diff options
author | Kevin Coffman <kwc@citi.umich.edu> | 2006-11-13 22:59:55 +0000 |
---|---|---|
committer | Kevin Coffman <kwc@citi.umich.edu> | 2006-11-13 22:59:55 +0000 |
commit | cdc69c97e89b5a9e637a80f2cb72d35184a2690b (patch) | |
tree | 43bf1e72244b7a5d29a8a6e7e1f60e5d3553ad65 /src/plugins | |
parent | 2aa0ac015abb18cd1ba1237f3d3027197127d558 (diff) | |
download | krb5-cdc69c97e89b5a9e637a80f2cb72d35184a2690b.zip krb5-cdc69c97e89b5a9e637a80f2cb72d35184a2690b.tar.gz krb5-cdc69c97e89b5a9e637a80f2cb72d35184a2690b.tar.bz2 |
allow server preauth plugin verify_padata function to return e-data
Change server-side preauth plugin interface to allow the plugin's
verify_padata function to return e-data to be returned to the client.
(Patch from Nalin Dahyabhai <nalin@redhat.com>)
Update sample plugins to return e-data to exercise the code.
Fix memory leak in the wpse plugin.
ticket: new
Component: krb5-kdc
Target_Version: 1.6
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18801 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/plugins')
-rw-r--r-- | src/plugins/preauth/cksum_body/cksum_body_main.c | 29 | ||||
-rw-r--r-- | src/plugins/preauth/wpse/wpse_main.c | 19 |
2 files changed, 46 insertions, 2 deletions
diff --git a/src/plugins/preauth/cksum_body/cksum_body_main.c b/src/plugins/preauth/cksum_body/cksum_body_main.c index 8d7aa00..6b46b00 100644 --- a/src/plugins/preauth/cksum_body/cksum_body_main.c +++ b/src/plugins/preauth/cksum_body/cksum_body_main.c @@ -289,7 +289,8 @@ server_verify(krb5_context kcontext, krb5_pa_data *data, preauth_get_entry_data_proc server_get_entry_data, void *pa_module_context, - void **pa_request_context) + void **pa_request_context, + krb5_data **e_data) { krb5_int32 cksumtype; krb5_checksum checksum; @@ -302,6 +303,7 @@ server_verify(krb5_context kcontext, krb5_cksumtype *cksumtypes; krb5_error_code status; struct server_stats *stats; + krb5_data *test_edata; stats = pa_module_context; @@ -425,10 +427,35 @@ server_verify(krb5_context kcontext, fprintf(stderr, "Checksum mismatch.\n"); } #endif + /* Return edata to exercise code that handles edata... */ + test_edata = malloc(sizeof(*test_edata)); + if (test_edata != NULL) { + test_edata->data = malloc(20); + if (test_edata->data == NULL) { + free(test_edata); + } else { + test_edata->length = 20; + memset(test_edata->data, 'F', 20); /* fill it with junk */ + *e_data = test_edata; + } + } stats->failures++; return KRB5KDC_ERR_PREAUTH_FAILED; } + /* Return edata to exercise code that handles edata... */ + test_edata = malloc(sizeof(*test_edata)); + if (test_edata != NULL) { + test_edata->data = malloc(20); + if (test_edata->data == NULL) { + free(test_edata); + } else { + test_edata->length = 20; + memset(test_edata->data, 'S', 20); /* fill it with junk */ + *e_data = test_edata; + } + } + /* Note that preauthentication succeeded. */ enc_tkt_reply->flags |= TKT_FLG_PRE_AUTH; stats->successes++; diff --git a/src/plugins/preauth/wpse/wpse_main.c b/src/plugins/preauth/wpse/wpse_main.c index 8ccd7cd..46ea662 100644 --- a/src/plugins/preauth/wpse/wpse_main.c +++ b/src/plugins/preauth/wpse/wpse_main.c @@ -247,9 +247,12 @@ server_verify(krb5_context kcontext, krb5_pa_data *data, preauth_get_entry_data_proc server_get_entry_data, void *pa_module_context, - void **pa_request_context) + void **pa_request_context, + krb5_data **e_data) { krb5_int32 nnonce; + krb5_data *test_edata; + /* Verify the preauth data. */ if (data->length != 4) return KRB5KDC_ERR_PREAUTH_FAILED; @@ -264,6 +267,19 @@ server_verify(krb5_context kcontext, * per-request cleanup. */ if (*pa_request_context == NULL) *pa_request_context = malloc(4); + + /* Return edata to exercise code that handles edata... */ + test_edata = malloc(sizeof(*test_edata)); + if (test_edata != NULL) { + test_edata->data = malloc(20); + if (test_edata->data == NULL) { + free(test_edata); + } else { + test_edata->length = 20; + memset(test_edata->data, '#', 20); /* fill it with junk */ + *e_data = test_edata; + } + } return 0; } @@ -333,6 +349,7 @@ server_return(krb5_context kcontext, enctype = htonl(kb->enctype); memcpy((*send_pa)->contents, &enctype, 4); memcpy((*send_pa)->contents + 4, kb->contents, kb->length); + krb5_free_keyblock_contents(kcontext, encrypting_key); krb5_copy_keyblock_contents(kcontext, kb, encrypting_key); /* Clean up. */ |