diff options
Diffstat (limited to 'crypto/heimdal/lib/krb5/recvauth.c')
-rw-r--r-- | crypto/heimdal/lib/krb5/recvauth.c | 246 |
1 files changed, 123 insertions, 123 deletions
diff --git a/crypto/heimdal/lib/krb5/recvauth.c b/crypto/heimdal/lib/krb5/recvauth.c index d72b5c6..0348285 100644 --- a/crypto/heimdal/lib/krb5/recvauth.c +++ b/crypto/heimdal/lib/krb5/recvauth.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: recvauth.c,v 1.16 2002/04/18 09:41:33 joda Exp $"); +RCSID("$Id: recvauth.c 20306 2007-04-11 11:15:55Z lha $"); /* * See `sendauth.c' for the format. @@ -45,7 +45,7 @@ match_exact(const void *data, const char *appl_version) return strcmp(data, appl_version) == 0; } -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION krb5_recvauth(krb5_context context, krb5_auth_context *auth_context, krb5_pointer p_fd, @@ -61,7 +61,7 @@ krb5_recvauth(krb5_context context, keytab, ticket); } -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION krb5_recvauth_match_version(krb5_context context, krb5_auth_context *auth_context, krb5_pointer p_fd, @@ -73,33 +73,54 @@ krb5_recvauth_match_version(krb5_context context, krb5_keytab keytab, krb5_ticket **ticket) { - krb5_error_code ret; - const char *version = KRB5_SENDAUTH_VERSION; - char her_version[sizeof(KRB5_SENDAUTH_VERSION)]; - char *her_appl_version; - u_int32_t len; - u_char repl; - krb5_data data; - krb5_flags ap_options; - ssize_t n; - - /* - * If there are no addresses in auth_context, get them from `fd'. - */ - - if (*auth_context == NULL) { - ret = krb5_auth_con_init (context, auth_context); - if (ret) - return ret; - } - - ret = krb5_auth_con_setaddrs_from_fd (context, - *auth_context, - p_fd); - if (ret) - return ret; - - if(!(flags & KRB5_RECVAUTH_IGNORE_VERSION)) { + krb5_error_code ret; + const char *version = KRB5_SENDAUTH_VERSION; + char her_version[sizeof(KRB5_SENDAUTH_VERSION)]; + char *her_appl_version; + uint32_t len; + u_char repl; + krb5_data data; + krb5_flags ap_options; + ssize_t n; + + /* + * If there are no addresses in auth_context, get them from `fd'. + */ + + if (*auth_context == NULL) { + ret = krb5_auth_con_init (context, auth_context); + if (ret) + return ret; + } + + ret = krb5_auth_con_setaddrs_from_fd (context, + *auth_context, + p_fd); + if (ret) + return ret; + + if(!(flags & KRB5_RECVAUTH_IGNORE_VERSION)) { + n = krb5_net_read (context, p_fd, &len, 4); + if (n < 0) { + ret = errno; + krb5_set_error_string (context, "read: %s", strerror(errno)); + return ret; + } + if (n == 0) { + krb5_set_error_string (context, "Failed to receive sendauth data"); + return KRB5_SENDAUTH_BADAUTHVERS; + } + len = ntohl(len); + if (len != sizeof(her_version) + || krb5_net_read (context, p_fd, her_version, len) != len + || strncmp (version, her_version, len)) { + repl = 1; + krb5_net_write (context, p_fd, &repl, 1); + krb5_clear_error_string (context); + return KRB5_SENDAUTH_BADAUTHVERS; + } + } + n = krb5_net_read (context, p_fd, &len, 4); if (n < 0) { ret = errno; @@ -108,104 +129,83 @@ krb5_recvauth_match_version(krb5_context context, } if (n == 0) { krb5_clear_error_string (context); - return KRB5_SENDAUTH_BADAUTHVERS; + return KRB5_SENDAUTH_BADAPPLVERS; } len = ntohl(len); - if (len != sizeof(her_version) - || krb5_net_read (context, p_fd, her_version, len) != len - || strncmp (version, her_version, len)) { - repl = 1; - krb5_net_write (context, p_fd, &repl, 1); - krb5_clear_error_string (context); - return KRB5_SENDAUTH_BADAUTHVERS; + her_appl_version = malloc (len); + if (her_appl_version == NULL) { + repl = 2; + krb5_net_write (context, p_fd, &repl, 1); + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + if (krb5_net_read (context, p_fd, her_appl_version, len) != len + || !