%u", "%s/%s:%u",
proto, proto,
rr->u.srv->target, rr->u.srv->target,
rr->u.srv->port); rr->u.srv->port);
ret = add_string(res, count, buf); ret = add_string(context, res, count, buf);
if(ret) if(ret)
return ret; return ret;
}else if(rr->type == T_TXT) { }else if(rr->type == T_TXT) {
ret = add_string(res, count, rr->u.txt); ret = add_string(context, res, count, rr->u.txt);
if(ret) if(ret)
return ret; return ret;
} }
@@ -151,13 +157,13 @@ get_krbhst (krb5_context context,
if(count == 0) { if(count == 0) {
char buf[1024]; char buf[1024];
snprintf(buf, sizeof(buf), "kerberos.%s", *realm); snprintf(buf, sizeof(buf), "kerberos.%s", *realm);
ret = add_string(&res, &count, buf); ret = add_string(context, &res, &count, buf);
if(ret) { if(ret) {
krb5_config_free_strings(res); krb5_config_free_strings(res);
return ret; return ret;
} }
} }
add_string(&res, &count, NULL); add_string(context, &res, &count, NULL);
*hostlist = res; *hostlist = res;
return 0; return 0;
} }

44
lib/krb5/log.c
View File

@@ -120,11 +120,14 @@ krb5_initlog(krb5_context context,
krb5_log_facility **fac) krb5_log_facility **fac)
{ {
krb5_log_facility *f = calloc(1, sizeof(*f)); krb5_log_facility *f = calloc(1, sizeof(*f));
if(f == NULL) if(f == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
f->program = strdup(program); f->program = strdup(program);
if(f->program == NULL){ if(f->program == NULL){
free(f); free(f);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
*fac = f; *fac = f;
@@ -141,8 +144,10 @@ krb5_addlog_func(krb5_context context,
void *data) void *data)
{ {
struct facility *fp = log_realloc(fac); struct facility *fp = log_realloc(fac);
if(fp == NULL) if(fp == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
fp->min = min; fp->min = min;
fp->max = max; fp->max = max;
fp->log = log; fp->log = log;
@@ -181,8 +186,10 @@ open_syslog(krb5_context context,
struct syslog_data *sd = malloc(sizeof(*sd)); struct syslog_data *sd = malloc(sizeof(*sd));
int i; int i;
if(sd == NULL) if(sd == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
i = find_value(sev, syslogvals); i = find_value(sev, syslogvals);
if(i == -1) if(i == -1)
i = LOG_ERR; i = LOG_ERR;
@@ -232,8 +239,10 @@ open_file(krb5_context context, krb5_log_facility *fac, int min, int max,
char *filename, char *mode, FILE *f, int keep_open) char *filename, char *mode, FILE *f, int keep_open)
{ {
struct file_data *fd = malloc(sizeof(*fd)); struct file_data *fd = malloc(sizeof(*fd));
if(fd == NULL) if(fd == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
fd->filename = filename; fd->filename = filename;
fd->mode = mode; fd->mode = mode;
fd->fd = f; fd->fd = f;
@@ -245,11 +254,13 @@ open_file(krb5_context context, krb5_log_facility *fac, int min, int max,
krb5_error_code krb5_error_code
krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *p) krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig)
{ {
krb5_error_code ret = 0; krb5_error_code ret = 0;
int min = 0, max = -1, n; int min = 0, max = -1, n;
char c; char c;
const char *p = orig;
n = sscanf(p, "%d%c%d/", &min, &c, &max); n = sscanf(p, "%d%c%d/", &min, &c, &max);
if(n == 2){ if(n == 2){
if(c == '/') { if(c == '/') {
@@ -263,7 +274,10 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *p)
} }
if(n){ if(n){
p = strchr(p, '/'); p = strchr(p, '/');
if(p == NULL) return HEIM_ERR_LOG_PARSE; if(p == NULL) {
krb5_set_error_string (context, "failed to parse \"%s\"", orig);
return HEIM_ERR_LOG_PARSE;
}
p++; p++;
} }
if(strcmp(p, "STDERR") == 0){ if(strcmp(p, "STDERR") == 0){
@@ -275,17 +289,26 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *p)
FILE *file = NULL; FILE *file = NULL;
int keep_open = 0; int keep_open = 0;
fn = strdup(p + 5); fn = strdup(p + 5);
if(fn == NULL) if(fn == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
if(p[4] == '='){ if(p[4] == '='){
int i = open(fn, O_WRONLY | O_CREAT | int i = open(fn, O_WRONLY | O_CREAT |
O_TRUNC | O_APPEND, 0666); O_TRUNC | O_APPEND, 0666);
if(i < 0) if(i < 0) {
return errno; ret = errno;
krb5_set_error_string (context, "open(%s): %s", fn,
strerror(ret));
return ret;
}
file = fdopen(i, "a"); file = fdopen(i, "a");
if(file == NULL){ if(file == NULL){
ret = errno;
close(i); close(i);
return errno; krb5_set_error_string (context, "fdopen(%s): %s", fn,
strerror(ret));
return ret;
} }
keep_open = 1; keep_open = 1;
} }
@@ -303,6 +326,7 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *p)
facility = "AUTH"; facility = "AUTH";
ret = open_syslog(context, f, min, max, severity, facility); ret = open_syslog(context, f, min, max, severity, facility);
}else{ }else{
krb5_set_error_string (context, "unknown log type: %s", p);
ret = HEIM_ERR_LOG_PARSE; /* XXX */ ret = HEIM_ERR_LOG_PARSE; /* XXX */
} }
return ret; return ret;

13
lib/krb5/mcache.c
View File

@@ -65,6 +65,7 @@ static krb5_mcache *
mcc_alloc(const char *name) mcc_alloc(const char *name)
{ {
krb5_mcache *m; krb5_mcache *m;
ALLOC(m, 1); ALLOC(m, 1);
if(m == NULL) if(m == NULL)
return NULL; return NULL;
@@ -101,8 +102,10 @@ mcc_resolve(krb5_context context, krb5_ccache *id, const char *res)
} }
m = mcc_alloc(res); m = mcc_alloc(res);
if (m == NULL) if (m == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return KRB5_CC_NOMEM; return KRB5_CC_NOMEM;
}
(*id)->data.data = m; (*id)->data.data = m;
(*id)->data.length = sizeof(*m); (*id)->data.length = sizeof(*m);
@@ -118,8 +121,10 @@ mcc_gen_new(krb5_context context, krb5_ccache *id)
m = mcc_alloc(NULL); m = mcc_alloc(NULL);
if (m == NULL) if (m == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return KRB5_CC_NOMEM; return KRB5_CC_NOMEM;
}
(*id)->data.data = m; (*id)->data.data = m;
(*id)->data.length = sizeof(*m); (*id)->data.length = sizeof(*m);
@@ -203,8 +208,10 @@ mcc_store_cred(krb5_context context,
return ENOENT; return ENOENT;
l = malloc (sizeof(*l)); l = malloc (sizeof(*l));
if (l == NULL) if (l == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return KRB5_CC_NOMEM; return KRB5_CC_NOMEM;
}
l->next = m->creds; l->next = m->creds;
m->creds = l; m->creds = l;
memset (&l->cred, 0, sizeof(l->cred)); memset (&l->cred, 0, sizeof(l->cred));

6
lib/krb5/mk_error.c
View File

@@ -86,8 +86,10 @@ krb5_mk_error(krb5_context context,
buf_size = 1024; buf_size = 1024;
buf = malloc (buf_size); buf = malloc (buf_size);
if (buf == NULL) if (buf == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
do { do {
ret = encode_KRB_ERROR(buf + buf_size - 1, ret = encode_KRB_ERROR(buf + buf_size - 1,
@@ -101,6 +103,7 @@ krb5_mk_error(krb5_context context,
buf_size *= 2; buf_size *= 2;
tmp = realloc (buf, buf_size); tmp = realloc (buf, buf_size);
if (tmp == NULL) { if (tmp == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
goto out; goto out;
} }
@@ -114,6 +117,7 @@ krb5_mk_error(krb5_context context,
reply->length = len; reply->length = len;
reply->data = malloc(len); reply->data = malloc(len);
if (reply->data == NULL) { if (reply->data == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
goto out; goto out;
} }

