diff options
| author | nectar <nectar@FreeBSD.org> | 2002-09-16 21:04:40 +0000 |
|---|---|---|
| committer | nectar <nectar@FreeBSD.org> | 2002-09-16 21:04:40 +0000 |
| commit | 8707f886593c300d83c76654e92ec76bcea9b858 (patch) | |
| tree | 291ed09be4bd7c999ad1617a832aa3caae1cb274 /crypto/heimdal/lib/krb5 | |
| parent | a77dba08ca7d8ad2f2dcd653974ac66df78cfa49 (diff) | |
| download | FreeBSD-src-8707f886593c300d83c76654e92ec76bcea9b858.zip FreeBSD-src-8707f886593c300d83c76654e92ec76bcea9b858.tar.gz | |
Import of Heimdal Kerberos from KTH repository circa 2002/09/16.
Diffstat (limited to 'crypto/heimdal/lib/krb5')
35 files changed, 584 insertions, 503 deletions
diff --git a/crypto/heimdal/lib/krb5/Makefile.am b/crypto/heimdal/lib/krb5/Makefile.am index e88a28e..ae75808 100644 --- a/crypto/heimdal/lib/krb5/Makefile.am +++ b/crypto/heimdal/lib/krb5/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am,v 1.145 2002/08/29 04:02:24 assar Exp $ +# $Id: Makefile.am,v 1.147 2002/09/03 14:45:13 joda Exp $ include $(top_srcdir)/Makefile.am.common @@ -13,7 +13,8 @@ TESTS = \ string-to-key-test \ derived-key-test \ store-test \ - parse-name-test + parse-name-test \ + name-45-test check_PROGRAMS = $(TESTS) @@ -133,10 +134,10 @@ libkrb5_la_LDFLAGS = -version-info 18:3:1 $(libkrb5_la_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h -$(srcdir)/krb5-protos.h: $(ERR_FILES) +$(srcdir)/krb5-protos.h: cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o krb5-protos.h $(libkrb5_la_SOURCES) || rm -f krb5-protos.h -$(srcdir)/krb5-private.h: $(ERR_FILES) +$(srcdir)/krb5-private.h: cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p krb5-private.h $(libkrb5_la_SOURCES) || rm -f krb5-private.h #libkrb5_la_LIBADD = ../com_err/error.lo ../com_err/com_err.lo diff --git a/crypto/heimdal/lib/krb5/Makefile.in b/crypto/heimdal/lib/krb5/Makefile.in index 7126546..80ce39f 100644 --- a/crypto/heimdal/lib/krb5/Makefile.in +++ b/crypto/heimdal/lib/krb5/Makefile.in @@ -14,7 +14,7 @@ @SET_MAKE@ -# $Id: Makefile.am,v 1.145 2002/08/29 04:02:24 assar Exp $ +# $Id: Makefile.am,v 1.147 2002/09/03 14:45:13 joda Exp $ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ @@ -211,7 +211,8 @@ TESTS = \ string-to-key-test \ derived-key-test \ store-test \ - parse-name-test + parse-name-test \ + name-45-test check_PROGRAMS = $(TESTS) @@ -406,7 +407,7 @@ libkrb5_la_OBJECTS = $(am_libkrb5_la_OBJECTS) bin_PROGRAMS = verify_krb5_conf$(EXEEXT) check_PROGRAMS = n-fold-test$(EXEEXT) string-to-key-test$(EXEEXT) \ derived-key-test$(EXEEXT) store-test$(EXEEXT) \ - parse-name-test$(EXEEXT) + parse-name-test$(EXEEXT) name-45-test$(EXEEXT) noinst_PROGRAMS = dump_config$(EXEEXT) test_get_addrs$(EXEEXT) \ krbhst-test$(EXEEXT) PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS) @@ -435,6 +436,12 @@ n_fold_test_LDADD = $(LDADD) n_fold_test_DEPENDENCIES = libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la n_fold_test_LDFLAGS = +name_45_test_SOURCES = name-45-test.c +name_45_test_OBJECTS = name-45-test.$(OBJEXT) +name_45_test_LDADD = $(LDADD) +name_45_test_DEPENDENCIES = libkrb5.la \ + $(top_builddir)/lib/asn1/libasn1.la +name_45_test_LDFLAGS = parse_name_test_SOURCES = parse-name-test.c parse_name_test_OBJECTS = parse-name-test.$(OBJEXT) parse_name_test_LDADD = $(LDADD) @@ -481,13 +488,14 @@ LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ CFLAGS = @CFLAGS@ DIST_SOURCES = $(libkrb5_la_SOURCES) derived-key-test.c dump_config.c \ - krbhst-test.c n-fold-test.c parse-name-test.c store-test.c \ - string-to-key-test.c test_get_addrs.c verify_krb5_conf.c + krbhst-test.c n-fold-test.c name-45-test.c parse-name-test.c \ + store-test.c string-to-key-test.c test_get_addrs.c \ + verify_krb5_conf.c MANS = $(man_MANS) HEADERS = $(include_HEADERS) DIST_COMMON = $(include_HEADERS) Makefile.am Makefile.in -SOURCES = $(libkrb5_la_SOURCES) derived-key-test.c dump_config.c krbhst-test.c n-fold-test.c parse-name-test.c store-test.c string-to-key-test.c test_get_addrs.c verify_krb5_conf.c +SOURCES = $(libkrb5_la_SOURCES) derived-key-test.c dump_config.c krbhst-test.c n-fold-test.c name-45-test.c parse-name-test.c store-test.c string-to-key-test.c test_get_addrs.c verify_krb5_conf.c all: all-am @@ -583,6 +591,9 @@ krbhst-test$(EXEEXT): $(krbhst_test_OBJECTS) $(krbhst_test_DEPENDENCIES) n-fold-test$(EXEEXT): $(n_fold_test_OBJECTS) $(n_fold_test_DEPENDENCIES) @rm -f n-fold-test$(EXEEXT) $(LINK) $(n_fold_test_LDFLAGS) $(n_fold_test_OBJECTS) $(n_fold_test_LDADD) $(LIBS) +name-45-test$(EXEEXT): $(name_45_test_OBJECTS) $(name_45_test_DEPENDENCIES) + @rm -f name-45-test$(EXEEXT) + $(LINK) $(name_45_test_LDFLAGS) $(name_45_test_OBJECTS) $(name_45_test_LDADD) $(LIBS) parse-name-test$(EXEEXT): $(parse_name_test_OBJECTS) $(parse_name_test_DEPENDENCIES) @rm -f parse-name-test$(EXEEXT) $(LINK) $(parse_name_test_LDFLAGS) $(parse_name_test_OBJECTS) $(parse_name_test_LDADD) $(LIBS) @@ -1121,10 +1132,10 @@ install-data-local: install-cat-mans $(libkrb5_la_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h -$(srcdir)/krb5-protos.h: $(ERR_FILES) +$(srcdir)/krb5-protos.h: cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o krb5-protos.h $(libkrb5_la_SOURCES) || rm -f krb5-protos.h -$(srcdir)/krb5-private.h: $(ERR_FILES) +$(srcdir)/krb5-private.h: cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p krb5-private.h $(libkrb5_la_SOURCES) || rm -f krb5-private.h $(libkrb5_la_OBJECTS): krb5_err.h heim_err.h k524_err.h diff --git a/crypto/heimdal/lib/krb5/auth_context.c b/crypto/heimdal/lib/krb5/auth_context.c index 3b42ce7..2e7a8f4 100644 --- a/crypto/heimdal/lib/krb5/auth_context.c +++ b/crypto/heimdal/lib/krb5/auth_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: auth_context.c,v 1.58 2002/08/15 08:23:07 joda Exp $"); +RCSID("$Id: auth_context.c,v 1.59 2002/09/02 17:11:02 joda Exp $"); krb5_error_code krb5_auth_con_init(krb5_context context, @@ -292,6 +292,24 @@ krb5_auth_con_setlocalsubkey(krb5_context context, } krb5_error_code +krb5_auth_con_generatelocalsubkey(krb5_context context, + krb5_auth_context auth_context, + krb5_keyblock *key) +{ + krb5_error_code ret; + krb5_keyblock *subkey; + + ret = krb5_generate_subkey (context, key, &subkey); + if(ret) + return ret; + if(auth_context->local_subkey) + krb5_free_keyblock(context, auth_context->local_subkey); + auth_context->local_subkey = subkey; + return 0; +} + + +krb5_error_code krb5_auth_con_setremotesubkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock) diff --git a/crypto/heimdal/lib/krb5/build_ap_req.c b/crypto/heimdal/lib/krb5/build_ap_req.c index e4f7d4e..cab5e6f 100644 --- a/crypto/heimdal/lib/krb5/build_ap_req.c +++ b/crypto/heimdal/lib/krb5/build_ap_req.