From e754acf21b66818999033ab4617169420476a7fd Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Tue, 19 Apr 2011 18:13:41 +0000 Subject: [PATCH] Clean up schpw.c in kadmind a bit, making use of new k5-int.h helpers where appropriate. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24888 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kadmin/server/schpw.c | 123 ++++++++++++++------------------------ 1 file changed, 44 insertions(+), 79 deletions(-) diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c index ca0710754..aef30d16a 100644 --- a/src/kadmin/server/schpw.c +++ b/src/kadmin/server/schpw.c @@ -16,27 +16,21 @@ #define RFC3244_VERSION 0xff80 -krb5_error_code -process_chpw_request(context, server_handle, realm, keytab, - local_faddr, remote_faddr, req, rep) - krb5_context context; - void *server_handle; - char *realm; - krb5_keytab keytab; - krb5_fulladdr *local_faddr; - krb5_fulladdr *remote_faddr; - krb5_data *req; - krb5_data *rep; +static krb5_error_code +process_chpw_request(krb5_context context, void *server_handle, char *realm, + krb5_keytab keytab, const krb5_fulladdr *local_faddr, + const krb5_fulladdr *remote_faddr, krb5_data *req, + krb5_data *rep) { krb5_error_code ret; char *ptr; - int plen, vno; - krb5_data ap_req, ap_rep; - krb5_auth_context auth_context; - krb5_principal changepw; + unsigned int plen, vno; + krb5_data ap_req, ap_rep = empty_data(); + krb5_data cipher = empty_data(), clear = empty_data(); + krb5_auth_context auth_context = NULL; + krb5_principal changepw = NULL; krb5_principal client, target = NULL; - krb5_ticket *ticket; - krb5_data cipher, clear; + krb5_ticket *ticket = NULL; krb5_replay_data replay; krb5_error krberror; int numresult; @@ -50,16 +44,7 @@ process_chpw_request(context, server_handle, realm, keytab, char addrbuf[100]; krb5_address *addr = remote_faddr->address; - ret = 0; - rep->length = 0; - rep->data = NULL; - - auth_context = NULL; - changepw = NULL; - ap_rep.length = 0; - ticket = NULL; - clear.length = 0; - cipher.length = 0; + *rep = empty_data(); if (req->length < 4) { /* either this, or the server is printing bad messages, @@ -211,8 +196,7 @@ process_chpw_request(context, server_handle, realm, keytab, goto chpwfail; } - memset(clear.data, 0, clear.length); - free(clear.data); + zapfree(clear.data, clear.length); clear = *clear_data; free(clear_data); @@ -258,11 +242,9 @@ process_chpw_request(context, server_handle, realm, keytab, errmsg = krb5_get_error_message(context, ret); /* zap the password */ - memset(clear.data, 0, clear.length); - memset(ptr, 0, clear.length); - free(clear.data); - free(ptr); - clear.length = 0; + zapfree(clear.data, clear.length); + zapfree(ptr, clear.length); + clear = empty_data(); clen = strlen(clientstr); trunc_name(&clen, &cdots); @@ -361,7 +343,7 @@ chpwfail: memcpy(ptr, strresult, strlen(strresult)); - cipher.length = 0; + cipher = empty_data(); if (ap_rep.length) { ret = krb5_auth_con_setaddrs(context, auth_context, @@ -391,7 +373,7 @@ chpwfail: if (ap_rep.length) { free(ap_rep.data); - ap_rep.length = 0; + ap_rep = empty_data(); } krberror.ctime = 0; @@ -428,13 +410,9 @@ chpwfail: /* construct the reply */ - rep->length = 6 + ap_rep.length + cipher.length; - rep->data = (char *) malloc(rep->length); - if (rep->data == NULL) { - rep->length = 0; /* checked by caller */ - ret = ENOMEM; + ret = alloc_data(rep, 6 + ap_rep.length + cipher.length); + if (ret) goto bailout; - } ptr = rep->data; /* length */ @@ -464,43 +442,33 @@ chpwfail: memcpy(ptr, cipher.data, cipher.length); bailout: - if (auth_context) - krb5_auth_con_free(context, auth_context); - if (changepw) - krb5_free_principal(context, changepw); - if (ap_rep.length) - free(ap_rep.data); - if (ticket) - krb5_free_ticket(context, ticket); - if (clear.length) - free(clear.data); - if (cipher.length) - free(cipher.data); - if (target) - krb5_free_principal(context, target); - if (targetstr) - krb5_free_unparsed_name(context, targetstr); - if (clientstr) - krb5_free_unparsed_name(context, clientstr); - if (errmsg) - krb5_free_error_message(context, errmsg); - - return(ret); + krb5_auth_con_free(context, auth_context); + krb5_free_principal(context, changepw); + krb5_free_ticket(context, ticket); + free(ap_rep.data); + free(clear.data); + free(cipher.data); + krb5_free_principal(context, target); + krb5_free_unparsed_name(context, targetstr); + krb5_free_unparsed_name(context, clientstr); + krb5_free_error_message(context, errmsg); + return ret; } /* Dispatch routine for set/change password */ krb5_error_code dispatch(void *handle, struct sockaddr *local_saddr, const krb5_fulladdr *remote_faddr, - krb5_data *request, krb5_data **response, int is_tcp) + krb5_data *request, krb5_data **response_out, int is_tcp) { krb5_error_code ret; krb5_keytab kt = NULL; kadm5_server_handle_t server_handle = (kadm5_server_handle_t)handle; krb5_fulladdr local_faddr; krb5_address **local_kaddrs = NULL, local_kaddr_buf; + krb5_data *response = NULL; - *response = NULL; + *response_out = NULL; if (local_saddr == NULL) { ret = krb5_os_localaddr(server_handle->context, &local_kaddrs); @@ -521,11 +489,9 @@ dispatch(void *handle, goto cleanup; } - *response = (krb5_data *)malloc(sizeof(krb5_data)); - if (*response == NULL) { - ret = ENOMEM; + response = k5alloc(sizeof(krb5_data), &ret); + if (response == NULL) goto cleanup; - } ret = process_chpw_request(server_handle->context, handle, @@ -534,17 +500,16 @@ dispatch(void *handle, &local_faddr, remote_faddr, request, - *response); + response); + if (ret) + goto cleanup; -cleanup: - if (local_kaddrs != NULL) - krb5_free_addresses(server_handle->context, local_kaddrs); + *response_out = response; + response = NULL; - if ((*response)->data == NULL) { - free(*response); - *response = NULL; - } +cleanup: + krb5_free_addresses(server_handle->context, local_kaddrs); + krb5_free_data(server_handle->context, response); krb5_kt_close(server_handle->context, kt); - return ret; } -- 2.26.2