summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib/krb5
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2006-03-22 10:16:59 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:59:02 -0500
commit864d9b531dc2fba94f5ea839b087e28d402c643a (patch)
tree91f72ed27956be3c0d536d725b0505cba35e3adb /source4/heimdal/lib/krb5
parent4fd82be1403f873f67eecb8fee457b8de9fc5cd1 (diff)
downloadsamba-864d9b531dc2fba94f5ea839b087e28d402c643a.tar.gz
samba-864d9b531dc2fba94f5ea839b087e28d402c643a.tar.bz2
samba-864d9b531dc2fba94f5ea839b087e28d402c643a.zip
r14635: - Remove lex.c from SVN (it is built anyway, and having it in SVN
confuses things) - Update Samba4 from lorikeet-heimdal - Remove generated symlink on make clean Andrew Bartlett (This used to be commit a5c2b4cc92e807d18cb8df99bebf004fa4252e1e)
Diffstat (limited to 'source4/heimdal/lib/krb5')
-rw-r--r--source4/heimdal/lib/krb5/addr_families.c11
-rw-r--r--source4/heimdal/lib/krb5/crypto.c8
-rw-r--r--source4/heimdal/lib/krb5/get_for_creds.c4
-rw-r--r--source4/heimdal/lib/krb5/mk_req_ext.c195
-rw-r--r--source4/heimdal/lib/krb5/rd_priv.c7
-rw-r--r--source4/heimdal/lib/krb5/send_to_kdc.c4
6 files changed, 112 insertions, 117 deletions
diff --git a/source4/heimdal/lib/krb5/addr_families.c b/source4/heimdal/lib/krb5/addr_families.c
index ccc97f412d..cf460ba725 100644
--- a/source4/heimdal/lib/krb5/addr_families.c
+++ b/source4/heimdal/lib/krb5/addr_families.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: addr_families.c,v 1.49 2005/06/16 20:16:12 lha Exp $");
+RCSID("$Id: addr_families.c,v 1.50 2006/03/17 22:12:13 lha Exp $");
struct addr_operations {
int af;
@@ -930,11 +930,18 @@ krb5_parse_address(krb5_context context,
int error;
int save_errno;
+ addresses->len = 0;
+ addresses->val = NULL;
+
for(i = 0; i < num_addrs; i++) {
if(at[i].parse_addr) {
krb5_address addr;
if((*at[i].parse_addr)(context, string, &addr) == 0) {
ALLOC_SEQ(addresses, 1);
+ if (addresses->val == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
addresses->val[0] = addr;
return 0;
}
@@ -1047,6 +1054,8 @@ krb5_free_addresses(krb5_context context,
for(i = 0; i < addresses->len; i++)
krb5_free_address(context, &addresses->val[i]);
free(addresses->val);
+ addresses->len = 0;
+ addresses->val = NULL;
return 0;
}
diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c
index 3cfc780eb4..039484c650 100644
--- a/source4/heimdal/lib/krb5/crypto.c
+++ b/source4/heimdal/lib/krb5/crypto.c
@@ -32,7 +32,7 @@
*/
#include "krb5_locl.h"
-RCSID("$Id: crypto.c,v 1.132 2006/02/28 14:52:57 lha Exp $");
+RCSID("$Id: crypto.c,v 1.133 2006/03/07 19:34:55 lha Exp $");
#undef CRYPTO_DEBUG
#ifdef CRYPTO_DEBUG
@@ -3414,7 +3414,7 @@ decrypt_internal_derived(krb5_context context,
l = len - et->confoundersize;
memmove(p, p + et->confoundersize, l);
result->data = realloc(p, l);
- if(result->data == NULL) {
+ if(result->data == NULL && l != 0) {
free(p);
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
@@ -3479,7 +3479,7 @@ decrypt_internal(krb5_context context,
l = len - et->confoundersize - checksum_sz;
memmove(p, p + et->confoundersize + checksum_sz, l);
result->data = realloc(p, l);
- if(result->data == NULL) {
+ if(result->data == NULL && l != 0) {
free(p);
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
@@ -3523,7 +3523,7 @@ decrypt_internal_special(krb5_context context,
memmove (p, p + cksum_sz + et->confoundersize, sz);
result->data = realloc(p, sz);
- if(result->data == NULL) {
+ if(result->data == NULL && sz != 0) {
free(p);
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
diff --git a/source4/heimdal/lib/krb5/get_for_creds.c b/source4/heimdal/lib/krb5/get_for_creds.c
index aa7c62befc..dafe668b5d 100644