(*match_appl_version)(match_data, her_appl_version)) { + repl = 2; + krb5_net_write (context, p_fd, &repl, 1); + krb5_set_error_string (context, "wrong sendauth version (%s)", + her_appl_version); + free (her_appl_version); + return KRB5_SENDAUTH_BADAPPLVERS; } - } - - n = krb5_net_read (context, p_fd, &len, 4); - if (n < 0) { - ret = errno; - krb5_set_error_string (context, "read: %s", strerror(errno)); - return ret; - } - if (n == 0) { - krb5_clear_error_string (context); - return KRB5_SENDAUTH_BADAPPLVERS; - } - len = ntohl(len); - her_appl_version = malloc (len); - if (her_appl_version == NULL) { - repl = 2; - krb5_net_write (context, p_fd, &repl, 1); - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - if (krb5_net_read (context, p_fd, her_appl_version, len) != len - || !(*match_appl_version)(match_data, her_appl_version)) { - repl = 2; - krb5_net_write (context, p_fd, &repl, 1); - krb5_set_error_string (context, "wrong sendauth version (%s)", - her_appl_version); free (her_appl_version); - return KRB5_SENDAUTH_BADAPPLVERS; - } - free (her_appl_version); - - repl = 0; - if (krb5_net_write (context, p_fd, &repl, 1) != 1) { - ret = errno; - krb5_set_error_string (context, "write: %s", strerror(errno)); - return ret; - } - - krb5_data_zero (&data); - ret = krb5_read_message (context, p_fd, &data); - if (ret) - return ret; - - ret = krb5_rd_req (context, - auth_context, - &data, - server, - keytab, - &ap_options, - ticket); - krb5_data_free (&data); - if (ret) { - krb5_data error_data; - krb5_error_code ret2; - - ret2 = krb5_mk_error (context, - ret, - NULL, - NULL, - NULL, - server, - NULL, - NULL, - &error_data); - if (ret2 == 0) { - krb5_write_message (context, p_fd, &error_data); - krb5_data_free (&error_data); - } - return ret; - } - - len = 0; - if (krb5_net_write (context, p_fd, &len, 4) != 4) { - ret = errno; - krb5_set_error_string (context, "write: %s", strerror(errno)); - return ret; - } - - if (ap_options & AP_OPTS_MUTUAL_REQUIRED) { - ret = krb5_mk_rep (context, *auth_context, &data); - if (ret) - return ret; - ret = krb5_write_message (context, p_fd, &data); + repl = 0; + if (krb5_net_write (context, p_fd, &repl, 1) != 1) { + ret = errno; + krb5_set_error_string (context, "write: %s", strerror(errno)); + return ret; + } + + krb5_data_zero (&data); + ret = krb5_read_message (context, p_fd, &data); if (ret) return ret; + + ret = krb5_rd_req (context, + auth_context, + &data, + server, + keytab, + &ap_options, + ticket); krb5_data_free (&data); - } - return 0; + if (ret) { + krb5_data error_data; + krb5_error_code ret2; + + ret2 = krb5_mk_error (context, + ret, + NULL, + NULL, + NULL, + server, + NULL, + NULL, + &error_data); + if (ret2 == 0) { + krb5_write_message (context, p_fd, &error_data); + krb5_data_free (&error_data); + } + return ret; + } + + len = 0; + if (krb5_net_write (context, p_fd, &len, 4) != 4) { + ret = errno; + krb5_set_error_string (context, "write: %s", strerror(errno)); + return ret; + } + + if (ap_options & AP_OPTS_MUTUAL_REQUIRED) { + ret = krb5_mk_rep (context, *auth_context, &data); + if (ret) + return ret; + + ret = krb5_write_message (context, p_fd, &data); + if (ret) + return ret; + krb5_data_free (&data); + } + return 0; } |