if (retval == 0)
retval = krb5_auth_con_setflags(kdc_context,
authcontext, 0); /*disable replay cache*/
- retval = krb5_rd_req(kdc_context, &authcontext,
- &armor->armor_value, NULL /*server*/,
- kdc_active_realm->realm_keytab, NULL, &ticket);
+ if (retval == 0)
+ retval = krb5_rd_req(kdc_context, &authcontext, &armor->armor_value,
+ NULL /*server*/, kdc_active_realm->realm_keytab,
+ NULL, &ticket);
if (retval != 0) {
const char * errmsg = krb5_get_error_message(kdc_context, retval);
k5_setmsg(kdc_context, retval, _("%s while handling ap-request armor"),
{
krb5_error_code retval = 0;
krb5_pa_data *fast_padata;
- krb5_data scratch, *inner_body = NULL;
+ krb5_data scratch, plaintext, *inner_body = NULL;
krb5_fast_req * fast_req = NULL;
krb5_kdc_req *request = *requestptr;
krb5_fast_armored_req *fast_armored_req = NULL;
}
}
if (retval == 0) {
- krb5_data plaintext;
plaintext.length = fast_armored_req->enc_part.ciphertext.length;
- plaintext.data = malloc(plaintext.length);
- if (plaintext.data == NULL)
- retval = ENOMEM;
+ plaintext.data = k5alloc(plaintext.length, &retval);
+ }
+ if (retval == 0) {
retval = krb5_c_decrypt(kdc_context,
state->armor_key,
KRB5_KEYUSAGE_FAST_ENC, NULL,
/* Credentials for kadmin don't need to be forwardable or proxiable. */
if (init_type != INIT_CREDS) {
code = krb5_get_init_creds_opt_alloc(ctx, &opt);
+ if (code)
+ goto error;
+
krb5_get_init_creds_opt_set_forwardable(opt, 0);
krb5_get_init_creds_opt_set_proxiable(opt, 0);
krb5_get_init_creds_opt_set_out_ccache(ctx, opt, ccache);
iov.flags = KRB5_CRYPTO_TYPE_DATA;
iov.data = make_data(cksum.contents, 16);
ret = krb5_k_encrypt_iov(context, seq, 0, NULL, &iov, 1);
+ check_k5err(context, "krb5_k_encrypt_iov", ret);
memcpy(ptr + 8, cksum.contents + 8, 8);
} else {
memcpy(ptr + 8, cksum.contents, cksize);
projects / thirdparty / krb5.git / commitdiff