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: build_ap_req.c,v 1.17 2001/05/14 06:14:44 assar Exp $"); +RCSID("$Id: build_ap_req.c,v 1.18 2002/09/04 16:26:04 joda Exp $"); krb5_error_code krb5_build_ap_req (krb5_context context, @@ -66,15 +66,10 @@ krb5_build_ap_req (krb5_context context, ap.authenticator.kvno = NULL; ap.authenticator.cipher = authenticator; - retdata->length = length_AP_REQ(&ap); - retdata->data = malloc(retdata->length); - if(retdata->data == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - } else - encode_AP_REQ((unsigned char *)retdata->data + retdata->length - 1, - retdata->length, &ap, &len); + ASN1_MALLOC_ENCODE(AP_REQ, retdata->data, retdata->length, + &ap, &len, ret); + free_AP_REQ(&ap); - return ret; + } diff --git a/crypto/heimdal/lib/krb5/build_auth.c b/crypto/heimdal/lib/krb5/build_auth.c index b1650fd..9a2ca3e 100644 --- a/crypto/heimdal/lib/krb5/build_auth.c +++ b/crypto/heimdal/lib/krb5/build_auth.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: build_auth.c,v 1.35 2001/05/14 06:14:44 assar Exp $"); +RCSID("$Id: build_auth.c,v 1.38 2002/09/04 16:26:04 joda Exp $"); krb5_error_code krb5_build_authenticator (krb5_context context, @@ -74,13 +74,6 @@ krb5_build_authenticator (krb5_context context, if(ret) goto fail; - if(auth->subkey == NULL) { - krb5_generate_subkey (context, &cred->session, &auth->subkey); - ret = krb5_auth_con_setlocalsubkey(context, auth_context, auth->subkey); - if(ret) - goto fail; - } - if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) { krb5_generate_seq_number (context, &cred->session, @@ -99,36 +92,10 @@ krb5_build_authenticator (krb5_context context, auth_context->authenticator->cusec = auth->cusec; } - buf_size = 1024; - buf = malloc (buf_size); - if (buf == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto fail; - } + ASN1_MALLOC_ENCODE(Authenticator, buf, buf_size, auth, &len, ret); - do { - ret = krb5_encode_Authenticator (context, - buf + buf_size - 1, - buf_size, - auth, &len); - if (ret) { - if (ret == ASN1_OVERFLOW) { - u_char *tmp; - - buf_size *= 2; - tmp = realloc (buf, buf_size); - if (tmp == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto fail; - } - buf = tmp; - } else { - goto fail; - } - } - } while(ret == ASN1_OVERFLOW); + if (ret) + goto fail; ret = krb5_crypto_init(context, &cred->session, enctype, &crypto); if (ret) diff --git a/crypto/heimdal/lib/krb5/changepw.c b/crypto/heimdal/lib/krb5/changepw.c index e930d87..f765a97 100644 --- a/crypto/heimdal/lib/krb5/changepw.c +++ b/crypto/heimdal/lib/krb5/changepw.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: changepw.c,v 1.35 2002/06/06 13:33:13 joda Exp $"); +RCSID("$Id: changepw.c,v 1.37 2002/09/03 16:14:34 nectar Exp $"); static krb5_error_code send_request (krb5_context context, @@ -57,7 +57,7 @@ send_request (krb5_context context, ret = krb5_mk_req_extended (context, auth_context, - AP_OPTS_MUTUAL_REQUIRED, + AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY, NULL, /* in_data */ creds, &ap_req_data); @@ -144,7 +144,7 @@ process_reply (krb5_context context, u_char reply[BUFSIZ]; size_t len; u_int16_t pkt_len, pkt_ver; - krb5_data ap_rep_data; + krb5_data ap_rep_data, priv_data; int save_errno; ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL); @@ -173,10 +173,13 @@ process_reply (krb5_context context, ap_rep_data.data = reply + 6; ap_rep_data.length = (reply[4] << 8) | (reply[5]); + priv_data.data = (u_char*)ap_rep_data.data + ap_rep_data.length; + priv_data.length = len - ap_rep_data.length - 6; + if ((u_char *)priv_data.data + priv_data.length >= reply + len) + return KRB5_KPASSWD_MALFORMED; if (ap_rep_data.length) { krb5_ap_rep_enc_part *ap_rep; - krb5_data priv_data; u_char *p; ret = krb5_rd_rep (context, @@ -188,9 +191,6 @@ process_reply (krb5_context context, krb5_free_ap_rep_enc_part (context, ap_rep); - priv_data.data = (u_char*)ap_rep_data.data + ap_rep_data.length; - priv_data.length = len - ap_rep_data.length - 6; - ret = krb5_rd_priv (context, auth_context, &priv_data, diff --git a/crypto/heimdal/lib/krb5/config_file.c b/crypto/heimdal/lib/krb5/config_file.c index 77920a8..845b14c 100644 --- a/crypto/heimdal/lib/krb5/config_file.c +++ b/crypto/heimdal/lib/krb5/config_file.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: config_file.c,v 1.45 2002/08/14 17:35:03 joda Exp $"); +RCSID("$Id: config_file.c,v 1.46 2002/09/10 19:04:55 joda Exp $"); #ifndef HAVE_NETINFO @@ -341,7 +341,7 @@ vget_next(krb5_context context, { const char *p = va_arg(args, const char *); while(b != NULL) { - if(strcmp(b->name, name) == NULL) { + if(strcmp(b->name, name) == 0) { if(b->type == type && p == NULL) { *pointer = b; return b->u.generic; diff --git a/crypto/heimdal/lib/krb5/context.c b/crypto/heimdal/lib/krb5/context.c index d21ea71..75fe347 100644 --- a/crypto/heimdal/lib/krb5/context.c +++ b/crypto/heimdal/lib/krb5/context.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include <com_err.h> -RCSID("$Id: context.c,v 1.80 2002/08/28 15:27:24 joda Exp $"); +RCSID("$Id: context.c,v 1.81 2002/09/02 17:03:12 joda Exp $"); #define INIT_FIELD(C, T, E, D, F) \ (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \ @@ -173,14 +173,9 @@ init_context_from_config_file(krb5_context context) INIT_FIELD(context, bool, scan_interfaces, TRUE, "scan_interfaces"); INIT_FIELD(context, int, fcache_vno, 0, "fcache_version"); - INIT_FIELD(context, bool, srv_lookup, TRUE, "dns_lookup_kdc"); - /* srv_lookup backwards compatibility. */ - { - const char **p; - p = krb5_config_get_strings(context, NULL, "libdefaults", "srv_lookup", NULL); - if (p != NULL) - INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup"); - } + /* prefer dns_lookup_kdc over srv_lookup. */ + INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup"); + INIT_FIELD(context, bool, srv_lookup, context->srv_lookup, "dns_lookup_kdc"); return 0; } diff --git a/crypto/heimdal/lib/krb5/crypto.c b/crypto/heimdal/lib/krb5/crypto.c index db9e810..65fa793 100644 --- a/crypto/heimdal/lib/krb5/crypto.c +++ b/crypto/heimdal/lib/krb5/crypto.