diff options
Diffstat (limited to 'source4/heimdal/lib/krb5/rd_req.c')
| -rw-r--r-- | source4/heimdal/lib/krb5/rd_req.c | 32 |
1 files changed, 17 insertions, 15 deletions
diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c index 25aa8674c7..21daeb596b 100644 --- a/source4/heimdal/lib/krb5/rd_req.c +++ b/source4/heimdal/lib/krb5/rd_req.c @@ -59,7 +59,7 @@ decrypt_tkt_enc_part (krb5_context context, ret = decode_EncTicketPart(plain.data, plain.length, decr_part, &len); if (ret) - krb5_set_error_message(context, ret, + krb5_set_error_message(context, ret, N_("Failed to decode encrypted " "ticket part", "")); krb5_data_free (&plain); @@ -135,9 +135,9 @@ static krb5_error_code check_transited(krb5_context context, Ticket *ticket, EncTicketPart *enc) { char **realms; - unsigned int num_realms; + unsigned int num_realms, n; krb5_error_code ret; - + /* * Windows 2000 and 2003 uses this inside their TGT so it's normaly * not seen by others, however, samba4 joined with a Windows AD as @@ -161,6 +161,8 @@ check_transited(krb5_context context, Ticket *ticket, EncTicketPart *enc) ret = krb5_check_transited(context, enc->crealm, ticket->realm, realms, num_realms, NULL); + for (n = 0; n < num_realms; n++) + free(realms[n]); free(realms); return ret; } @@ -175,7 +177,7 @@ find_etypelist(krb5_context context, krb5_authdata adIfRelevant; unsigned i; - adIfRelevant.len = 0; + memset(&adIfRelevant, 0, sizeof(adIfRelevant)); etypes->len = 0; etypes->val = NULL; @@ -250,7 +252,7 @@ krb5_decrypt_ticket(krb5_context context, krb5_clear_error_message (context); return KRB5KRB_AP_ERR_TKT_EXPIRED; } - + if(!t.flags.transited_policy_checked) { ret = check_transited(context, ticket, &t); if(ret) { @@ -402,7 +404,7 @@ krb5_verify_ap_req2(krb5_context context, { krb5_principal p1, p2; krb5_boolean res; - + _krb5_principalname2krb5_principal(context, &p1, ac->authenticator->cname, @@ -466,7 +468,7 @@ krb5_verify_ap_req2(krb5_context context, ac->keytype = ETYPE_NULL; if (etypes.val) { - int i; + size_t i; for (i = 0; i < etypes.len; i++) { if (krb5_enctype_valid(context, etypes.val[i]) == 0) { @@ -508,7 +510,7 @@ krb5_verify_ap_req2(krb5_context context, krb5_auth_con_free (context, ac); return ret; } - + /* * */ @@ -949,7 +951,7 @@ krb5_rd_req_ctx(krb5_context context, &o->ap_req_options, &o->ticket, KRB5_KU_AP_REQ_AUTH); - + if (ret) goto out; @@ -972,7 +974,7 @@ krb5_rd_req_ctx(krb5_context context, goto out; done = 0; - while (!done) { + while (!done) { krb5_principal p; ret = krb5_kt_next_entry(context, id, &entry, &cursor); @@ -1007,14 +1009,14 @@ krb5_rd_req_ctx(krb5_context context, * and update the service principal in the ticket to match * whatever is in the keytab. */ - - ret = krb5_copy_keyblock(context, + + ret = krb5_copy_keyblock(context, &entry.keyblock, &o->keyblock); if (ret) { krb5_kt_free_entry (context, &entry); goto out; - } + } ret = krb5_copy_principal(context, entry.principal, &p); if (ret) { @@ -1023,7 +1025,7 @@ krb5_rd_req_ctx(krb5_context context, } krb5_free_principal(context, o->ticket->server); o->ticket->server = p; - + krb5_kt_free_entry (context, &entry); done = 1; @@ -1045,7 +1047,7 @@ krb5_rd_req_ctx(krb5_context context, krb5_data_free(&data); if (ret) goto out; - + ret = krb5_pac_verify(context, pac, o->ticket->ticket.authtime, |