svn rev #22184: trunk/src/lib/krb5/ error_tables/ krb/

[ghudson@MIT.EDU]

http://src.mit.edu/fisheye/changelog/krb5/?cs=22184
Commit By: ghudson
Log Message:
ticket: 1165

mk_safe and mk_priv require the local address to be set in the auth
context; rd_safe and rd_priv require the remote address to be set.
Create error codes for both kinds of missing addresses and stop trying
futilely to handle the cases where they are not set.



Changed Files:
U   trunk/src/lib/krb5/error_tables/krb5_err.et
U   trunk/src/lib/krb5/krb/mk_priv.c
U   trunk/src/lib/krb5/krb/mk_safe.c
U   trunk/src/lib/krb5/krb/rd_priv.c
U   trunk/src/lib/krb5/krb/rd_safe.c
Modified: trunk/src/lib/krb5/error_tables/krb5_err.et
===================================================================
--- trunk/src/lib/krb5/error_tables/krb5_err.et	2009-04-08 15:25:43 UTC (rev 22183)
+++ trunk/src/lib/krb5/error_tables/krb5_err.et	2009-04-08 15:58:24 UTC (rev 22184)
@@ -348,4 +348,7 @@
 
 error_code KRB5_ERR_INVALID_UTF8,	"Invalid UTF-8 string"
 error_code KRB5_ERR_FAST_REQUIRED, "FAST protected pre-authentication required but not supported by KDC"
+
+error_code KRB5_LOCAL_ADDR_REQUIRED,  "Auth context must contain local address"
+error_code KRB5_REMOTE_ADDR_REQUIRED, "Auth context must contain remote address"
 end

Modified: trunk/src/lib/krb5/krb/mk_priv.c
===================================================================
--- trunk/src/lib/krb5/krb/mk_priv.c	2009-04-08 15:25:43 UTC (rev 22183)
+++ trunk/src/lib/krb5/krb/mk_priv.c	2009-04-08 15:58:24 UTC (rev 22184)
@@ -136,6 +136,9 @@
 	/* Need a better error */
 	return KRB5_RC_REQUIRED;
 
+    if (!auth_context->local_addr)
+	return KRB5_LOCAL_ADDR_REQUIRED;
+
     if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) ||
 	(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME)) {
 	if ((retval = krb5_us_timeofday(context, &replaydata.timestamp,
@@ -154,28 +157,26 @@
 	} else {
     	    outdata->seq = replaydata.seq;
 	}
-    } 
+    }
 
 {
     krb5_address * premote_fulladdr = NULL;
-    krb5_address * plocal_fulladdr = NULL;
+    krb5_address * plocal_fulladdr;
     krb5_address remote_fulladdr;
     krb5_address local_fulladdr;
     CLEANUP_INIT(2);
 
-    if (auth_context->local_addr) {
-	if (auth_context->local_port) {
-	    if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
-				  	      auth_context->local_port, 
-					      &local_fulladdr))) {
-	    	CLEANUP_PUSH(local_fulladdr.contents, free);
-	    	plocal_fulladdr = &local_fulladdr;
-            } else {
-    	    	goto error;
-            }
+    if (auth_context->local_port) {
+	if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
+					  auth_context->local_port, 
+					  &local_fulladdr))) {
+	    CLEANUP_PUSH(local_fulladdr.contents, free);
+	    plocal_fulladdr = &local_fulladdr;
 	} else {
-	    plocal_fulladdr = auth_context->local_addr;
+	    goto error;
 	}
+    } else {
+	plocal_fulladdr = auth_context->local_addr;
     }
 
     if (auth_context->remote_addr) {

Modified: trunk/src/lib/krb5/krb/mk_safe.c
===================================================================
--- trunk/src/lib/krb5/krb/mk_safe.c	2009-04-08 15:25:43 UTC (rev 22183)
+++ trunk/src/lib/krb5/krb/mk_safe.c	2009-04-08 15:58:24 UTC (rev 22184)
@@ -136,6 +136,9 @@
 	/* Need a better error */
 	return KRB5_RC_REQUIRED;
 
+    if (!auth_context->local_addr)
+	return KRB5_LOCAL_ADDR_REQUIRED;
+
     if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) ||
 	(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME)) {
 	if ((retval = krb5_us_timeofday(context, &replaydata.timestamp,
@@ -156,27 +159,24 @@
 
 {
     krb5_address * premote_fulladdr = NULL;
-    krb5_address * plocal_fulladdr = NULL;
+    krb5_address * plocal_fulladdr;
     krb5_address remote_fulladdr;
     krb5_address local_fulladdr;
     krb5_cksumtype sumtype;
 
     CLEANUP_INIT(2);
 
