Changes to conform with API modifications
authorTheodore Tso <tytso@mit.edu>
Tue, 19 Feb 1991 19:38:17 +0000 (19:38 +0000)
committerTheodore Tso <tytso@mit.edu>
Tue, 19 Feb 1991 19:38:17 +0000 (19:38 +0000)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1729 dc483132-0cff-0310-8789-dd5450dbe970

14 files changed:
src/lib/krb5/krb/copy_athctr.c
src/lib/krb5/krb/copy_creds.c
src/lib/krb5/krb/copy_key.c
src/lib/krb5/krb/copy_tick.c
src/lib/krb5/krb/get_in_tkt.c
src/lib/krb5/krb/in_tkt_sky.c
src/lib/krb5/krb/parse.c
src/lib/krb5/krb/rd_error.c
src/lib/krb5/krb/rd_priv.c
src/lib/krb5/krb/rd_rep.c
src/lib/krb5/krb/rd_req.c
src/lib/krb5/krb/rd_req_dec.c
src/lib/krb5/krb/rd_req_sim.c
src/lib/krb5/krb/rd_safe.c

index 5756a991ca4f8c66222711cc4503b234a71c1799..1f1a9bf6b7d15958315d328dce360431d7ababf7 100644 (file)
@@ -45,15 +45,8 @@ krb5_authenticator **authto;
     }
     
     if (authfrom->subkey) {
-           if (!(tempto->subkey =
-                 (krb5_keyblock *)malloc(sizeof(*tempto->subkey)))) {
-                   krb5_free_checksum(tempto->checksum);
-                   krb5_free_principal(tempto->client);    
-                   xfree(tempto);
-                   return ENOMEM;
-           }
            if (retval = krb5_copy_keyblock(authfrom->subkey,
-                                           tempto->subkey)) {
+                                           &tempto->subkey)) {
                    xfree(tempto->subkey);
                    krb5_free_checksum(tempto->checksum);
                    krb5_free_principal(tempto->client);    
index 3043dd14612f9a54ba398c7709654dbb01ddbb0f..18fe776821da00bae368f733e5333a2ebbb7b9ea 100644 (file)
@@ -2,7 +2,8 @@
  * $Source$
  * $Author$
  *
- * Copyright 1990 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
  *
  * For copying and distribution information, please see the file
  * <krb5/copyright.h>.
@@ -15,7 +16,6 @@ static char rcsid_copy_creds_c [] =
 "$Id$";
 #endif /* !lint & !SABER */
 
-#include <krb5/copyright.h>
 #include <krb5/krb5.h>
 #include <krb5/ext-proto.h>
 
@@ -41,20 +41,21 @@ krb5_creds **outcred;
        goto cleanlast;
     if (retval = krb5_copy_principal(incred->server, &tempcred->server))
        goto cleanclient;
-    if (retval = krb5_copy_keyblock(&incred->keyblock, &tempcred->keyblock))
+    if (retval = krb5_copy_keyblock_contents(&incred->keyblock,
+                                            &tempcred->keyblock))
        goto cleanserver;
     if (retval = krb5_copy_addresses(incred->addresses, &tempcred->addresses))
        goto cleanblock;
     if (retval = krb5_copy_data(&incred->ticket, &scratch))
        goto cleanaddrs;
     tempcred->ticket = *scratch;
-    free((char *)scratch);
+    xfree(scratch);
     if (retval = krb5_copy_data(&incred->second_ticket,
                                &scratch))
        goto cleanticket;
 
     tempcred->second_ticket = *scratch;
-    free((char *)scratch);
+    xfree(scratch);
 
