summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/lib/krb5/transited.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/lib/krb5/transited.c')
-rw-r--r--crypto/heimdal/lib/krb5/transited.c44
1 files changed, 31 insertions, 13 deletions
diff --git a/crypto/heimdal/lib/krb5/transited.c b/crypto/heimdal/lib/krb5/transited.c
index 1faf378..dbe6c80 100644
--- a/crypto/heimdal/lib/krb5/transited.c
+++ b/crypto/heimdal/lib/krb5/transited.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: transited.c,v 1.7 2000/02/07 13:30:41 joda Exp $");
+RCSID("$Id: transited.c,v 1.8 2001/05/14 06:14:52 assar Exp $");
/* this is an attempt at one of the most horrible `compression'
schemes that has ever been invented; it's so amazingly brain-dead
@@ -61,7 +61,8 @@ free_realms(struct tr_realm *r)
}
static int
-make_path(struct tr_realm *r, const char *from, const char *to)
+make_path(krb5_context context, struct tr_realm *r,
+ const char *from, const char *to)
{
const char *p;
struct tr_realm *path = r->next;
@@ -78,8 +79,10 @@ make_path(struct tr_realm *r, const char *from, const char *to)
p = from;
while(1){
p = strchr(p, '.');
- if(p == NULL)
+ if(p == NULL) {
+ krb5_clear_error_string (context);
return KRB5KDC_ERR_POLICY;
+ }
p++;
if(strcmp(p, to) == 0)
break;
@@ -89,6 +92,7 @@ make_path(struct tr_realm *r, const char *from, const char *to)
path->realm = strdup(p);
if(path->realm == NULL){
r->next = path; /* XXX */
+ krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;;
}
}
@@ -106,21 +110,25 @@ make_path(struct tr_realm *r, const char *from, const char *to)
path->realm = malloc(p - from + 1);
if(path->realm == NULL){
r->next = path; /* XXX */
+ krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
memcpy(path->realm, from, p - from);
path->realm[p - from] = '\0';
p--;
}
- }else
+ } else {
+ krb5_clear_error_string (context);
return KRB5KDC_ERR_POLICY;
+ }
r->next = path;
return 0;
}
static int
-make_paths(struct tr_realm *realms, const char *client_realm,
+make_paths(krb5_context context,
+ struct tr_realm *realms, const char *client_realm,
const char *server_realm)
{
struct tr_realm *r;
@@ -138,7 +146,7 @@ make_paths(struct tr_realm *realms, const char *client_realm,
next_realm = r->next->realm;
else
next_realm = server_realm;
- ret = make_path(r, prev_realm, next_realm);
+ ret = make_path(context, r, prev_realm, next_realm);
if(ret){
free_realms(realms);
return ret;
@@ -150,7 +158,8 @@ make_paths(struct tr_realm *realms, const char *client_realm,
}
static int
-expand_realms(struct tr_realm *realms, const char *client_realm)
+expand_realms(krb5_context context,
+ struct tr_realm *realms, const char *client_realm)
{
struct tr_realm *r;
const char *prev_realm = NULL;
@@ -162,6 +171,7 @@ expand_realms(struct tr_realm *realms, const char *client_realm)
tmp = realloc(r->realm, strlen(r->realm) + strlen(prev_realm) + 1);
if(tmp == NULL){
free_realms(realms);
+ krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
r->realm = tmp;
@@ -173,6 +183,7 @@ expand_realms(struct tr_realm *realms, const char *client_realm)
tmp = malloc(strlen(r->realm) + strlen(prev_realm) + 1);
if(tmp == NULL){
free_realms(realms);
+ krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
strcpy(tmp, prev_realm);
@@ -236,7 +247,8 @@ append_realm(struct tr_realm *head, struct tr_realm *r)
}
static int
-decode_realms(const char *tr, int length, struct tr_realm **realms)
+decode_realms(krb5_context context,
+ const char *tr, int length, struct tr_realm **realms)
{
struct tr_realm *r = NULL;
@@ -261,6 +273,7 @@ decode_realms(const char *tr, int length, struct tr_realm **realms)
r = make_realm(tmp);
if(r == NULL){
free_realms(*realms);
+ krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
*realms = append_realm(*realms, r);
@@ -273,6 +286,7 @@ decode_realms(const char *tr, int length, struct tr_realm **realms)
r = make_realm(tmp);
if(r == NULL){
free_realms(*realms);
+ krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
*realms = append_realm(*realms, r);
@@ -282,7 +296,8 @@ decode_realms(const char *tr, int length, struct tr_realm **realms)
krb5_error_code
-krb5_domain_x500_decode(krb5_data tr, char ***realms, int *num_realms,
+krb5_domain_x500_decode(krb5_context context,
+ krb5_data tr, char ***realms, int *num_realms,
const char *client_realm, const char *server_realm)
{
struct tr_realm *r = NULL;
@@ -290,16 +305,16 @@ krb5_domain_x500_decode(krb5_data tr, char ***realms, int *num_realms,
int ret;
/* split string in components */
- ret = decode_realms(tr.data, tr.length, &r);
+ ret = decode_realms(context, tr.data, tr.length, &r);
if(ret)
return ret;
/* apply prefix rule */
- ret = expand_realms(r, client_realm);
+ ret = expand_realms(context, r, client_realm);
if(ret)
return ret;
- ret = make_paths(r, client_realm, server_realm);
+ ret = make_paths(context, r, client_realm, server_realm);
if(ret)
return ret;
@@ -324,6 +339,7 @@ krb5_domain_x500_decode(krb5_data tr, char ***realms, int *num_realms,
R = realloc(*realms, (*num_realms + 1) * sizeof(**realms));
if(R == NULL) {
free(*realms);
+ krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
R[*num_realms] = r->realm;
@@ -382,6 +398,8 @@ krb5_check_transited_realms(krb5_context context,
char **p;
for(p = bad_realms; *p; p++)
if(strcmp(*p, realms[i]) == 0) {
+ krb5_set_error_string (context, "no transit through realm %s",
+ *p);
ret = KRB5KRB_AP_ERR_ILL_CR_TKT;
if(bad_realm)
*bad_realm = i;
OpenPOWER on IntegriCloud