mk_safe and mk_priv require the local address to be set in the auth

context; rd_safe and rd_priv require the remote address to be set.
Create error codes for both kinds of missing addresses and stop trying
futilely to handle the cases where they are not set.

ticket: 1165

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22184 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/error_tables/krb5_err.et b/src/lib/krb5/error_tables/krb5_err.et
index 5698f1e4a76f687e5545e55de13ea3fd56e2ab4f..c7c91dff9cd0d9703d19d1eae1887857b8847c00 100644 (file)
--- a/src/lib/krb5/error_tables/krb5_err.et
+++ b/src/lib/krb5/error_tables/krb5_err.et
@@ -348,4 +348,7 @@ error_code KRB5_PLUGIN_OP_NOTSUPP,  "Plugin does not support the operaton"
 
 error_code KRB5_ERR_INVALID_UTF8,      "Invalid UTF-8 string"
 error_code KRB5_ERR_FAST_REQUIRED, "FAST protected pre-authentication required but not supported by KDC"
+
+error_code KRB5_LOCAL_ADDR_REQUIRED,  "Auth context must contain local address"
+error_code KRB5_REMOTE_ADDR_REQUIRED, "Auth context must contain remote address"
 end

diff --git a/src/lib/krb5/krb/mk_priv.c b/src/lib/krb5/krb/mk_priv.c
index 1acffd5b4c245fb087e0b15eb73c98bdfd1aed18..5c8774b1253fa8fda44ca954327bb2e0f76dfdde 100644 (file)
--- a/src/lib/krb5/krb/mk_priv.c
+++ b/src/lib/krb5/krb/mk_priv.c
@@ -136,6 +136,9 @@ krb5_mk_priv(krb5_context context, krb5_auth_context auth_context,
        /* Need a better error */
        return KRB5_RC_REQUIRED;
 
+    if (!auth_context->local_addr)
+       return KRB5_LOCAL_ADDR_REQUIRED;
+
     if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) ||
        (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME)) {
        if ((retval = krb5_us_timeofday(context, &replaydata.timestamp,
@@ -154,28 +157,26 @@ krb5_mk_priv(krb5_context context, krb5_auth_context auth_context,
        } else {
            outdata->seq = replaydata.seq;
        }
-    } 
+    }
 
 {
     krb5_address * premote_fulladdr = NULL;
-    krb5_address * plocal_fulladdr = NULL;
+    krb5_address * plocal_fulladdr;
     krb5_address remote_fulladdr;
     krb5_address local_fulladdr;
     CLEANUP_INIT(2);
 
-    if (auth_context->local_addr) {
-       if (auth_context->local_port) {
-           if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
-                                             auth_context->local_port, 
-                                             &local_fulladdr))) {
-               CLEANUP_PUSH(local_fulladdr.contents, free);
-               plocal_fulladdr = &local_fulladdr;
-            } else {
-               goto error;
-            }
+    if (auth_context->local_port) {
+       if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
+                                         auth_context->local_port, 
+                                         &local_fulladdr))) {
+           CLEANUP_PUSH(local_fulladdr.contents, free);
+           plocal_fulladdr = &local_fulladdr;
        } else {
-           plocal_fulladdr = auth_context->local_addr;
+           goto error;
        }
+    } else {
+       plocal_fulladdr = auth_context->local_addr;
     }
 
     if (auth_context->remote_addr) {

diff --git a/src/lib/krb5/krb/mk_safe.c b/src/lib/krb5/krb/mk_safe.c
index d99b1a3d7fed896bd8ed53b0b35cb325cef1b7a6..689eef2037713715d7c8500304b547eb292b596d 100644 (file)
--- a/src/lib/krb5/krb/mk_safe.c
+++ b/src/lib/krb5/krb/mk_safe.c
@@ -136,6 +136,9 @@ krb5_mk_safe(krb5_context context, krb5_auth_context auth_context,
        /* Need a better error */
        return KRB5_RC_REQUIRED;
 
+    if (!auth_context->local_addr)
+       return KRB5_LOCAL_ADDR_REQUIRED;
+
     if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) ||
        (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME)) {
        if ((retval = krb5_us_timeofday(context, &replaydata.timestamp,
@@ -156,27 +159,24 @@ krb5_mk_safe(krb5_context context, krb5_auth_context auth_context,
 
 {
     krb5_address * premote_fulladdr = NULL;
-    krb5_address * plocal_fulladdr = NULL;
+    krb5_address * plocal_fulladdr;
     krb5_address remote_fulladdr;
     krb5_address local_fulladdr;
     krb5_cksumtype sumtype;
 
     CLEANUP_INIT(2);
 
