allow server preauth plugin verify_padata function to return e-data

Change server-side preauth plugin interface to allow the plugin's
verify_padata function to return e-data to be returned to the client.
(Patch from Nalin Dahyabhai <nalin@redhat.com>)

Update sample plugins to return e-data to exercise the code.

Fix memory leak in the wpse plugin.

ticket: new
Component: krb5-kdc
Target_Version: 1.6
Tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18801 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 46 insertions, 2 deletions

diff --git a/src/plugins/preauth/cksum_body/cksum_body_main.c b/src/plugins/preauth/cksum_body/cksum_body_main.c
index 8d7aa00..6b46b00 100644
--- a/src/plugins/preauth/cksum_body/cksum_body_main.c
+++ b/src/plugins/preauth/cksum_body/cksum_body_main.c
@@ -289,7 +289,8 @@ server_verify(krb5_context kcontext,
 	      krb5_pa_data *data,
 	      preauth_get_entry_data_proc server_get_entry_data,
 	      void *pa_module_context,
-	      void **pa_request_context)
+	      void **pa_request_context,
+	      krb5_data **e_data)
 {
     krb5_int32 cksumtype;
     krb5_checksum checksum;
@@ -302,6 +303,7 @@ server_verify(krb5_context kcontext,
     krb5_cksumtype *cksumtypes;
     krb5_error_code status;
     struct server_stats *stats;
+    krb5_data *test_edata;
 
     stats = pa_module_context;
 
@@ -425,10 +427,35 @@ server_verify(krb5_context kcontext,
 	    fprintf(stderr, "Checksum mismatch.\n");
 	}
 #endif
+	/* Return edata to exercise code that handles edata... */
+	test_edata = malloc(sizeof(*test_edata));
+	if (test_edata != NULL) {
+	    test_edata->data = malloc(20);
+	    if (test_edata->data == NULL) {
+		free(test_edata);
+	    } else {
+		test_edata->length = 20;
+		memset(test_edata->data, 'F', 20); /* fill it with junk */
+		*e_data = test_edata;
+	    }
+	}
 	stats->failures++;
 	return KRB5KDC_ERR_PREAUTH_FAILED;
     }
 
+    /* Return edata to exercise code that handles edata... */
+    test_edata = malloc(sizeof(*test_edata));
+    if (test_edata != NULL) {
+	test_edata->data = malloc(20);
+	if (test_edata->data == NULL) {
+	    free(test_edata);
+	} else {
+	    test_edata->length = 20;
+	    memset(test_edata->data, 'S', 20); /* fill it with junk */
+	    *e_data = test_edata;
+	}
+    }
+
     /* Note that preauthentication succeeded. */
     enc_tkt_reply->flags |= TKT_FLG_PRE_AUTH;
     stats->successes++;
diff --git a/src/plugins/preauth/wpse/wpse_main.c b/src/plugins/preauth/wpse/wpse_main.c
index 8ccd7cd..46ea662 100644
--- a/src/plugins/preauth/wpse/wpse_main.c
+++ b/src/plugins/preauth/wpse/wpse_main.c
@@ -247,9 +247,12 @@ server_verify(krb5_context kcontext,
 	      krb5_pa_data *data,
 	      preauth_get_entry_data_proc server_get_entry_data,
 	      void *pa_module_context,
-	      void **pa_request_context)
+	      void **pa_request_context,
+	      krb5_data **e_data)
 {
     krb5_int32 nnonce;
+    krb5_data *test_edata;
+
     /* Verify the preauth data. */
     if (data->length != 4)
 	return KRB5KDC_ERR_PREAUTH_FAILED;
@@ -264,6 +267,19 @@ server_verify(krb5_context kcontext,
      * per-request cleanup. */
     if (*pa_request_context == NULL)
 	*pa_request_context = malloc(4);
+
+    /* Return edata to exercise code that handles edata... */
+    test_edata = malloc(sizeof(*test_edata));
+    if (test_edata != NULL) {
+	test_edata->data = malloc(20);
+	if (test_edata->data == NULL) {
+	    free(test_edata);
+	} else {
+	    test_edata->length = 20;
+	    memset(test_edata->data, '#', 20); /* fill it with junk */
+	    *e_data = test_edata;
+	}
+    }
     return 0;
 }
 
@@ -333,6 +349,7 @@ server_return(krb5_context kcontext,
     enctype = htonl(kb->enctype);
     memcpy((*send_pa)->contents, &enctype, 4);
     memcpy((*send_pa)->contents + 4, kb->contents, kb->length);
+    krb5_free_keyblock_contents(kcontext, encrypting_key);
     krb5_copy_keyblock_contents(kcontext, kb, encrypting_key);
 
     /* Clean up. */