     *outcred = tempcred;
     return 0;
@@ -64,12 +65,12 @@ krb5_creds **outcred;
  cleanaddrs:
     krb5_free_address(tempcred->addresses);
  cleanblock:
-    free((char *)tempcred->keyblock.contents);
+    xfree(tempcred->keyblock.contents);
  cleanserver:
     krb5_free_principal(tempcred->server);
  cleanclient:
     krb5_free_principal(tempcred->client);
  cleanlast:
-    free((char *)tempcred);
+    xfree(tempcred);
     return retval;
 }
index f3aec81aa979f4f1f2ab686312b563510539c72a..b717071b6c8cd2ef488b825b35eb2a5665fe2dd2 100644 (file)
@@ -2,7 +2,8 @@
  * $Source$
  * $Author$
  *
- * Copyright 1990 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
  *
  * For copying and distribution information, please see the file
  * <krb5/copyright.h>.
@@ -15,7 +16,6 @@ static char rcsid_copy_key_c[] =
 "$Id$";
 #endif /* !lint & !SABER */
 
-#include <krb5/copyright.h>
 #include <krb5/krb5.h>
 #include <krb5/ext-proto.h>
 
@@ -25,12 +25,19 @@ static char rcsid_copy_key_c[] =
 krb5_error_code
 krb5_copy_keyblock(from, to)
 const krb5_keyblock *from;
-krb5_keyblock *to;
+krb5_keyblock **to;
 {
-    *to = *from;
-    to->contents = (krb5_octet *)malloc(to->length);
-    if (!to->contents)
-       return ENOMEM;
-    memcpy((char *)to->contents, (char *)from->contents, to->length);
-    return 0;
+       krb5_keyblock   *new_key;
+
+       if (!(new_key = (krb5_keyblock *) malloc(sizeof(krb5_keyblock))))
+               return ENOMEM;
+       *new_key = *from;
+       if (!(new_key->contents = (krb5_octet *)malloc(new_key->length))) {
+               xfree(new_key);
+               return(ENOMEM);
+       }
+       memcpy((char *)new_key->contents, (char *)from->contents,
+              new_key->length);
+       *to = new_key;
+       return 0;
 }
index ec6a9d4ec542df25fab2a83c3684da461f02920d..f7569367d22f457dd2178f8a510b8a0bf65c84d6 100644 (file)
@@ -31,13 +31,8 @@ krb5_enc_tkt_part **partto;
     if (!(tempto = (krb5_enc_tkt_part *)malloc(sizeof(*tempto))))
        return ENOMEM;
     *tempto = *partfrom;
-    if (!(tempto->session =
-         (krb5_keyblock *)malloc(sizeof(*tempto->session)))) {
-       xfree(tempto);
-       return ENOMEM;
-    }
     if (retval = krb5_copy_keyblock(partfrom->session,
-                                   tempto->session)) {
+                                   &tempto->session)) {
        xfree(tempto->session);
        xfree(tempto);
        return retval;
index 4571f669f8eccdd1ac543fcd5bb8d381378e9ae2..14be24f38e34d216b29b60b7ad7a757863dc14dc 100644 (file)
@@ -2,7 +2,8 @@
  * $Source$
  * $Author$
  *
- * Copyright 1990 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
  *
  * For copying and distribution information, please see the file
  * <krb5/copyright.h>.
@@ -15,7 +16,6 @@ static char rcsid_get_in_tkt_c[] =
 "$Id$";
 #endif /* !lint & !SABER */
 
-#include <krb5/copyright.h>
 #include <krb5/krb5.h>
 #include <krb5/asn1.h>
 #include <krb5/libos-proto.h>
@@ -212,8 +212,8 @@ OLDDECLARG(krb5_ccache, ccache)
     /* XXX issue warning if as_reply->enc_part2->key_exp is nearby */
        
