diff options
Diffstat (limited to 'third_party/heimdal/kdc/fast.c')
-rw-r--r-- | third_party/heimdal/kdc/fast.c | 35 |
1 files changed, 20 insertions, 15 deletions
diff --git a/third_party/heimdal/kdc/fast.c b/third_party/heimdal/kdc/fast.c index d4cd650284b..25cab3096b7 100644 --- a/third_party/heimdal/kdc/fast.c +++ b/third_party/heimdal/kdc/fast.c @@ -108,7 +108,8 @@ get_fastuser_crypto(astgs_request_t r, krb5_crypto *crypto) { krb5_principal fast_princ; - hdb_entry_ex *fast_user = NULL; + HDB *fast_db; + hdb_entry *fast_user = NULL; Key *cookie_key = NULL; krb5_crypto fast_crypto = NULL; krb5_error_code ret; @@ -122,7 +123,7 @@ get_fastuser_crypto(astgs_request_t r, goto out; ret = _kdc_db_fetch(r->context, r->config, fast_princ, - HDB_F_GET_FAST_COOKIE, NULL, NULL, &fast_user); + HDB_F_GET_FAST_COOKIE, NULL, &fast_db, &fast_user); if (ret) goto out; @@ -130,7 +131,7 @@ get_fastuser_crypto(astgs_request_t r, ret = _kdc_get_preferred_key(r->context, r->config, fast_user, "fast-cookie", &enctype, &cookie_key); else - ret = hdb_enctype2key(r->context, &fast_user->entry, NULL, + ret = hdb_enctype2key(r->context, fast_user, NULL, enctype, &cookie_key); if (ret) goto out; @@ -148,7 +149,7 @@ get_fastuser_crypto(astgs_request_t r, out: if (fast_user) - _kdc_free_ent(r->context, fast_user); + _kdc_free_ent(r->context, fast_db, fast_user); if (fast_crypto) krb5_crypto_destroy(r->context, fast_crypto); krb5_free_principal(r->context, fast_princ); @@ -457,7 +458,7 @@ fast_unwrap_request(astgs_request_t r, krb5_principal armor_server_principal = NULL; char *armor_client_principal_name = NULL; char *armor_server_principal_name = NULL; - PA_FX_FAST_REQUEST fxreq = {0}; + PA_FX_FAST_REQUEST fxreq; krb5_auth_context ac = NULL; krb5_ticket *ticket = NULL; krb5_flags ap_req_options; @@ -466,12 +467,15 @@ fast_unwrap_request(astgs_request_t r, krb5_boolean explicit_armor; krb5_error_code ret; krb5_ap_req ap_req; - KrbFastReq fastreq = {0}; + KrbFastReq fastreq; const PA_DATA *pa; krb5_data data; size_t len; int i = 0; + memset(&fxreq, 0, sizeof(fxreq)); + memset(&fastreq, 0, sizeof(fastreq)); + pa = _kdc_find_padata(&r->req, &i, KRB5_PADATA_FX_FAST); if (pa == NULL) { if (tgs_ac && r->fast_asserted) { @@ -548,7 +552,7 @@ fast_unwrap_request(astgs_request_t r, ret = _kdc_db_fetch(r->context, r->config, armor_server_principal, HDB_F_GET_KRBTGT | HDB_F_DELAY_NEW_KEYS, (krb5uint32 *)ap_req.ticket.enc_part.kvno, - NULL, &r->armor_server); + &r->armor_serverdb, &r->armor_server); if(ret == HDB_ERR_NOT_FOUND_HERE) { free_AP_REQ(&ap_req); kdc_log(r->context, r->config, 5, @@ -561,7 +565,7 @@ fast_unwrap_request(astgs_request_t r, goto out; } - ret = hdb_enctype2key(r->context, &r->armor_server->entry, NULL, + ret = hdb_enctype2key(r->context, r->armor_server, NULL, ap_req.ticket.enc_part.etype, &r->armor_key); if (ret) { @@ -591,8 +595,8 @@ fast_unwrap_request(astgs_request_t r, &r->armor_ticket->ticket, armor_server_principal_name); if (ret) { - _kdc_audit_addreason((kdc_request_t)r, - "Armor TGT expired or invalid"); + kdc_audit_addreason((kdc_request_t)r, + "Armor TGT expired or invalid"); goto out; } ticket = r->armor_ticket; @@ -603,8 +607,8 @@ fast_unwrap_request(astgs_request_t r, } krb5_unparse_name(r->context, ticket->client, &armor_client_principal_name); - _kdc_audit_addkv((kdc_request_t)r, 0, "armor_client_name", "%s", - armor_client_principal_name ? armor_client_principal_name : "<unknown>"); + kdc_audit_addkv((kdc_request_t)r, 0, "armor_client_name", "%s", + armor_client_principal_name ? armor_client_principal_name : "<unknown>"); if (ac->remote_subkey == NULL) { krb5_auth_con_free(r->context, ac); @@ -833,7 +837,8 @@ _kdc_fast_check_armor_pac(astgs_request_t r) krb5_boolean ad_kdc_issued = FALSE; krb5_pac mspac = NULL; krb5_principal armor_client_principal = NULL; - hdb_entry_ex *armor_client = NULL; + HDB *armor_db; + hdb_entry *armor_client = NULL; char *armor_client_principal_name = NULL; flags = HDB_F_FOR_TGS_REQ; @@ -856,7 +861,7 @@ _kdc_fast_check_armor_pac(astgs_request_t r) ret = _kdc_db_fetch_client(r->context, r->config, flags, armor_client_principal, armor_client_principal_name, - r->req.req_body.realm, NULL, &armor_client); + r->req.req_body.realm, &armor_db, &armor_client); if (ret) goto out; @@ -885,7 +890,7 @@ _kdc_fast_check_armor_pac(astgs_request_t r) out: krb5_xfree(armor_client_principal_name); if (armor_client) - _kdc_free_ent(r->context, armor_client); + _kdc_free_ent(r->context, armor_db, armor_client); krb5_free_principal(r->context, armor_client_principal); krb5_pac_free(r->context, mspac); |