From 28a83f0f38b88b1878aa8632bac00e3c8272cfa7 Mon Sep 17 00:00:00 2001 From: OBATA Akio Date: Sun, 27 Dec 2015 18:01:02 +0900 Subject: [PATCH 1/3] Fix condition for SS_OBJS Unless otherwise SS_OBJS is set only for the case libss is used, unwanted 'mk_cmds' will be invoked. --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index dd0dc5aa..ee5f5ad4 100644 --- a/configure.ac +++ b/configure.ac @@ -241,10 +241,10 @@ if test "$ss" != no; then fi AC_CHECK_LIB(ss, ss_perror, [SS_LIBS="-lss" + SS_OBJS='${SS_OBJS}' AC_DEFINE(HAVE_SS, 1, [Define if we are building with the ss library])], AS_IF([test "x$ss" != "xmaybe"], AC_MSG_ERROR(ss library not found)), -lcom_err) - SS_OBJS='${SS_OBJS}' fi AC_SUBST(SS_LIBS) AC_SUBST(SS_OBJS) From ede0d26ede11d25f190c4d2743fcd9c588e6831a Mon Sep 17 00:00:00 2001 From: OBATA Akio Date: Sun, 27 Dec 2015 18:10:50 +0900 Subject: [PATCH 2/3] Fix to use portable functions Portable functions are prepared but used not enough. At least, it result in build failure with Heimdal Kerberos implementation. --- lib/ZDumpSession.c | 30 ++++++++++++++++++++++++------ lib/ZGetSender.c | 4 ++++ lib/ZMkAuth.c | 8 ++++---- 3 files changed, 32 insertions(+), 10 deletions(-) diff --git a/lib/ZDumpSession.c b/lib/ZDumpSession.c index 01c4444c..4499aa52 100644 --- a/lib/ZDumpSession.c +++ b/lib/ZDumpSession.c @@ -42,7 +42,7 @@ ZDumpSession(char **buffer, for (key = Z_keys_head; key != NULL; key = key->next) { num_keys++; len += 4 + 4; /* enctype, length */ - len += key->keyblock->length; /* contents */ + len += Z_keylen(key->keyblock); /* contents */ } #endif @@ -56,10 +56,10 @@ ZDumpSession(char **buffer, #ifdef HAVE_KRB5 *((uint32_t *)ptr) = htonl(num_keys); ptr += 4; for (key = Z_keys_tail; key != NULL; key = key->prev) { - *((uint32_t*) ptr) = htonl(key->keyblock->enctype); ptr += 4; - *((uint32_t*) ptr) = htonl(key->keyblock->length); ptr += 4; - memcpy(ptr, key->keyblock->contents, key->keyblock->length); - ptr += key->keyblock->length; + *((uint32_t*) ptr) = htonl(Z_enctype(key->keyblock)); ptr += 4; + *((uint32_t*) ptr) = htonl(Z_keylen(key->keyblock)); ptr += 4; + memcpy(ptr, Z_keydata(key->keyblock), Z_keylen(key->keyblock)); + ptr += Z_keylen(key->keyblock); } #endif @@ -110,12 +110,30 @@ ZLoadSession(char *buffer, int len) free(key); return (EINVAL); } +#ifdef HAVE_KRB5_CREDS_KEYBLOCK_ENCTYPE ret = krb5_init_keyblock(Z_krb5_ctx, enctype, keylength, &key->keyblock); +#else + { + krb5_keyblock *tmp, tmp_ss; + tmp = &tmp_ss; + + key->keyblock = NULL; + Z_enctype(tmp) = enctype; + Z_keylen(tmp) = keylength; + Z_keydata(tmp) = malloc(keylength); + if (!Z_keydata(tmp)) { + ret = ENOMEM; + } else { + ret = krb5_copy_keyblock(Z_krb5_ctx, tmp, &key->keyblock); + free(Z_keydata(tmp)); + } + } +#endif if (ret) { free(key); return ret; } - memcpy((char *)key->keyblock->contents, buffer, keylength); + memcpy((char *)Z_keydata(key->keyblock), buffer, keylength); buffer += keylength; len -= keylength; /* Just set recent times. It means we might not be able to retire the keys, but that's fine. */ diff --git a/lib/ZGetSender.c b/lib/ZGetSender.c index 7f0ab237..8c6cfb3c 100644 --- a/lib/ZGetSender.c +++ b/lib/ZGetSender.c @@ -46,7 +46,11 @@ ZGetSender(void) if (!result) { krb5_unparse_name(Z_krb5_ctx, principal, &prname); sender = strdup(prname); +#ifdef HAVE_KRB5_UNPARSE_NAME krb5_free_unparsed_name(Z_krb5_ctx, prname); +#else + free(prname); +#endif krb5_free_principal(Z_krb5_ctx, principal); return sender; } diff --git a/lib/ZMkAuth.c b/lib/ZMkAuth.c index 63605f49..a7e8a911 100644 --- a/lib/ZMkAuth.c +++ b/lib/ZMkAuth.c @@ -126,10 +126,10 @@ Z_MakeAuthenticationSaveKey(register ZNotice_t *notice, keyblock = Z_credskey(creds); if (Z_keys_head && - Z_keys_head->keyblock->enctype == keyblock->enctype && - Z_keys_head->keyblock->length == keyblock->length && - memcmp(Z_keys_head->keyblock->contents, keyblock->contents, - keyblock->length) == 