     /* fill in the credentials */
-    if (retval = krb5_copy_keyblock(as_reply->enc_part2->session,
-                                   &creds->keyblock)) {
+    if (retval = krb5_copy_keyblock_contents(as_reply->enc_part2->session,
+                                            &creds->keyblock)) {
        memset((char *)as_reply->enc_part2->session->contents, 0,
              as_reply->enc_part2->session->length);
        krb5_free_kdc_rep(as_reply);
@@ -221,7 +221,7 @@ OLDDECLARG(krb5_ccache, ccache)
     }
 #define cleanup_key() {memset((char *)creds->keyblock.contents, 0,\
                             creds->keyblock.length); \
-                      free((char *)creds->keyblock.contents); \
+                      xfree(creds->keyblock.contents); \
                       creds->keyblock.contents = 0; \
                       creds->keyblock.length = 0;}
 
@@ -245,12 +245,12 @@ OLDDECLARG(krb5_ccache, ccache)
        return retval;
     }  
     creds->ticket = *packet;
-    free((char *) packet);
+    xfree(packet);
 
     /* store it in the ccache! */
     if (retval = krb5_cc_store_cred(ccache, creds)) {
        /* clean up the pieces */
-       free((char *)creds->ticket.data);
+       xfree(creds->ticket.data);
        krb5_free_address(creds->addresses);
        cleanup_key();
        return retval;
index c8bee3923b79788561f5fc41a282f0d6b81e44ab..b015a25da449dd6b0660280372afa2358e79340c 100644 (file)
@@ -2,7 +2,8 @@
  * $Source$
  * $Author$
  *
- * Copyright 1990 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
  *
  * For copying and distribution information, please see the file
  * <krb5/copyright.h>.
@@ -16,7 +17,6 @@ static char rcsid_in_tkt_skey_c [] =
 "$Id$";
 #endif /* !lint & !SABER */
 
-#include <krb5/copyright.h>
 #include <krb5/krb5.h>
 
 #include <krb5/ext-proto.h>
@@ -64,18 +64,12 @@ OLDDECLARG(krb5_pa_data **,padata)
     }
 #define cleanup() {if (arg->client) (void) krb5_kt_free_entry(&kt_ent);}
 
-    realkey = (krb5_keyblock *)malloc(sizeof(*realkey));
-    if (!realkey) {
-       cleanup();
-       return ENOMEM;
-    }    
-
     if (arg->key)
-       retval = krb5_copy_keyblock(arg->key, realkey);
+       retval = krb5_copy_keyblock(arg->key, &realkey);
     else
-       retval = krb5_copy_keyblock(&kt_ent.key, realkey);
+       retval = krb5_copy_keyblock(&kt_ent.key, &realkey);
     if (retval) {
-       free((char *)realkey);
+       xfree(realkey);
        cleanup();
        return retval;
     }
index de25f2e0989604127d53a2dade73f2fd64137bd5..f87e22c3f90e19ee9d6f62d8772babc4fefcbb99 100644 (file)
@@ -61,7 +61,7 @@ krb5_parse_name(name, nprincipal)
        int             components = 0;
        const char      *parsed_realm = NULL;
        int             fcompsize[FCOMPNUM];
-       char            default_realm[512];
+       static char     *default_realm = NULL;
        krb5_data       **principal;
        krb5_error_code retval;
        
@@ -136,9 +136,8 @@ krb5_parse_name(name, nprincipal)
         * realm....
         */
        if (!parsed_realm) {
-               retval = krb5_get_default_realm(sizeof(default_realm),
-                                               default_realm);
-               if (retval)
+               if (!default_realm &&
+                   (retval = krb5_get_default_realm(&default_realm)))
                        return(retval);
                principal[0]->length = fcompsize[0] = strlen(default_realm);
        }
index 97e24f90dfd70c62665cee5b19d409a87550daea..8e9c3313c5031a153abe48bd81732525ae7f4561 100644 (file)
@@ -23,29 +23,22 @@ static char rcsid_rd_error_c[] =
 #include <krb5/ext-proto.h>
 
