#include <krb5/kdb.h>
#include <krb5/kdb_dbm.h>
-#include <com_err.h>
#include <stdio.h>
#ifdef USE_SYS_TIME_H
{
char *my_data;
- if ((my_data = (char *) calloc (1,255)) == (char *) 0) {
- com_err("adm_print_attributes", ENOMEM, "");
- }
+ if ((my_data = (char *) calloc (1,255)) == (char *) 0)
+ return ENOMEM;
sprintf(my_data, "Principal Attributes (PA): ");
if (attribs & KRB5_KDB_DISALLOW_POSTDATED)
char *my_data;
struct tm *exp_time;
- if ((my_data = (char *) calloc (1,255)) == (char *) 0) {
- com_err("adm_print_attributes", ENOMEM, "");
- }
+ if ((my_data = (char *) calloc (1,255)) == (char *) 0)
+ return ENOMEM;
exp_time = localtime((time_t *) time_input);
sprintf(my_data,
char *ret_data;
{
struct tm *mod_time;
-#ifdef SANDIA
krb5_error_code retval;
+#ifdef SANDIA
struct tm *exp_time;
int pwd_expire;
krb5_timestamp now;
char *my_data;
char thisline[80];
- if ((my_data = (char *) calloc (1, 2048)) == (char *) 0) {
- com_err("adm_print_attributes", ENOMEM, "");
- }
+ if ((my_data = (char *) calloc (1, 2048)) == (char *) 0)
+ return ENOMEM;
(void) sprintf(my_data, "\n\nPrincipal: %s\n\n", Principal_name);
sprintf(thisline,
strcat(my_data, thisline);
sprintf(thisline, "Principal Key Version (PKV) = %d\n", entry->kvno);
strcat(my_data, thisline);
- (void) adm_print_exp_time(my_data, &entry->expiration);
+ if (retval = adm_print_exp_time(my_data, &entry->expiration)) {
+ free(my_data);
+ return retval;
+ }
mod_time = localtime((time_t *) &entry->mod_date);
sprintf(thisline,
"Last Modification Date (LMD): %02d%02d/%02d/%02d:%02d:%02d:%02d\n",
mod_time->tm_min,
mod_time->tm_sec);
strcat(my_data, thisline);
- (void) adm_print_attributes(my_data, entry->attributes);
+ if (retval = adm_print_attributes(my_data, entry->attributes)) {
+ free(my_data);
+ return retval;
+ }
switch (entry->salt_type & 0xff) {
case 0 : strcat(my_data,
"Principal Salt Type (PST) = Version 5 Normal\n");
extern krb5_flags NEW_ATTRIBUTES;
if (!req_type) { /* New entry - initialize */
- memset((char *) entry, 0, sizeof(*entry));
+ memset((char *) entry, 0, sizeof(krb5_db_entry));
entry->principal = (krb5_principal) principal;
entry->kvno = KDB5_VERSION_NUM;
entry->max_life = KDB5_MAX_TKT_LIFE;
alt_key,
&entry->alt_key);
if (retval) {
+ if (entry->key.contents) {
+ memset((char *) entry->key.contents, 0, entry->key.length);
+ krb5_xfree(entry->key.contents);
+ entry->key.contents = 0;
+ }
com_err("adm_modify_kdb", retval,
"while encrypting alt_key for '%s'", newprinc);
return(KADM_NO_ENCRYPT);
if (retval = krb5_timeofday(&entry->mod_date)) {
com_err("adm_modify_kdb", retval, "while fetching date");
- memset((char *) entry->key.contents, 0, entry->key.length);
- memset((char *) entry->alt_key.contents, 0, entry->alt_key.length);
- if (entry->key.contents)
+ if (entry->key.contents) {
+ memset((char *) entry->key.contents, 0, entry->key.length);
krb5_xfree(entry->key.contents);
- if (entry->alt_key.contents)
+ entry->key.contents = 0;
+ }
+ if (entry->alt_key.contents) {
krb5_xfree(entry->alt_key.contents);
+ memset((char *) entry->alt_key.contents, 0, entry->alt_key.length);
+ entry->alt_key.contents = 0;
+ }
return(KRB_ERR_GENERIC);
}
} else {
if (retval = krb5_timeofday(&entry->last_pwd_change)) {
com_err("adm_modify_kdb", retval, "while fetching date");
- memset((char *) entry->key.contents, 0, entry->key.length);
- memset((char *) entry->alt_key.contents, 0, entry->alt_key.length);
- if (entry->key.contents)
+ if (entry->key.contents) {
+ memset((char *) entry->key.contents, 0, entry->key.length);
krb5_xfree(entry->key.contents);
- if (entry->alt_key.contents)
+ entry->key.contents = 0;
+ }
+ if (entry->alt_key.contents) {
+ memset((char *) entry->alt_key.contents, 0,
+ entry->alt_key.length);
krb5_xfree(entry->alt_key.contents);
+ entry->alt_key.contents = 0;
+ }
return(5);
}
}
retval = krb5_db_put_principal(entry, &one);
- memset((char *) entry->key.contents, 0, entry->key.length);
- if (entry->key.contents)