0) { + Z_enctype(Z_keys_head->keyblock) == Z_enctype(keyblock) && + Z_keylen(Z_keys_head->keyblock) == Z_keylen(keyblock) && + memcmp(Z_keydata(Z_keys_head->keyblock), Z_keydata(keyblock), + Z_keylen(keyblock)) == 0) { /* * Optimization: if the key hasn't changed, replace the current entry, * rather than make a new one. From e82b9a07aeec8070b6fbde021f0fe3b69bc7209e Mon Sep 17 00:00:00 2001 From: OBATA Akio Date: Sun, 7 Jun 2020 17:25:17 +0900 Subject: [PATCH 3/3] Move krb5_error_code Z_krb5_init_keyblock() to lib from server It should be used in lib too. --- h/internal.h | 2 ++ lib/ZDumpSession.c | 20 +------------------- lib/Zinternal.c | 25 +++++++++++++++++++++++++ server/kstuff.c | 27 --------------------------- server/zserver.h | 2 -- 5 files changed, 28 insertions(+), 48 deletions(-) diff --git a/h/internal.h b/h/internal.h index b6e68048..7803be0d 100644 --- a/h/internal.h +++ b/h/internal.h @@ -83,6 +83,8 @@ extern int __Zephyr_server; /* 0 if normal client, 1 if server or zhm */ #ifdef HAVE_KRB5 extern krb5_context Z_krb5_ctx; Code_t Z_krb5_lookup_cksumtype(krb5_enctype, krb5_cksumtype *); +krb5_error_code Z_krb5_init_keyblock(krb5_context, krb5_enctype, size_t, + krb5_keyblock **); struct _Z_SessionKey { struct _Z_SessionKey *next; diff --git a/lib/ZDumpSession.c b/lib/ZDumpSession.c index 4499aa52..92f805cc 100644 --- a/lib/ZDumpSession.c +++ b/lib/ZDumpSession.c @@ -110,25 +110,7 @@ ZLoadSession(char *buffer, int len) free(key); return (EINVAL); } -#ifdef HAVE_KRB5_CREDS_KEYBLOCK_ENCTYPE - ret = krb5_init_keyblock(Z_krb5_ctx, enctype, keylength, &key->keyblock); -#else - { - krb5_keyblock *tmp, tmp_ss; - tmp = &tmp_ss; - - key->keyblock = NULL; - Z_enctype(tmp) = enctype; - Z_keylen(tmp) = keylength; - Z_keydata(tmp) = malloc(keylength); - if (!Z_keydata(tmp)) { - ret = ENOMEM; - } else { - ret = krb5_copy_keyblock(Z_krb5_ctx, tmp, &key->keyblock); - free(Z_keydata(tmp)); - } - } -#endif + ret = Z_krb5_init_keyblock(Z_krb5_ctx, enctype, keylength, &key->keyblock); if (ret) { free(key); return ret; diff --git a/lib/Zinternal.c b/lib/Zinternal.c index ecee122f..bced68e3 100644 --- a/lib/Zinternal.c +++ b/lib/Zinternal.c @@ -99,6 +99,31 @@ Z_krb5_lookup_cksumtype(krb5_enctype e, } return KRB5_PROG_ETYPE_NOSUPP; } + +krb5_error_code +Z_krb5_init_keyblock(krb5_context context, + krb5_enctype type, + size_t size, + krb5_keyblock **key) +{ +#ifdef HAVE_KRB5_CREDS_KEYBLOCK_ENCTYPE + return krb5_init_keyblock(context, type, size, key); +#else + krb5_error_code ret; + krb5_keyblock *tmp, tmp_ss; + tmp = &tmp_ss; + + *key = NULL; + Z_enctype(tmp) = type; + Z_keylen(tmp) = size; + Z_keydata(tmp) = malloc(size); + if (!Z_keydata(tmp)) + return ENOMEM; + ret = krb5_copy_keyblock(context, tmp, key); + free(Z_keydata(tmp)); + return ret; +#endif +} #endif /* HAVE_KRB5 */ char __Zephyr_realm[REALM_SZ]; diff --git a/server/kstuff.c b/server/kstuff.c index 5e4cf870..9984ef8b 100644 --- a/server/kstuff.c +++ b/server/kstuff.c @@ -689,33 +689,6 @@ static ZChecksum_t compute_rlm_checksum(ZNotice_t *notice, return checksum; } -#endif - -#ifdef HAVE_KRB5 -krb5_error_code -Z_krb5_init_keyblock(krb5_context context, - krb5_enctype type, - size_t size, - krb5_keyblock **key) -{ -#ifdef HAVE_KRB5_CREDS_KEYBLOCK_ENCTYPE - return krb5_init_keyblock(context, type, size, key); -#else - krb5_error_code ret; - krb5_keyblock *tmp, tmp_ss; - tmp = &tmp_ss; - - *key = NULL; - Z_enctype(tmp) = type; - Z_keylen(tmp) = size; - Z_keydata(tmp) = malloc(size); - if (!Z_keydata(tmp)) - return ENOMEM; - ret = krb5_copy_keyblock(context, tmp, key); - free(Z_keydata(tmp)); - return ret; -#endif -} void ZSetSession(krb5_keyblock *keyblock) { diff --git a/server/zserver.h b/server/zserver.h index b1b4bc83..25e4188b 100644 --- a/server/zserver.h +++ b/server/zserver.h @@ -37,8 +37,6 @@ extern krb5_keyblock *__Zephyr_keyblock; #define ZGetSession() (__Zephyr_keyblock) void ZSetSession(krb5_keyblock *keyblock); -krb5_error_code Z_krb5_init_keyblock(krb5_context, krb5_enctype, size_t, - krb5_keyblock **); #endif #ifdef HAVE_KRB4