 /*
- Parses an error message from enc_errbuf and fills in the contents of
dec_error.
-
- Upon return dec_error->client,server,text, if non-NULL, point to allocated
storage which the caller should free when finished.
-
- returns system errors
+ *  Parses an error message from enc_errbuf and returns an allocated
* structure which contain the error message.
+ *
+ *  Upon return dec_error will point to allocated storage which the
* caller should free when finished.
+ * 
*  returns system errors
  */
 
 krb5_error_code
 krb5_rd_error( enc_errbuf, dec_error)
 const krb5_data *enc_errbuf;
-krb5_error *dec_error;
+krb5_error **dec_error;
 {
-    krb5_error_code retval;
-    krb5_error *new_dec_error;
-
     if (!krb5_is_krb_error(enc_errbuf))
        return KRB5KRB_AP_ERR_MSG_TYPE;
-    if (retval = decode_krb5_error(enc_errbuf, &new_dec_error))
-       return(retval);
-    *dec_error = *new_dec_error;
-    (void)free((char *)new_dec_error);
-    return 0;
+    return(decode_krb5_error(enc_errbuf, dec_error));
 }
 
index 936566962deb93989661e8b598454426caf43428..1567dfe9873e1d0952a7fb9cd2fd8cf29adfaf19 100644 (file)
@@ -54,6 +54,7 @@ krb5_rd_priv(DECLARG(const krb5_data *, inbuf),
             DECLARG(krb5_int32, seq_number),
             DECLARG(krb5_int32, priv_flags),
             DECLARG(krb5_pointer, i_vector),
+            DECLARG(krb5_rcache, rcache),
             DECLARG(krb5_data *, outbuf))
 OLDDECLARG(const krb5_data *, inbuf)
 OLDDECLARG(const krb5_keyblock *, key)
@@ -62,6 +63,7 @@ OLDDECLARG(const krb5_address *, recv_addr)
 OLDDECLARG(krb5_int32, seq_number)
 OLDDECLARG(krb5_int32, priv_flags)
 OLDDECLARG(krb5_pointer, i_vector)
+OLDDECLARG(krb5_rcache, rcache),
 OLDDECLARG(krb5_data *, outbuf)
 {
     krb5_error_code retval;
index 148835fce2332042aef5a21bb40a8b6b715235d3..72a68dd966ac9d50b6fcc9667115d17fcdcc8217 100644 (file)
@@ -11,7 +11,7 @@
  */
 
 #if !defined(lint) && !defined(SABER)
-static char rcsid_rd_req_dec_c[] =
+static char rcsid_rd_rep_dec_c[] =
 "$Id$";
 #endif /* !lint & !SABER */
 
@@ -22,26 +22,26 @@ static char rcsid_rd_req_dec_c[] =
 #include <krb5/asn1.h>
 
 /*
- Parses a KRB_AP_REP message, returning its contents.
-
- repl is filled in with the fields from the encrypted response.
-
- the key in kblock is used to decrypt the message.
-
- returns system errors, encryption errors, replay errors
+ *  Parses a KRB_AP_REP message, returning its contents.
+ * 
+ *  repl is filled in with with a pointer to allocated memory containing
+ * the fields from the encrypted response. 
+ * 
+ *  the key in kblock is used to decrypt the message.
+ * 
+ *  returns system errors, encryption errors, replay errors
  */
 
 krb5_error_code
 krb5_rd_rep(inbuf, kblock, repl)
 const krb5_data *inbuf;
 const krb5_keyblock *kblock;
-krb5_ap_rep_enc_part *repl;
+krb5_ap_rep_enc_part **repl;
 {
     krb5_error_code retval;
     krb5_ap_rep *reply;
     krb5_encrypt_block eblock;
     krb5_data scratch;
-    krb5_ap_rep_enc_part *local_repl;
 