9
lib/krb5/mk_priv.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -87,8 +87,10 @@ krb5_mk_priv(krb5_context context,
buf_size = 1024; buf_size = 1024;
buf = malloc (buf_size); buf = malloc (buf_size);
if (buf == NULL) if (buf == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
krb5_data_zero (&s.enc_part.cipher); krb5_data_zero (&s.enc_part.cipher);
@@ -102,6 +104,7 @@ krb5_mk_priv(krb5_context context,
buf_size *= 2; buf_size *= 2;
tmp = realloc (buf, buf_size); tmp = realloc (buf, buf_size);
if (tmp == NULL) { if (tmp == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
goto fail; goto fail;
} }
@@ -144,6 +147,7 @@ krb5_mk_priv(krb5_context context,
buf_size *= 2; buf_size *= 2;
tmp = realloc (buf, buf_size); tmp = realloc (buf, buf_size);
if (tmp == NULL) { if (tmp == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
goto fail; goto fail;
} }
@@ -158,6 +162,7 @@ krb5_mk_priv(krb5_context context,
outbuf->length = len; outbuf->length = len;
outbuf->data = malloc (len); outbuf->data = malloc (len);
if (outbuf->data == NULL) { if (outbuf->data == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
free(buf); free(buf);
return ENOMEM; return ENOMEM;
} }

8
lib/krb5/mk_rep.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -61,8 +61,10 @@ krb5_mk_rep(krb5_context context,
auth_context->keyblock, auth_context->keyblock,
&auth_context->local_seqnumber); &auth_context->local_seqnumber);
body.seq_number = malloc (sizeof(*body.seq_number)); body.seq_number = malloc (sizeof(*body.seq_number));
if (body.seq_number == NULL) if (body.seq_number == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
*(body.seq_number) = auth_context->local_seqnumber; *(body.seq_number) = auth_context->local_seqnumber;
} else } else
body.seq_number = NULL; body.seq_number = NULL;
@@ -74,6 +76,7 @@ krb5_mk_rep(krb5_context context,
buf = malloc (buf_size); buf = malloc (buf_size);
if (buf == NULL) { if (buf == NULL) {
free_EncAPRepPart (&body); free_EncAPRepPart (&body);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
@@ -106,6 +109,7 @@ krb5_mk_rep(krb5_context context,
buf = realloc(buf, buf_size); buf = realloc(buf, buf_size);
if(buf == NULL) { if(buf == NULL) {
free_AP_REP (&ap); free_AP_REP (&ap);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
ret = encode_AP_REP (buf + buf_size - 1, buf_size, &ap, &len); ret = encode_AP_REP (buf + buf_size - 1, buf_size, &ap, &len);

2
lib/krb5/mk_req.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *

14
lib/krb5/mk_safe.c
View File

@@ -48,6 +48,7 @@ krb5_mk_safe(krb5_context context,
KerberosTime sec2; KerberosTime sec2;
int usec2; int usec2;
u_char *buf = NULL; u_char *buf = NULL;
void *tmp;
size_t buf_size; size_t buf_size;
size_t len; size_t len;
u_int32_t tmp_seq; u_int32_t tmp_seq;
@@ -78,8 +79,10 @@ krb5_mk_safe(krb5_context context,
buf_size = length_KRB_SAFE(&s); buf_size = length_KRB_SAFE(&s);
buf = malloc(buf_size + 128); /* add some for checksum */ buf = malloc(buf_size + 128); /* add some for checksum */
if(buf == NULL) if(buf == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
ret = encode_KRB_SAFE (buf + buf_size - 1, buf_size, &s, &len); ret = encode_KRB_SAFE (buf + buf_size - 1, buf_size, &s, &len);
if (ret) { if (ret) {
free (buf); free (buf);
@@ -104,9 +107,13 @@ krb5_mk_safe(krb5_context context,
} }
buf_size = length_KRB_SAFE(&s); buf_size = length_KRB_SAFE(&s);
buf = realloc(buf, buf_size); tmp = realloc(buf, buf_size);
if(buf == NULL) if(tmp == NULL) {
free(buf);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
buf = tmp;
ret = encode_KRB_SAFE (buf + buf_size - 1, buf_size, &s, &len); ret = encode_KRB_SAFE (buf + buf_size - 1, buf_size, &s, &len);
free_Checksum (&s.cksum); free_Checksum (&s.cksum);
@@ -115,6 +122,7 @@ krb5_mk_safe(krb5_context context,
outbuf->data = malloc (len); outbuf->data = malloc (len);
if (outbuf->data == NULL) { if (outbuf->data == NULL) {
free (buf); free (buf);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
memcpy (outbuf->data, buf + buf_size - len, len); memcpy (outbuf->data, buf + buf_size - len, len);

