summaryrefslogtreecommitdiffstats
path: root/src/lib/krb5
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/krb5')
-rw-r--r--src/lib/krb5/error_tables/krb5_err.et3
-rw-r--r--src/lib/krb5/krb/mk_priv.c27
-rw-r--r--src/lib/krb5/krb/mk_safe.c28
-rw-r--r--src/lib/krb5/krb/rd_priv.c29
-rw-r--r--src/lib/krb5/krb/rd_safe.c27
5 files changed, 60 insertions, 54 deletions
diff --git a/src/lib/krb5/error_tables/krb5_err.et b/src/lib/krb5/error_tables/krb5_err.et
index 5698f1e4a7..c7c91dff9c 100644
--- a/src/lib/krb5/error_tables/krb5_err.et
+++ b/src/lib/krb5/error_tables/krb5_err.et
@@ -348,4 +348,7 @@ error_code KRB5_PLUGIN_OP_NOTSUPP, "Plugin does not support the operaton"
error_code KRB5_ERR_INVALID_UTF8, "Invalid UTF-8 string"
error_code KRB5_ERR_FAST_REQUIRED, "FAST protected pre-authentication required but not supported by KDC"
+
+error_code KRB5_LOCAL_ADDR_REQUIRED, "Auth context must contain local address"
+error_code KRB5_REMOTE_ADDR_REQUIRED, "Auth context must contain remote address"
end
diff --git a/src/lib/krb5/krb/mk_priv.c b/src/lib/krb5/krb/mk_priv.c
index 1acffd5b4c..5c8774b125 100644
--- a/src/lib/krb5/krb/mk_priv.c
+++ b/src/lib/krb5/krb/mk_priv.c
@@ -136,6 +136,9 @@ krb5_mk_priv(krb5_context context, krb5_auth_context auth_context,
/* Need a better error */
return KRB5_RC_REQUIRED;
+ if (!auth_context->local_addr)
+ return KRB5_LOCAL_ADDR_REQUIRED;
+
if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) ||
(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME)) {
if ((retval = krb5_us_timeofday(context, &replaydata.timestamp,
@@ -154,28 +157,26 @@ krb5_mk_priv(krb5_context context, krb5_auth_context auth_context,
} else {
outdata->seq = replaydata.seq;
}
- }
+ }
{
krb5_address * premote_fulladdr = NULL;
- krb5_address * plocal_fulladdr = NULL;
+ krb5_address * plocal_fulladdr;
krb5_address remote_fulladdr;
krb5_address local_fulladdr;
CLEANUP_INIT(2);
- if (auth_context->local_addr) {
- if (auth_context->local_port) {
- if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
- auth_context->local_port,
- &local_fulladdr))) {
- CLEANUP_PUSH(local_fulladdr.contents, free);
- plocal_fulladdr = &local_fulladdr;
- } else {
- goto error;
- }
+ if (auth_context->local_port) {
+ if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
+ auth_context->local_port,
+ &local_fulladdr))) {
+ CLEANUP_PUSH(local_fulladdr.contents, free);
+ plocal_fulladdr = &local_fulladdr;
} else {
- plocal_fulladdr = auth_context->local_addr;
+ goto error;
}
+ } else {
+ plocal_fulladdr = auth_context->local_addr;
}
if (auth_context->remote_addr) {
diff --git a/src/lib/krb5/krb/mk_safe.c b/src/lib/krb5/krb/mk_safe.c
index d99b1a3d7f..689eef2037 100644
--- a/src/lib/krb5/krb/mk_safe.c
+++ b/src/lib/krb5/krb/mk_safe.c
@@ -136,6 +136,9 @@ krb5_mk_safe(krb5_context context, krb5_auth_context auth_context,
/* Need a better error */
return KRB5_RC_REQUIRED;
+ if (!auth_context->local_addr)
+ return KRB5_LOCAL_ADDR_REQUIRED;
+
if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) ||
(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME)) {
if ((retval = krb5_us_timeofday(context, &replaydata.timestamp,
@@ -156,27 +159,24 @@ krb5_mk_safe(krb5_context context, krb5_auth_context auth_context,
{
krb5_address * premote_fulladdr = NULL;
- krb5_address * plocal_fulladdr = NULL;
+ krb5_address * plocal_fulladdr;
krb5_address remote_fulladdr;
krb5_address local_fulladdr;
krb5_cksumtype sumtype;
CLEANUP_INIT(2);
- if (auth_context->local_addr) {
- if (auth_context->local_port) {
- if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
- auth_context->local_port,