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: crypto.c,v 1.64 2002/04/29 16:31:54 joda Exp $"); +RCSID("$Id: crypto.c,v 1.66 2002/09/03 19:58:15 joda Exp $"); #undef CRYPTO_DEBUG #ifdef CRYPTO_DEBUG @@ -1676,26 +1676,14 @@ DES3_CBC_encrypt(krb5_context context, size_t len, krb5_boolean encrypt, int usage, - void *ignore_ivec) -{ - des_cblock ivec; - des_key_schedule *s = key->schedule->data; - memset(&ivec, 0, sizeof(ivec)); - des_ede3_cbc_encrypt(data, data, len, s[0], s[1], s[2], &ivec, encrypt); - return 0; -} - -static krb5_error_code -DES3_CBC_encrypt_ivec(krb5_context context, - struct key_data *key, - void *data, - size_t len, - krb5_boolean encrypt, - int usage, - void *ivec) + void *ivec) { + des_cblock local_ivec; des_key_schedule *s = key->schedule->data; - + if(ivec == NULL) { + ivec = &local_ivec; + memset(local_ivec, 0, sizeof(local_ivec)); + } des_ede3_cbc_encrypt(data, data, len, s[0], s[1], s[2], ivec, encrypt); return 0; } @@ -2070,17 +2058,6 @@ static struct encryption_type enctype_des3_cbc_none = { F_PSEUDO, DES3_CBC_encrypt, }; -static struct encryption_type enctype_des3_cbc_none_ivec = { - ETYPE_DES3_CBC_NONE_IVEC, - "des3-cbc-none-ivec", - 8, - 0, - &keytype_des3_derived, - &checksum_none, - NULL, - F_PSEUDO, - DES3_CBC_encrypt_ivec, -}; static struct encryption_type *etypes[] = { &enctype_null, @@ -2094,8 +2071,7 @@ static struct encryption_type *etypes[] = { &enctype_des_cbc_none, &enctype_des_cfb64_none, &enctype_des_pcbc_none, - &enctype_des3_cbc_none, - &enctype_des3_cbc_none_ivec + &enctype_des3_cbc_none }; static unsigned num_etypes = sizeof(etypes) / sizeof(etypes[0]); @@ -3057,6 +3033,15 @@ krb5_crypto_destroy(krb5_context context, } krb5_error_code +krb5_crypto_getblocksize(krb5_context context, + krb5_crypto crypto, + size_t *blocksize) +{ + *blocksize = crypto->et->blocksize; + return 0; +} + +krb5_error_code krb5_string_to_key_derived(krb5_context context, const void *str, size_t len, diff --git a/crypto/heimdal/lib/krb5/get_cred.c b/crypto/heimdal/lib/krb5/get_cred.c index 256234b..7aa61a3 100644 --- a/crypto/heimdal/lib/krb5/get_cred.c +++ b/crypto/heimdal/lib/krb5/get_cred.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: get_cred.c,v 1.88 2002/03/10 23:11:29 assar Exp $"); +RCSID("$Id: get_cred.c,v 1.91 2002/09/04 21:12:46 joda Exp $"); /* * Take the `body' and encode it into `padata' using the credentials @@ -54,36 +54,14 @@ make_pa_tgs_req(krb5_context context, krb5_data in_data; krb5_error_code ret; - buf_size = 1024; - buf = malloc (buf_size); - if (buf == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - - do { - ret = encode_KDC_REQ_BODY(buf + buf_size - 1, buf_size, - body, &len); - if (ret){ - if (ret == ASN1_OVERFLOW) { - u_char *tmp; - - buf_size *= 2; - tmp = realloc (buf, buf_size); - if (tmp == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - buf = tmp; - } else { - goto out; - } - } - } while (ret == ASN1_OVERFLOW); + ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, body, &len, ret); + if (ret) + goto out; + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); in_data.length = len; - in_data.data = buf + buf_size - len; + in_data.data = buf; ret = krb5_mk_req_internal(context, &ac, 0, &in_data, creds, &padata->padata_value, KRB5_KU_TGS_REQ_AUTH_CKSUM, @@ -113,18 +91,9 @@ set_auth_data (krb5_context context, krb5_crypto crypto; krb5_error_code ret; - len = length_AuthorizationData(authdata); - buf = malloc(len); - if (buf == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - ret = encode_AuthorizationData(buf + len - 1, - len, authdata, &len); - if (ret) { - free (buf); + ASN1_MALLOC_ENCODE(AuthorizationData, buf, len, authdata, &len, ret); + if (ret) return ret; - } ALLOC(req_body->enc_authorization_data, 1); if (req_body->enc_authorization_data == NULL) { @@ -173,16 +142,19 @@ init_tgs_req (krb5_context context, TGS_REQ *t, krb5_key_usage usage) { - krb5_error_code ret; + krb5_error_code ret = 0; memset(t, 0, sizeof(*t)); t->pvno = 5; t->msg_type = krb_tgs_req; if (in_creds->session.keytype) { - ret = krb5_keytype_to_enctypes_default (context, - in_creds->session.keytype, - &t->req_body.etype.len, - &t->req_body.etype.val); + ALLOC_SEQ(&t->req_body.etype, 1); + if(t->req_body.etype.val == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); + goto fail; + } + t->req_body.etype.val[0] = in_creds->session.keytype; } else { ret = krb5_init_etype(context, &t->req_body.etype.len, @@ -431,34 +403,11 @@ get_cred_kdc_usage(krb5_context context, if (ret) goto out; - buf_size = 1024; - buf = malloc (buf_size); - if (buf == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; + ASN1_MALLOC_ENCODE(TGS_REQ, buf, buf_size, &req, &enc.length, ret); + if (ret) goto out; - } - - do { - ret = encode_TGS_REQ (buf + buf_size - 1, buf_size, - &req, &enc.length); - if (ret) { - if (ret == ASN1_OVERFLOW) { - u_char *tmp; - - buf_size *= 2; - tmp = realloc (buf, buf_size); - if (tmp == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - buf = tmp; - } else { - goto out; - } - } - } while (ret == ASN1_OVERFLOW); + if(enc.length != buf_size) + krb5_abortx(context, "internal error in ASN.1 encoder"); /* don't free addresses */ req.req_body.addresses = NULL; diff --git a/crypto/heimdal/lib/krb5/get_for_creds.c b/crypto/heimdal/lib/krb5/get_for_creds.c index 53a3f2b..2bec9f7 100644 --- a/crypto/heimdal/lib/krb5/get_for_creds.c +++ b/crypto/heimdal/lib/krb5/get_for_creds.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: get_for_creds.c,v 1.32 2002/03/10 23:12:23 assar Exp $"); +RCSID("$Id: get_for_creds.c,v 1.34 2002/09/04 16:26:04 joda Exp $"); static krb5_error_code add_addrs(krb5_context context, @@ -162,12 +162,14 @@ krb5_get_forwarded_creds (krb5_context context, KrbCredInfo *krb_cred_info; EncKrbCredPart enc_krb_cred_part; size_t len; - u_char buf[1024]; + unsigned char *buf; + size_t buf_size; int32_t sec, usec; krb5_kdc_flags kdc_flags; krb5_crypto crypto; struct addrinfo *ai; int save_errno; + krb5_keyblock *key; addrs.len = 0; addrs.val = NULL; @@ -319,45 +321,51 @@ krb5_get_forwarded_creds (krb5_context context, /* encode EncKrbCredPart */ - ret = krb5_encode_EncKrbCredPart (context, - buf + sizeof(buf) - 1, sizeof(buf), - &enc_krb_cred_part, &len); + ASN1_MALLOC_ENCODE(EncKrbCredPart, buf, buf_size, + &enc_krb_cred_part, &len, ret); free_EncKrbCredPart (&enc_krb_cred_part); if (ret) { free_KRB_CRED(&cred); return ret; - } + } + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + + if (auth_context->local_subkey) + key = auth_context->local_subkey; + else if (auth_context->remote_subkey) + key = auth_context->remote_subkey; + else + key = auth_context->keyblock; - ret = krb5_crypto_init(context, auth_context->local_subkey, 0, &crypto); + ret = krb5_crypto_init(context, key, 0, &crypto); if (ret) { + free(buf); free_KRB_CRED(&cred); return ret; } ret = krb5_encrypt_EncryptedData (context, crypto, KRB5_KU_KRB_CRED, - buf + sizeof(buf) - len, + buf, len, 0, &cred.enc_part); + free(buf); krb5_crypto_destroy(context, crypto); if (ret) { free_KRB_CRED(&cred); return ret; } - ret = encode_KRB_CRED (buf + sizeof(buf) - 1, sizeof(buf), - &cred, &len); + ASN1_MALLOC_ENCODE(KRB_CRED, buf, buf_size, &cred, &len, ret); free_KRB_CRED (&cred); if (ret) return ret; + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); out_data->length = len; - out_data->data = malloc(len); - if (out_data->data == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - memcpy (out_data->data, buf + sizeof(buf) - len, len); + out_data->data = buf; return 0; out4: free_EncKrbCredPart(&enc_krb_cred_part); diff --git a/crypto/heimdal/lib/krb5/get_in_tkt.c b/crypto/heimdal/lib/krb5/get_in_tkt.c index 04587ea..74a0204 100644 --- a/crypto/heimdal/lib/krb5/get_in_tkt.c +++ b/crypto/heimdal/lib/krb5/get_in_tkt.