74
lib/krb5/principal.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997-2000 Kungliga Tekniska H<>gskolan * Copyright (c) 1997-2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -82,20 +82,26 @@ krb5_parse_name(krb5_context context,
ncomp = 1; ncomp = 1;
for(p = (char*)name; *p; p++){ for(p = (char*)name; *p; p++){
if(*p=='\\'){ if(*p=='\\'){
if(!p[1]) if(!p[1]) {
krb5_set_error_string (context,
"trailing \\ in principal name");
return KRB5_PARSE_MALFORMED; return KRB5_PARSE_MALFORMED;
}
p++; p++;
} else if(*p == '/') } else if(*p == '/')
ncomp++; ncomp++;
} }
comp = calloc(ncomp, sizeof(*comp)); comp = calloc(ncomp, sizeof(*comp));
if (comp == NULL) if (comp == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
n = 0; n = 0;
start = q = p = s = strdup(name); start = q = p = s = strdup(name);
if (start == NULL) { if (start == NULL) {
free (comp); free (comp);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
while(*p){ while(*p){
@@ -112,11 +118,14 @@ krb5_parse_name(krb5_context context,
c = '\0'; c = '\0';
}else if(c == '/' || c == '@'){ }else if(c == '/' || c == '@'){
if(got_realm){ if(got_realm){
krb5_set_error_string (context,
"part after realm in principal name");
ret = KRB5_PARSE_MALFORMED; ret = KRB5_PARSE_MALFORMED;
goto exit; goto exit;
}else{ }else{
comp[n] = malloc(q - start + 1); comp[n] = malloc(q - start + 1);
if (comp[n] == NULL) { if (comp[n] == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
goto exit; goto exit;
} }
@@ -130,6 +139,8 @@ krb5_parse_name(krb5_context context,
continue; continue;
} }
if(got_realm && (c == ':' || c == '/' || c == '\0')) { if(got_realm && (c == ':' || c == '/' || c == '\0')) {
krb5_set_error_string (context,
"part after realm in principal name");
ret = KRB5_PARSE_MALFORMED; ret = KRB5_PARSE_MALFORMED;
goto exit; goto exit;
} }
@@ -138,6 +149,7 @@ krb5_parse_name(krb5_context context,
if(got_realm){ if(got_realm){
realm = malloc(q - start + 1); realm = malloc(q - start + 1);
if (realm == NULL) { if (realm == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
goto exit; goto exit;
} }
@@ -150,6 +162,7 @@ krb5_parse_name(krb5_context context,
comp[n] = malloc(q - start + 1); comp[n] = malloc(q - start + 1);
if (comp[n] == NULL) { if (comp[n] == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
goto exit; goto exit;
} }
@@ -159,6 +172,7 @@ krb5_parse_name(krb5_context context,
} }
*principal = malloc(sizeof(**principal)); *principal = malloc(sizeof(**principal));
if (*principal == NULL) { if (*principal == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
goto exit; goto exit;
} }
@@ -278,8 +292,10 @@ unparse_name(krb5_context context,
len++; len++;
} }
*name = malloc(len); *name = malloc(len);
if(len != 0 && *name == NULL) if(len != 0 && *name == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
ret = unparse_name_fixed(context, principal, *name, len, short_flag); ret = unparse_name_fixed(context, principal, *name, len, short_flag);
if(ret) if(ret)
free(*name); free(*name);
@@ -356,12 +372,16 @@ append_component(krb5_context context, krb5_principal p,
size_t len = princ_num_comp(p); size_t len = princ_num_comp(p);
tmp = realloc(princ_comp(p), (len + 1) * sizeof(*tmp)); tmp = realloc(princ_comp(p), (len + 1) * sizeof(*tmp));
if(tmp == NULL) if(tmp == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
princ_comp(p) = tmp; princ_comp(p) = tmp;
princ_ncomp(p, len) = malloc(comp_len + 1); princ_ncomp(p, len) = malloc(comp_len + 1);
if (princ_ncomp(p, len) == NULL) if (princ_ncomp(p, len) == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
memcpy (princ_ncomp(p, len), comp, comp_len); memcpy (princ_ncomp(p, len), comp, comp_len);
princ_ncomp(p, len)[comp_len] = '\0'; princ_ncomp(p, len)[comp_len] = '\0';
princ_num_comp(p)++; princ_num_comp(p)++;
@@ -406,13 +426,16 @@ build_principal(krb5_context context,
krb5_principal p; krb5_principal p;
p = calloc(1, sizeof(*p)); p = calloc(1, sizeof(*p));
if (p == NULL) if (p == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
princ_type(p) = KRB5_NT_PRINCIPAL; princ_type(p) = KRB5_NT_PRINCIPAL;
princ_realm(p) = strdup(realm); princ_realm(p) = strdup(realm);
if(p->realm == NULL){ if(p->realm == NULL){
free(p); free(p);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
@@ -487,10 +510,15 @@ krb5_copy_principal(krb5_context context,
krb5_principal *outprinc) krb5_principal *outprinc)
{ {
krb5_principal p = malloc(sizeof(*p)); krb5_principal p = malloc(sizeof(*p));
if (p == NULL) if (p == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
if(copy_Principal(inprinc, p)) }
if(copy_Principal(inprinc, p)) {
free(p);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
*outprinc = p; *outprinc = p;
return 0; return 0;
} }
@@ -667,6 +695,7 @@ krb5_425_conv_principal_ext(krb5_context context,
} }
krb5_free_principal(context, pr); krb5_free_principal(context, pr);
*princ = NULL; *princ = NULL;
krb5_clear_error_string (context);
return HEIM_ERR_V4_PRINC_NO_CONV; return HEIM_ERR_V4_PRINC_NO_CONV;
} }
if(resolve){ if(resolve){
@@ -688,6 +717,7 @@ krb5_425_conv_principal_ext(krb5_context context,
#ifdef USE_RESOLVER #ifdef USE_RESOLVER
dns_free_data(r); dns_free_data(r);
#endif #endif
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
ret = krb5_make_principal(context, &pr, realm, name, low_inst, ret = krb5_make_principal(context, &pr, realm, name, low_inst,
@@ -731,6 +761,7 @@ krb5_425_conv_principal_ext(krb5_context context,
"default_domain", NULL); "default_domain", NULL);
if(p == NULL){ if(p == NULL){
/* this should be an error, just faking a name is not good */ /* this should be an error, just faking a name is not good */
krb5_clear_error_string (context);
return HEIM_ERR_V4_PRINC_NO_CONV; return HEIM_ERR_V4_PRINC_NO_CONV;
} }
@@ -743,6 +774,7 @@ krb5_425_conv_principal_ext(krb5_context context,
return 0; return 0;
} }
krb5_free_principal(context, pr); krb5_free_principal(context, pr);
krb5_clear_error_string (context);
return HEIM_ERR_V4_PRINC_NO_CONV; return HEIM_ERR_V4_PRINC_NO_CONV;
no_host: no_host:
p = krb5_config_get_string(context, NULL, p = krb5_config_get_string(context, NULL,
@@ -768,6 +800,7 @@ no_host:
return 0; return 0;
} }
krb5_free_principal(context, pr); krb5_free_principal(context, pr);
krb5_clear_error_string (context);
return HEIM_ERR_V4_PRINC_NO_CONV; return HEIM_ERR_V4_PRINC_NO_CONV;
} }
@@ -888,6 +921,9 @@ krb5_524_conv_principal(krb5_context context,
i = principal->name.name_string.val[1]; i = principal->name.name_string.val[1];
break; break;
default: default:
krb5_set_error_string (context,
"cannot convert a %d component principal",
principal->name.name_string.len);
return KRB5_PARSE_MALFORMED; return KRB5_PARSE_MALFORMED;
} }
@@ -910,12 +946,21 @@ krb5_524_conv_principal(krb5_context context,
i = tmpinst; i = tmpinst;
} }
if (strlcpy (name, n, aname_sz) >= aname_sz) if (strlcpy (name, n, aname_sz) >= aname_sz) {
krb5_set_error_string (context,
"too long name component to convert");
return KRB5_PARSE_MALFORMED; return KRB5_PARSE_MALFORMED;
if (strlcpy (instance, i, aname_sz) >= aname_sz) }
if (strlcpy (instance, i, aname_sz) >= aname_sz) {
krb5_set_error_string (context,
"too long instance component to convert");
return KRB5_PARSE_MALFORMED; return KRB5_PARSE_MALFORMED;
if (strlcpy (realm, r, aname_sz) >= aname_sz) }
if (strlcpy (realm, r, aname_sz) >= aname_sz) {
krb5_set_error_string (context,
"too long realm component to convert");
return KRB5_PARSE_MALFORMED; return KRB5_PARSE_MALFORMED;
}
return 0; return 0;
} }
@@ -934,8 +979,11 @@ krb5_sname_to_principal (krb5_context context,
char localhost[MAXHOSTNAMELEN]; char localhost[MAXHOSTNAMELEN];
char **realms, *host = NULL; char **realms, *host = NULL;
if(type != KRB5_NT_SRV_HST && type != KRB5_NT_UNKNOWN) if(type != KRB5_NT_SRV_HST && type != KRB5_NT_UNKNOWN) {
krb5_set_error_string (context, "unsupported name type %d",
type);
return KRB5_SNAME_UNSUPP_NAMETYPE; return KRB5_SNAME_UNSUPP_NAMETYPE;
}
if(hostname == NULL) { if(hostname == NULL) {
gethostname(localhost, sizeof(localhost)); gethostname(localhost, sizeof(localhost));
hostname = localhost; hostname = localhost;

8
lib/krb5/rd_cred.c
View File

@@ -59,11 +59,13 @@ krb5_rd_cred(krb5_context context,
if (cred.pvno != 5) { if (cred.pvno != 5) {
ret = KRB5KRB_AP_ERR_BADVERSION; ret = KRB5KRB_AP_ERR_BADVERSION;
krb5_clear_error_string (context);
goto out; goto out;
} }
if (cred.msg_type != krb_cred) { if (cred.msg_type != krb_cred) {
ret = KRB5KRB_AP_ERR_MSG_TYPE; ret = KRB5KRB_AP_ERR_MSG_TYPE;
krb5_clear_error_string (context);
goto out; goto out;
} }
@@ -110,7 +112,7 @@ krb5_rd_cred(krb5_context context,
krb5_address *a; krb5_address *a;
int cmp; int cmp;
ret = krb5_make_addrport (&a, ret = krb5_make_addrport (context, &a,
auth_context->remote_address, auth_context->remote_address,
auth_context->remote_port); auth_context->remote_port);
if (ret) if (ret)
@@ -125,6 +127,7 @@ krb5_rd_cred(krb5_context context,
free (a); free (a);
if (cmp == 0) { if (cmp == 0) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BADADDR; ret = KRB5KRB_AP_ERR_BADADDR;
goto out; goto out;
} }
@@ -137,6 +140,7 @@ krb5_rd_cred(krb5_context context,
&& !krb5_address_compare (context, && !krb5_address_compare (context,
auth_context->local_address, auth_context->local_address,
enc_krb_cred_part.r_address)) { enc_krb_cred_part.r_address)) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BADADDR; ret = KRB5KRB_AP_ERR_BADADDR;
goto out; goto out;
} }
@@ -151,6 +155,7 @@ krb5_rd_cred(krb5_context context,
enc_krb_cred_part.usec == NULL || enc_krb_cred_part.usec == NULL ||
abs(*enc_krb_cred_part.timestamp - sec) abs(*enc_krb_cred_part.timestamp - sec)
> context->max_skew) { > context->max_skew) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_SKEW; ret = KRB5KRB_AP_ERR_SKEW;
goto out; goto out;
} }
@@ -185,6 +190,7 @@ krb5_rd_cred(krb5_context context,
creds = calloc(1, sizeof(*creds)); creds = calloc(1, sizeof(*creds));
if(creds == NULL) { if(creds == NULL) {
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string (context, "malloc: out of memory");
goto out; goto out;
} }