     if (!krb5_is_ap_rep(inbuf))
        return KRB5KRB_AP_ERR_MSG_TYPE;
@@ -93,10 +93,7 @@ free(scratch.data);}
        return retval;
     }
     /*  now decode the decrypted stuff */
-    if (!(retval = decode_krb5_ap_rep_enc_part(&scratch, &local_repl))) {
-       *repl = *local_repl;
-       free((char *)local_repl);
-    }
+    retval = decode_krb5_ap_rep_enc_part(&scratch, repl);
     clean_scratch();
     return retval;
 }
index 9fb100a8f794861f18ea6d6d72836e32da59aebe..2db92e7e7b6363214ff573f28cb333dd0534eedd 100644 (file)
@@ -22,27 +22,27 @@ static char rcsid_rd_req_c[] =
 #include <krb5/ext-proto.h>
 
 /*
- Parses a KRB_AP_REQ message, returning its contents.
-
- server specifies the expected server's name for the ticket.
-
- sender_addr specifies the address(es) expected to be present in the
- ticket.
-
- rcache specifies a replay detection cache used to store authenticators and
- server names
-
- keyproc specifies a procedure to generate a decryption key for the
- ticket.  If keyproc is non-NULL, keyprocarg is passed to it, and the result
- used as a decryption key. If keyproc is NULL, then fetchfrom is checked;
- if it is non-NULL, it specifies a parameter name from which to retrieve the
- decryption key.  If fetchfrom is NULL, then the default key store is
- consulted.
-
- authdat->ticket and authdat->authenticator are set to allocated storage
- structures; the caller should free them when finished.
-
- returns system errors, encryption errors, replay errors
*  Parses a KRB_AP_REQ message, returning its contents.
+ * 
*  server specifies the expected server's name for the ticket.
+ * 
*  sender_addr specifies the address(es) expected to be present in the
*  ticket.
+ * 
*  rcache specifies a replay detection cache used to store authenticators and
*  server names
+ * 
*  keyproc specifies a procedure to generate a decryption key for the
*  ticket.  If keyproc is non-NULL, keyprocarg is passed to it, and the result
*  used as a decryption key. If keyproc is NULL, then fetchfrom is checked;
*  if it is non-NULL, it specifies a parameter name from which to retrieve the
*  decryption key.  If fetchfrom is NULL, then the default key store is
*  consulted.
+ * 
+ *  authdat is set to point at allocated storage structures; the caller
+ *  should free them when finished. 
+ * 
*  returns system errors, encryption errors, replay errors
  */
 
 /* widen prototypes, if needed */
@@ -64,7 +64,7 @@ krb5_const_pointer fetchfrom;
 rdreq_key_proc keyproc;
 krb5_pointer keyprocarg;
 krb5_rcache rcache;
-krb5_tkt_authent *authdat;
+krb5_tkt_authent **authdat;
 {
     krb5_error_code retval;
     krb5_ap_req *request;
index 4d8c01e135f155733519dc72b4a2c0b9d1146668..9bd5a5a4b57131ea99fcb1ff7f6dd79f55ea3062 100644 (file)
@@ -22,44 +22,43 @@ static char rcsid_rd_req_dec_c[] =
 #include <krb5/asn1.h>
 
