From cdc69c97e89b5a9e637a80f2cb72d35184a2690b Mon Sep 17 00:00:00 2001 From: Kevin Coffman Date: Mon, 13 Nov 2006 22:59:55 +0000 Subject: allow server preauth plugin verify_padata function to return e-data Change server-side preauth plugin interface to allow the plugin's verify_padata function to return e-data to be returned to the client. (Patch from Nalin Dahyabhai ) Update sample plugins to return e-data to exercise the code. Fix memory leak in the wpse plugin. ticket: new Component: krb5-kdc Target_Version: 1.6 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18801 dc483132-0cff-0310-8789-dd5450dbe970 --- src/plugins/preauth/cksum_body/cksum_body_main.c | 29 +++++++++++++++++++++++- src/plugins/preauth/wpse/wpse_main.c | 19 +++++++++++++++- 2 files changed, 46 insertions(+), 2 deletions(-) (limited to 'src/plugins') diff --git a/src/plugins/preauth/cksum_body/cksum_body_main.c b/src/plugins/preauth/cksum_body/cksum_body_main.c index 8d7aa00af1..6b46b00a33 100644 --- a/src/plugins/preauth/cksum_body/cksum_body_main.c +++ b/src/plugins/preauth/cksum_body/cksum_body_main.c @@ -289,7 +289,8 @@ server_verify(krb5_context kcontext, krb5_pa_data *data, preauth_get_entry_data_proc server_get_entry_data, void *pa_module_context, - void **pa_request_context) + void **pa_request_context, + krb5_data **e_data) { krb5_int32 cksumtype; krb5_checksum checksum; @@ -302,6 +303,7 @@ server_verify(krb5_context kcontext, krb5_cksumtype *cksumtypes; krb5_error_code status; struct server_stats *stats; + krb5_data *test_edata; stats = pa_module_context; @@ -425,10 +427,35 @@ server_verify(krb5_context kcontext, fprintf(stderr, "Checksum mismatch.\n"); } #endif + /* Return edata to exercise code that handles edata... */ + test_edata = malloc(sizeof(*test_edata)); + if (test_edata != NULL) { + test_edata->data = malloc(20); + if (test_edata->data == NULL) { + free(test_edata); + } else { + test_edata->length = 20; + memset(test_edata->data, 'F', 20); /* fill it with junk */ + *e_data = test_edata; + } + } stats->failures++; return KRB5KDC_ERR_PREAUTH_FAILED; } + /* Return edata to exercise code that handles edata... */ + test_edata = malloc(sizeof(*test_edata)); + if (test_edata != NULL) { + test_edata->data = malloc(20); + if (test_edata->data == NULL) { + free(test_edata); + } else { + test_edata->length = 20; + memset(test_edata->data, 'S', 20); /* fill it with junk */ + *e_data = test_edata; + } + } + /* Note that preauthentication succeeded. */ enc_tkt_reply->flags |= TKT_FLG_PRE_AUTH; stats->successes++; diff --git a/src/plugins/preauth/wpse/wpse_main.c b/src/plugins/preauth/wpse/wpse_main.c index 8ccd7cd129..46ea662307 100644 --- a/src/plugins/preauth/wpse/wpse_main.c +++ b/src/plugins/preauth/wpse/wpse_main.c @@ -247,9 +247,12 @@ server_verify(krb5_context kcontext, krb5_pa_data *data, preauth_get_entry_data_proc server_get_entry_data, void *pa_module_context, - void **pa_request_context) + void **pa_request_context, + krb5_data **e_data) { krb5_int32 nnonce; + krb5_data *test_edata; + /* Verify the preauth data. */ if (data->length != 4) return KRB5KDC_ERR_PREAUTH_FAILED; @@ -264,6 +267,19 @@ server_verify(krb5_context kcontext, * per-request cleanup. */ if (*pa_request_context == NULL) *pa_request_context = malloc(4); + + /* Return edata to exercise code that handles edata... */ + test_edata = malloc(sizeof(*test_edata)); + if (test_edata != NULL) { + test_edata->data = malloc(20); + if (test_edata->data == NULL) { + free(test_edata); + } else { + test_edata->length = 20; + memset(test_edata->data, '#', 20); /* fill it with junk */ + *e_data = test_edata; + } + } return 0; } @@ -333,6 +349,7 @@ server_return(krb5_context kcontext, enctype = htonl(kb->enctype); memcpy((*send_pa)->contents, &enctype, 4); memcpy((*send_pa)->contents + 4, kb->contents, kb->length); + krb5_free_keyblock_contents(kcontext, encrypting_key); krb5_copy_keyblock_contents(kcontext, kb, encrypting_key); /* Clean up. */ -- cgit