56
lib/krb5/rd_error.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -43,6 +43,7 @@ krb5_rd_error(krb5_context context,
size_t len; size_t len;
krb5_error_code ret; krb5_error_code ret;
ret = decode_KRB_ERROR(msg->data, msg->length, result, &len); ret = decode_KRB_ERROR(msg->data, msg->length, result, &len);
if(ret) if(ret)
return ret; return ret;
@@ -64,3 +65,56 @@ krb5_free_error (krb5_context context,
krb5_free_error_contents (context, error); krb5_free_error_contents (context, error);
free (error); free (error);
} }
krb5_error_code
krb5_error_from_rd_error(krb5_context context,
const krb5_error *error,
const krb5_creds *creds)
{
krb5_error_code ret;
ret = error->error_code;
if (error->e_text != NULL) {
krb5_set_error_string(context, "%s", *error->e_text);
} else {
char clientname[256], servername[256];
if (creds != NULL) {
krb5_unparse_name_fixed(context, creds->client,
clientname, sizeof(clientname));
krb5_unparse_name_fixed(context, creds->server,
servername, sizeof(servername));
}
switch (ret) {
case KRB5KDC_ERR_NAME_EXP :
krb5_set_error_string(context, "Client %s%s%s expired",
creds ? "(" : "",
creds ? clientname : "",
creds ? "(" : "");
break;
case KRB5KDC_ERR_SERVICE_EXP :
krb5_set_error_string(context, "Server %s%s%s expired",
creds ? "(" : "",
creds ? servername : "",
creds ? "(" : "");
break;
case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN :
krb5_set_error_string(context, "Client %s%s%s unknown",
creds ? "(" : "",
creds ? clientname : "",
creds ? "(" : "");
break;
case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN :
krb5_set_error_string(context, "Server %s%s%s unknown",
creds ? "(" : "",
creds ? servername : "",
creds ? "(" : "");
break;
default :
krb5_clear_error_string(context);
break;
}
}
return ret;
}

6
lib/krb5/rd_priv.c
View File

@@ -55,10 +55,12 @@ krb5_rd_priv(krb5_context context,
if (ret) if (ret)
goto failure; goto failure;
if (priv.pvno != 5) { if (priv.pvno != 5) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BADVERSION; ret = KRB5KRB_AP_ERR_BADVERSION;
goto failure; goto failure;
} }
if (priv.msg_type != krb_priv) { if (priv.msg_type != krb_priv) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_MSG_TYPE; ret = KRB5KRB_AP_ERR_MSG_TYPE;
goto failure; goto failure;
} }
@@ -96,6 +98,7 @@ krb5_rd_priv(krb5_context context,
&& !krb5_address_compare (context, && !krb5_address_compare (context,
auth_context->remote_address, auth_context->remote_address,
part.s_address)) { part.s_address)) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BADADDR; ret = KRB5KRB_AP_ERR_BADADDR;
goto failure_part; goto failure_part;
} }
@@ -107,6 +110,7 @@ krb5_rd_priv(krb5_context context,
&& !krb5_address_compare (context, && !krb5_address_compare (context,
auth_context->local_address, auth_context->local_address,
part.r_address)) { part.r_address)) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BADADDR; ret = KRB5KRB_AP_ERR_BADADDR;
goto failure_part; goto failure_part;
} }
@@ -119,6 +123,7 @@ krb5_rd_priv(krb5_context context,
if (part.timestamp == NULL || if (part.timestamp == NULL ||
part.usec == NULL || part.usec == NULL ||
abs(*part.timestamp - sec) > context->max_skew) { abs(*part.timestamp - sec) > context->max_skew) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_SKEW; ret = KRB5KRB_AP_ERR_SKEW;
goto failure_part; goto failure_part;
} }
@@ -135,6 +140,7 @@ krb5_rd_priv(krb5_context context,
&& auth_context->remote_seqnumber != 0) && auth_context->remote_seqnumber != 0)
|| (part.seq_number != NULL || (part.seq_number != NULL
&& *part.seq_number != auth_context->remote_seqnumber)) { && *part.seq_number != auth_context->remote_seqnumber)) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BADORDER; ret = KRB5KRB_AP_ERR_BADORDER;
goto failure_part; goto failure_part;
} }

6
lib/krb5/rd_rep.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 1998 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -55,10 +55,12 @@ krb5_rd_rep(krb5_context context,
return ret; return ret;
if (ap_rep.pvno != 5) { if (ap_rep.pvno != 5) {
ret = KRB5KRB_AP_ERR_BADVERSION; ret = KRB5KRB_AP_ERR_BADVERSION;
krb5_clear_error_string (context);
goto out; goto out;
} }
if (ap_rep.msg_type != krb_ap_rep) { if (ap_rep.msg_type != krb_ap_rep) {
ret = KRB5KRB_AP_ERR_MSG_TYPE; ret = KRB5KRB_AP_ERR_MSG_TYPE;
krb5_clear_error_string (context);
goto out; goto out;
} }
@@ -77,6 +79,7 @@ krb5_rd_rep(krb5_context context,
*repl = malloc(sizeof(**repl)); *repl = malloc(sizeof(**repl));
if (*repl == NULL) { if (*repl == NULL) {
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string (context, "malloc: out of memory");
goto out; goto out;
} }
ret = krb5_decode_EncAPRepPart(context, ret = krb5_decode_EncAPRepPart(context,
@@ -90,6 +93,7 @@ krb5_rd_rep(krb5_context context,
if ((*repl)->ctime != auth_context->authenticator->ctime || if ((*repl)->ctime != auth_context->authenticator->ctime ||
(*repl)->cusec != auth_context->authenticator->cusec) { (*repl)->cusec != auth_context->authenticator->cusec) {
ret = KRB5KRB_AP_ERR_MUT_FAIL; ret = KRB5KRB_AP_ERR_MUT_FAIL;
krb5_clear_error_string (context);
goto out; goto out;
} }
if ((*repl)->seq_number) if ((*repl)->seq_number)

9
lib/krb5/rd_req.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -113,14 +113,17 @@ krb5_decode_ap_req(krb5_context context,
return ret; return ret;
if (ap_req->pvno != 5){ if (ap_req->pvno != 5){
free_AP_REQ(ap_req); free_AP_REQ(ap_req);
krb5_clear_error_string (context);
return KRB5KRB_AP_ERR_BADVERSION; return KRB5KRB_AP_ERR_BADVERSION;
} }
if (ap_req->msg_type != krb_ap_req){ if (ap_req->msg_type != krb_ap_req){
free_AP_REQ(ap_req); free_AP_REQ(ap_req);
krb5_clear_error_string (context);
return KRB5KRB_AP_ERR_MSG_TYPE; return KRB5KRB_AP_ERR_MSG_TYPE;
} }
if (ap_req->ticket.tkt_vno != 5){ if (ap_req->ticket.tkt_vno != 5){
free_AP_REQ(ap_req); free_AP_REQ(ap_req);
krb5_clear_error_string (context);
return KRB5KRB_AP_ERR_BADVERSION; return KRB5KRB_AP_ERR_BADVERSION;
} }
return 0; return 0;
@@ -150,10 +153,12 @@ krb5_decrypt_ticket(krb5_context context,
|| (t.flags.invalid || (t.flags.invalid
&& !(flags & KRB5_VERIFY_AP_REQ_IGNORE_INVALID))) { && !(flags & KRB5_VERIFY_AP_REQ_IGNORE_INVALID))) {
free_EncTicketPart(&t); free_EncTicketPart(&t);
krb5_clear_error_string (context);
return KRB5KRB_AP_ERR_TKT_NYV; return KRB5KRB_AP_ERR_TKT_NYV;
} }
if(now - t.endtime > context->max_skew) { if(now - t.endtime > context->max_skew) {
free_EncTicketPart(&t); free_EncTicketPart(&t);
krb5_clear_error_string (context);
return KRB5KRB_AP_ERR_TKT_EXPIRED; return KRB5KRB_AP_ERR_TKT_EXPIRED;
} }
} }
@@ -320,6 +325,7 @@ krb5_verify_ap_req2(krb5_context context,
krb5_free_principal (context, p2); krb5_free_principal (context, p2);
if (!res) { if (!res) {
ret = KRB5KRB_AP_ERR_BADMATCH; ret = KRB5KRB_AP_ERR_BADMATCH;
krb5_clear_error_string (context);
goto out2; goto out2;
} }
} }
@@ -332,6 +338,7 @@ krb5_verify_ap_req2(krb5_context context,
ac->remote_address, ac->remote_address,
t.ticket.caddr)) { t.ticket.caddr)) {
ret = KRB5KRB_AP_ERR_BADADDR; ret = KRB5KRB_AP_ERR_BADADDR;
krb5_clear_error_string (context);
goto out2; goto out2;
} }

