Fix a number of pointer aliasing bugs

Make sure the master key version number is propgated correctly for new keys.

Fixed bug where process_client tried to free an automatic variable.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4237 dc483132-0cff-0310-8789-dd5450dbe970

9 files changed, 62 insertions, 28 deletions

diff --git a/src/kadmin/server/ChangeLog b/src/kadmin/server/ChangeLog
index 2873d2618..81726febf 100644
--- a/src/kadmin/server/ChangeLog
+++ b/src/kadmin/server/ChangeLog
@@ -1,3 +1,21 @@
+Wed Sep 14 22:33:23 1994  Theodore Y. Ts'o  (tytso@dcl)
+
+	* adm_server (init_db): Save a copy of the master key database
+		entry in the master_entry global variable.
+
+	* adm_process.c (process_client): Removed calls to
+		free(final_msg.data), where final_msg.data was pointing to
+		an automatic variable.
+
+	* adm_process.c (cpw_keyproc): In the case where the
+		keyprocarg->key is set, copy the keyblock instead of
+		passing a pointer down --- more pointer aliasing problems!
+
+	* adm_funcs.c (adm_modify_kdb): Added calls to krb5_copy_principal
+		instead of merely assigning pointers to one another and
+		causing pointer aliasing problems.  Make sure the master
+		key version number is propagated correctly.
+
 Thu Aug  4 03:38:58 1994  Tom Yu  (tlyu@dragons-lair)
 
 	* Makefile.in: whoops install manpage as kadmin.8, not kadmin.1
diff --git a/src/kadmin/server/adm_check.c b/src/kadmin/server/adm_check.c
index cb237a344..cd645c8fb 100644
--- a/src/kadmin/server/adm_check.c
+++ b/src/kadmin/server/adm_check.c
@@ -44,6 +44,7 @@
 #include <krb5/los-proto.h>
 #include <krb5/adm_defs.h>
 #include <krb5/adm_err.h>
+#include <krb5/kdb.h>
 #include "adm_extern.h"
 
 krb5_error_code
diff --git a/src/kadmin/server/adm_extern.h b/src/kadmin/server/adm_extern.h
index fc2bbdb73..7764588c2 100644
--- a/src/kadmin/server/adm_extern.h
+++ b/src/kadmin/server/adm_extern.h
@@ -51,6 +51,7 @@ typedef struct {
 extern krb5_encrypt_block master_encblock;
 extern krb5_keyblock master_keyblock;
 extern krb5_principal master_princ;
+extern krb5_db_entry master_entry;
 
 extern volatile int signal_requests_exit;
 extern char *dbm_db_name;
diff --git a/src/kadmin/server/adm_funcs.c b/src/kadmin/server/adm_funcs.c
index 544f28e27..315767d99 100644
--- a/src/kadmin/server/adm_funcs.c
+++ b/src/kadmin/server/adm_funcs.c
@@ -60,20 +60,6 @@ struct saltblock {
 extern krb5_encrypt_block master_encblock;
 extern krb5_keyblock master_keyblock;
 
-struct mblock {
-    krb5_deltat max_life;
-    krb5_deltat max_rlife;
-    krb5_timestamp expiration;
-    krb5_flags flags;
-    krb5_kvno mkvno;
-} mblock = {				/* XXX */
-    KRB5_KDB_MAX_LIFE,
-    KRB5_KDB_MAX_RLIFE,
-    KRB5_KDB_EXPIRATION,
-    KRB5_KDB_DEF_FLAGS,
-    0
-};
-
 typedef unsigned char des_cblock[8];
 
 		/* krb5_kvno may be narrow */
@@ -158,26 +144,32 @@ OLDDECLARG(krb5_db_entry *, entry)
     int one = 1;
 
     krb5_kvno KDB5_VERSION_NUM = 1;
-    krb5_deltat KDB5_MAX_TKT_LIFE = KRB5_KDB_MAX_LIFE;
-    krb5_deltat KDB5_MAX_REN_LIFE = KRB5_KDB_MAX_RLIFE;
-    krb5_timestamp KDB5_EXP_DATE  = KRB5_KDB_EXPIRATION;
     extern krb5_flags NEW_ATTRIBUTES;
 