 /*
- essentially the same as krb_rd_req, but uses a decoded AP_REQ as the input
- rather than an encoded input.
+ * essentially the same as krb_rd_req, but uses a decoded AP_REQ as
* the input rather than an encoded input.
  */
 /*
- Parses a KRB_AP_REQ message, returning its contents.
-
- server specifies the expected server's name for the ticket; if NULL, then
- any server will be accepted if the key can be found, and the caller should
- verify that the principal is something it trusts.
-
- sender_addr specifies the address(es) expected to be present in the
- ticket.
-
- rcache specifies a replay detection cache used to store authenticators and
- server names
-
- keyproc specifies a procedure to generate a decryption key for the
- ticket.  If keyproc is non-NULL, keyprocarg is passed to it, and the result
- used as a decryption key. If keyproc is NULL, then fetchfrom is checked;
- if it is non-NULL, it specifies a parameter name from which to retrieve the
- decryption key.  If fetchfrom is NULL, then the default key store is
- consulted.
-
- authdat->ticket and authdat->authenticator are set to allocated storage
- structures; the caller should free them when finished.
-
- returns system errors, encryption errors, replay errors
*  Parses a KRB_AP_REQ message, returning its contents.
+ * 
*  server specifies the expected server's name for the ticket; if NULL, then
*  any server will be accepted if the key can be found, and the caller should
*  verify that the principal is something it trusts.
+ * 
*  sender_addr specifies the address(es) expected to be present in the
*  ticket.
+ * 
*  rcache specifies a replay detection cache used to store authenticators and
*  server names
+ * 
*  keyproc specifies a procedure to generate a decryption key for the
*  ticket.  If keyproc is non-NULL, keyprocarg is passed to it, and the result
*  used as a decryption key. If keyproc is NULL, then fetchfrom is checked;
*  if it is non-NULL, it specifies a parameter name from which to retrieve the
*  decryption key.  If fetchfrom is NULL, then the default key store is
*  consulted.
+ * 
+ *  authdat is set to point at allocated storage structures; the caller
+ *  should free them when finished. 
+ * 
*  returns system errors, encryption errors, replay errors
  */
 
 /* widen prototypes, if needed */
 #include <krb5/widen.h>
 
-static krb5_error_code decrypt_authenticator PROTOTYPE((const krb5_ap_req *,
-                                                       krb5_authenticator **));
-typedef krb5_error_code (*rdreq_key_proc) PROTOTYPE((krb5_pointer, 
-                                                    krb5_principal,
-                                                    krb5_kvno,
-                                                    krb5_keyblock **));
+static krb5_error_code decrypt_authenticator
+       PROTOTYPE((const krb5_ap_req *, krb5_authenticator **));
+typedef krb5_error_code (*rdreq_key_proc)
+       PROTOTYPE((krb5_pointer, krb5_principal, krb5_kvno, krb5_keyblock **));
+
 /* and back to normal... */
 #include <krb5/narrow.h>
 
@@ -68,7 +67,7 @@ extern krb5_deltat krb5_clockskew;
 
 krb5_error_code
 krb5_rd_req_decoded(req, server, sender_addr, fetchfrom, keyproc, keyprocarg,
-                   rcache, tktauthent)
+                   rcache, authdat)
 const krb5_ap_req *req;
 krb5_const_principal server;
 const krb5_address *sender_addr;
@@ -76,13 +75,12 @@ krb5_const_pointer fetchfrom;
 rdreq_key_proc keyproc;
 krb5_pointer keyprocarg;
 krb5_rcache rcache;
-krb5_tkt_authent *tktauthent;
+krb5_tkt_authent **authdat;
 {
-    krb5_error_code retval;
-    krb5_keyblock *tkt_key;
-    krb5_keyblock tkt_key_real;
+    krb5_error_code retval = 0;
+    krb5_keyblock *tkt_key = NULL;
     krb5_timestamp currenttime, starttime;
-
+    krb5_tkt_authent   *tktauthent = NULL;
 
     if (server && !krb5_principal_compare(server, req->ticket->server))
        return KRB5KRB_AP_WRONG_PRINC;
@@ -110,8 +108,7 @@ krb5_tkt_authent *tktauthent;
                                       req->ticket->enc_part.kvno, &ktentry);
            (void) krb5_kt_close(keytabid);
            if (!retval) {
-               retval = krb5_copy_keyblock(&ktentry.key, &tkt_key_real);
-               tkt_key = &tkt_key_real;
+               retval = krb5_copy_keyblock(&ktentry.key, &tkt_key);
                (void) krb5_kt_free_entry(&ktentry);
            }
        }
@@ -120,34 +117,40 @@ krb5_tkt_authent *tktauthent;
        return retval;                  /* some error in getting the key */
 