9
lib/krb5/rd_safe.c
View File

@@ -58,6 +58,7 @@ verify_checksum(krb5_context context,
if (buf == NULL) { if (buf == NULL) {
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string (context, "malloc: out of memory");
goto out; goto out;
} }
@@ -97,15 +98,18 @@ krb5_rd_safe(krb5_context context,
return ret; return ret;
if (safe.pvno != 5) { if (safe.pvno != 5) {
ret = KRB5KRB_AP_ERR_BADVERSION; ret = KRB5KRB_AP_ERR_BADVERSION;
krb5_clear_error_string (context);
goto failure; goto failure;
} }
if (safe.msg_type != krb_safe) { if (safe.msg_type != krb_safe) {
ret = KRB5KRB_AP_ERR_MSG_TYPE; ret = KRB5KRB_AP_ERR_MSG_TYPE;
krb5_clear_error_string (context);
goto failure; goto failure;
} }
if (!krb5_checksum_is_keyed(context, safe.cksum.cksumtype) if (!krb5_checksum_is_keyed(context, safe.cksum.cksumtype)
|| !krb5_checksum_is_collision_proof(context, safe.cksum.cksumtype)) { || !krb5_checksum_is_collision_proof(context, safe.cksum.cksumtype)) {
ret = KRB5KRB_AP_ERR_INAPP_CKSUM; ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
krb5_clear_error_string (context);
goto failure; goto failure;
} }
@@ -117,6 +121,7 @@ krb5_rd_safe(krb5_context context,
auth_context->remote_address, auth_context->remote_address,
safe.safe_body.s_address)) { safe.safe_body.s_address)) {
ret = KRB5KRB_AP_ERR_BADADDR; ret = KRB5KRB_AP_ERR_BADADDR;
krb5_clear_error_string (context);
goto failure; goto failure;
} }
@@ -128,6 +133,7 @@ krb5_rd_safe(krb5_context context,
auth_context->local_address, auth_context->local_address,
safe.safe_body.r_address)) { safe.safe_body.r_address)) {
ret = KRB5KRB_AP_ERR_BADADDR; ret = KRB5KRB_AP_ERR_BADADDR;
krb5_clear_error_string (context);
goto failure; goto failure;
} }
@@ -141,6 +147,7 @@ krb5_rd_safe(krb5_context context,
safe.safe_body.usec == NULL || safe.safe_body.usec == NULL ||
abs(*safe.safe_body.timestamp - sec) > context->max_skew) { abs(*safe.safe_body.timestamp - sec) > context->max_skew) {
ret = KRB5KRB_AP_ERR_SKEW; ret = KRB5KRB_AP_ERR_SKEW;
krb5_clear_error_string (context);
goto failure; goto failure;
} }
} }
@@ -157,6 +164,7 @@ krb5_rd_safe(krb5_context context,
&& *safe.safe_body.seq_number != && *safe.safe_body.seq_number !=
auth_context->remote_seqnumber)) { auth_context->remote_seqnumber)) {
ret = KRB5KRB_AP_ERR_BADORDER; ret = KRB5KRB_AP_ERR_BADORDER;
krb5_clear_error_string (context);
goto failure; goto failure;
} }
auth_context->remote_seqnumber++; auth_context->remote_seqnumber++;
@@ -170,6 +178,7 @@ krb5_rd_safe(krb5_context context,
outbuf->data = malloc(outbuf->length); outbuf->data = malloc(outbuf->length);
if (outbuf->data == NULL) { if (outbuf->data == NULL) {
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string (context, "malloc: out of memory");
goto failure; goto failure;
} }
memcpy (outbuf->data, safe.safe_body.user_data.data, outbuf->length); memcpy (outbuf->data, safe.safe_body.user_data.data, outbuf->length);

17
lib/krb5/read_message.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 1998 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -45,8 +45,11 @@ krb5_read_message (krb5_context context,
u_int8_t buf[4]; u_int8_t buf[4];
ret = krb5_net_read (context, p_fd, buf, 4); ret = krb5_net_read (context, p_fd, buf, 4);
if(ret == -1) if(ret == -1) {
return errno; ret = errno;
krb5_clear_error_string (context);
return ret;
}
if(ret < 4) { if(ret < 4) {
data->length = 0; data->length = 0;
return HEIM_ERR_EOF; return HEIM_ERR_EOF;
@@ -56,8 +59,10 @@ krb5_read_message (krb5_context context,
if (ret) if (ret)
return ret; return ret;
if (krb5_net_read (context, p_fd, data->data, len) != len) { if (krb5_net_read (context, p_fd, data->data, len) != len) {
ret = errno;
krb5_data_free (data); krb5_data_free (data);
return errno; krb5_clear_error_string (context);
return ret;
} }
return 0; return 0;
} }
@@ -76,8 +81,6 @@ krb5_read_priv_message(krb5_context context,
return ret; return ret;
ret = krb5_rd_priv (context, ac, &packet, data, NULL); ret = krb5_rd_priv (context, ac, &packet, data, NULL);
krb5_data_free(&packet); krb5_data_free(&packet);
if(ret)
return ret;
return ret; return ret;
} }
@@ -95,7 +98,5 @@ krb5_read_safe_message(krb5_context context,
return ret; return ret;
ret = krb5_rd_safe (context, ac, &packet, data, NULL); ret = krb5_rd_safe (context, ac, &packet, data, NULL);
krb5_data_free(&packet); krb5_data_free(&packet);
if(ret)
return ret;
return ret; return ret;
} }

40
lib/krb5/recvauth.c
View File

@@ -101,44 +101,61 @@ krb5_recvauth_match_version(krb5_context context,
if(!(flags & KRB5_RECVAUTH_IGNORE_VERSION)) { if(!(flags & KRB5_RECVAUTH_IGNORE_VERSION)) {
n = krb5_net_read (context, p_fd, &len, 4); n = krb5_net_read (context, p_fd, &len, 4);
if (n < 0) if (n < 0) {
return errno; ret = errno;
if (n == 0) krb5_set_error_string (context, "read: %s", strerror(errno));
return ret;
}
if (n == 0) {
krb5_clear_error_string (context);
return KRB5_SENDAUTH_BADAUTHVERS; return KRB5_SENDAUTH_BADAUTHVERS;
}
len = ntohl(len); len = ntohl(len);
if (len != sizeof(her_version) if (len != sizeof(her_version)
|| krb5_net_read (context, p_fd, her_version, len) != len || krb5_net_read (context, p_fd, her_version, len) != len
|| strncmp (version, her_version, len)) { || strncmp (version, her_version, len)) {
repl = 1; repl = 1;
krb5_net_write (context, p_fd, &repl, 1); krb5_net_write (context, p_fd, &repl, 1);
krb5_clear_error_string (context);
return KRB5_SENDAUTH_BADAUTHVERS; return KRB5_SENDAUTH_BADAUTHVERS;
} }
} }
n = krb5_net_read (context, p_fd, &len, 4); n = krb5_net_read (context, p_fd, &len, 4);
if (n < 0) if (n < 0) {
return errno; ret = errno;
if (n == 0) krb5_set_error_string (context, "read: %s", strerror(errno));
return ret;
}
if (n == 0) {
krb5_clear_error_string (context);
return KRB5_SENDAUTH_BADAPPLVERS; return KRB5_SENDAUTH_BADAPPLVERS;
}
len = ntohl(len); len = ntohl(len);
her_appl_version = malloc (len); her_appl_version = malloc (len);
if (her_appl_version == NULL) { if (her_appl_version == NULL) {
repl = 2; repl = 2;
krb5_net_write (context, p_fd, &repl, 1); krb5_net_write (context, p_fd, &repl, 1);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
if (krb5_net_read (context, p_fd, her_appl_version, len) != len if (krb5_net_read (context, p_fd, her_appl_version, len) != len
|| !(*match_appl_version)(match_data, her_appl_version)) { || !(*match_appl_version)(match_data, her_appl_version)) {
repl = 2; repl = 2;
krb5_net_write (context, p_fd, &repl, 1); krb5_net_write (context, p_fd, &repl, 1);
krb5_set_error_string (context, "wrong sendauth version (%s)",
her_appl_version);
free (her_appl_version); free (her_appl_version);
return KRB5_SENDAUTH_BADAPPLVERS; return KRB5_SENDAUTH_BADAPPLVERS;
} }
free (her_appl_version); free (her_appl_version);
repl = 0; repl = 0;
if (krb5_net_write (context, p_fd, &repl, 1) != 1) if (krb5_net_write (context, p_fd, &repl, 1) != 1) {
return errno; ret = errno;
krb5_set_error_string (context, "write: %s", strerror(errno));
return ret;
}
krb5_data_zero (&data); krb5_data_zero (&data);
ret = krb5_read_message (context, p_fd, &data); ret = krb5_read_message (context, p_fd, &data);
@@ -174,8 +191,11 @@ krb5_recvauth_match_version(krb5_context context,
} }
len = 0; len = 0;
if (krb5_net_write (context, p_fd, &len, 4) != 4) if (krb5_net_write (context, p_fd, &len, 4) != 4) {
return errno; ret = errno;
krb5_set_error_string (context, "write: %s", strerror(errno));
return ret;
}
if (ap_options & AP_OPTS_MUTUAL_REQUIRED) { if (ap_options & AP_OPTS_MUTUAL_REQUIRED) {
ret = krb5_mk_rep (context, *auth_context, &data); ret = krb5_mk_rep (context, *auth_context, &data);