-    if (auth_context->local_addr) {
-       if (auth_context->local_port) {
-            if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
-                                             auth_context->local_port, 
-                                             &local_fulladdr))){
-               CLEANUP_PUSH(local_fulladdr.contents, free);
-               plocal_fulladdr = &local_fulladdr;
-            } else {
-                goto error;
-            }
+    if (auth_context->local_port) {
+       if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
+                                         auth_context->local_port, 
+                                         &local_fulladdr))){
+           CLEANUP_PUSH(local_fulladdr.contents, free);
+           plocal_fulladdr = &local_fulladdr;
        } else {
-            plocal_fulladdr = auth_context->local_addr;
-        }
-
+           goto error;
+       }
+    } else {
+       plocal_fulladdr = auth_context->local_addr;
     }
 
     if (auth_context->remote_addr) {

diff --git a/src/lib/krb5/krb/rd_priv.c b/src/lib/krb5/krb/rd_priv.c
index 7d1dbc3cae5bde26e4dfa1b35aa4e3088c6b0582..eaeaed894b0dd2e7af16f3969d4ebb615a0c2dad 100644 (file)
--- a/src/lib/krb5/krb/rd_priv.c
+++ b/src/lib/krb5/krb/rd_priv.c
@@ -169,12 +169,15 @@ krb5_rd_priv(krb5_context context, krb5_auth_context auth_context,
        /* Need a better error */
        return KRB5_RC_REQUIRED;
 
+    if (!auth_context->remote_addr)
+       return KRB5_REMOTE_ADDR_REQUIRED;
+
     if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) &&
       (auth_context->rcache == NULL))
        return KRB5_RC_REQUIRED;
 
 {
-    krb5_address * premote_fulladdr = NULL;
+    krb5_address * premote_fulladdr;
     krb5_address * plocal_fulladdr = NULL;
     krb5_address remote_fulladdr;
     krb5_address local_fulladdr;
@@ -195,20 +198,18 @@ krb5_rd_priv(krb5_context context, krb5_auth_context auth_context,
         }
     }
 
-    if (auth_context->remote_addr) {
-       if (auth_context->remote_port) {
-            if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
-                                             auth_context->remote_port, 
-                                             &remote_fulladdr))){
-                CLEANUP_PUSH(remote_fulladdr.contents, free);
-               premote_fulladdr = &remote_fulladdr;
-            } else {
-                CLEANUP_DONE();
-               return retval;
-            }
+    if (auth_context->remote_port) {
+       if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
+                                         auth_context->remote_port, 
+                                         &remote_fulladdr))){
+           CLEANUP_PUSH(remote_fulladdr.contents, free);
+           premote_fulladdr = &remote_fulladdr;
        } else {
-            premote_fulladdr = auth_context->remote_addr;
-        }
+           CLEANUP_DONE();
+           return retval;
+       }
+    } else {
+       premote_fulladdr = auth_context->remote_addr;
     }
 
     memset(&replaydata, 0, sizeof(replaydata));

diff --git a/src/lib/krb5/krb/rd_safe.c b/src/lib/krb5/krb/rd_safe.c
index a79ef7fdf51d380e8670f9a15cc6d23b57e9e7de..989c22242794026467befaf60ed7280eb317a269 100644 (file)
--- a/src/lib/krb5/krb/rd_safe.c
+++ b/src/lib/krb5/krb/rd_safe.c
@@ -177,12 +177,15 @@ krb5_rd_safe(krb5_context context, krb5_auth_context auth_context,
       (auth_context->rcache == NULL)) 
        return KRB5_RC_REQUIRED;
 
+    if (!auth_context->remote_addr)
+       return KRB5_REMOTE_ADDR_REQUIRED;
+
     /* Get keyblock */
     if ((keyblock = auth_context->recv_subkey) == NULL)
        keyblock = auth_context->keyblock;
 
 {
-    krb5_address * premote_fulladdr = NULL;
+    krb5_address * premote_fulladdr;
     krb5_address * plocal_fulladdr = NULL;
     krb5_address remote_fulladdr;
     krb5_address local_fulladdr;
@@ -203,19 +206,17 @@ krb5_rd_safe(krb5_context context, krb5_auth_context auth_context,
         }
     }
 
-    if (auth_context->remote_addr) {
-       if (auth_context->remote_port) {
-            if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
-                                             auth_context->remote_port, 
-                                             &remote_fulladdr))){
-                CLEANUP_PUSH(remote_fulladdr.contents, free);
-               premote_fulladdr = &remote_fulladdr;
-            } else {
-               return retval;
-            }
+    if (auth_context->remote_port) {
+       if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
+                                         auth_context->remote_port, 
+                                         &remote_fulladdr))){
+           CLEANUP_PUSH(remote_fulladdr.contents, free);
+           premote_fulladdr = &remote_fulladdr;
        } else {
-            premote_fulladdr = auth_context->remote_addr;
-        }
+           return retval;
+       }
+    } else {
+       premote_fulladdr = auth_context->remote_addr;
     }
 
     memset(&replaydata, 0, sizeof(replaydata));