     /* decrypt the ticket */
-    if (retval = krb5_decrypt_tkt_part(tkt_key, req->ticket))
+    if (retval = krb5_decrypt_tkt_part(tkt_key, req->ticket)) {
+       krb5_free_keyblock(tkt_key);
        return(retval);
+    }
 
-#define clean_ticket() krb5_free_enc_tkt_part(req->ticket->enc_part2)
-
-    if (retval = decrypt_authenticator(req, &tktauthent->authenticator)) {
-       clean_ticket();
-       return retval;
+    /*
+     * Now we allocate space for the krb5_tkt_authent structure.  If
+     * we ever have an error, we're responsible for freeing it.
+     */
+    if (!(tktauthent =
+         (krb5_tkt_authent *) malloc(sizeof(krb5_tkt_authent)))) {
+           retval = ENOMEM;
+           goto cleanup;
     }
-#define clean_authenticator() {(void) krb5_free_authenticator(tktauthent->authenticator); tktauthent->authenticator = 0;}
+    
+    if (retval = decrypt_authenticator(req, &tktauthent->authenticator))
+       goto cleanup;
+    *authdat = NULL;           /* Set authdat to tktauthent when we finish */
 
     if (!krb5_principal_compare(tktauthent->authenticator->client,
                                req->ticket->enc_part2->client)) {
-       clean_authenticator();
-       return KRB5KRB_AP_ERR_BADMATCH;
+       retval = KRB5KRB_AP_ERR_BADMATCH;
+       goto cleanup;
     }
     if (sender_addr && !krb5_address_search(sender_addr, req->ticket->enc_part2->caddrs)) {
-       clean_authenticator();
-       return KRB5KRB_AP_ERR_BADADDR;
+       retval = KRB5KRB_AP_ERR_BADADDR;
+       goto cleanup;
     }
 
-    if (retval = krb5_timeofday(&currenttime)) {
-       clean_authenticator();
-       return retval;
-    }
+    if (retval = krb5_timeofday(&currenttime))
+       goto cleanup;
     if (!in_clock_skew(tktauthent->authenticator->ctime)) {
-       clean_authenticator();
-       return KRB5KRB_AP_ERR_SKEW;
+       retval = KRB5KRB_AP_ERR_SKEW;
+       goto cleanup;
     }
 
     tktauthent->ticket = req->ticket;  /* only temporarily...allocated
@@ -158,20 +161,13 @@ krb5_tkt_authent *tktauthent;
     if (rcache) {
        krb5_donot_replay rep;
 
-       if (retval = krb5_auth_to_rep(tktauthent, &rep)) {
-           tktauthent->ticket = 0;
-           clean_authenticator();
-           return retval;
-       }
-       if (retval = krb5_rc_store(rcache, &rep)) {
-           xfree(rep.server);
-           xfree(rep.client);
-           tktauthent->ticket = 0;
-           clean_authenticator();
-           return retval;
-       }
+       if (retval = krb5_auth_to_rep(tktauthent, &rep))
+           goto cleanup;
+       retval = krb5_rc_store(rcache, &rep);
        xfree(rep.server);
        xfree(rep.client);
+       if (retval)
+           goto cleanup;
     }
     tktauthent->ticket = 0;
 
@@ -182,21 +178,36 @@ krb5_tkt_authent *tktauthent;
        starttime = req->ticket->enc_part2->times.authtime;
 