+ if (entry->key.contents) {
+ memset((char *) entry->key.contents, 0, entry->key.length);
krb5_xfree(entry->key.contents);
+ entry->key.contents = 0;
+ }
- memset((char *) entry->alt_key.contents, 0, entry->alt_key.length);
- if (entry->alt_key.contents)
+ if (entry->alt_key.contents) {
+ memset((char *) entry->alt_key.contents, 0, entry->alt_key.length);
krb5_xfree(entry->alt_key.contents);
+ entry->alt_key.contents = 0;
+ }
if (retval) {
com_err("adm_modify_kdb", retval,
salt.salttype = salttype;
+ tempkey.contents = alttempkey.contents = 0;
+ retval = KRB_ERR_GENERIC;
+
switch (salttype) {
case KRB5_KDB_SALTTYPE_NORMAL:
if (retval = krb5_principal2salt(string_princ, &salt.saltdata)) {
com_err("adm_enter_pwd_key", retval,
"while converting principal to salt for '%s'", newprinc);
- return(KRB_ERR_GENERIC);
+ goto cleanup;
}
altsalt.salttype = KRB5_KDB_SALTTYPE_V4;
if (retval = krb5_principal2salt(string_princ, &altsalt.saltdata)) {
com_err("adm_enter_pwd_key", retval,
"while converting principal to altsalt for '%s'", newprinc);
- return(KRB_ERR_GENERIC);
+ goto cleanup;
}
altsalt.salttype = KRB5_KDB_SALTTYPE_NORMAL;
&salt.saltdata)) {
com_err("adm_enter_pwd_key", retval,
"while converting principal to salt for '%s'", newprinc);
- return(KRB_ERR_GENERIC);
+ goto cleanup;
}
altsalt.salttype = KRB5_KDB_SALTTYPE_V4;
&foo)) {
com_err("adm_enter_pwd_key", retval,
"while converting principal to salt for '%s'", newprinc);
- return(KRB_ERR_GENERIC);
+ goto cleanup;
}
salt.saltdata = *foo;
default:
com_err("adm_enter_pwd_key", 0,
"Don't know how to enter salt type %d", salttype);
- return(KRB_ERR_GENERIC);
+ goto cleanup;
}
if (retval = krb5_string_to_key(&master_encblock,
&pwd,
&salt.saltdata)) {
com_err("adm_enter_pwd_key", retval,
- "while converting password to alt_key for '%s'", newprinc);
- memset((char *) new_password, 0, sizeof(new_password)); /* erase it */
- krb5_xfree(salt.saltdata.data);
- return(retval);
+ "while converting password to key for '%s'", newprinc);
+ goto cleanup;
}
if (retval = krb5_string_to_key(&master_encblock,
&altsalt.saltdata)) {
com_err("adm_enter_pwd_key", retval,
"while converting password to alt_key for '%s'", newprinc);
- krb5_xfree(salt.saltdata.data);
- free(entry->alt_key.contents);
- memset((char *) new_password, 0, sizeof(new_password)); /* erase it */
- return(retval);
+ goto cleanup;
}
memset((char *) new_password, 0, sizeof(new_password)); /* erase it */
&altsalt,
entry);
- memset((char *) tempkey.contents, 0, tempkey.length);
- memset((char *) alttempkey.contents, 0, alttempkey.length);
- if (entry->alt_key.contents)
- free(entry->alt_key.contents);
+cleanup:
+ if (salt.saltdata.data)
+ krb5_xfree(salt.saltdata.data);
+ if (altsalt.saltdata.data)
+ krb5_xfree(altsalt.saltdata.data);
+ if (tempkey.contents) {
+ memset((char *) tempkey.contents, 0, tempkey.length);
+ krb5_xfree(tempkey.contents);
+ }
+ if (alttempkey.contents) {
+ memset((char *) alttempkey.contents, 0, alttempkey.length);
+ krb5_xfree(alttempkey.contents);
+ }
+ memset((char *) new_password, 0, pwd.length); /* erase password */
return(retval);
}
return(1);
}
- retval = krb5_unparse_name(newprinc, &composite_name);
+ if (retval = krb5_unparse_name(newprinc, &composite_name)) {
+ krb5_free_principal(newprinc);
+ krb5_db_free_principal(&entry, nprincs);
+ return retval;
+ }
if (entry.salt_type == KRB5_KDB_SALTTYPE_V4) {
entry.salt_type = KRB5_KDB_SALTTYPE_NORMAL;
goto finish;
}
- retval = krb5_unparse_name(change_princ, &principal_name);
- if (retval)
- return retval;
+ if (retval = krb5_unparse_name(change_princ, &principal_name))
+ goto finish;
/* Modify Database */
retval = adm_modify_kdb("adm_enter_rnd_pwd_key",
finish:
- if(retval) {
+ if (tempkey->contents) {
memset((char *) tempkey->contents, 0, tempkey->length);
- return(retval);
+ krb5_free_keyblock(tempkey);
}
- memset((char *) tempkey->contents, 0, tempkey->length);
-
- return(0);
+ return(retval);
}