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_in_tkt.c,v 1.104 2002/04/18 09:11:39 joda Exp $"); +RCSID("$Id: get_in_tkt.c,v 1.106 2002/09/04 16:26:04 joda Exp $"); krb5_error_code krb5_init_etype (krb5_context context, @@ -158,22 +158,12 @@ _krb5_extract_ticket(krb5_context context, creds->client = tmp_principal; /* extract ticket */ - { - unsigned char *buf; - size_t len; - len = length_Ticket(&rep->kdc_rep.ticket); - buf = malloc(len); - if(buf == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - encode_Ticket(buf + len - 1, len, &rep->kdc_rep.ticket, &len); - creds->ticket.data = buf; - creds->ticket.length = len; - creds->second_ticket.length = 0; - creds->second_ticket.data = NULL; - } + ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length, + &rep->kdc_rep.ticket, &creds->ticket.length, ret); + if(ret) + goto out; + creds->second_ticket.length = 0; + creds->second_ticket.data = NULL; /* compare server */ @@ -223,7 +213,8 @@ _krb5_extract_ticket(krb5_context context, /* set kdc-offset */ krb5_timeofday (context, &sec_now); - if (context->kdc_sec_offset == 0 + if (rep->enc_part.flags.initial + && context->kdc_sec_offset == 0 && krb5_config_get_bool (context, NULL, "libdefaults", "kdc_timesync", @@ -314,7 +305,8 @@ make_pa_enc_timestamp(krb5_context context, PA_DATA *pa, krb5_enctype etype, krb5_keyblock *key) { PA_ENC_TS_ENC p; - u_char buf[1024]; + unsigned char *buf; + size_t buf_size; size_t len; EncryptedData encdata; krb5_error_code ret; @@ -327,39 +319,37 @@ make_pa_enc_timestamp(krb5_context context, PA_DATA *pa, usec2 = usec; p.pausec = &usec2; - ret = encode_PA_ENC_TS_ENC(buf + sizeof(buf) - 1, - sizeof(buf), - &p, - &len); + ASN1_MALLOC_ENCODE(PA_ENC_TS_ENC, buf, buf_size, &p, &len, ret); if (ret) return ret; - + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); ret = krb5_crypto_init(context, key, 0, &crypto); - if (ret) + if (ret) { + free(buf); return ret; + } ret = krb5_encrypt_EncryptedData(context, crypto, KRB5_KU_PA_ENC_TIMESTAMP, - buf + sizeof(buf) - len, + buf, len, 0, &encdata); + free(buf); krb5_crypto_destroy(context, crypto); if (ret) return ret; - ret = encode_EncryptedData(buf + sizeof(buf) - 1, - sizeof(buf), - &encdata, - &len); + ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_size, &encdata, &len, ret); free_EncryptedData(&encdata); if (ret) return ret; + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); pa->padata_type = KRB5_PADATA_ENC_TIMESTAMP; - pa->padata_value.length = 0; - krb5_data_copy(&pa->padata_value, - buf + sizeof(buf) - len, - len); + pa->padata_value.length = len; + pa->padata_value.data = buf; return 0; } @@ -656,7 +646,7 @@ krb5_get_in_cred(krb5_context context, AS_REQ a; krb5_kdc_rep rep; krb5_data req, resp; - char buf[BUFSIZ]; + size_t len; krb5_salt salt; krb5_keyblock *key; size_t size; @@ -692,17 +682,15 @@ krb5_get_in_cred(krb5_context context, if (ret) return ret; - ret = encode_AS_REQ ((unsigned char*)buf + sizeof(buf) - 1, - sizeof(buf), - &a, - &req.length); + ASN1_MALLOC_ENCODE(AS_REQ, req.data, req.length, &a, &len, ret); free_AS_REQ(&a); if (ret) return ret; - - req.data = buf + sizeof(buf) - req.length; + if(len != req.length) + krb5_abortx(context, "internal error in ASN.1 encoder"); ret = krb5_sendto_kdc (context, &req, &creds->client->realm, &resp); + krb5_data_free(&req); if (ret) return ret; diff --git a/crypto/heimdal/lib/krb5/keytab_keyfile.c b/crypto/heimdal/lib/krb5/keytab_keyfile.c index 7dd0cd9..e4c4eb6 100644 --- a/crypto/heimdal/lib/krb5/keytab_keyfile.c +++ b/crypto/heimdal/lib/krb5/keytab_keyfile.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_keyfile.c,v 1.13 2002/04/18 14:04:21 joda Exp $"); +RCSID("$Id: keytab_keyfile.c,v 1.14 2002/09/09 14:22:26 nectar Exp $"); /* afs keyfile operations --------------------------------------- */ @@ -297,7 +297,7 @@ akf_add_entry(krb5_context context, fd = open (d->filename, O_RDWR | O_BINARY); if (fd < 0) { fd = open (d->filename, - O_RDWR | O_BINARY | O_CREAT, 0600); + O_RDWR | O_BINARY | O_CREAT | O_EXCL, 0600); if (fd < 0) { ret = errno; krb5_set_error_string(context, "open(%s): %s", d->filename, diff --git a/crypto/heimdal/lib/krb5/krb5-protos.h b/crypto/heimdal/lib/krb5/krb5-protos.h index 30ebf50..91a28f1 100644 --- a/crypto/heimdal/lib/krb5/krb5-protos.h +++ b/crypto/heimdal/lib/krb5/krb5-protos.h @@ -194,6 +194,12 @@ krb5_auth_con_genaddrs ( int /*flags*/); krb5_error_code +krb5_auth_con_generatelocalsubkey ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keyblock */*key*/); + +krb5_error_code krb5_auth_con_getaddrs ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, @@ -806,6 +812,12 @@ krb5_crypto_destroy ( krb5_crypto /*crypto*/); krb5_error_code +krb5_crypto_getblocksize ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + size_t */*blocksize*/); + +krb5_error_code krb5_crypto_init ( krb5_context /*context*/, const krb5_keyblock */*key*/, diff --git a/crypto/heimdal/lib/krb5/krb5.h b/crypto/heimdal/lib/krb5/krb5.h index c50833e..cb035bc 100644 --- a/crypto/heimdal/lib/krb5/krb5.h +++ b/crypto/heimdal/lib/krb5/krb5.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5.h,v 1.203 2002/08/22 10:06:20 joda Exp $ */ +/* $Id: krb5.h,v 1.205 2002/09/03 17:31:47 joda Exp $ */ #ifndef __KRB5_H__ #define __KRB5_H__ @@ -99,7 +99,6 @@ enum { ENCTYPE_DES3_CBC_NONE = ETYPE_DES3_CBC_NONE, ENCTYPE_DES_CFB64_NONE = ETYPE_DES_CFB64_NONE, ENCTYPE_DES_PCBC_NONE = ETYPE_DES_PCBC_NONE, - ENCTYPE_DES3_CBC_NONE_IVEC = ETYPE_DES3_CBC_NONE_IVEC }; typedef PADATA_TYPE krb5_preauthtype; @@ -208,7 +207,8 @@ typedef enum krb5_address_type { enum { AP_OPTS_USE_SESSION_KEY = 1, - AP_OPTS_MUTUAL_REQUIRED = 2 + AP_OPTS_MUTUAL_REQUIRED = 2, + AP_OPTS_USE_SUBKEY = 4 /* library internal */ }; typedef HostAddress krb5_address; diff --git a/crypto/heimdal/lib/krb5/krb5_appdefault.3 b/crypto/heimdal/lib/krb5/krb5_appdefault.3 index 750bb75..f82ec7a 100644 --- a/crypto/heimdal/lib/krb5/krb5_appdefault.3 +++ b/crypto/heimdal/lib/krb5/krb5_appdefault.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 2000 Kungliga Tekniska Högskolan -.\" $Id: krb5_appdefault.3,v 1.7 2002/08/28 15:30:46 joda Exp $ +.\" $Id: krb5_appdefault.3,v 1.8 2002/09/13 14:49:31 joda Exp $ .Dd July 25, 2000 .Dt KRB5_APPDEFAULT 3 .Os HEIMDAL @@ -19,7 +19,7 @@ Kerberos 5 Library (libkrb5, -lkrb5) .Ft void .Fn krb5_appdefault_time "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "time_t def_val" "time_t *ret_val" .Sh DESCRIPTION -These functions get application application defaults from the +These functions get application defaults from the .Dv appdefaults section of the .Xr krb5.conf 5 diff --git a/crypto/heimdal/lib/krb5/krb5_auth_context.3 b/crypto/heimdal/lib/krb5/krb5_auth_context.3 index afc81e8..2afaec5 100644 --- a/crypto/heimdal/lib/krb5/krb5_auth_context.3 +++ b/crypto/heimdal/lib/krb5/krb5_auth_context.