(*): handle krb5_unparse_name returning non-zero
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12549 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
@@ -356,9 +356,12 @@ get_pa_etype_info(METHOD_DATA *md, hdb_entry *client,
|
|||||||
|
|
||||||
if(n != pa.len) {
|
if(n != pa.len) {
|
||||||
char *name;
|
char *name;
|
||||||
krb5_unparse_name(context, client->principal, &name);
|
ret = krb5_unparse_name(context, client->principal, &name);
|
||||||
|
if (ret)
|
||||||
|
name = "<unparse_name failed>";
|
||||||
kdc_log(0, "internal error in get_pa_etype_info(%s): %d != %d",
|
kdc_log(0, "internal error in get_pa_etype_info(%s): %d != %d",
|
||||||
name, n, pa.len);
|
name, n, pa.len);
|
||||||
|
if (ret == 0)
|
||||||
free(name);
|
free(name);
|
||||||
pa.len = n;
|
pa.len = n;
|
||||||
}
|
}
|
||||||
@@ -492,9 +495,12 @@ get_pa_etype_info2(METHOD_DATA *md, hdb_entry *client,
|
|||||||
|
|
||||||
if(n != pa.len) {
|
if(n != pa.len) {
|
||||||
char *name;
|
char *name;
|
||||||
krb5_unparse_name(context, client->principal, &name);
|
ret = krb5_unparse_name(context, client->principal, &name);
|
||||||
|
if (ret)
|
||||||
|
name = "<unparse_name failed>";
|
||||||
kdc_log(0, "internal error in get_pa_etype_info(%s): %d != %d",
|
kdc_log(0, "internal error in get_pa_etype_info(%s): %d != %d",
|
||||||
name, n, pa.len);
|
name, n, pa.len);
|
||||||
|
if (ret == 0)
|
||||||
free(name);
|
free(name);
|
||||||
pa.len = n;
|
pa.len = n;
|
||||||
}
|
}
|
||||||
@@ -633,8 +639,8 @@ as_rep(KDC_REQ *req,
|
|||||||
krb5_enctype cetype, setype;
|
krb5_enctype cetype, setype;
|
||||||
EncTicketPart et;
|
EncTicketPart et;
|
||||||
EncKDCRepPart ek;
|
EncKDCRepPart ek;
|
||||||
krb5_principal client_princ, server_princ;
|
krb5_principal client_princ = NULL, server_princ = NULL;
|
||||||
char *client_name, *server_name;
|
char *client_name = NULL, *server_name = NULL;
|
||||||
krb5_error_code ret = 0;
|
krb5_error_code ret = 0;
|
||||||
const char *e_text = NULL;
|
const char *e_text = NULL;
|
||||||
krb5_crypto crypto;
|
krb5_crypto crypto;
|
||||||
@@ -643,28 +649,32 @@ as_rep(KDC_REQ *req,
|
|||||||
memset(&rep, 0, sizeof(rep));
|
memset(&rep, 0, sizeof(rep));
|
||||||
|
|
||||||
if(b->sname == NULL){
|
if(b->sname == NULL){
|
||||||
server_name = "<unknown server>";
|
|
||||||
ret = KRB5KRB_ERR_GENERIC;
|
ret = KRB5KRB_ERR_GENERIC;
|
||||||
e_text = "No server in request";
|
e_text = "No server in request";
|
||||||
} else{
|
} else{
|
||||||
principalname2krb5_principal (&server_princ, *(b->sname), b->realm);
|
principalname2krb5_principal (&server_princ, *(b->sname), b->realm);
|
||||||
krb5_unparse_name(context, server_princ, &server_name);
|
ret = krb5_unparse_name(context, server_princ, &server_name);
|
||||||
|
}
|
||||||
|
if (ret) {
|
||||||
|
kdc_log(0, "AS-REQ malformed server name from %s", from);
|
||||||
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(b->cname == NULL){
|
if(b->cname == NULL){
|
||||||
client_name = "<unknown client>";
|
|
||||||
ret = KRB5KRB_ERR_GENERIC;
|
ret = KRB5KRB_ERR_GENERIC;
|
||||||
e_text = "No client in request";
|
e_text = "No client in request";
|
||||||
} else {
|
} else {
|
||||||
principalname2krb5_principal (&client_princ, *(b->cname), b->realm);
|
principalname2krb5_principal (&client_princ, *(b->cname), b->realm);
|
||||||
krb5_unparse_name(context, client_princ, &client_name);
|
ret = krb5_unparse_name(context, client_princ, &client_name);
|
||||||
}
|
}
|
||||||
|
if (ret) {
|
||||||
|
kdc_log(0, "AS-REQ malformed client name from %s", from);
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
kdc_log(0, "AS-REQ %s from %s for %s",
|
kdc_log(0, "AS-REQ %s from %s for %s",
|
||||||
client_name, from, server_name);
|
client_name, from, server_name);
|
||||||
|
|
||||||
if(ret)
|
|
||||||
goto out;
|
|
||||||
|
|
||||||
ret = db_fetch(client_princ, &client);
|
ret = db_fetch(client_princ, &client);
|
||||||
if(ret){
|
if(ret){
|
||||||
kdc_log(0, "UNKNOWN -- %s: %s", client_name,
|
kdc_log(0, "UNKNOWN -- %s: %s", client_name,
|
||||||
