diff --git a/lib/krb5/fast.c b/lib/krb5/fast.c index 5b49c1be7..5e4875c6c 100644 --- a/lib/krb5/fast.c +++ b/lib/krb5/fast.c @@ -856,7 +856,7 @@ _krb5_fast_anon_pkinit_step(krb5_context context, struct krb5_fast_state *state, krb5_data *in, krb5_data *out, - const void *_unused, + krb5_realm *out_realm, unsigned int *flags) { krb5_error_code ret; @@ -867,6 +867,9 @@ _krb5_fast_anon_pkinit_step(krb5_context context, krb5_creds cred; krb5_data data = { 3, rk_UNCONST("yes") }; + krb5_data_zero(out); + *out_realm = NULL; + memset(&cred, 0, sizeof(cred)); if (state->anon_pkinit_opt == NULL) { @@ -902,7 +905,7 @@ _krb5_fast_anon_pkinit_step(krb5_context context, anon_pk_ctx = state->anon_pkinit_ctx; - ret = krb5_init_creds_step(context, anon_pk_ctx, in, out, NULL, flags); + ret = krb5_init_creds_step(context, anon_pk_ctx, in, out, out_realm, flags); if (ret || (*flags & KRB5_INIT_CREDS_STEP_FLAG_CONTINUE)) goto out; diff --git a/lib/krb5/init_creds_pw.c b/lib/krb5/init_creds_pw.c index 4985d709b..25767e31f 100644 --- a/lib/krb5/init_creds_pw.c +++ b/lib/krb5/init_creds_pw.c @@ -2966,7 +2966,7 @@ init_creds_step(krb5_context context, krb5_init_creds_context ctx, krb5_data *in, krb5_data *out, - const void *_unused, + krb5_realm *out_realm, unsigned int *flags) { struct timeval start_time, end_time; @@ -2979,6 +2979,7 @@ init_creds_step(krb5_context context, gettimeofday(&start_time, NULL); krb5_data_zero(out); + *out_realm = NULL; krb5_data_zero(&checksum_data); if (ctx->as_req.req_body.cname == NULL) { @@ -3417,6 +3418,13 @@ init_creds_step(krb5_context context, if (ret) goto out; + *out_realm = strdup(ctx->cred.client->realm); + if (*out_realm == NULL) { + krb5_data_free(out); + ret = ENOMEM; + goto out; + } + *flags = KRB5_INIT_CREDS_STEP_FLAG_CONTINUE; gettimeofday(&end_time, NULL); @@ -3439,6 +3447,7 @@ init_creds_step(krb5_context context, * @param ctx ctx krb5_init_creds_context context. * @param in input data from KDC, first round it should be reset by krb5_data_zero(). * @param out reply to KDC. The caller needs to call krb5_data_free() + * @param out_realm the destination realm for 'out', free with krb5_xfree() * @param flags status of the round, if * KRB5_INIT_CREDS_STEP_FLAG_CONTINUE is set, continue one more round. * @@ -3453,18 +3462,20 @@ krb5_init_creds_step(krb5_context context, krb5_init_creds_context ctx, krb5_data *in, krb5_data *out, - const void *_unused, + krb5_realm *out_realm, unsigned int *flags) { krb5_error_code ret; krb5_data empty; krb5_data_zero(&empty); + krb5_data_zero(out); + *out_realm = NULL; if ((ctx->fast_state.flags & KRB5_FAST_ANON_PKINIT_ARMOR) && ctx->fast_state.armor_ccache == NULL) { ret = _krb5_fast_anon_pkinit_step(context, ctx, &ctx->fast_state, - in, out, NULL, flags); + in, out, out_realm, flags); if (ret && (ctx->fast_state.flags & KRB5_FAST_OPTIMISTIC)) { _krb5_debug(context, 5, "Preauth failed with optimistic " "FAST, trying w/o FAST"); @@ -3478,7 +3489,7 @@ krb5_init_creds_step(krb5_context context, in = ∅ } - return init_creds_step(context, ctx, in, out, NULL, flags); + return init_creds_step(context, ctx, in, out, out_realm, flags); } /** @@ -3690,9 +3701,10 @@ krb5_init_creds_get(krb5_context context, krb5_init_creds_context ctx) while (1) { struct timeval nstart, nend; + krb5_realm realm = NULL; flags = 0; - ret = krb5_init_creds_step(context, ctx, &in, &out, NULL, &flags); + ret = krb5_init_creds_step(context, ctx, &in, &out, &realm, &flags); krb5_data_free(&in); if (ret) goto out; @@ -3702,9 +3714,9 @@ krb5_init_creds_get(krb5_context context, krb5_init_creds_context ctx) gettimeofday(&nstart, NULL); - ret = krb5_sendto_context (context, stctx, &out, - ctx->cred.client->realm, &in); + ret = krb5_sendto_context (context, stctx, &out, realm, &in); krb5_data_free(&out); + free(realm); if (ret) goto out;