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_auth_context.3,v 1.4 2002/08/28 14:46:20 joda Exp $ +.\" $Id: krb5_auth_context.3,v 1.5 2002/09/02 12:42:00 joda Exp $ .Dd January 21, 2001 .Dt KRB5_AUTH_CONTEXT 3 .Os HEIMDAL @@ -34,7 +34,7 @@ .Nm krb5_auth_con_setrcache , .Nm krb5_auth_con_initivector , .Nm krb5_auth_con_setivector -.Nd manage authetication on connection level +.Nd manage authentication on connection level .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS diff --git a/crypto/heimdal/lib/krb5/krb5_context.3 b/crypto/heimdal/lib/krb5/krb5_context.3 index 6794f5a..a90ab72 100644 --- a/crypto/heimdal/lib/krb5/krb5_context.3 +++ b/crypto/heimdal/lib/krb5/krb5_context.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_context.3,v 1.3 2002/08/28 15:30:48 joda Exp $ +.\" $Id: krb5_context.3,v 1.4 2002/09/02 12:42:00 joda Exp $ .Dd January 21, 2001 .Dt KRB5_CONTEXT 3 .Os HEIMDAL @@ -10,8 +10,8 @@ The .Nm structure is designed to hold all per thread state. All global -variables that are context specific are stored in this struture, -including default encryption types, credential-cache (ticket file), and +variables that are context specific are stored in this structure, +including default encryption types, credentials-cache (ticket file), and default realms. .Pp The internals of the structure should never be accessed directly, diff --git a/crypto/heimdal/lib/krb5/krb5_init_context.3 b/crypto/heimdal/lib/krb5/krb5_init_context.3 index e59b0d0..8a1141a 100644 --- a/crypto/heimdal/lib/krb5/krb5_init_context.3 +++ b/crypto/heimdal/lib/krb5/krb5_init_context.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_init_context.3,v 1.5 2002/08/28 15:30:53 joda Exp $ +.\" $Id: krb5_init_context.3,v 1.6 2002/09/02 12:42:00 joda Exp $ .Dd January 21, 2001 .Dt KRB5_CONTEXT 3 .Os HEIMDAL @@ -20,7 +20,7 @@ The .Fn krb5_init_context function initializes the .Fa context -structure and reads the configration file +structure and reads the configuration file .Pa /etc/krb5.conf . .Pp The structure should be freed by calling diff --git a/crypto/heimdal/lib/krb5/krb5_locl.h b/crypto/heimdal/lib/krb5/krb5_locl.h index fceeaed..b3d6a92 100644 --- a/crypto/heimdal/lib/krb5/krb5_locl.h +++ b/crypto/heimdal/lib/krb5/krb5_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5_locl.h,v 1.69 2002/08/12 15:09:19 joda Exp $ */ +/* $Id: krb5_locl.h,v 1.71 2002/09/10 20:10:45 joda Exp $ */ #ifndef __KRB5_LOCL_H__ #define __KRB5_LOCL_H__ @@ -45,6 +45,7 @@ #include <string.h> #include <stdio.h> #include <stdlib.h> +#include <limits.h> #ifdef HAVE_SYS_TYPES_H #include <sys/types.h> @@ -112,19 +113,7 @@ struct sockaddr_dl; #include <parse_time.h> #include <base64.h> -#ifdef HAVE_OPENSSL -#include <openssl/des.h> -#include <openssl/md4.h> -#include <openssl/md5.h> -#include <openssl/sha.h> -#include <openssl/rc4.h> -#else -#include <des.h> -#include <md4.h> -#include <md5.h> -#include <sha.h> -#include <rc4.h> -#endif +#include "crypto-headers.h" #include <krb5_asn1.h> #include <der.h> diff --git a/crypto/heimdal/lib/krb5/krb5_parse_name.3 b/crypto/heimdal/lib/krb5/krb5_parse_name.3 index 1491117..285c4e2 100644 --- a/crypto/heimdal/lib/krb5/krb5_parse_name.3 +++ b/crypto/heimdal/lib/krb5/krb5_parse_name.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" $Id: krb5_parse_name.3,v 1.5 2002/08/28 15:30:55 joda Exp $ +.\" $Id: krb5_parse_name.3,v 1.6 2002/09/02 12:42:00 joda Exp $ .Dd August 8, 1997 .Dt KRB5_PARSE_NAME 3 .Os HEIMDAL @@ -14,7 +14,7 @@ Kerberos 5 Library (libkrb5, -lkrb5) .Fn krb5_parse_name "krb5_context context" "const char *name" "krb5_principal *principal" .Sh DESCRIPTION .Fn krb5_parse_name -converts a string representation of a princpal name to +converts a string representation of a principal name to .Nm krb5_principal . The .Fa principal diff --git a/crypto/heimdal/lib/krb5/krb5_unparse_name.3 b/crypto/heimdal/lib/krb5/krb5_unparse_name.3 index 0eee63b..e58b911 100644 --- a/crypto/heimdal/lib/krb5/krb5_unparse_name.3 +++ b/crypto/heimdal/lib/krb5/krb5_unparse_name.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" $Id: krb5_unparse_name.3,v 1.5 2002/08/28 15:30:57 joda Exp $ +.\" $Id: krb5_unparse_name.3,v 1.6 2002/09/02 12:42:00 joda Exp $ .Dd August 8, 1997 .Dt KRB5_UNPARSE_NAME 3 .Os HEIMDAL @@ -18,7 +18,8 @@ Kerberos 5 Library (libkrb5, -lkrb5) .Sh DESCRIPTION This function takes a .Fa principal , -and will convert in to a printable representation with the same syntax as decribed in +and will convert in to a printable representation with the same syntax +as described in .Xr krb5_parse_name 3 . .Fa *name will point to allocated data and should be freed by the caller. diff --git a/crypto/heimdal/lib/krb5/kuserok.c b/crypto/heimdal/lib/krb5/kuserok.c index ae8ddec..17770c1 100644 --- a/crypto/heimdal/lib/krb5/kuserok.c +++ b/crypto/heimdal/lib/krb5/kuserok.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: kuserok.c,v 1.5 1999/12/02 17:05:11 joda Exp $"); +RCSID("$Id: kuserok.c,v 1.6 2002/09/16 17:32:11 nectar Exp $"); /* * Return TRUE iff `principal' is allowed to login as `luser'. @@ -88,9 +88,7 @@ krb5_kuserok (krb5_context context, while (fgets (buf, sizeof(buf), f) != NULL) { krb5_principal tmp; - if(buf[strlen(buf) - 1] == '\n') - buf[strlen(buf) - 1] = '\0'; - + buf[strcspn(buf, "\n")] = '\0'; ret = krb5_parse_name (context, buf, &tmp); if (ret) { fclose (f); diff --git a/crypto/heimdal/lib/krb5/log.c b/crypto/heimdal/lib/krb5/log.c index ecdb753..bd7451b 100644 --- a/crypto/heimdal/lib/krb5/log.c +++ b/crypto/heimdal/lib/krb5/log.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: log.c,v 1.30 2002/08/20 09:49:09 joda Exp $"); +RCSID("$Id: log.c,v 1.31 2002/09/05 14:59:14 joda Exp $"); struct facility { int min; @@ -382,24 +382,33 @@ krb5_vlog_msg(krb5_context context, va_list ap) __attribute__((format (printf, 5, 0))) { - char *msg; - const char *actual; + + char *msg = NULL; + const char *actual = NULL; char buf[64]; - time_t t; + time_t t = 0; int i; - vasprintf(&msg, fmt, ap); - if (msg != NULL) - actual = msg; - else - actual = fmt; - t = time(NULL); - krb5_format_time(context, t, buf, sizeof(buf), TRUE); - for(i = 0; i < fac->len; i++) + for(i = 0; fac && i < fac->len; i++) if(fac->val[i].min <= level && - (fac->val[i].max < 0 || fac->val[i].max >= level)) + (fac->val[i].max < 0 || fac->val[i].max >= level)) { + if(t == 0) { + t = time(NULL); + krb5_format_time(context, t, buf, sizeof(buf), TRUE); + } + if(actual == NULL) { + vasprintf(&msg, fmt, ap); + if(msg == NULL) + actual = fmt; + else + actual = msg; + } (*fac->val[i].log)(buf, actual, fac->val[i].data); - *reply = msg; + } + if(reply == NULL) + free(msg); + else + *reply = msg; return 0; } @@ -411,12 +420,7 @@ krb5_vlog(krb5_context context, va_list ap) __attribute__((format (printf, 4, 0))) { - char *msg; - krb5_error_code ret; - - ret = krb5_vlog_msg(context, fac, &msg, level, fmt, ap); - free(msg); - return ret; + return krb5_vlog_msg(context, fac, NULL, level, fmt, ap); } krb5_error_code diff --git a/crypto/heimdal/lib/krb5/mk_error.c b/crypto/heimdal/lib/krb5/mk_error.c index 249f478..ae9e10a 100644 --- a/crypto/heimdal/lib/krb5/mk_error.c +++ b/crypto/heimdal/lib/krb5/mk_error.