diff options
| author | Ken Raeburn <raeburn@mit.edu> | 2009-01-30 21:12:30 +0000 |
|---|---|---|
| committer | Ken Raeburn <raeburn@mit.edu> | 2009-01-30 21:12:30 +0000 |
| commit | 2117499b9315239a52bb4437d82d498b04153efa (patch) | |
| tree | 791997fbd5efa95fa70c5012ccaf5f921c782ec7 | |
| parent | 3e594a05624ec3e72c6ea7fdeb360888d8f74e15 (diff) | |
| download | krb5-2117499b9315239a52bb4437d82d498b04153efa.zip krb5-2117499b9315239a52bb4437d82d498b04153efa.tar.gz krb5-2117499b9315239a52bb4437d82d498b04153efa.tar.bz2 | |
merge to trunk r21838; no conflicts; tested on mac, and partially tested on linux
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21839 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | src/include/adm_proto.h | 2 | ||||
| -rw-r--r-- | src/kdc/do_tgs_req.c | 8 | ||||
| -rw-r--r-- | src/kdc/main.c | 76 | ||||
| -rw-r--r-- | src/lib/kadm5/alt_prof.c | 6 | ||||
| -rw-r--r-- | src/lib/kadm5/srv/libkadm5srv.exports | 2 |
5 files changed, 71 insertions, 23 deletions
diff --git a/src/include/adm_proto.h b/src/include/adm_proto.h index 9028da1..47d500d 100644 --- a/src/include/adm_proto.h +++ b/src/include/adm_proto.h @@ -97,7 +97,7 @@ krb5_error_code krb5_read_realm_params (krb5_context, krb5_realm_params **); krb5_error_code krb5_free_realm_params (krb5_context, krb5_realm_params *); -krb5_boolean match_config_pattern(const char *, const char *); +krb5_boolean krb5_match_config_pattern(const char *, const char *); /* str_conv.c */ krb5_error_code diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index ba85583..a6ce704 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -1104,11 +1104,11 @@ prep_reprocess_req(krb5_kdc_req *request, krb5_principal *krbtgt_princ) if ((krb5_princ_type(kdc_context, request->server) == KRB5_NT_SRV_HST || (krb5_princ_type(kdc_context, request->server) == KRB5_NT_UNKNOWN && kdc_active_realm->realm_host_based_services != NULL && - (match_config_pattern(kdc_active_realm->realm_host_based_services, comp1_str) == TRUE || - match_config_pattern(kdc_active_realm->realm_host_based_services, "*") == TRUE))) && + (krb5_match_config_pattern(kdc_active_realm->realm_host_based_services, comp1_str) == TRUE || + krb5_match_config_pattern(kdc_active_realm->realm_host_based_services, "*") == TRUE))) && (kdc_active_realm->realm_no_host_referral == NULL || - (match_config_pattern(kdc_active_realm->realm_no_host_referral, "*") == FALSE && - match_config_pattern(kdc_active_realm->realm_no_host_referral, comp1_str) == FALSE))) { + (krb5_match_config_pattern(kdc_active_realm->realm_no_host_referral, "*") == FALSE && + krb5_match_config_pattern(kdc_active_realm->realm_no_host_referral, comp1_str) == FALSE))) { for (len=0; len < comp2->length; len++) { if (comp2->data[len] == '.') break; diff --git a/src/kdc/main.c b/src/kdc/main.c index 0c9ea2f..bb4d758 100644 --- a/src/kdc/main.c +++ b/src/kdc/main.c @@ -176,13 +176,17 @@ handle_referral_params(krb5_realm_params *rparams, { krb5_error_code retval = 0; - if (no_refrls && match_config_pattern(no_refrls, "*") == TRUE) + if (no_refrls && krb5_match_config_pattern(no_refrls, "*") == TRUE) { rdp->realm_no_host_referral = strdup("*"); - else { + if (!rdp->realm_no_host_referral) + retval = ENOMEM; + } else { if (rparams && rparams->realm_no_host_referral) { - if (match_config_pattern(rparams->realm_no_host_referral, "*") == TRUE) + if (krb5_match_config_pattern(rparams->realm_no_host_referral, "*") == TRUE) { rdp->realm_no_host_referral = strdup("*"); - else if (no_refrls && (asprintf(&(rdp->realm_no_host_referral), "%s%s%s%s%s", + if (!rdp->realm_no_host_referral) + retval = ENOMEM; + } else if (no_refrls && (asprintf(&(rdp->realm_no_host_referral), "%s%s%s%s%s", " ", no_refrls," ",rparams->realm_no_host_referral, " ") < 0)) retval = ENOMEM; else if (asprintf(&(rdp->realm_no_host_referral),"%s%s%s", " ", @@ -194,18 +198,22 @@ handle_referral_params(krb5_realm_params *rparams, rdp->realm_no_host_referral = NULL; } - if (rdp->realm_no_host_referral && match_config_pattern(rdp->realm_no_host_referral, "*") == TRUE) { + if (rdp->realm_no_host_referral && krb5_match_config_pattern(rdp->realm_no_host_referral, "*") == TRUE) { rdp->realm_host_based_services = NULL; return 0; } - if (host_based_srvcs && (match_config_pattern(host_based_srvcs, "*") == TRUE)) + if (host_based_srvcs && (krb5_match_config_pattern(host_based_srvcs, "*") == TRUE)) { rdp->realm_host_based_services = strdup("*"); - else { + if (!rdp->realm_host_based_services) + retval = ENOMEM; + } else { if (rparams && rparams->realm_host_based_services) { - if (match_config_pattern(rparams->realm_host_based_services, "*") == TRUE) + if (krb5_match_config_pattern(rparams->realm_host_based_services, "*") == TRUE) { rdp->realm_host_based_services = strdup("*"); - else if (host_based_srvcs && asprintf(&(rdp->realm_host_based_services), "%s%s%s%s%s", + if (!rdp->realm_host_based_services) + retval = ENOMEM; + } else if (host_based_srvcs && asprintf(&(rdp->realm_host_based_services), "%s%s%s%s%s", " ", host_based_srvcs," ",rparams->realm_host_based_services, " ") < 0) retval = ENOMEM; else if (asprintf(&(rdp->realm_host_based_services),"%s%s%s", " ", @@ -261,8 +269,13 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm, } /* Handle profile file name */ - if (rparams && rparams->realm_profile) + if (rparams && rparams->realm_profile) { rdp->realm_profile = strdup(rparams->realm_profile); + if (!rdp->realm_profile) { + kret = ENOMEM; + goto whoops; + } + } /* Handle master key name */ if (rparams && rparams->realm_mkey_name) @@ -270,20 +283,35 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm, else rdp->realm_mpname = (def_mpname) ? strdup(def_mpname) : strdup(KRB5_KDB_M_NAME); + if (!rdp->realm_mpname) { + kret = ENOMEM; + goto whoops; + } /* Handle KDC ports */ if (rparams && rparams->realm_kdc_ports) rdp->realm_ports = strdup(rparams->realm_kdc_ports); else rdp->realm_ports = strdup(def_udp_ports); + if (!rdp->realm_ports) { + kret = ENOMEM; + goto whoops; + } if (rparams && rparams->realm_kdc_tcp_ports) rdp->realm_tcp_ports = strdup(rparams->realm_kdc_tcp_ports); else rdp->realm_tcp_ports = strdup(def_tcp_ports); - + if (!rdp->realm_tcp_ports) { + kret = ENOMEM; + goto whoops; + } /* Handle stash file */ if (rparams && rparams->realm_stash_file) { rdp->realm_stash = strdup(rparams->realm_stash_file); + if (!rdp->realm_stash) { + kret = ENOMEM; + goto whoops; + } manual = FALSE; } else manual = def_manual; @@ -538,7 +566,7 @@ initialize_realms(krb5_context kcontext, int argc, char **argv) hierarchy[1] = "no_host_referral"; if (krb5_aprof_get_string_all(aprof, hierarchy, &no_refrls)) no_refrls = 0; - if (!no_refrls || match_config_pattern(no_refrls, "*") == FALSE) { + if (!no_refrls || krb5_match_config_pattern(no_refrls, "*") == FALSE) { hierarchy[1] = "host_based_services"; if (krb5_aprof_get_string_all(aprof, hierarchy, &host_based_srvcs)) host_based_srvcs = 0; @@ -549,10 +577,22 @@ initialize_realms(krb5_context kcontext, int argc, char **argv) krb5_aprof_finish(aprof); } - if (default_udp_ports == 0) + if (default_udp_ports == 0) { default_udp_ports = strdup(DEFAULT_KDC_UDP_PORTLIST); - if (default_tcp_ports == 0) + if (default_udp_ports == 0) { + fprintf(stderr," KDC cannot initialize. Not enough memory\n"); + exit(1); + } + } + if (default_tcp_ports == 0) { default_tcp_ports = strdup(DEFAULT_KDC_TCP_PORTLIST); + default_tcp_ports = strdup(DEFAULT_KDC_TCP_PORTLIST); + if (default_tcp_ports == 0) { + fprintf(stderr," KDC cannot initialize. Not enough memory\n"); + exit(1); + } + } + /* * Loop through the option list. Each time we encounter a realm name, * use the previously scanned options to fill in for defaults. @@ -648,6 +688,10 @@ initialize_realms(krb5_context kcontext, int argc, char **argv) if (default_udp_ports) free(default_udp_ports); default_udp_ports = strdup(optarg); + if (!default_udp_ports) { + fprintf(stderr," KDC cannot initialize. Not enough memory\n"); + exit(1); + } #if 0 /* not yet */ if (default_tcp_ports) free(default_tcp_ports); @@ -712,6 +756,10 @@ initialize_realms(krb5_context kcontext, int argc, char **argv) free(db_args); if (db_name) free(db_name); + if (host_based_srvcs) + free(host_based_srvcs); + if (no_refrls) + free(no_refrls); return; } diff --git a/src/lib/kadm5/alt_prof.c b/src/lib/kadm5/alt_prof.c index 7fb35a5..ae9d84c 100644 --- a/src/lib/kadm5/alt_prof.c +++ b/src/lib/kadm5/alt_prof.c @@ -39,7 +39,7 @@ #include <ctype.h> #include <kdb_log.h> -krb5_boolean match_config_pattern(const char *, const char*); +krb5_boolean krb5_match_config_pattern(const char *, const char*); static krb5_key_salt_tuple *copy_key_salt_tuple(ksalt, len) krb5_key_salt_tuple *ksalt; krb5_int32 len; @@ -1035,7 +1035,7 @@ krb5_read_realm_params(kcontext, realm, rparamp) else no_refrls = 0; - if (!no_refrls || match_config_pattern(no_refrls, "*") == FALSE) { + if (!no_refrls || krb5_match_config_pattern(no_refrls, "*") == FALSE) { hierarchy[2] = "host_based_services"; if (!krb5_aprof_get_string_all(aprofile, hierarchy, &host_based_srvcs)) rparams->realm_host_based_services = host_based_srvcs; @@ -1124,7 +1124,7 @@ krb5_free_realm_params(kcontext, rparams) * In conf file the values are separates by commas or whitespaces. */ krb5_boolean -match_config_pattern(const char *string, const char *pattern) +krb5_match_config_pattern(const char *string, const char *pattern) { const char *ptr; char next = '\0'; diff --git a/src/lib/kadm5/srv/libkadm5srv.exports b/src/lib/kadm5/srv/libkadm5srv.exports index 0ec0271..545d43b 100644 --- a/src/lib/kadm5/srv/libkadm5srv.exports +++ b/src/lib/kadm5/srv/libkadm5srv.exports @@ -84,7 +84,7 @@ krb5_klog_syslog krb5_read_realm_params krb5_string_to_flags krb5_string_to_keysalts -match_config_pattern +krb5_match_config_pattern master_db master_keyblock master_keylist |