svn rev #22254: branches/krb5-1-7/src/lib/krb5/ error_tables/ krb/

Wed Apr 15 16:07:46 EDT 2009

http://src.mit.edu/fisheye/changelog/krb5/?cs=22254
Commit By: tlyu
Log Message:
ticket: 1165
version_fixed: 1.7

pull up r22184 from trunk

 ------------------------------------------------------------------------
 r22184 | ghudson | 2009-04-08 11:58:24 -0400 (Wed, 08 Apr 2009) | 7 lines
 Changed paths:
    M /trunk/src/lib/krb5/error_tables/krb5_err.et
    M /trunk/src/lib/krb5/krb/mk_priv.c
    M /trunk/src/lib/krb5/krb/mk_safe.c
    M /trunk/src/lib/krb5/krb/rd_priv.c
    M /trunk/src/lib/krb5/krb/rd_safe.c

 ticket: 1165

 mk_safe and mk_priv require the local address to be set in the auth
 context; rd_safe and rd_priv require the remote address to be set.
 Create error codes for both kinds of missing addresses and stop trying
 futilely to handle the cases where they are not set.


Changed Files:
U   branches/krb5-1-7/src/lib/krb5/error_tables/krb5_err.et
U   branches/krb5-1-7/src/lib/krb5/krb/mk_priv.c
U   branches/krb5-1-7/src/lib/krb5/krb/mk_safe.c
U   branches/krb5-1-7/src/lib/krb5/krb/rd_priv.c
U   branches/krb5-1-7/src/lib/krb5/krb/rd_safe.c
Modified: branches/krb5-1-7/src/lib/krb5/error_tables/krb5_err.et
===================================================================

--- branches/krb5-1-7/src/lib/krb5/error_tables/krb5_err.et	2009-04-15 20:07:42 UTC (rev 22253)
+++ branches/krb5-1-7/src/lib/krb5/error_tables/krb5_err.et	2009-04-15 20:07:45 UTC (rev 22254)
@@ -348,4 +348,7 @@
 
 error_code KRB5_ERR_INVALID_UTF8,	"Invalid UTF-8 string"
 error_code KRB5_ERR_FAST_REQUIRED, "FAST protected pre-authentication required but not supported by KDC"
+
+error_code KRB5_LOCAL_ADDR_REQUIRED,  "Auth context must contain local address"
+error_code KRB5_REMOTE_ADDR_REQUIRED, "Auth context must contain remote address"
 end

Modified: branches/krb5-1-7/src/lib/krb5/krb/mk_priv.c
===================================================================
--- branches/krb5-1-7/src/lib/krb5/krb/mk_priv.c	2009-04-15 20:07:42 UTC (rev 22253)
+++ branches/krb5-1-7/src/lib/krb5/krb/mk_priv.c	2009-04-15 20:07:45 UTC (rev 22254)
@@ -136,6 +136,9 @@
 	/* Need a better error */
 	return KRB5_RC_REQUIRED;
 
+    if (!auth_context->local_addr)
+	return KRB5_LOCAL_ADDR_REQUIRED;
+
     if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) ||
 	(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME)) {
 	if ((retval = krb5_us_timeofday(context, &replaydata.timestamp,
@@ -154,28 +157,26 @@
 	} else {
     	    outdata->seq = replaydata.seq;
 	}
-    } 
+    }
 
 {
     krb5_address * premote_fulladdr = NULL;
-    krb5_address * plocal_fulladdr = NULL;
+    krb5_address * plocal_fulladdr;
     krb5_address remote_fulladdr;
     krb5_address local_fulladdr;
     CLEANUP_INIT(2);
 
-    if (auth_context->local_addr) {
-	if (auth_context->local_port) {
-	    if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
-				  	      auth_context->local_port, 
-					      &local_fulladdr))) {
-	    	CLEANUP_PUSH(local_fulladdr.contents, free);
-	    	plocal_fulladdr = &local_fulladdr;
-            } else {
-    	    	goto error;
-            }
+    if (auth_context->local_port) {
+	if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
+					  auth_context->local_port, 
+					  &local_fulladdr))) {
+	    CLEANUP_PUSH(local_fulladdr.contents, free);
+	    plocal_fulladdr = &local_fulladdr;
 	} else {
-	    plocal_fulladdr = auth_context->local_addr;
+	    goto error;
 	}
+    } else {
+	plocal_fulladdr = auth_context->local_addr;
     }
 
     if (auth_context->remote_addr) {

Modified: branches/krb5-1-7/src/lib/krb5/krb/mk_safe.c
===================================================================
--- branches/krb5-1-7/src/lib/krb5/krb/mk_safe.c	2009-04-15 20:07:42 UTC (rev 22253)
+++ branches/krb5-1-7/src/lib/krb5/krb/mk_safe.c	2009-04-15 20:07:45 UTC (rev 22254)
@@ -136,6 +136,9 @@
 	/* Need a better error */
 	return KRB5_RC_REQUIRED;
 
+    if (!auth_context->local_addr)
+	return KRB5_LOCAL_ADDR_REQUIRED;
+
     if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) ||
 	(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME)) {
 	if ((retval = krb5_us_timeofday(context, &replaydata.timestamp,
@@ -156,27 +159,24 @@
 
