← Back to branch summary

~ubuntu-branches/ubuntu/precise/krb5/precise-updates

« back to all changes in this revision

Viewing changes to src/lib/krb5/krb/val_renew.c

  • Committer: Package Import Robot
  • Author(s): Sam Hartman
  • Date: 2011-12-01 19:34:41 UTC
  • mfrom: (28.1.14 sid)
  • Revision ID: package-import@ubuntu.com-20111201193441-9tipg3aru1jsidyv
Tags: 1.10+dfsg~alpha1-6
http://bugs.debian.org/650671
http://bugs.debian.org/650603
http://bugs.debian.org/650611
* Fix segfault with unknown hostnames in krb5_sname_to_principal,
  Closes: #650671
* Indicate that this library breaks libsmbclient versions that depend on
  krb5_locate_kdc, Closes: #650603, #650611

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/lib/krb5/krb/val_renew.c
1
1
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 
2
/* lib/krb5/krb/val_renew.c */
2
3
/*
3
 
 * lib/krb5/krb/val_renew.c
4
 
 *
5
4
 * Copyright (C) 2010 by the Massachusetts Institute of Technology.
6
5
 * All rights reserved.
7
6
 *
23
22
 * M.I.T. makes no representations about the suitability of
24
23
 * this software for any purpose.  It is provided "as is" without express
25
24
 * or implied warranty.
26
 
 *
27
 
 *
 
25
 */
 
26
 
 
27
/*
28
28
 * Implements the following APIs:
29
29
 *
30
30
 *   krb5_get_credentials_validate
46
46
 */
47
47
static krb5_error_code
48
48
get_new_creds(krb5_context context, krb5_ccache ccache, krb5_creds *in_creds,
49
 
              krb5_flags kdcopt, krb5_creds **out_creds)
 
49
              krb5_flags kdcopt, krb5_creds **out_creds)
50
50
{
51
51
    krb5_error_code code;
52
52
    krb5_creds old_creds, *new_creds = NULL;
55
55
 
56
56
    /* Retrieve an existing cached credential matching in_creds. */
57
57
    code = krb5_cc_retrieve_cred(context, ccache, KRB5_TC_SUPPORTED_KTYPES,
58
 
                                 in_creds, &old_creds);
 
58
                                 in_creds, &old_creds);
59
59
    if (code != 0)
60
 
        return code;
 
60
        return code;
61
61
 
62
62
    /* Use KDC options from old credential as well as requested options. */
63
63
    kdcopt |= (old_creds.ticket_flags & KDC_TKT_COMMON_MASK);
64
64
 
65
65
    /* Use the old credential to get a new credential from the KDC. */
66
66
    code = krb5_get_cred_via_tkt(context, &old_creds, kdcopt,
67
 
                                 old_creds.addresses, in_creds, &new_creds);
 
67
                                 old_creds.addresses, in_creds, &new_creds);
68
68
    krb5_free_cred_contents(context, &old_creds);
69
69
    if (code != 0)
70
 
        return code;
 
70
        return code;
71
71
 
72
72
    *out_creds = new_creds;
73
73
    return code;
80
80
 */
81
81
static krb5_error_code
82
82
gc_valrenew(krb5_context context, krb5_ccache ccache, krb5_creds *in_creds,
83
 
            krb5_flags kdcopt, krb5_creds **out_creds)
 
83
            krb5_flags kdcopt, krb5_creds **out_creds)
84
84
{
85
85
    krb5_error_code code;
86
86
    krb5_creds *new_creds = NULL;
89
89
    /* Get the validated or renewed credential. */
90
90
    code = get_new_creds(context, ccache, in_creds, kdcopt, &new_creds);
91
91
    if (code != 0)
92
 
        goto cleanup;
 
92
        goto cleanup;
93
93
 
94
94
    /* Reinitialize the cache without changing its default principal. */
95
95
    code = krb5_cc_get_principal(context, ccache, &default_princ);
102
102
    /* Store the validated or renewed cred in the now-empty cache. */
103
103
    code = krb5_cc_store_cred(context, ccache, new_creds);
104
104
    if (code != 0)
105
 
        goto cleanup;
 