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: mk_error.c,v 1.17 2002/03/27 09:29:43 joda Exp $"); +RCSID("$Id: mk_error.c,v 1.18 2002/09/04 16:26:04 joda Exp $"); krb5_error_code krb5_mk_error(krb5_context context, @@ -47,8 +47,6 @@ krb5_mk_error(krb5_context context, krb5_data *reply) { KRB_ERROR msg; - u_char *buf; - size_t buf_size; int32_t sec, usec; size_t len; krb5_error_code ret = 0; @@ -84,45 +82,10 @@ krb5_mk_error(krb5_context context, msg.cname = &client->name; } - buf_size = 1024; - buf = malloc (buf_size); - if (buf == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - - do { - ret = encode_KRB_ERROR(buf + buf_size - 1, - buf_size, - &msg, - &len); - if (ret) { - if (ret == ASN1_OVERFLOW) { - u_char *tmp; - - buf_size *= 2; - tmp = realloc (buf, buf_size); - if (tmp == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - buf = tmp; - } else { - goto out; - } - } - } while (ret == ASN1_OVERFLOW); - - reply->length = len; - reply->data = malloc(len); - if (reply->data == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - memcpy (reply->data, buf + buf_size - len, len); -out: - free (buf); - return ret; + ASN1_MALLOC_ENCODE(KRB_ERROR, reply->data, reply->length, &msg, &len, ret); + if (ret) + return ret; + if(reply->length != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + return 0; } diff --git a/crypto/heimdal/lib/krb5/mk_priv.c b/crypto/heimdal/lib/krb5/mk_priv.c index 3f49a41..b89f7e9 100644 --- a/crypto/heimdal/lib/krb5/mk_priv.c +++ b/crypto/heimdal/lib/krb5/mk_priv.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,12 +33,9 @@ #include <krb5_locl.h> -RCSID("$Id: mk_priv.c,v 1.30 2001/06/18 02:44:54 assar Exp $"); - -/* - * - */ +RCSID("$Id: mk_priv.c,v 1.31 2002/09/04 16:26:04 joda Exp $"); + krb5_error_code krb5_mk_priv(krb5_context context, krb5_auth_context auth_context, @@ -83,35 +80,11 @@ krb5_mk_priv(krb5_context context, part.s_address = auth_context->local_address; part.r_address = auth_context->remote_address; - buf_size = 1024; - buf = malloc (buf_size); - if (buf == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - krb5_data_zero (&s.enc_part.cipher); - do { - ret = encode_EncKrbPrivPart (buf + buf_size - 1, buf_size, - &part, &len); - if (ret) { - if (ret == ASN1_OVERFLOW) { - u_char *tmp; - - buf_size *= 2; - tmp = realloc (buf, buf_size); - if (tmp == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - ret = ENOMEM; - goto fail; - } - buf = tmp; - } else { - goto fail; - } - } - } while(ret == ASN1_OVERFLOW); + ASN1_MALLOC_ENCODE(EncKrbPrivPart, buf, buf_size, &part, &len, ret); + if (ret) + goto fail; s.pvno = 5; s.msg_type = krb_priv; @@ -134,37 +107,21 @@ krb5_mk_priv(krb5_context context, free(buf); return ret; } + free(buf); + - do { - ret = encode_KRB_PRIV (buf + buf_size - 1, buf_size, &s, &len); - - if (ret){ - if (ret == ASN1_OVERFLOW) { - u_char *tmp; - - buf_size *= 2; - tmp = realloc (buf, buf_size); - if (tmp == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - ret = ENOMEM; - goto fail; - } - buf = tmp; - } else { - goto fail; - } - } - } while(ret == ASN1_OVERFLOW); + ASN1_MALLOC_ENCODE(KRB_PRIV, buf, buf_size, &s, &len, ret); + + if(ret) + goto fail; krb5_data_free (&s.enc_part.cipher); - outbuf->length = len; - outbuf->data = malloc (len); - if (outbuf->data == NULL) { + ret = krb5_data_copy(outbuf, buf + buf_size - len, len); + if (ret) { krb5_set_error_string (context, "malloc: out of memory"); free(buf); return ENOMEM; } - memcpy (outbuf->data, buf + buf_size - len, len); free (buf); if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) auth_context->local_seqnumber = diff --git a/crypto/heimdal/lib/krb5/mk_rep.c b/crypto/heimdal/lib/krb5/mk_rep.c index fc6b4f2..b955555 100644 --- a/crypto/heimdal/lib/krb5/mk_rep.c +++ b/crypto/heimdal/lib/krb5/mk_rep.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: mk_rep.c,v 1.19 2001/05/14 06:14:49 assar Exp $"); +RCSID("$Id: mk_rep.c,v 1.20 2002/09/04 16:26:05 joda Exp $"); krb5_error_code krb5_mk_rep(krb5_context context, @@ -72,21 +72,10 @@ krb5_mk_rep(krb5_context context, ap.enc_part.etype = auth_context->keyblock->keytype; ap.enc_part.kvno = NULL; - buf_size = length_EncAPRepPart(&body); - buf = malloc (buf_size); - if (buf == NULL) { - free_EncAPRepPart (&body); - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - - ret = krb5_encode_EncAPRepPart (context, - buf + buf_size - 1, - buf_size, - &body, - &len); - + ASN1_MALLOC_ENCODE(EncAPRepPart, buf, buf_size, &body, &len, ret); free_EncAPRepPart (&body); + if(ret) + return ret; ret = krb5_crypto_init(context, auth_context->keyblock, 0 /* ap.enc_part.etype */, &crypto); if (ret) { @@ -105,20 +94,7 @@ krb5_mk_rep(krb5_context context, return ret; } - buf_size = length_AP_REP(&ap); - buf = realloc(buf, buf_size); - if(buf == NULL) { - free_AP_REP (&ap); - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - ret = encode_AP_REP (buf + buf_size - 1, buf_size, &ap, &len); - + ASN1_MALLOC_ENCODE(AP_REP, outbuf->data, outbuf->length, &ap, &len, ret); free_AP_REP (&ap); - - if(len != buf_size) - krb5_abortx(context, "krb5_mk_rep: encoded length != calculated length"); - outbuf->data = buf; - outbuf->length = len; - return 0; + return ret; } diff --git a/crypto/heimdal/lib/krb5/mk_req_ext.c b/crypto/heimdal/lib/krb5/mk_req_ext.c index 5ab7a1c..aa5e3c4 100644 --- a/crypto/heimdal/lib/krb5/mk_req_ext.c +++ b/crypto/heimdal/lib/krb5/mk_req_ext.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: mk_req_ext.c,v 1.25 2001/05/09 07:15:00 assar Exp $"); +RCSID("$Id: mk_req_ext.c,v 1.26 2002/09/02 17:13:52 joda Exp $"); krb5_error_code krb5_mk_req_internal(krb5_context context, @@ -62,6 +62,12 @@ krb5_mk_req_internal(krb5_context context, if(ret) return ret; + if(ac->local_subkey == NULL && (ap_req_options & AP_OPTS_USE_SUBKEY)) { + ret = krb5_auth_con_generatelocalsubkey(context, ac, &in_creds->session); + if(ret) + return ret; + } + #if 0 { /* This is somewhat bogus since we're possibly overwriting a diff --git a/crypto/heimdal/lib/krb5/mk_safe.c b/crypto/heimdal/lib/krb5/mk_safe.c index 114aa8e..a839df4 100644 --- a/crypto/heimdal/lib/krb5/mk_safe.c +++ b/crypto/heimdal/lib/krb5/mk_safe.