@@ -1073,8 +1083,10 @@ as_rep(KDC_REQ *req,
|
|||||||
ret = 0;
|
ret = 0;
|
||||||
}
|
}
|
||||||
out2:
|
out2:
|
||||||
|
if (client_princ)
|
||||||
krb5_free_principal(context, client_princ);
|
krb5_free_principal(context, client_princ);
|
||||||
free(client_name);
|
free(client_name);
|
||||||
|
if (server_princ)
|
||||||
krb5_free_principal(context, server_princ);
|
krb5_free_principal(context, server_princ);
|
||||||
free(server_name);
|
free(server_name);
|
||||||
if(client)
|
if(client)
|
||||||
@@ -1596,11 +1608,15 @@ tgs_rep2(KDC_REQ_BODY *b,
|
|||||||
ret = db_fetch(princ, &krbtgt);
|
ret = db_fetch(princ, &krbtgt);
|
||||||
|
|
||||||
if(ret) {
|
if(ret) {
|
||||||
|
krb5_error_code ret2;
|
||||||
char *p;
|
char *p;
|
||||||
krb5_unparse_name(context, princ, &p);
|
ret = krb5_unparse_name(context, princ, &p);
|
||||||
|
if (ret2 != 0)
|
||||||
|
p = "<unparse_name failed>";
|
||||||
krb5_free_principal(context, princ);
|
krb5_free_principal(context, princ);
|
||||||
kdc_log(0, "Ticket-granting ticket not found in database: %s: %s",
|
kdc_log(0, "Ticket-granting ticket not found in database: %s: %s",
|
||||||
p, krb5_get_err_text(context, ret));
|
p, krb5_get_err_text(context, ret));
|
||||||
|
if (ret2 == 0)
|
||||||
free(p);
|
free(p);
|
||||||
ret = KRB5KRB_AP_ERR_NOT_US;
|
ret = KRB5KRB_AP_ERR_NOT_US;
|
||||||
goto out2;
|
goto out2;
|
||||||
@@ -1610,12 +1626,15 @@ tgs_rep2(KDC_REQ_BODY *b,
|
|||||||
*ap_req.ticket.enc_part.kvno != krbtgt->kvno){
|
*ap_req.ticket.enc_part.kvno != krbtgt->kvno){
|
||||||
char *p;
|
char *p;
|
||||||
|
|
||||||
krb5_unparse_name (context, princ, &p);
|
ret = krb5_unparse_name (context, princ, &p);
|
||||||
krb5_free_principal(context, princ);
|
krb5_free_principal(context, princ);
|
||||||
|
if (ret != 0)
|
||||||
|
p = "<unparse_name failed>";
|
||||||
kdc_log(0, "Ticket kvno = %d, DB kvno = %d (%s)",
|
kdc_log(0, "Ticket kvno = %d, DB kvno = %d (%s)",
|
||||||
*ap_req.ticket.enc_part.kvno,
|
*ap_req.ticket.enc_part.kvno,
|
||||||
krbtgt->kvno,
|
krbtgt->kvno,
|
||||||
p);
|
p);
|
||||||
|
if (ret == 0)
|
||||||
free (p);
|
free (p);
|
||||||
ret = KRB5KRB_AP_ERR_BADKEYVER;
|
ret = KRB5KRB_AP_ERR_BADKEYVER;
|
||||||
goto out2;
|
goto out2;
|
||||||
@@ -1800,9 +1819,13 @@ tgs_rep2(KDC_REQ_BODY *b,
|
|||||||
}
|
}
|
||||||
|
|
||||||
principalname2krb5_principal(&sp, *s, r);
|
principalname2krb5_principal(&sp, *s, r);
|
||||||
krb5_unparse_name(context, sp, &spn);
|
ret = krb5_unparse_name(context, sp, &spn);
|
||||||
|
if (ret)
|
||||||
|
goto out;
|
||||||
principalname2krb5_principal(&cp, tgt->cname, tgt->crealm);
|
principalname2krb5_principal(&cp, tgt->cname, tgt->crealm);
|
||||||
krb5_unparse_name(context, cp, &cpn);
|
ret = krb5_unparse_name(context, cp, &cpn);
|
||||||
|
if (ret)
|
||||||
|
goto out;
|
||||||
unparse_flags (KDCOptions2int(b->kdc_options), KDCOptions_units,
|
unparse_flags (KDCOptions2int(b->kdc_options), KDCOptions_units,
|
||||||
opt_str, sizeof(opt_str));
|
opt_str, sizeof(opt_str));
|
||||||
if(*opt_str)
|
if(*opt_str)
|
||||||
@@ -1827,7 +1850,9 @@ tgs_rep2(KDC_REQ_BODY *b,
|
|||||||
free(spn);
|
free(spn);
|
||||||
krb5_make_principal(context, &sp, r,
|
krb5_make_principal(context, &sp, r,
|
||||||
KRB5_TGS_NAME, new_rlm, NULL);
|
KRB5_TGS_NAME, new_rlm, NULL);
|
||||||
krb5_unparse_name(context, sp, &spn);
|
ret = krb5_unparse_name(context, sp, &spn);
|
||||||
|
if (ret)
|
||||||
|
goto out;
|
||||||
goto server_lookup;
|
goto server_lookup;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -1840,7 +1865,9 @@ tgs_rep2(KDC_REQ_BODY *b,
|
|||||||
free(spn);
|
free(spn);
|
||||||
krb5_make_principal(context, &sp, r, KRB5_TGS_NAME,
|
krb5_make_principal(context, &sp, r, KRB5_TGS_NAME,
|
||||||
realms[0], NULL);
|
realms[0], NULL);
|
||||||
krb5_unparse_name(context, sp, &spn);
|
ret = krb5_unparse_name(context, sp, &spn);
|
||||||
|
if (ret)
|
||||||
|
goto out;
|
||||||
krb5_free_host_realm(context, realms);
|
krb5_free_host_realm(context, realms);
|
||||||
goto server_lookup;
|
goto server_lookup;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user