68
lib/krb5/replay.c
View File

@@ -46,8 +46,10 @@ krb5_rc_resolve(krb5_context context,
const char *name) const char *name)
{ {
id->name = strdup(name); id->name = strdup(name);
if(id->name == NULL) if(id->name == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return KRB5_RC_MALLOC; return KRB5_RC_MALLOC;
}
return 0; return 0;
} }
@@ -56,11 +58,16 @@ krb5_rc_resolve_type(krb5_context context,
krb5_rcache *id, krb5_rcache *id,
const char *type) const char *type)
{ {
if(strcmp(type, "FILE")) if(strcmp(type, "FILE")) {
krb5_set_error_string (context, "replay cache type %s not supported",
type);
return KRB5_RC_TYPE_NOTFOUND; return KRB5_RC_TYPE_NOTFOUND;
}
*id = calloc(1, sizeof(**id)); *id = calloc(1, sizeof(**id));
if(*id == NULL) if(*id == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return KRB5_RC_MALLOC; return KRB5_RC_MALLOC;
}
return 0; return 0;
} }
@@ -70,8 +77,11 @@ krb5_rc_resolve_full(krb5_context context,
const char *string_name) const char *string_name)
{ {
krb5_error_code ret; krb5_error_code ret;
if(strncmp(string_name, "FILE:", 5)) if(strncmp(string_name, "FILE:", 5)) {
krb5_set_error_string (context, "replay cache type %s not supported",
string_name);
return KRB5_RC_TYPE_NOTFOUND; return KRB5_RC_TYPE_NOTFOUND;
}
ret = krb5_rc_resolve_type(context, id, "FILE"); ret = krb5_rc_resolve_type(context, id, "FILE");
if(ret) if(ret)
return ret; return ret;
@@ -110,8 +120,14 @@ krb5_rc_initialize(krb5_context context,
{ {
FILE *f = fopen(id->name, "w"); FILE *f = fopen(id->name, "w");
struct rc_entry tmp; struct rc_entry tmp;
if(f == NULL) int ret;
return errno;
if(f == NULL) {
ret = errno;
krb5_set_error_string (context, "open(%s): %s", id->name,
strerror(ret));
return ret;
}
tmp.stamp = auth_lifespan; tmp.stamp = auth_lifespan;
fwrite(&tmp, 1, sizeof(tmp), f); fwrite(&tmp, 1, sizeof(tmp), f);
fclose(f); fclose(f);
@@ -129,8 +145,14 @@ krb5_error_code
krb5_rc_destroy(krb5_context context, krb5_rc_destroy(krb5_context context,
krb5_rcache id) krb5_rcache id)
{ {
if(remove(id->name) < 0) int ret;
return errno;
if(remove(id->name) < 0) {
ret = errno;
krb5_set_error_string (context, "remove(%s): %s", id->name,
strerror(ret));
return ret;
}
return krb5_rc_close(context, id); return krb5_rc_close(context, id);
} }
@@ -167,11 +189,17 @@ krb5_rc_store(krb5_context context,
struct rc_entry ent, tmp; struct rc_entry ent, tmp;
time_t t; time_t t;
FILE *f; FILE *f;
int ret;
ent.stamp = time(NULL); ent.stamp = time(NULL);
checksum_authenticator(rep, ent.data); checksum_authenticator(rep, ent.data);
f = fopen(id->name, "r"); f = fopen(id->name, "r");
if(f == NULL) if(f == NULL) {
return errno; ret = errno;
krb5_set_error_string (context, "open(%s): %s", id->name,
strerror(ret));
return ret;
}
fread(&tmp, sizeof(ent), 1, f); fread(&tmp, sizeof(ent), 1, f);
t = ent.stamp - tmp.stamp; t = ent.stamp - tmp.stamp;
while(fread(&tmp, sizeof(ent), 1, f)){ while(fread(&tmp, sizeof(ent), 1, f)){
@@ -179,17 +207,23 @@ krb5_rc_store(krb5_context context,
continue; continue;
if(memcmp(tmp.data, ent.data, sizeof(ent.data)) == 0){ if(memcmp(tmp.data, ent.data, sizeof(ent.data)) == 0){
fclose(f); fclose(f);
krb5_clear_error_string (context);
return KRB5_RC_REPLAY; return KRB5_RC_REPLAY;
} }
} }
if(ferror(f)){ if(ferror(f)){
ret = errno;
fclose(f); fclose(f);
return errno; krb5_set_error_string (context, "%s: %s", id->name, strerror(ret));
return ret;
} }
fclose(f); fclose(f);
f = fopen(id->name, "a"); f = fopen(id->name, "a");
if(f == NULL) if(f == NULL) {
krb5_set_error_string (context, "open(%s): %s", id->name,
strerror(errno));
return KRB5_RC_IO_UNKNOWN; return KRB5_RC_IO_UNKNOWN;
}
fwrite(&ent, 1, sizeof(ent), f); fwrite(&ent, 1, sizeof(ent), f);
fclose(f); fclose(f);
return 0; return 0;
@@ -216,6 +250,7 @@ krb5_rc_get_lifespan(krb5_context context,
*auth_lifespan = ent.stamp; *auth_lifespan = ent.stamp;
return 0; return 0;
} }
krb5_clear_error_string (context);
return KRB5_RC_IO_UNKNOWN; return KRB5_RC_IO_UNKNOWN;
} }
@@ -243,8 +278,11 @@ krb5_get_server_rcache(krb5_context context,
char *tmp = malloc(4 * piece->length + 1); char *tmp = malloc(4 * piece->length + 1);
char *name; char *name;
if(tmp == NULL)
if(tmp == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
strvisx(tmp, piece->data, piece->length, VIS_WHITE | VIS_OCTAL); strvisx(tmp, piece->data, piece->length, VIS_WHITE | VIS_OCTAL);
#ifdef HAVE_GETEUID #ifdef HAVE_GETEUID
asprintf(&name, "FILE:rc_%s_%u", tmp, geteuid()); asprintf(&name, "FILE:rc_%s_%u", tmp, geteuid());
@@ -252,8 +290,10 @@ krb5_get_server_rcache(krb5_context context,
asprintf(&name, "FILE:rc_%s", tmp); asprintf(&name, "FILE:rc_%s", tmp);
#endif #endif
free(tmp); free(tmp);
if(name == NULL) if(name == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
ret = krb5_rc_resolve_full(context, &rcache, name); ret = krb5_rc_resolve_full(context, &rcache, name);
free(name); free(name);

1
lib/krb5/send_to_kdc.c
View File

@@ -386,6 +386,7 @@ krb5_sendto (krb5_context context,
freeaddrinfo(ai); freeaddrinfo(ai);
} }
} }
krb5_clear_error_string (context);
ret = KRB5_KDC_UNREACH; ret = KRB5_KDC_UNREACH;
out: out:
return ret; return ret;