- &local_fulladdr))){
- CLEANUP_PUSH(local_fulladdr.contents, free);
- plocal_fulladdr = &local_fulladdr;
- } else {
- goto error;
- }
+ if (auth_context->local_port) {
+ if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
+ auth_context->local_port,
+ &local_fulladdr))){
+ CLEANUP_PUSH(local_fulladdr.contents, free);
+ plocal_fulladdr = &local_fulladdr;
} else {
- plocal_fulladdr = auth_context->local_addr;
- }
-
+ goto error;
+ }
+ } else {
+ plocal_fulladdr = auth_context->local_addr;
}
if (auth_context->remote_addr) {
diff --git a/src/lib/krb5/krb/rd_priv.c b/src/lib/krb5/krb/rd_priv.c
index 7d1dbc3cae..eaeaed894b 100644
--- a/src/lib/krb5/krb/rd_priv.c
+++ b/src/lib/krb5/krb/rd_priv.c
@@ -169,12 +169,15 @@ krb5_rd_priv(krb5_context context, krb5_auth_context auth_context,
/* Need a better error */
return KRB5_RC_REQUIRED;
+ if (!auth_context->remote_addr)
+ return KRB5_REMOTE_ADDR_REQUIRED;
+
if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) &&
(auth_context->rcache == NULL))
return KRB5_RC_REQUIRED;
{
- krb5_address * premote_fulladdr = NULL;
+ krb5_address * premote_fulladdr;
krb5_address * plocal_fulladdr = NULL;
krb5_address remote_fulladdr;
krb5_address local_fulladdr;
@@ -195,20 +198,18 @@ krb5_rd_priv(krb5_context context, krb5_auth_context auth_context,
}
}
- if (auth_context->remote_addr) {
- if (auth_context->remote_port) {
- if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
- auth_context->remote_port,
- &remote_fulladdr))){
- CLEANUP_PUSH(remote_fulladdr.contents, free);
- premote_fulladdr = &remote_fulladdr;
- } else {
- CLEANUP_DONE();
- return retval;
- }
+ if (auth_context->remote_port) {
+ if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
+ auth_context->remote_port,
+ &remote_fulladdr))){
+ CLEANUP_PUSH(remote_fulladdr.contents, free);
+ premote_fulladdr = &remote_fulladdr;
} else {
- premote_fulladdr = auth_context->remote_addr;
- }
+ CLEANUP_DONE();
+ return retval;
+ }
+ } else {
+ premote_fulladdr = auth_context->remote_addr;
}
memset(&replaydata, 0, sizeof(replaydata));
diff --git a/src/lib/krb5/krb/rd_safe.c b/src/lib/krb5/krb/rd_safe.c
index a79ef7fdf5..989c222427 100644
--- a/src/lib/krb5/krb/rd_safe.c
+++ b/src/lib/krb5/krb/rd_safe.c
@@ -177,12 +177,15 @@ krb5_rd_safe(krb5_context context, krb5_auth_context auth_context,
(auth_context->rcache == NULL))
return KRB5_RC_REQUIRED;
+ if (!auth_context->remote_addr)
+ return KRB5_REMOTE_ADDR_REQUIRED;
+
/* Get keyblock */
if ((keyblock = auth_context->recv_subkey) == NULL)
keyblock = auth_context->keyblock;
{
- krb5_address * premote_fulladdr = NULL;
+ krb5_address * premote_fulladdr;
krb5_address * plocal_fulladdr = NULL;
krb5_address remote_fulladdr;
krb5_address local_fulladdr;
@@ -203,19 +206,17 @@ krb5_rd_safe(krb5_context context, krb5_auth_context auth_context,
}
}
- if (auth_context->remote_addr) {
- if (auth_context->remote_port) {
- if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
- auth_context->remote_port,
- &remote_fulladdr))){
- CLEANUP_PUSH(remote_fulladdr.contents, free);
- premote_fulladdr = &remote_fulladdr;
- } else {
- return retval;
- }
+ if (auth_context->remote_port) {
+ if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
+ auth_context->remote_port,
+ &remote_fulladdr))){
+ CLEANUP_PUSH(remote_fulladdr.contents, free);
+ premote_fulladdr = &remote_fulladdr;
} else {
- premote_fulladdr = auth_context->remote_addr;
- }
+ return retval;
+ }
+ } else {
+ premote_fulladdr = auth_context->remote_addr;
}
memset(&replaydata, 0, sizeof(replaydata));
generated by cgit (git 2.34.1) at 2025-10-04 03:17:07 +0000