105
        goto cleanup;
106
106
 
107
107
    *out_creds = new_creds;
108
108
    new_creds = NULL;
135
135
 */
136
136
static krb5_error_code
137
137
get_valrenewed_creds(krb5_context context, krb5_creds *out_creds,
138
 
                     krb5_principal client, krb5_ccache ccache,
139
 
                     char *in_tkt_service, int kdcopt)
 
138
                     krb5_principal client, krb5_ccache ccache,
 
139
                     char *in_tkt_service, int kdcopt)
140
140
{
141
141
    krb5_error_code code;
142
142
    krb5_creds in_creds, *new_creds;
143
143
    krb5_principal server = NULL;
144
144
 
145
145
    if (in_tkt_service != NULL) {
146
 
        /* Parse in_tkt_service, but use the client's realm. */
147
 
        code = krb5_parse_name(context, in_tkt_service, &server);
148
 
        if (code != 0)
149
 
            goto cleanup;
150
 
        krb5_free_data_contents(context, &server->realm);
151
 
        code = krb5int_copy_data_contents(context, &client->realm,
152
 
                                          &server->realm);
153
 
        if (code != 0)
154
 
            goto cleanup;
 
146
        /* Parse in_tkt_service, but use the client's realm. */
 
147
        code = krb5_parse_name(context, in_tkt_service, &server);
 
148
        if (code != 0)
 
149
            goto cleanup;
 
150
        krb5_free_data_contents(context, &server->realm);
 
151
        code = krb5int_copy_data_contents(context, &client->realm,
 
152
                                          &server->realm);
 
153
        if (code != 0)
 
154
            goto cleanup;
155
155
    } else {
156
 
        /* Use the TGT name for the client's realm. */
157
 
        code = krb5int_tgtname(context, &client->realm, &client->realm,
158
 
                               &server);
159
 
        if (code != 0)
160
 
            goto cleanup;
 
156
        /* Use the TGT name for the client's realm. */
 
157
        code = krb5int_tgtname(context, &client->realm, &client->realm,
 
158
                               &server);
 
159
        if (code != 0)
 
160
            goto cleanup;
161
161
    }
162
162
 
163
163
    memset(&in_creds, 0, sizeof(krb5_creds));
167
167
    /* Get the validated or renewed credential from the KDC. */
168
168
    code = get_new_creds(context, ccache, &in_creds, kdcopt, &new_creds);
169
169
    if (code != 0)
170
 
        goto cleanup;
 
170
        goto cleanup;
171
171
 
172
172
    /* Fill in *out_creds and free the unwanted new_creds container. */
173
173
    *out_creds = *new_creds;
180
180
 
181
181
krb5_error_code KRB5_CALLCONV
182
182
krb5_get_validated_creds(krb5_context context, krb5_creds *creds,
183
 
                         krb5_principal client, krb5_ccache ccache,
184
 
                         char *in_tkt_service)
 
183
                         krb5_principal client, krb5_ccache ccache,
 
184
                         char *in_tkt_service)
185
185
{
186
186
    return get_valrenewed_creds(context, creds, client, ccache,
187
 
                                in_tkt_service, KDC_OPT_VALIDATE);
 
187
                                in_tkt_service, KDC_OPT_VALIDATE);
188
188
}
189
189
 
190
190
krb5_error_code KRB5_CALLCONV
191
191
krb5_get_renewed_creds(krb5_context context, krb5_creds *creds,
192
 
                       krb5_principal client, krb5_ccache ccache,
193
 
                       char *in_tkt_service)
 
192
                       krb5_principal client, krb5_ccache ccache,
 
193
                       char *in_tkt_service)
194
194
{
195
195
    return get_valrenewed_creds(context, creds, client, ccache,
196
 
                                in_tkt_service, KDC_OPT_RENEW);
 
196
                                in_tkt_service, KDC_OPT_RENEW);
197
197
}