41
lib/krb5/sendauth.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -90,23 +90,35 @@ krb5_sendauth(krb5_context context,
len = strlen(version) + 1; len = strlen(version) + 1;
net_len = htonl(len); net_len = htonl(len);
if (krb5_net_write (context, p_fd, &net_len, 4) != 4 if (krb5_net_write (context, p_fd, &net_len, 4) != 4
|| krb5_net_write (context, p_fd, version, len) != len) || krb5_net_write (context, p_fd, version, len) != len) {
return errno; ret = errno;
krb5_set_error_string (context, "write: %s", strerror(ret));
return ret;
}
len = strlen(appl_version) + 1; len = strlen(appl_version) + 1;
net_len = htonl(len); net_len = htonl(len);
if (krb5_net_write (context, p_fd, &net_len, 4) != 4 if (krb5_net_write (context, p_fd, &net_len, 4) != 4
|| krb5_net_write (context, p_fd, appl_version, len) != len) || krb5_net_write (context, p_fd, appl_version, len) != len) {
return errno; ret = errno;
krb5_set_error_string (context, "write: %s", strerror(ret));
return ret;
}
sret = krb5_net_read (context, p_fd, &repl, sizeof(repl)); sret = krb5_net_read (context, p_fd, &repl, sizeof(repl));
if (sret < 0) if (sret < 0) {
return errno; ret = errno;
else if (sret != sizeof(repl)) krb5_set_error_string (context, "read: %s", strerror(ret));
return ret;
} else if (sret != sizeof(repl)) {
krb5_clear_error_string (context);
return KRB5_SENDAUTH_BADRESPONSE; return KRB5_SENDAUTH_BADRESPONSE;
}
if (repl != 0) if (repl != 0) {
krb5_clear_error_string (context);
return KRB5_SENDAUTH_REJECTED; return KRB5_SENDAUTH_REJECTED;
}
if (in_creds == NULL) { if (in_creds == NULL) {
if (ccache == NULL) { if (ccache == NULL) {
@@ -170,19 +182,22 @@ krb5_sendauth(krb5_context context,
ret = krb5_rd_error (context, &error_data, &error); ret = krb5_rd_error (context, &error_data, &error);
krb5_data_free (&error_data); krb5_data_free (&error_data);
if (ret == 0) { if (ret == 0) {
ret = krb5_error_from_rd_error(context, &error, NULL);
if (ret_error != NULL) { if (ret_error != NULL) {
*ret_error = malloc (sizeof(krb5_error)); *ret_error = malloc (sizeof(krb5_error));
if (*ret_error == NULL) { if (*ret_error == NULL) {
free_KRB_ERROR(&error); krb5_free_error_contents (context, &error);
} else { } else {
**ret_error = error; **ret_error = error;
} }
} else { } else {
free_KRB_ERROR(&error); krb5_free_error_contents (context, &error);
} }
return error.error_code;
} else
return ret; return ret;
} else {
krb5_clear_error_string(context);
return ret;
}
} }
if (ap_req_options & AP_OPTS_MUTUAL_REQUIRED) { if (ap_req_options & AP_OPTS_MUTUAL_REQUIRED) {

11
lib/krb5/set_default_realm.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -41,15 +41,18 @@ RCSID("$Id$");
*/ */
static krb5_error_code static krb5_error_code
string_to_list (const char *s, krb5_realm **list) string_to_list (krb5_context context, const char *s, krb5_realm **list)
{ {
*list = malloc (2 * sizeof(**list)); *list = malloc (2 * sizeof(**list));
if (*list == NULL) if (*list == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
(*list)[0] = strdup (s); (*list)[0] = strdup (s);
if ((*list)[0] == NULL) { if ((*list)[0] == NULL) {
free (*list); free (*list);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
(*list)[1] = NULL; (*list)[1] = NULL;
@@ -77,7 +80,7 @@ krb5_set_default_realm(krb5_context context,
if (realms == NULL) if (realms == NULL)
ret = krb5_get_host_realm(context, NULL, &realms); ret = krb5_get_host_realm(context, NULL, &realms);
} else { } else {
ret = string_to_list (realm, &realms); ret = string_to_list (context, realm, &realms);
} }
if (ret) if (ret)
return ret; return ret;

14
lib/krb5/sock_principal.c
View File

@@ -51,11 +51,14 @@ krb5_sock_to_principal (krb5_context context,
int family; int family;
char *hname = NULL; char *hname = NULL;
if (getsockname (sock, sa, &len) < 0) if (getsockname (sock, sa, &len) < 0) {
return errno; ret = errno;
krb5_set_error_string (context, "getsockname: %s", strerror(ret));
return ret;
}
family = sa->sa_family; family = sa->sa_family;
ret = krb5_sockaddr2address (sa, &address); ret = krb5_sockaddr2address (context, sa, &address);
if (ret) if (ret)
return ret; return ret;
@@ -63,8 +66,11 @@ krb5_sock_to_principal (krb5_context context,
address.address.length, address.address.length,
family); family);
if (hostent == NULL) if (hostent == NULL) {
krb5_set_error_string (context, "gethostbyaddr: %s",
hstrerror(h_errno));
return krb5_h_errno_to_heim_errno(h_errno); return krb5_h_errno_to_heim_errno(h_errno);
}
hname = hostent->h_name; hname = hostent->h_name;
if (strchr(hname, '.') == NULL) { if (strchr(hname, '.') == NULL) {
char **a; char **a;

6
lib/krb5/ticket.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -52,8 +52,10 @@ krb5_copy_ticket(krb5_context context,
{ {
krb5_error_code ret; krb5_error_code ret;
krb5_ticket *tmp = malloc(sizeof(*tmp)); krb5_ticket *tmp = malloc(sizeof(*tmp));
if(tmp == NULL) if(tmp == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
if((ret = copy_EncTicketPart(&from->ticket, &tmp->ticket))){ if((ret = copy_EncTicketPart(&from->ticket, &tmp->ticket))){
free(tmp); free(tmp);
return ret; return ret;