 {
     krb5_address * premote_fulladdr = NULL;
-    krb5_address * plocal_fulladdr = NULL;
+    krb5_address * plocal_fulladdr;
     krb5_address remote_fulladdr;
     krb5_address local_fulladdr;
     krb5_cksumtype sumtype;
 
     CLEANUP_INIT(2);
 
-    if (auth_context->local_addr) {
-    	if (auth_context->local_port) {
-            if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
-                                 	      auth_context->local_port, 
-					      &local_fulladdr))){
-            	CLEANUP_PUSH(local_fulladdr.contents, free);
-	    	plocal_fulladdr = &local_fulladdr;
-            } else {
-                goto error;
-            }
+    if (auth_context->local_port) {
+	if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
+					  auth_context->local_port, 
+					  &local_fulladdr))){
+	    CLEANUP_PUSH(local_fulladdr.contents, free);
+	    plocal_fulladdr = &local_fulladdr;
 	} else {
-            plocal_fulladdr = auth_context->local_addr;
-        }
-
+	    goto error;
+	}
+    } else {
+	plocal_fulladdr = auth_context->local_addr;
     }
 
     if (auth_context->remote_addr) {

Modified: branches/krb5-1-7/src/lib/krb5/krb/rd_priv.c
===================================================================
--- branches/krb5-1-7/src/lib/krb5/krb/rd_priv.c	2009-04-15 20:07:42 UTC (rev 22253)
+++ branches/krb5-1-7/src/lib/krb5/krb/rd_priv.c	2009-04-15 20:07:45 UTC (rev 22254)
@@ -169,12 +169,15 @@
 	/* Need a better error */
 	return KRB5_RC_REQUIRED;
 
+    if (!auth_context->remote_addr)
+	return KRB5_REMOTE_ADDR_REQUIRED;
+
     if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) &&
       (auth_context->rcache == NULL))
 	return KRB5_RC_REQUIRED;
 
 {
-    krb5_address * premote_fulladdr = NULL;
+    krb5_address * premote_fulladdr;
     krb5_address * plocal_fulladdr = NULL;
     krb5_address remote_fulladdr;
     krb5_address local_fulladdr;
@@ -195,20 +198,18 @@
         }
     }
 
-    if (auth_context->remote_addr) {
-    	if (auth_context->remote_port) {
-            if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
-                                 	      auth_context->remote_port, 
-					      &remote_fulladdr))){
-                CLEANUP_PUSH(remote_fulladdr.contents, free);
-	        premote_fulladdr = &remote_fulladdr;
-            } else {
-                CLEANUP_DONE();
-	        return retval;
-            }
+    if (auth_context->remote_port) {
+	if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
+					  auth_context->remote_port, 
+					  &remote_fulladdr))){
+	    CLEANUP_PUSH(remote_fulladdr.contents, free);
+	    premote_fulladdr = &remote_fulladdr;
 	} else {
-            premote_fulladdr = auth_context->remote_addr;
-        }
+	    CLEANUP_DONE();
+	    return retval;
+	}
+    } else {
+	premote_fulladdr = auth_context->remote_addr;
     }
 
     memset(&replaydata, 0, sizeof(replaydata));

Modified: branches/krb5-1-7/src/lib/krb5/krb/rd_safe.c
===================================================================
--- branches/krb5-1-7/src/lib/krb5/krb/rd_safe.c	2009-04-15 20:07:42 UTC (rev 22253)
+++ branches/krb5-1-7/src/lib/krb5/krb/rd_safe.c	2009-04-15 20:07:45 UTC (rev 22254)
@@ -177,12 +177,15 @@
       (auth_context->rcache == NULL)) 
 	return KRB5_RC_REQUIRED;
 
+    if (!auth_context->remote_addr)
+	return KRB5_REMOTE_ADDR_REQUIRED;
+
     /* Get keyblock */
     if ((keyblock = auth_context->recv_subkey) == NULL)
 	keyblock = auth_context->keyblock;
 
 {
-    krb5_address * premote_fulladdr = NULL;
+    krb5_address * premote_fulladdr;
     krb5_address * plocal_fulladdr = NULL;
     krb5_address remote_fulladdr;
     krb5_address local_fulladdr;
@@ -203,19 +206,17 @@
         }
     }
 
-    if (auth_context->remote_addr) {
-    	if (auth_context->remote_port) {
-            if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
-                                 	      auth_context->remote_port, 
-					      &remote_fulladdr))){
-                CLEANUP_PUSH(remote_fulladdr.contents, free);
-	        premote_fulladdr = &remote_fulladdr;
-            } else {
-	        return retval;
-            }
+    if (auth_context->remote_port) {
+	if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
+					  auth_context->remote_port, 
+					  &remote_fulladdr))){
+	    CLEANUP_PUSH(remote_fulladdr.contents, free);
+	    premote_fulladdr = &remote_fulladdr;
 	} else {
-            premote_fulladdr = auth_context->remote_addr;
-        }
+	    return retval;
+	}
+    } else {
+	premote_fulladdr = auth_context->remote_addr;
     }
 
     memset(&replaydata, 0, sizeof(replaydata));