--- a/source4/heimdal/lib/krb5/get_for_creds.c
+++ b/source4/heimdal/lib/krb5/get_for_creds.c
@@ -33,7 +33,7 @@
#include <krb5_locl.h>
-RCSID("$Id: get_for_creds.c,v 1.47 2006/02/03 11:37:29 lha Exp $");
+RCSID("$Id: get_for_creds.c,v 1.48 2006/03/07 19:38:09 lha Exp $");
static krb5_error_code
add_addrs(krb5_context context,
@@ -50,7 +50,7 @@ add_addrs(krb5_context context,
++n;
tmp = realloc(addr->val, (addr->len + n) * sizeof(*addr->val));
- if (tmp == NULL) {
+ if (tmp == NULL && (addr->len + n) != 0) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
goto fail;
diff --git a/source4/heimdal/lib/krb5/mk_req_ext.c b/source4/heimdal/lib/krb5/mk_req_ext.c
index ab83d912ea..18b0e3552f 100644
--- a/source4/heimdal/lib/krb5/mk_req_ext.c
+++ b/source4/heimdal/lib/krb5/mk_req_ext.c
@@ -33,7 +33,7 @@
#include <krb5_locl.h>
-RCSID("$Id: mk_req_ext.c,v 1.30 2005/01/05 06:31:01 lukeh Exp $");
+RCSID("$Id: mk_req_ext.c,v 1.32 2006/03/19 20:33:13 lha Exp $");
krb5_error_code
_krb5_mk_req_internal(krb5_context context,
@@ -45,120 +45,103 @@ _krb5_mk_req_internal(krb5_context context,
krb5_key_usage checksum_usage,
krb5_key_usage encrypt_usage)
{
- krb5_error_code ret;
- krb5_data authenticator;
- Checksum c;
- Checksum *c_opt;
- krb5_auth_context ac;
+ krb5_error_code ret;
+ krb5_data authenticator;
+ Checksum c;
+ Checksum *c_opt;
+ krb5_auth_context ac;
- if(auth_context) {
- if(*auth_context == NULL)
- ret = krb5_auth_con_init(context, auth_context);
- else
- ret = 0;
- ac = *auth_context;
- } else
- ret = krb5_auth_con_init(context, &ac);
- if(ret)
- return ret;
+ if(auth_context) {
+ if(*auth_context == NULL)
+ ret = krb5_auth_con_init(context, auth_context);
+ else
+ ret = 0;
+ ac = *auth_context;
+ } else
+ ret = krb5_auth_con_init(context, &ac);
+ if(ret)
+ return ret;
- if(ac->local_subkey == NULL && (ap_req_options & AP_OPTS_USE_SUBKEY)) {
- ret = krb5_auth_con_generatelocalsubkey(context, ac, &in_creds->session);
- if(ret)
- return ret;
- }
+ if(ac->local_subkey == NULL && (ap_req_options & AP_OPTS_USE_SUBKEY)) {
+ ret = krb5_auth_con_generatelocalsubkey(context,
+ ac,
+ &in_creds->session);
+ if(ret)
+ goto out;
+ }
-#if 0
- {
- /* This is somewhat bogus since we're possibly overwriting a
- value specified by the user, but it's the easiest way to make
- the code use a compatible enctype */
- Ticket ticket;
- krb5_keytype ticket_keytype;
+ krb5_free_keyblock(context, ac->keyblock);
+ ret = krb5_copy_keyblock(context, &in_creds->session, &ac->keyblock);
+ if (ret)
+ goto out;
+
+ /* it's unclear what type of checksum we can use. try the best one, except:
+ * a) if it's configured differently for the current realm, or
+ * b) if the session key is des-cbc-crc
+ */
- ret = decode_Ticket(in_creds->ticket.data,
- in_creds->ticket.length,
- &ticket,
- NULL);
- krb5_enctype_to_keytype (context,
- ticket.enc_part.etype,
- &ticket_keytype);
+ if (in_data) {
+ if(ac->keyblock->keytype == ETYPE_DES_CBC_CRC) {
+ /* this is to make DCE secd (and older MIT kdcs?) happy */
+ ret = krb5_create_checksum(context,
+ NULL,
+ 0,
+ CKSUMTYPE_RSA_MD4,
+ in_data->data,
+ in_data->length,
+ &c);
+ } else if(ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5 ||
+ ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5_56) {
+ /* this is to make MS kdc happy */
+ ret = krb5_create_checksum(context,
+ NULL,
+ 0,
+ CKSUMTYPE_RSA_MD5,
+ in_data->data,
+ in_data->length,
+ &c);
+ } else {
+ krb5_crypto crypto;
- if (ticket_keytype == in_creds->session.keytype)
- krb5_auth_setenctype(context,
- ac,
- ticket.enc_part.etype);
- free_Ticket(&ticket);
- }
-#endif
+ ret = krb5_crypto_init(context, ac->keyblock, 0, &crypto);
+ if (ret)
+ goto out;
+ ret = krb5_create_checksum(context,
+ crypto,