42
lib/krb5/transited.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -61,7 +61,8 @@ free_realms(struct tr_realm *r)
} }
static int static int
make_path(struct tr_realm *r, const char *from, const char *to) make_path(krb5_context context, struct tr_realm *r,
const char *from, const char *to)
{ {
const char *p; const char *p;
struct tr_realm *path = r->next; struct tr_realm *path = r->next;
@@ -78,8 +79,10 @@ make_path(struct tr_realm *r, const char *from, const char *to)
p = from; p = from;
while(1){ while(1){
p = strchr(p, '.'); p = strchr(p, '.');
if(p == NULL) if(p == NULL) {
krb5_clear_error_string (context);
return KRB5KDC_ERR_POLICY; return KRB5KDC_ERR_POLICY;
}
p++; p++;
if(strcmp(p, to) == 0) if(strcmp(p, to) == 0)
break; break;
@@ -89,6 +92,7 @@ make_path(struct tr_realm *r, const char *from, const char *to)
path->realm = strdup(p); path->realm = strdup(p);
if(path->realm == NULL){ if(path->realm == NULL){
r->next = path; /* XXX */ r->next = path; /* XXX */
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;; return ENOMEM;;
} }
} }
@@ -106,21 +110,25 @@ make_path(struct tr_realm *r, const char *from, const char *to)
path->realm = malloc(p - from + 1); path->realm = malloc(p - from + 1);
if(path->realm == NULL){ if(path->realm == NULL){
r->next = path; /* XXX */ r->next = path; /* XXX */
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
memcpy(path->realm, from, p - from); memcpy(path->realm, from, p - from);
path->realm[p - from] = '\0'; path->realm[p - from] = '\0';
p--; p--;
} }
}else } else {
krb5_clear_error_string (context);
return KRB5KDC_ERR_POLICY; return KRB5KDC_ERR_POLICY;
}
r->next = path; r->next = path;
return 0; return 0;
} }
static int static int
make_paths(struct tr_realm *realms, const char *client_realm, make_paths(krb5_context context,
struct tr_realm *realms, const char *client_realm,
const char *server_realm) const char *server_realm)
{ {
struct tr_realm *r; struct tr_realm *r;
@@ -138,7 +146,7 @@ make_paths(struct tr_realm *realms, const char *client_realm,
next_realm = r->next->realm; next_realm = r->next->realm;
else else
next_realm = server_realm; next_realm = server_realm;
ret = make_path(r, prev_realm, next_realm); ret = make_path(context, r, prev_realm, next_realm);
if(ret){ if(ret){
free_realms(realms); free_realms(realms);
return ret; return ret;
@@ -150,7 +158,8 @@ make_paths(struct tr_realm *realms, const char *client_realm,
} }
static int static int
expand_realms(struct tr_realm *realms, const char *client_realm) expand_realms(krb5_context context,
struct tr_realm *realms, const char *client_realm)
{ {
struct tr_realm *r; struct tr_realm *r;
const char *prev_realm = NULL; const char *prev_realm = NULL;
@@ -162,6 +171,7 @@ expand_realms(struct tr_realm *realms, const char *client_realm)
tmp = realloc(r->realm, strlen(r->realm) + strlen(prev_realm) + 1); tmp = realloc(r->realm, strlen(r->realm) + strlen(prev_realm) + 1);
if(tmp == NULL){ if(tmp == NULL){
free_realms(realms); free_realms(realms);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
r->realm = tmp; r->realm = tmp;
@@ -173,6 +183,7 @@ expand_realms(struct tr_realm *realms, const char *client_realm)
tmp = malloc(strlen(r->realm) + strlen(prev_realm) + 1); tmp = malloc(strlen(r->realm) + strlen(prev_realm) + 1);
if(tmp == NULL){ if(tmp == NULL){
free_realms(realms); free_realms(realms);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
strcpy(tmp, prev_realm); strcpy(tmp, prev_realm);
@@ -236,7 +247,8 @@ append_realm(struct tr_realm *head, struct tr_realm *r)
} }
static int static int
decode_realms(const char *tr, int length, struct tr_realm **realms) decode_realms(krb5_context context,
const char *tr, int length, struct tr_realm **realms)
{ {
struct tr_realm *r = NULL; struct tr_realm *r = NULL;
@@ -261,6 +273,7 @@ decode_realms(const char *tr, int length, struct tr_realm **realms)
r = make_realm(tmp); r = make_realm(tmp);
if(r == NULL){ if(r == NULL){
free_realms(*realms); free_realms(*realms);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
*realms = append_realm(*realms, r); *realms = append_realm(*realms, r);
@@ -273,6 +286,7 @@ decode_realms(const char *tr, int length, struct tr_realm **realms)
r = make_realm(tmp); r = make_realm(tmp);
if(r == NULL){ if(r == NULL){
free_realms(*realms); free_realms(*realms);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
*realms = append_realm(*realms, r); *realms = append_realm(*realms, r);
@@ -282,7 +296,8 @@ decode_realms(const char *tr, int length, struct tr_realm **realms)
krb5_error_code krb5_error_code
krb5_domain_x500_decode(krb5_data tr, char ***realms, int *num_realms, krb5_domain_x500_decode(krb5_context context,
krb5_data tr, char ***realms, int *num_realms,
const char *client_realm, const char *server_realm) const char *client_realm, const char *server_realm)
{ {
struct tr_realm *r = NULL; struct tr_realm *r = NULL;
@@ -290,16 +305,16 @@ krb5_domain_x500_decode(krb5_data tr, char ***realms, int *num_realms,
int ret; int ret;
/* split string in components */ /* split string in components */
ret = decode_realms(tr.data, tr.length, &r); ret = decode_realms(context, tr.data, tr.length, &r);
if(ret) if(ret)
return ret; return ret;
/* apply prefix rule */ /* apply prefix rule */
ret = expand_realms(r, client_realm); ret = expand_realms(context, r, client_realm);
if(ret) if(ret)
return ret; return ret;
ret = make_paths(r, client_realm, server_realm); ret = make_paths(context, r, client_realm, server_realm);
if(ret) if(ret)
return ret; return ret;
@@ -324,6 +339,7 @@ krb5_domain_x500_decode(krb5_data tr, char ***realms, int *num_realms,
R = realloc(*realms, (*num_realms + 1) * sizeof(**realms)); R = realloc(*realms, (*num_realms + 1) * sizeof(**realms));
if(R == NULL) { if(R == NULL) {
free(*realms); free(*realms);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
R[*num_realms] = r->realm; R[*num_realms] = r->realm;
@@ -382,6 +398,8 @@ krb5_check_transited_realms(krb5_context context,
char **p; char **p;
for(p = bad_realms; *p; p++) for(p = bad_realms; *p; p++)
if(strcmp(*p, realms[i]) == 0) { if(strcmp(*p, realms[i]) == 0) {
krb5_set_error_string (context, "no transit through realm %s",
*p);
ret = KRB5KRB_AP_ERR_ILL_CR_TKT; ret = KRB5KRB_AP_ERR_ILL_CR_TKT;
if(bad_realm) if(bad_realm)
*bad_realm = i; *bad_realm = i;

8
lib/krb5/verify_init.c
View File

@@ -92,8 +92,12 @@ krb5_verify_init_creds(krb5_context context,
if (ap_req_server == NULL) { if (ap_req_server == NULL) {
char local_hostname[MAXHOSTNAMELEN]; char local_hostname[MAXHOSTNAMELEN];
if (gethostname (local_hostname, sizeof(local_hostname)) < 0) if (gethostname (local_hostname, sizeof(local_hostname)) < 0) {
return errno; ret = errno;
krb5_set_error_string (context, "getsockname: %s",
strerror(ret));
return ret;
}
ret = krb5_sname_to_principal (context, ret = krb5_sname_to_principal (context,
local_hostname, local_hostname,

14
lib/krb5/verify_krb5_conf.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1999 Kungliga Tekniska H<>gskolan * Copyright (c) 1999 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -60,15 +60,18 @@ usage (int ret)
int int
main(int argc, char **argv) main(int argc, char **argv)
{ {
krb5_context context;
const char *config_file = NULL; const char *config_file = NULL;
krb5_error_code ret; krb5_error_code ret;
krb5_config_section *tmp_cf; krb5_config_section *tmp_cf;
unsigned lineno;
char *error_message;
int optind = 0; int optind = 0;
setprogname (argv[0]); setprogname (argv[0]);
ret = krb5_init_context(&context);
if (ret)
errx (1, "krb5_init_context failed");
if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind)) if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
usage(1); usage(1);
@@ -93,10 +96,9 @@ main(int argc, char **argv)
usage (1); usage (1);
} }
ret = krb5_config_parse_file_debug (config_file, &tmp_cf, &lineno, ret = krb5_config_parse_file (context, config_file, &tmp_cf);
&error_message);
if (ret == 0) if (ret == 0)
return 0; return 0;
fprintf (stderr, "%s:%u: %s\n", config_file, lineno, error_message); krb5_warn (context, ret, "krb5_config_parse_file");
return 1; return 1;
} }

7
lib/krb5/verify_user.c
View File

@@ -50,7 +50,8 @@ verify_common (krb5_context context,
ret = krb5_sname_to_principal (context, NULL, service, KRB5_NT_SRV_HST, ret = krb5_sname_to_principal (context, NULL, service, KRB5_NT_SRV_HST,
&server); &server);
if(ret) return ret; if(ret)
return ret;
krb5_verify_init_creds_opt_init(&vopt); krb5_verify_init_creds_opt_init(&vopt);
krb5_verify_init_creds_opt_set_ap_req_nofail(&vopt, secure); krb5_verify_init_creds_opt_set_ap_req_nofail(&vopt, secure);
@@ -62,7 +63,8 @@ verify_common (krb5_context context,
NULL, NULL,
&vopt); &vopt);
krb5_free_principal(context, server); krb5_free_principal(context, server);
if(ret) return ret; if(ret)
return ret;
if(ccache == NULL) if(ccache == NULL)
ret = krb5_cc_default (context, &id); ret = krb5_cc_default (context, &id);
else else
@@ -150,6 +152,7 @@ krb5_verify_user_lrealm(krb5_context context,
if (tmp == NULL) { if (tmp == NULL) {
krb5_free_host_realm (context, realms); krb5_free_host_realm (context, realms);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
free (*krb5_princ_realm (context, principal)); free (*krb5_princ_realm (context, principal));

11
lib/krb5/write_message.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -42,12 +42,16 @@ krb5_write_message (krb5_context context,
{ {
u_int32_t len; u_int32_t len;
u_int8_t buf[4]; u_int8_t buf[4];
int ret;
len = data->length; len = data->length;
_krb5_put_int(buf, len, 4); _krb5_put_int(buf, len, 4);
if (krb5_net_write (context, p_fd, buf, 4) != 4 if (krb5_net_write (context, p_fd, buf, 4) != 4
|| krb5_net_write (context, p_fd, data->data, len) != len) || krb5_net_write (context, p_fd, data->data, len) != len) {
return errno; ret = errno;
krb5_set_error_string (context, "write: %s", strerror(ret));
return ret;
}
return 0; return 0;
} }
@@ -59,6 +63,7 @@ krb5_write_priv_message(krb5_context context,
{ {
krb5_error_code ret; krb5_error_code ret;
krb5_data packet; krb5_data packet;
ret = krb5_mk_priv (context, ac, data, &packet, NULL); ret = krb5_mk_priv (context, ac, data, &packet, NULL);
if(ret) if(ret)
return ret; return ret;