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: mk_safe.c,v 1.27 2001/06/18 02:45:15 assar Exp $"); +RCSID("$Id: mk_safe.c,v 1.28 2002/09/04 16:26:05 joda Exp $"); krb5_error_code krb5_mk_safe(krb5_context context, @@ -48,7 +48,6 @@ krb5_mk_safe(krb5_context context, KerberosTime sec2; int usec2; u_char *buf = NULL; - void *tmp; size_t buf_size; size_t len; u_int32_t tmp_seq; @@ -85,17 +84,11 @@ krb5_mk_safe(krb5_context context, s.cksum.checksum.data = NULL; s.cksum.checksum.length = 0; - buf_size = length_KRB_SAFE(&s); - buf = malloc(buf_size + 128); /* add some for checksum */ - if(buf == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - ret = encode_KRB_SAFE (buf + buf_size - 1, buf_size, &s, &len); - if (ret) { - free (buf); + ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, &s, &len, ret); + if (ret) return ret; - } + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); ret = krb5_crypto_init(context, key, 0, &crypto); if (ret) { free (buf); @@ -105,7 +98,7 @@ krb5_mk_safe(krb5_context context, crypto, KRB5_KU_KRB_SAFE_CKSUM, 0, - buf + buf_size - len, + buf, len, &s.cksum); krb5_crypto_destroy(context, crypto); @@ -114,27 +107,16 @@ krb5_mk_safe(krb5_context context, return ret; } - buf_size = length_KRB_SAFE(&s); - tmp = realloc(buf, buf_size); - if(tmp == NULL) { - free(buf); - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - buf = tmp; - - ret = encode_KRB_SAFE (buf + buf_size - 1, buf_size, &s, &len); + free(buf); + ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, &s, &len, ret); free_Checksum (&s.cksum); + if(ret) + return ret; + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); outbuf->length = len; - outbuf->data = malloc (len); - if (outbuf->data == NULL) { - free (buf); - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - memcpy (outbuf->data, buf + buf_size - len, len); - free (buf); + outbuf->data = buf; if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) auth_context->local_seqnumber = (auth_context->local_seqnumber + 1) & 0xFFFFFFFF; diff --git a/crypto/heimdal/lib/krb5/name-45-test.c b/crypto/heimdal/lib/krb5/name-45-test.c new file mode 100644 index 0000000..373586e --- /dev/null +++ b/crypto/heimdal/lib/krb5/name-45-test.c @@ -0,0 +1,277 @@ +/* + * Copyright (c) 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of KTH nor the names of its contributors may be + * used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + +#include "krb5_locl.h" + +RCSID("$Id: name-45-test.c,v 1.2 2002/08/31 03:33:07 assar Exp $"); + +enum { MAX_COMPONENTS = 3 }; + +static struct testcase { + const char *v4_name; + const char *v4_inst; + const char *v4_realm; + + krb5_realm v5_realm; + unsigned ncomponents; + char *comp_val[MAX_COMPONENTS]; + + const char *config_file; + krb5_error_code ret; /* expected error code from 524 */ + + krb5_error_code ret2; /* expected error code from 425 */ +} tests[] = { + {"", "", "", "", 1, {""}, NULL, 0, 0}, + {"a", "", "", "", 1, {"a"}, NULL, 0, 0}, + {"a", "b", "", "", 2, {"a", "b"}, NULL, 0, 0}, + {"a", "b", "c", "c", 2, {"a", "b"}, NULL, 0, 0}, + + {"krbtgt", "FOO.SE", "FOO.SE", "FOO.SE", 2, + {"krbtgt", "FOO.SE"}, NULL, 0, 0}, + + {"foo", "bar", "BAZ", "BAZ", 2, + {"foo", "bar"}, NULL, 0, 0}, + {"foo", "bar", "BAZ", "BAZ", 2, + {"foo", "bar"}, + "[libdefaults]\n" + " v4_name_convert = {\n" + " host = {\n" + " foo = foo5\n" + " }\n" + "}\n", + HEIM_ERR_V4_PRINC_NO_CONV, 0}, + {"foo", "bar", "BAZ", "BAZ", 2, + {"foo5", "bar.baz"}, + "[realms]\n" + " BAZ = {\n" + " v4_name_convert = {\n" + " host = {\n" + " foo = foo5\n" + " }\n" + " }\n" + " v4_instance_convert = {\n" + " bar = bar.baz\n" + " }\n" + " }\n", + 0, 0}, + + {"rcmd", "foo", "realm", "realm", 2, {"host", "foo"}, NULL, + HEIM_ERR_V4_PRINC_NO_CONV, 0}, + {"rcmd", "foo", "realm", "realm", 2, {"host", "foo.realm"}, + "[realms]\n" + " realm = {\n" + " v4_instance_convert = {\n" + " foo = foo.realm\n" + " }\n" + " }\n", + 0, 0}, + + {"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2, + {"pop", "mail0.nada.kth.se"}, NULL, HEIM_ERR_V4_PRINC_NO_CONV, 0}, + {"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2, + {"pop", "mail0.nada.kth.se"}, + "[realms]\n" + " NADA.KTH.SE = {\n" + " default_domain = nada.kth.se\n" + " }\n", + 0, 0}, + {"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2, + {"pop", "mail0.nada.kth.se"}, + "[libdefaults]\n" + " v4_instance_resolve = true\n", + HEIM_ERR_V4_PRINC_NO_CONV, 0}, + + {"rcmd", "ratatosk", "NADA.KTH.SE", "NADA.KTH.SE", 2, + {"host", "ratatosk.pdc.kth.se"}, NULL, HEIM_ERR_V4_PRINC_NO_CONV, 0}, + {"rcmd", "ratatosk", "NADA.KTH.SE", "NADA.KTH.SE", 2, + {"host", "ratatosk.pdc.kth.se"}, + "[libdefaults]\n" + " v4_instance_resolve = true\n" + "[realms]\n" + " NADA.KTH.SE = {\n" + " v4_name_convert = {\n" + " host = {\n" + " rcmd = host\n" + " }\n" + " }\n" + " default_domain = pdc.kth.se\n" + " }\n", + 0, 0}, + + {"0123456789012345678901234567890123456789", + "0123456789012345678901234567890123456789", + "0123456789012345678901234567890123456789", + "0123456789012345678901234567890123456789", + 2, {"0123456789012345678901234567890123456789", + "0123456789012345678901234567890123456789"}, NULL, + 0, KRB5_PARSE_MALFORMED}, + + {"012345678901234567890123456789012345678", + "012345678901234567890123456789012345678", + "012345678901234567890123456789012345678", + "012345678901234567890123456789012345678", + 2, {"012345678901234567890123456789012345678", + "012345678901234567890123456789012345678"}, NULL, + 0, 0}, + + {NULL, NULL, NULL, NULL, 0, {}, NULL, 0} +}; + +int +main(int argc, char **argv) +{ + struct testcase *t; + krb5_context context; + krb5_error_code ret; + int val = 0; + + for (t = tests; t->v4_name; ++t) { + krb5_principal princ; + int i; + char name[40], inst[40], realm[40]; + char printable_princ[256]; + + ret = krb5_init_context (&context); + if (ret) + errx (1, "krb5_init_context failed: %d", ret); + + if (t->config_file != NULL) { + char template[] = "/tmp/krb5-conf-XXXXXX"; + int fd = mkstemp(template); + char *files[2]; + + if (fd < 0) + krb5_err (context, 1, errno, "mkstemp %s", template); + + if (write (fd, t->config_file, strlen(t->config_file)) + != strlen(t->config_file)) + krb5_err (context, 1, errno, "write %s", template); + close (fd); + files[0] = template; + files[1] = NULL; + + ret = krb5_set_config_files (context, files); + unlink (template); + if (ret) + krb5_err (context, 1, ret, "krb5_set_config_files"); + } + + ret = krb5_425_conv_principal (context, + t->v4_name, + t->v4_inst, + t->v4_realm, + &princ); + if (ret) { + if (ret != t->ret) { + krb5_warn (context, ret, + "krb5_425_conv_principal %s.%s@%s", + t->v4_name, t->v4_inst, t->v4_realm); + val = 1; + } + } else { + if (t->ret) { + krb5_warnx (context, + "krb5_425_conv_principal %s.%s@%s " + "passed unexpected", + t->v4_name, t->v4_inst, t->v4_realm); + val = 1; + continue; + } + } + + if (ret) + continue; + + if (strcmp (t->v5_realm, princ->realm) != 0) { + printf ("wrong realm (\"%s\" should be \"%s\")" + " for \"%s.%s@%s\"\n", + princ->realm, t->v5_realm, + t->v4_name, + t->v4_inst, + t->v4_realm); + val = 1; + } + + if (t->ncomponents != princ->name.name_string.len) { + printf ("wrong number of components (%u should be %u)" + " for \"%s.