diff options
Diffstat (limited to 'source4/heimdal/lib/krb5/build_auth.c')
| -rw-r--r-- | source4/heimdal/lib/krb5/build_auth.c | 80 |
1 files changed, 37 insertions, 43 deletions
diff --git a/source4/heimdal/lib/krb5/build_auth.c b/source4/heimdal/lib/krb5/build_auth.c index bf77fd4e77..a845e0ac33 100644 --- a/source4/heimdal/lib/krb5/build_auth.c +++ b/source4/heimdal/lib/krb5/build_auth.c @@ -100,35 +100,30 @@ make_etypelist(krb5_context context, } krb5_error_code KRB5_LIB_FUNCTION -krb5_build_authenticator (krb5_context context, +_krb5_build_authenticator(krb5_context context, krb5_auth_context auth_context, krb5_enctype enctype, krb5_creds *cred, Checksum *cksum, - Authenticator **auth_result, krb5_data *result, krb5_key_usage usage) { - Authenticator *auth; + Authenticator auth; u_char *buf = NULL; size_t buf_size; size_t len; krb5_error_code ret; krb5_crypto crypto; - auth = calloc(1, sizeof(*auth)); - if (auth == NULL) { - krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); - return ENOMEM; - } + memset(&auth, 0, sizeof(auth)); - auth->authenticator_vno = 5; - copy_Realm(&cred->client->realm, &auth->crealm); - copy_PrincipalName(&cred->client->name, &auth->cname); + auth.authenticator_vno = 5; + copy_Realm(&cred->client->realm, &auth.crealm); + copy_PrincipalName(&cred->client->name, &auth.cname); - krb5_us_timeofday (context, &auth->ctime, &auth->cusec); + krb5_us_timeofday (context, &auth.ctime, &auth.cusec); - ret = krb5_auth_con_getlocalsubkey(context, auth_context, &auth->subkey); + ret = krb5_auth_con_getlocalsubkey(context, auth_context, &auth.subkey); if(ret) goto fail; @@ -137,33 +132,43 @@ krb5_build_authenticator (krb5_context context, krb5_generate_seq_number (context, &cred->session, &auth_context->local_seqnumber); - ALLOC(auth->seq_number, 1); - if(auth->seq_number == NULL) { + ALLOC(auth.seq_number, 1); + if(auth.seq_number == NULL) { ret = ENOMEM; goto fail; } - *auth->seq_number = auth_context->local_seqnumber; + *auth.seq_number = auth_context->local_seqnumber; } else - auth->seq_number = NULL; - auth->authorization_data = NULL; - auth->cksum = cksum; - - if (cksum != NULL && cksum->cksumtype == CKSUMTYPE_GSSAPI) { - /* - * This is not GSS-API specific, we only enable it for - * GSS for now - */ - ret = make_etypelist(context, &auth->authorization_data); + auth.seq_number = NULL; + auth.authorization_data = NULL; + + if (cksum) { + ALLOC(auth.cksum, 1); + if (auth.cksum == NULL) { + ret = ENOMEM; + goto fail; + } + ret = copy_Checksum(cksum, auth.cksum); if (ret) goto fail; + + if (auth.cksum->cksumtype == CKSUMTYPE_GSSAPI) { + /* + * This is not GSS-API specific, we only enable it for + * GSS for now + */ + ret = make_etypelist(context, &auth.authorization_data); + if (ret) + goto fail; + } } /* XXX - Copy more to auth_context? */ - auth_context->authenticator->ctime = auth->ctime; - auth_context->authenticator->cusec = auth->cusec; + auth_context->authenticator->ctime = auth.ctime; + auth_context->authenticator->cusec = auth.cusec; - ASN1_MALLOC_ENCODE(Authenticator, buf, buf_size, auth, &len, ret); + ASN1_MALLOC_ENCODE(Authenticator, buf, buf_size, &auth, &len, ret); if (ret) goto fail; if(buf_size != len) @@ -175,7 +180,7 @@ krb5_build_authenticator (krb5_context context, ret = krb5_encrypt (context, crypto, usage /* KRB5_KU_AP_REQ_AUTH */, - buf + buf_size - len, + buf, len, result); krb5_crypto_destroy(context, crypto); @@ -183,20 +188,9 @@ krb5_build_authenticator (krb5_context context, if (ret) goto fail; + fail: + free_Authenticator (&auth); free (buf); - if (auth_result) - *auth_result = auth; - else { - /* Don't free the `cksum', it's allocated by the caller */ - auth->cksum = NULL; - free_Authenticator (auth); - free (auth); - } - return ret; - fail: - free_Authenticator (auth); - free (auth); - free (buf); return ret; } |