     if (!req_type) { /* New entry - initialize */
 	memset((char *) entry, 0, sizeof(krb5_db_entry));
-        entry->principal = (krb5_principal) principal;
+	retval = krb5_copy_principal(principal, &entry->principal);
+	if (retval)
+		return retval;
         entry->kvno = KDB5_VERSION_NUM;
-        entry->max_life = KDB5_MAX_TKT_LIFE;
-        entry->max_renewable_life = KDB5_MAX_REN_LIFE;
-        entry->mkvno = mblock.mkvno;
-        entry->expiration = KDB5_EXP_DATE;
-        entry->mod_name = master_princ;
+        entry->max_life = master_entry.max_life;
+        entry->max_renewable_life = master_entry.max_renewable_life;
+        entry->mkvno = master_entry.mkvno;
+        entry->expiration = master_entry.expiration;
+	retval = krb5_copy_principal(master_princ, &entry->mod_name);
+	if (retval) {
+	    krb5_free_principal(entry->principal);
+	    entry->principal = 0;
+	    return retval;
+	}
     } else { /* Modify existing entry */
 	entry->kvno++;
 #ifdef SANDIA
 	entry->attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
 #endif
-	entry->mod_name = (krb5_principal) principal;
+	retval = krb5_copy_principal(principal, &entry->mod_name);
+	if (retval)
+		return retval;
     }
 
     if (key && key->length) {
diff --git a/src/kadmin/server/adm_listen.c b/src/kadmin/server/adm_listen.c
index aacde37a4..d5ef808e8 100644
--- a/src/kadmin/server/adm_listen.c
+++ b/src/kadmin/server/adm_listen.c
@@ -29,6 +29,7 @@
 #include <krb5/los-proto.h>
 #include <krb5/adm_defs.h>
 #include <krb5/sysincl.h>
+#include <krb5/kdb.h>
 
 #include <syslog.h>
 #include <signal.h>
diff --git a/src/kadmin/server/adm_nego.c b/src/kadmin/server/adm_nego.c
index 7f31d0a55..e763cec6c 100644
--- a/src/kadmin/server/adm_nego.c
+++ b/src/kadmin/server/adm_nego.c
@@ -45,6 +45,7 @@
 #include <krb5/asn1.h>
 
 #include <krb5/adm_defs.h>
+#include <krb5/kdb.h>
 #include "adm_extern.h"
 
 krb5_error_code
diff --git a/src/kadmin/server/adm_network.c b/src/kadmin/server/adm_network.c
index ef02864e5..0deec9f7e 100644
--- a/src/kadmin/server/adm_network.c
+++ b/src/kadmin/server/adm_network.c
@@ -43,6 +43,7 @@
 #include <krb5/ext-proto.h>
 #include <krb5/los-proto.h>
 #include <krb5/adm_defs.h>
+#include <krb5/kdb.h>
 #include "adm_extern.h"
 
 extern int errno;
diff --git a/src/kadmin/server/adm_process.c b/src/kadmin/server/adm_process.c
index 4e3297f63..eca9fb040 100644
--- a/src/kadmin/server/adm_process.c
+++ b/src/kadmin/server/adm_process.c
@@ -69,7 +69,9 @@ OLDDECLARG(krb5_keyblock **, key)
     arg = ( struct cpw_keyproc_arg *) keyprocarg;
 
     if (arg->key) {
-	*key = arg->key;
+	retval = krb5_copy_keyblock(arg->key, key);
+	if (retval)
+	    return retval;
     } else {
 	if (retval = krb5_parse_name(client_server_info.name_of_service, 
 				     &cpw_krb)) {
@@ -417,10 +419,8 @@ char *prog;
                         0,
                         &msg_data)) {
 	syslog(LOG_ERR, "kadmind error Error Performing Final mk_priv");
-	free(final_msg.data);
 	goto finish;
     }
-    free(final_msg.data);
     
         /* Send Final Reply to Client */
     if (retval = krb5_write_message(&client_server_info.client_socket,
diff --git a/src/kadmin/server/adm_server.c b/src/kadmin/server/adm_server.c
index 01b91c05f..a408331ff 100644
--- a/src/kadmin/server/adm_server.c
+++ b/src/kadmin/server/adm_server.c
@@ -73,6 +73,8 @@ global_client_server_info client_server_info;
 int classification;             /* default = Unclassified */
 #endif
 
+krb5_db_entry master_entry;
+
 krb5_flags NEW_ATTRIBUTES;
 
 cleanexit(val)
@@ -287,7 +289,24 @@ krb5_keyblock *masterkeyblock;
         (void) krb5_db_fini();
         return(retval);
     }
- 
+
+/*
+ * fetch the master database entry, and hold on to it.
+ */
+    number_of_entries = 1;
+    if (retval = krb5_db_get_principal(masterkeyname, &master_entry, 
+				       &number_of_entries, &more)) {
+	return(retval);
+    }
+    if (number_of_entries != 1) {
+	if (number_of_entries)
+	    krb5_db_free_principal(&master_entry, number_of_entries);
+	return(KRB5_KDB_NOMASTERKEY);
+    } else if (more) {
+	krb5_db_free_principal(&master_entry, number_of_entries);
+	return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE);
+    }	
+
 /*
 	fetch the TGS key, and hold onto it; this is an efficiency hack 
 	the master key name here is from the master_princ global,