     if (starttime - currenttime > krb5_clockskew) {
-       clean_authenticator();
-       return KRB5KRB_AP_ERR_TKT_NYV;  /* ticket not yet valid */
+       retval = KRB5KRB_AP_ERR_TKT_NYV;        /* ticket not yet valid */
+       goto cleanup;
     }  
     if (currenttime - req->ticket->enc_part2->times.endtime > krb5_clockskew) {
-       clean_authenticator();
-       return KRB5KRB_AP_ERR_TKT_EXPIRED;      /* ticket expired */
+       retval = KRB5KRB_AP_ERR_TKT_EXPIRED;    /* ticket expired */
+       goto cleanup;
     }  
     if (req->ticket->enc_part2->flags & TKT_FLG_INVALID) {
-       clean_authenticator();
-       return KRB5KRB_AP_ERR_TKT_INVALID;
+       retval = KRB5KRB_AP_ERR_TKT_INVALID;
+       goto cleanup;
+    }
+    retval = krb5_copy_ticket(req->ticket, &tktauthent->ticket);
+    
+cleanup:
+    if (tktauthent) {
+        if (retval) {
+           krb5_free_tkt_authent(tktauthent);
+        } else {
+           tktauthent->ap_options = req->ap_options;
+           *authdat = tktauthent;
+       }
+    }
+    if (retval && req->ticket->enc_part2) {
+       /* only free if we're erroring out...otherwise some
+          applications will need the output. */
+        krb5_free_enc_tkt_part(req->ticket->enc_part2);
+       req->ticket->enc_part2 = NULL;
     }
-    if (retval = krb5_copy_ticket(req->ticket, &tktauthent->ticket)) {
-       clean_authenticator();
-    } else
-       tktauthent->ap_options = req->ap_options;
+    if (tkt_key)
+       krb5_free_keyblock(tkt_key);
     return retval;
 }
 
index 657309b9e0c5ae2a663497ebefd617d47ce61cca..2c964e8ba75178b051260f4eb68672ccf786cdbd 100644 (file)
@@ -21,22 +21,22 @@ static char rcsid_rd_req_sim_c[] =
 #include <krb5/ext-proto.h>
 
 /*
- Parses a KRB_AP_REQ message, returning its contents.
-
- server specifies the expected server's name for the ticket.
-
- sender_addr specifies the address(es) expected to be present in the
- ticket.
-
- A replay cache name derived from the first component of the service name
- is used.
-
- The default key store is consulted to find the service key.
-
- authdat->ticket and authdat->authenticator are set to allocated storage
- structures; the caller should free them when finished.
-
- returns system errors, encryption errors, replay errors
*  Parses a KRB_AP_REQ message, returning its contents.
+ * 
*  server specifies the expected server's name for the ticket.
+ * 
*  sender_addr specifies the address(es) expected to be present in the
*  ticket.
+ * 
*  A replay cache name derived from the first component of the service name
*  is used.
+ * 
*  The default key store is consulted to find the service key.
+ *
+ * authdat isset to point at allocated structures; the caller should
+ * free it when finished. 
+ * 
*  returns system errors, encryption errors, replay errors
  */
 
 krb5_error_code
@@ -44,7 +44,7 @@ krb5_rd_req_simple(inbuf, server, sender_addr, authdat)
 const krb5_data *inbuf;
 krb5_const_principal server;
 const krb5_address *sender_addr;
-krb5_tkt_authent *authdat;
+krb5_tkt_authent **authdat;
 {
     krb5_error_code retval;
     krb5_ap_req *request;
index 209760ae68b059f094fa62ade4bcb67ad1f220d7..8426a8224190cab406cd7e1cc5c353cd24d51545 100644 (file)
@@ -38,13 +38,15 @@ extern krb5_deltat krb5_clockskew;
  returns system errors, integrity errors
  */
 krb5_error_code
-krb5_rd_safe(inbuf, key, sender_addr, recv_addr, seq_number, safe_flags, outbuf)
+krb5_rd_safe(inbuf, key, sender_addr, recv_addr, seq_number, safe_flags,
+            rcache, outbuf)
 const krb5_data *inbuf;
 const krb5_keyblock *key;
 const krb5_address *sender_addr;
 const krb5_address *recv_addr;
 krb5_int32 seq_number;
 krb5_int32 safe_flags;
+krb5_rcache rcache;
 krb5_data *outbuf;
 {
     krb5_error_code retval;