ret = decode_EncTicketPart(plain.data, plain.length, decr_part, &len);
if (ret)
- krb5_set_error_message(context, ret,
+ krb5_set_error_message(context, ret,
N_("Failed to decode encrypted "
"ticket part", ""));
krb5_data_free (&plain);
check_transited(krb5_context context, Ticket *ticket, EncTicketPart *enc)
{
char **realms;
- unsigned int num_realms;
+ unsigned int num_realms, n;
krb5_error_code ret;
-
+
/*
* Windows 2000 and 2003 uses this inside their TGT so it's normaly
* not seen by others, however, samba4 joined with a Windows AD as
ret = krb5_check_transited(context, enc->crealm,
ticket->realm,
realms, num_realms, NULL);
+ for (n = 0; n < num_realms; n++)
+ free(realms[n]);
free(realms);
return ret;
}
krb5_authdata adIfRelevant;
unsigned i;
- adIfRelevant.len = 0;
+ memset(&adIfRelevant, 0, sizeof(adIfRelevant));
etypes->len = 0;
etypes->val = NULL;
krb5_clear_error_message (context);
return KRB5KRB_AP_ERR_TKT_EXPIRED;
}
-
+
if(!t.flags.transited_policy_checked) {
ret = check_transited(context, ticket, &t);
if(ret) {
{
krb5_principal p1, p2;
krb5_boolean res;
-
+
_krb5_principalname2krb5_principal(context,
&p1,
ac->authenticator->cname,
ac->keytype = ETYPE_NULL;
if (etypes.val) {
- int i;
+ size_t i;
for (i = 0; i < etypes.len; i++) {
if (krb5_enctype_valid(context, etypes.val[i]) == 0) {
krb5_auth_con_free (context, ac);
return ret;
}
-
+
/*
*
*/
&o->ap_req_options,
&o->ticket,
KRB5_KU_AP_REQ_AUTH);
-
+
if (ret)
goto out;
goto out;
done = 0;
- while (!done) {
+ while (!done) {
krb5_principal p;
ret = krb5_kt_next_entry(context, id, &entry, &cursor);
* and update the service principal in the ticket to match
* whatever is in the keytab.
*/
-
- ret = krb5_copy_keyblock(context,
+
+ ret = krb5_copy_keyblock(context,
&entry.keyblock,
&o->keyblock);
if (ret) {
krb5_kt_free_entry (context, &entry);
goto out;
- }
+ }
ret = krb5_copy_principal(context, entry.principal, &p);
if (ret) {
}
krb5_free_principal(context, o->ticket->server);
o->ticket->server = p;
-
+
krb5_kt_free_entry (context, &entry);
done = 1;
krb5_data_free(&data);
if (ret)
goto out;
-
+
ret = krb5_pac_verify(context,
pac,
o->ticket->ticket.authtime,