+ checksum_usage,
+ 0,
+ in_data->data,
+ in_data->length,
+ &c);
+ krb5_crypto_destroy(context, crypto);
+ }
+ c_opt = &c;
+ } else {
+ c_opt = NULL;
+ }
- krb5_free_keyblock(context, ac->keyblock);
- krb5_copy_keyblock(context, &in_creds->session, &ac->keyblock);
+ if (ret)
+ goto out;
- /* it's unclear what type of checksum we can use. try the best one, except:
- * a) if it's configured differently for the current realm, or
- * b) if the session key is des-cbc-crc
- */
-
- if (in_data) {
- if(ac->keyblock->keytype == ETYPE_DES_CBC_CRC) {
- /* this is to make DCE secd (and older MIT kdcs?) happy */
- ret = krb5_create_checksum(context,
- NULL,
- 0,
- CKSUMTYPE_RSA_MD4,
- in_data->data,
- in_data->length,
- &c);
- } else if(ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5 ||
- ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5_56) {
- /* this is to make MS kdc happy */
- ret = krb5_create_checksum(context,
- NULL,
- 0,
- CKSUMTYPE_RSA_MD5,
- in_data->data,
- in_data->length,
- &c);
- } else {
- krb5_crypto crypto;
+ ret = krb5_build_authenticator (context,
+ ac,
+ ac->keyblock->keytype,
+ in_creds,
+ c_opt,
+ NULL,
+ &authenticator,
+ encrypt_usage);
+ if (c_opt)
+ free_Checksum (c_opt);
+ if (ret)
+ goto out;
- ret = krb5_crypto_init(context, ac->keyblock, 0, &crypto);
- if (ret)
- return ret;
- ret = krb5_create_checksum(context,
- crypto,
- checksum_usage,
- 0,
- in_data->data,
- in_data->length,
- &c);
-
- krb5_crypto_destroy(context, crypto);
- }
- c_opt = &c;
- } else {
- c_opt = NULL;
- }
-
- ret = krb5_build_authenticator (context,
- ac,
- ac->keyblock->keytype,
- in_creds,
- c_opt,
- NULL,
- &authenticator,
- encrypt_usage);
- if (c_opt)
- free_Checksum (c_opt);
- if (ret)
+ ret = krb5_build_ap_req (context, ac->keyblock->keytype,
+ in_creds, ap_req_options, authenticator, outbuf);
+out:
+ if(auth_context == NULL)
+ krb5_auth_con_free(context, ac);
return ret;
-
- ret = krb5_build_ap_req (context, ac->keyblock->keytype,
- in_creds, ap_req_options, authenticator, outbuf);
- if(auth_context == NULL)
- krb5_auth_con_free(context, ac);
- return ret;
}
krb5_error_code KRB5_LIB_FUNCTION
diff --git a/source4/heimdal/lib/krb5/rd_priv.c b/source4/heimdal/lib/krb5/rd_priv.c
index bafd23e995..bf82ad556e 100644
--- a/source4/heimdal/lib/krb5/rd_priv.c
+++ b/source4/heimdal/lib/krb5/rd_priv.c
@@ -33,7 +33,7 @@
#include <krb5_locl.h>
-RCSID("$Id: rd_priv.c,v 1.31 2004/05/25 21:39:13 lha Exp $");
+RCSID("$Id: rd_priv.c,v 1.32 2006/03/18 22:15:57 lha Exp $");
krb5_error_code KRB5_LIB_FUNCTION
krb5_rd_priv(krb5_context context,
@@ -50,6 +50,9 @@ krb5_rd_priv(krb5_context context,
krb5_keyblock *key;
krb5_crypto crypto;
+ if (outdata)
+ krb5_data_zero(outdata);
+
if ((auth_context->flags &
(KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
outdata == NULL)
@@ -158,7 +161,7 @@ krb5_rd_priv(krb5_context context,
(KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) {
/* if these fields are not present in the priv-part, silently
return zero */
- memset(outdata, 0, sizeof(*outdata));
+ krb5_data_zero(outdata);
if(part.timestamp)
outdata->timestamp = *part.timestamp;
if(part.usec)
diff --git a/source4/heimdal/lib/krb5/send_to_kdc.c b/source4/heimdal/lib/krb5/send_to_kdc.c
index 7bb4adabbd..d3d21aea3f 100644
--- a/source4/heimdal/lib/krb5/send_to_kdc.c
+++ b/source4/heimdal/lib/krb5/send_to_kdc.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: send_to_kdc.c,v 1.56 2005/06/17 04:33:11 lha Exp $");
+RCSID("$Id: send_to_kdc.c,v 1.57 2006/03/07 19:39:59 lha Exp $");
struct send_and_recv {
krb5_send_and_recv_func_t func;
@@ -102,7 +102,7 @@ recv_loop (int fd,
krb5_data_free (rep);
return -1;
}
- if(nbytes == 0)
+ if(nbytes <= 0)
return 0;
if (limit)