diff options
Diffstat (limited to 'source4/heimdal/lib/krb5/get_cred.c')
-rw-r--r-- | source4/heimdal/lib/krb5/get_cred.c | 63 |
1 files changed, 33 insertions, 30 deletions
diff --git a/source4/heimdal/lib/krb5/get_cred.c b/source4/heimdal/lib/krb5/get_cred.c index 7f2b57247d7..e3bb23a2e9d 100644 --- a/source4/heimdal/lib/krb5/get_cred.c +++ b/source4/heimdal/lib/krb5/get_cred.c @@ -55,7 +55,7 @@ make_pa_tgs_req(krb5_context context, { u_char *buf; size_t buf_size; - size_t len; + size_t len = 0; krb5_data in_data; krb5_error_code ret; @@ -90,7 +90,7 @@ set_auth_data (krb5_context context, krb5_keyblock *subkey) { if(authdata->len) { - size_t len, buf_size; + size_t len = 0, buf_size; unsigned char *buf; krb5_crypto crypto; krb5_error_code ret; @@ -166,10 +166,11 @@ init_tgs_req (krb5_context context, } t->req_body.etype.val[0] = in_creds->session.keytype; } else { - ret = krb5_init_etype(context, - &t->req_body.etype.len, - &t->req_body.etype.val, - NULL); + ret = _krb5_init_etype(context, + KRB5_PDU_TGS_REQUEST, + &t->req_body.etype.len, + &t->req_body.etype.val, + NULL); } if (ret) goto fail; @@ -235,7 +236,7 @@ init_tgs_req (krb5_context context, goto fail; } { - int i; + size_t i; for (i = 0; i < padata->len; i++) { ret = copy_PA_DATA(&padata->val[i], &t->padata->val[i + 1]); if (ret) { @@ -249,16 +250,16 @@ init_tgs_req (krb5_context context, ret = krb5_auth_con_init(context, &ac); if(ret) goto fail; - + ret = krb5_auth_con_generatelocalsubkey(context, ac, &krbtgt->session); if (ret) goto fail; - + ret = set_auth_data (context, &t->req_body, &in_creds->authdata, ac->local_subkey); if (ret) goto fail; - + ret = make_pa_tgs_req(context, ac, &t->req_body, @@ -334,6 +335,8 @@ decrypt_tkt_with_subkey (krb5_context context, assert(usage == 0); + krb5_data_zero(&data); + /* * start out with trying with subkey if we have one */ @@ -383,7 +386,7 @@ decrypt_tkt_with_subkey (krb5_context context, &dec_rep->enc_part, &size); if (ret) - krb5_set_error_message(context, ret, + krb5_set_error_message(context, ret, N_("Failed to decode encpart in ticket", "")); krb5_data_free (&data); return ret; @@ -408,7 +411,7 @@ get_cred_kdc(krb5_context context, krb5_error_code ret; unsigned nonce; krb5_keyblock *subkey = NULL; - size_t len; + size_t len = 0; Ticket second_ticket_data; METHOD_DATA padata; @@ -435,12 +438,12 @@ get_cred_kdc(krb5_context context, PA_S4U2Self self; krb5_data data; void *buf; - size_t size; + size_t size = 0; self.name = impersonate_principal->name; self.realm = impersonate_principal->realm; self.auth = estrdup("Kerberos"); - + ret = _krb5_s4u2self_to_checksumdata(context, &self, &data); if (ret) { free(self.auth); @@ -475,7 +478,7 @@ get_cred_kdc(krb5_context context, goto out; if (len != size) krb5_abortx(context, "internal asn1 error"); - + ret = krb5_padata_add(context, &padata, KRB5_PADATA_FOR_USER, buf, len); if (ret) goto out; @@ -609,7 +612,7 @@ get_cred_kdc_address(krb5_context context, krb5_appdefault_boolean(context, NULL, krbtgt->server->realm, "no-addresses", FALSE, &noaddr); - + if (!noaddr) { krb5_get_all_client_addrs(context, &addresses); /* XXX this sucks. */ @@ -734,7 +737,7 @@ get_cred_kdc_capath_worker(krb5_context context, krb5_creds *in_creds, krb5_const_realm try_realm, krb5_principal impersonate_principal, - Ticket *second_ticket, + Ticket *second_ticket, krb5_creds **out_creds, krb5_creds ***ret_tgts) { @@ -809,7 +812,7 @@ get_cred_kdc_capath_worker(krb5_context context, krb5_free_principal(context, tmp_creds.client); return ret; } - /* + /* * if either of the chain or the ok_as_delegate was stripped * by the kdc, make sure we strip it too. */ @@ -842,7 +845,7 @@ get_cred_kdc_capath_worker(krb5_context context, return ret; } } - + krb5_free_principal(context, tmp_creds.server); krb5_free_principal(context, tmp_creds.client); *out_creds = calloc(1, sizeof(**out_creds)); @@ -860,7 +863,7 @@ get_cred_kdc_capath_worker(krb5_context context, } krb5_free_creds(context, tgt); return ret; -} +} /* get_cred(server) @@ -883,7 +886,7 @@ get_cred_kdc_capath(krb5_context context, krb5_ccache ccache, krb5_creds *in_creds, krb5_principal impersonate_principal, - Ticket *second_ticket, + Ticket *second_ticket, krb5_creds **out_creds, krb5_creds ***ret_tgts) { @@ -918,7 +921,7 @@ get_cred_kdc_referral(krb5_context context, krb5_ccache ccache, krb5_creds *in_creds, krb5_principal impersonate_principal, - Ticket *second_ticket, + Ticket *second_ticket, krb5_creds **out_creds, krb5_creds ***ret_tgts) { @@ -946,7 +949,7 @@ get_cred_kdc_referral(krb5_context context, /* find tgt for the clients base realm */ { krb5_principal tgtname; - + ret = krb5_make_principal(context, &tgtname, client_realm, KRB5_TGS_NAME, @@ -954,7 +957,7 @@ get_cred_kdc_referral(krb5_context context, NULL); if(ret) return ret; - + ret = find_cred(context, ccache, tgtname, *ret_tgts, &tgt); krb5_free_principal(context, tgtname); if (ret) @@ -1032,9 +1035,9 @@ get_cred_kdc_referral(krb5_context context, goto out; } tickets++; - } + } - /* + /* * if either of the chain or the ok_as_delegate was stripped * by the kdc, make sure we strip it too. */ @@ -1080,7 +1083,7 @@ _krb5_get_cred_kdc_any(krb5_context context, krb5_ccache ccache, krb5_creds *in_creds, krb5_principal impersonate_principal, - Ticket *second_ticket, + Ticket *second_ticket, krb5_creds **out_creds, krb5_creds ***ret_tgts) { @@ -1165,7 +1168,7 @@ krb5_get_credentials_with_flags(krb5_context context, *out_creds = res_creds; return 0; } - + krb5_timeofday(context, &timeret); if(res_creds->times.endtime > timeret) { *out_creds = res_creds; @@ -1382,7 +1385,7 @@ krb5_get_creds(krb5_context context, krb5_free_principal(context, in_creds.client); goto out; } - + krb5_timeofday(context, &timeret); if(res_creds->times.endtime > timeret) { *out_creds = res_creds; @@ -1467,7 +1470,7 @@ krb5_get_renewed_creds(krb5_context context, } } else { const char *realm = krb5_principal_get_realm(context, client); - + ret = krb5_make_principal(context, &in.server, realm, KRB5_TGS_NAME, realm, NULL); if (ret) { |