-    if (auth_context->local_addr) {
-    	if (auth_context->local_port) {
-            if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
-                                 	      auth_context->local_port, 
-					      &local_fulladdr))){
-            	CLEANUP_PUSH(local_fulladdr.contents, free);
-	    	plocal_fulladdr = &local_fulladdr;
-            } else {
-                goto error;
-            }
+    if (auth_context->local_port) {
+	if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
+					  auth_context->local_port, 
+					  &local_fulladdr))){
+	    CLEANUP_PUSH(local_fulladdr.contents, free);
+	    plocal_fulladdr = &local_fulladdr;
 	} else {
-            plocal_fulladdr = auth_context->local_addr;
-        }
-
+	    goto error;
+	}
+    } else {
+	plocal_fulladdr = auth_context->local_addr;
     }
 
     if (auth_context->remote_addr) {

Modified: trunk/src/lib/krb5/krb/rd_priv.c
===================================================================
--- trunk/src/lib/krb5/krb/rd_priv.c	2009-04-08 15:25:43 UTC (rev 22183)
+++ trunk/src/lib/krb5/krb/rd_priv.c	2009-04-08 15:58:24 UTC (rev 22184)
@@ -169,12 +169,15 @@
 	/* Need a better error */
 	return KRB5_RC_REQUIRED;
 
+    if (!auth_context->remote_addr)
+	return KRB5_REMOTE_ADDR_REQUIRED;
+
     if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) &&
       (auth_context->rcache == NULL))
 	return KRB5_RC_REQUIRED;
 
 {
-    krb5_address * premote_fulladdr = NULL;
+    krb5_address * premote_fulladdr;
     krb5_address * plocal_fulladdr = NULL;
     krb5_address remote_fulladdr;
     krb5_address local_fulladdr;
@@ -195,20 +198,18 @@
         }
     }
 
-    if (auth_context->remote_addr) {
-    	if (auth_context->remote_port) {
-            if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
-                                 	      auth_context->remote_port, 
-					      &remote_fulladdr))){
-                CLEANUP_PUSH(remote_fulladdr.contents, free);
-	        premote_fulladdr = &remote_fulladdr;
-            } else {
-                CLEANUP_DONE();
-	        return retval;
-            }
+    if (auth_context->remote_port) {
+	if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
+					  auth_context->remote_port, 
+					  &remote_fulladdr))){
+	    CLEANUP_PUSH(remote_fulladdr.contents, free);
+	    premote_fulladdr = &remote_fulladdr;
 	} else {
-            premote_fulladdr = auth_context->remote_addr;
-        }
+	    CLEANUP_DONE();
+	    return retval;
+	}
+    } else {
+	premote_fulladdr = auth_context->remote_addr;
     }
 
     memset(&replaydata, 0, sizeof(replaydata));

Modified: trunk/src/lib/krb5/krb/rd_safe.c
===================================================================
--- trunk/src/lib/krb5/krb/rd_safe.c	2009-04-08 15:25:43 UTC (rev 22183)
+++ trunk/src/lib/krb5/krb/rd_safe.c	2009-04-08 15:58:24 UTC (rev 22184)
@@ -177,12 +177,15 @@
       (auth_context->rcache == NULL)) 
 	return KRB5_RC_REQUIRED;
 
+    if (!auth_context->remote_addr)
+	return KRB5_REMOTE_ADDR_REQUIRED;
+
     /* Get keyblock */
     if ((keyblock = auth_context->recv_subkey) == NULL)
 	keyblock = auth_context->keyblock;
 
 {
-    krb5_address * premote_fulladdr = NULL;
+    krb5_address * premote_fulladdr;
     krb5_address * plocal_fulladdr = NULL;
     krb5_address remote_fulladdr;
     krb5_address local_fulladdr;
@@ -203,19 +206,17 @@
         }
     }
 
-    if (auth_context->remote_addr) {
-    	if (auth_context->remote_port) {
-            if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
-                                 	      auth_context->remote_port, 
-					      &remote_fulladdr))){
-                CLEANUP_PUSH(remote_fulladdr.contents, free);
-	        premote_fulladdr = &remote_fulladdr;
-            } else {
-	        return retval;
-            }
+    if (auth_context->remote_port) {
+	if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
+					  auth_context->remote_port, 
+					  &remote_fulladdr))){
+	    CLEANUP_PUSH(remote_fulladdr.contents, free);
+	    premote_fulladdr = &remote_fulladdr;
 	} else {
-            premote_fulladdr = auth_context->remote_addr;
-        }
+	    return retval;
+	}
+    } else {
+	premote_fulladdr = auth_context->remote_addr;
     }
 
     memset(&replaydata, 0, sizeof(replaydata));