%s@%s\"\n", + princ->name.name_string.len, t->ncomponents, + t->v4_name, + t->v4_inst, + t->v4_realm); + val = 1; + } else { + for (i = 0; i < t->ncomponents; ++i) { + if (strcmp(t->comp_val[i], + princ->name.name_string.val[i]) != 0) { + printf ("bad component %d (\"%s\" should be \"%s\")" + " for \"%s.%s@%s\"\n", + i, + princ->name.name_string.val[i], + t->comp_val[i], + t->v4_name, + t->v4_inst, + t->v4_realm); + val = 1; + } + } + } + ret = krb5_524_conv_principal (context, princ, + name, inst, realm); + if (krb5_unparse_name_fixed(context, princ, + printable_princ, sizeof(printable_princ))) + strlcpy(printable_princ, "unknown principal", + sizeof(printable_princ)); + if (ret) { + if (ret != t->ret2) { + krb5_warn (context, ret, + "krb5_524_conv_principal %s", printable_princ); + val = 1; + } + } else { + if (t->ret2) { + krb5_warnx (context, + "krb5_524_conv_principal %s " + "passed unexpected", printable_princ); + val = 1; + continue; + } + } + if (ret) { + krb5_free_principal (context, princ); + continue; + } + + krb5_free_principal (context, princ); + } + return val; +} diff --git a/crypto/heimdal/lib/krb5/prompter_posix.c b/crypto/heimdal/lib/krb5/prompter_posix.c index 4b9c573..4aea3a4 100644 --- a/crypto/heimdal/lib/krb5/prompter_posix.c +++ b/crypto/heimdal/lib/krb5/prompter_posix.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: prompter_posix.c,v 1.6 2001/05/11 20:26:49 assar Exp $"); +RCSID("$Id: prompter_posix.c,v 1.7 2002/09/16 17:32:11 nectar Exp $"); int krb5_prompter_posix (krb5_context context, @@ -65,8 +65,7 @@ krb5_prompter_posix (krb5_context context, prompts[i].reply->length, stdin) == NULL) return 1; - if(s[strlen(s) - 1] == '\n') - s[strlen(s) - 1] = '\0'; + s[strcspn(s, "\n")] = '\0'; } } return 0; diff --git a/crypto/heimdal/lib/krb5/rd_cred.c b/crypto/heimdal/lib/krb5/rd_cred.c index 401770b..4a7d74c 100644 --- a/crypto/heimdal/lib/krb5/rd_cred.c +++ b/crypto/heimdal/lib/krb5/rd_cred.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: rd_cred.c,v 1.17 2002/08/09 17:07:12 joda Exp $"); +RCSID("$Id: rd_cred.c,v 1.18 2002/09/04 16:26:05 joda Exp $"); krb5_error_code krb5_rd_cred(krb5_context context, @@ -214,7 +214,6 @@ krb5_rd_cred(krb5_context context, for (i = 0; i < enc_krb_cred_part.ticket_info.len; ++i) { KrbCredInfo *kci = &enc_krb_cred_part.ticket_info.val[i]; krb5_creds *creds; - u_char buf[1024]; size_t len; creds = calloc(1, sizeof(*creds)); @@ -224,12 +223,12 @@ krb5_rd_cred(krb5_context context, goto out; } - ret = encode_Ticket (buf + sizeof(buf) - 1, sizeof(buf), - &cred.tickets.val[i], - &len); + ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length, + &cred.tickets.val[i], &len, ret); if (ret) goto out; - krb5_data_copy (&creds->ticket, buf + sizeof(buf) - len, len); + if(creds->ticket.length != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); copy_EncryptionKey (&kci->key, &creds->session); if (kci->prealm && kci->pname) principalname2krb5_principal (&creds->client, diff --git a/crypto/heimdal/lib/krb5/rd_safe.c b/crypto/heimdal/lib/krb5/rd_safe.c index 71271c6..bbba237 100644 --- a/crypto/heimdal/lib/krb5/rd_safe.c +++ b/crypto/heimdal/lib/krb5/rd_safe.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: rd_safe.c,v 1.26 2002/02/14 12:47:47 joda Exp $"); +RCSID("$Id: rd_safe.c,v 1.27 2002/09/04 16:26:05 joda Exp $"); static krb5_error_code verify_checksum(krb5_context context, @@ -53,19 +53,11 @@ verify_checksum(krb5_context context, safe->cksum.checksum.data = NULL; safe->cksum.checksum.length = 0; - buf_size = length_KRB_SAFE(safe); - buf = malloc(buf_size); - - if (buf == NULL) { - ret = ENOMEM; - krb5_set_error_string (context, "malloc: out of memory"); - goto out; - } - - ret = encode_KRB_SAFE (buf + buf_size - 1, - buf_size, - safe, - &len); + ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, safe, &len, ret); + if(ret) + return ret; + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); if (auth_context->remote_subkey) key = auth_context->remote_subkey; diff --git a/crypto/heimdal/lib/krb5/sendauth.c b/crypto/heimdal/lib/krb5/sendauth.c index 8f2c544..c2889ee 100644 --- a/crypto/heimdal/lib/krb5/sendauth.c +++ b/crypto/heimdal/lib/krb5/sendauth.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: sendauth.c,v 1.18 2001/05/14 06:14:51 assar Exp $"); +RCSID("$Id: sendauth.c,v 1.19 2002/09/04 21:34:43 joda Exp $"); /* * The format seems to be: @@ -86,6 +86,7 @@ krb5_sendauth(krb5_context context, krb5_principal this_client = NULL; krb5_creds *creds; ssize_t sret; + krb5_boolean my_ccache = FALSE; len = strlen(version) + 1; net_len = htonl(len); @@ -125,12 +126,16 @@ krb5_sendauth(krb5_context context, ret = krb5_cc_default (context, &ccache); if (ret) return ret; + my_ccache = TRUE; } if (client == NULL) { ret = krb5_cc_get_principal (context, ccache, &this_client); - if (ret) + if (ret) { + if(my_ccache) + krb5_cc_close(context, ccache); return ret; + } client = this_client; } memset(&this_cred, 0, sizeof(this_cred)); @@ -142,11 +147,16 @@ krb5_sendauth(krb5_context context, } if (in_creds->ticket.length == 0) { ret = krb5_get_credentials (context, 0, ccache, in_creds, &creds); - if (ret) + if (ret) { + if(my_ccache) + krb5_cc_close(context, ccache); return ret; + } } else { creds = in_creds; } + if(my_ccache) + krb5_cc_close(context, ccache); ret = krb5_mk_req_extended (context, auth_context, ap_req_options, diff --git a/crypto/heimdal/lib/krb5/transited.c b/crypto/heimdal/lib/krb5/transited.c index dbe6c80..b587c63 100644 --- a/crypto/heimdal/lib/krb5/transited.c +++ b/crypto/heimdal/lib/krb5/transited.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: transited.c,v 1.8 2001/05/14 06:14:52 assar Exp $"); +RCSID("$Id: transited.c,v 1.9 2002/09/09 14:03:03 nectar Exp $"); /* this is an attempt at one of the most horrible `compression' schemes that has ever been invented; it's so amazingly brain-dead @@ -318,8 +318,9 @@ krb5_domain_x500_decode(krb5_context context, if(ret) return ret; - /* remove empty components */ + /* remove empty components and count realms */ q = &r; + *num_realms = 0; for(p = r; p; ){ if(p->realm[0] == '\0'){ free(p->realm); @@ -329,22 +330,20 @@ krb5_domain_x500_decode(krb5_context context, }else{ q = &p->next; p = p->next; + (*num_realms)++; } } + if (*num_realms < 0 || *num_realms + 1 > UINT_MAX/sizeof(**realms)) + return ERANGE; + { char **R; - *realms = NULL; - *num_realms = 0; + R = malloc((*num_realms + 1) * sizeof(*R)); + if (R == NULL) + return ENOMEM; + *realms = R; while(r){ - R = realloc(*realms, (*num_realms + 1) * sizeof(**realms)); - if(R == NULL) { - free(*realms); - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - R[*num_realms] = r->realm; - (*num_realms)++; - *realms = R; + *R++ = r->realm; p = r->next; free(r); r = p; |
