From: Luke Howard <lukeh@padl.com>
Date: Tue, 25 Aug 2009 13:57:48 +0000 (+0000)
Subject: cleanup
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=81f9911082bd757a16b730e649444075c0d4a5ae;p=thirdparty%2Fkrb5.git

cleanup

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/authdata@22596 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/krb5/krb/authdata.c b/src/lib/krb5/krb/authdata.c
index 4b6df0bbbc..07718d4d07 100644
--- a/src/lib/krb5/krb/authdata.c
+++ b/src/lib/krb5/krb/authdata.c
@@ -30,15 +30,17 @@
 
 /* Based on preauth2.c */
 
-#define DEBUG 1
-
 #if TARGET_OS_MAC
 static const char *objdirs[] = { KRB5_AUTHDATA_PLUGIN_BUNDLE_DIR, LIBDIR "/krb5/plugins/authdata", NULL }; /* should be a list */
 #else
 static const char *objdirs[] = { LIBDIR "/krb5/plugins/authdata", NULL };
 #endif
 
-static krb5plugin_authdata_client_ftable_v0 *authdata_systems[] = { &krb5int_mspac_authdata_client_ftable, NULL };
+/* Internal authdata systems */
+static krb5plugin_authdata_client_ftable_v0 *authdata_systems[] = {
+    &krb5int_mspac_authdata_client_ftable,
+    NULL
+};
 
 static inline int
 count_ad_modules(krb5plugin_authdata_client_ftable_v0 *table)
@@ -107,6 +109,7 @@ init_ad_system(krb5_context kcontext,
             context->modules[k].client_req_fini = table->request_fini;
             rcpp = &context->modules[k].request_context;
 
+            /* For now, single request per context. That may change */
             code = (*table->request_init)(kcontext,
                                           plugin_context,
                                           rcpp);
@@ -314,6 +317,8 @@ krb5int_verify_authdata(krb5_context kcontext,
 {
     int i;
     krb5_error_code code;
+    krb5_ticket *ticket = ap_req->ticket;
+    krb5_authenticator *authenticator = (*auth_context)->authentp;
 
     for (i = 0; i < context->n_modules; i++) {
         struct _krb5_authdata_context_module *module = &context->modules[i];
@@ -323,8 +328,8 @@ krb5int_verify_authdata(krb5_context kcontext,
             continue;
 
         code = krb5int_find_authdata(kcontext,
-                                     ap_req->ticket->enc_part2->authorization_data,
-                                     (*auth_context)->authentp->authorization_data,
+                                     ticket->enc_part2->authorization_data,
+                                     authenticator->authorization_data,
                                      module->ad_type,
                                      &authdata);
         if (code != 0 || authdata == NULL)
@@ -361,7 +366,7 @@ merge_data_array_nocopy(krb5_data **dst, krb5_data *src, unsigned int *len)
     for (i = 0; src[i].data != NULL; i++)
         ;
 
-    *dst = (krb5_data *)realloc(*dst, (*len + i + 1) * sizeof(krb5_data));
+    *dst = realloc(*dst, (*len + i + 1) * sizeof(krb5_data));
     if (*dst == NULL)
         return ENOMEM;
 
@@ -397,27 +402,38 @@ krb5_authdata_get_attribute_types(krb5_context kcontext,
         if ((*module->ftable->get_attribute_types)(kcontext,
                                                    module->plugin_context,
                                                    *(module->request_context_pp),
-                                                   &asserted2,
-                                                   &verified2) != 0)
+                                                   asserted_attrs ?
+                                                       &asserted2 : NULL,
+                                                   verified_attrs ?
+                                                       &verified2 : NULL) != 0)
             continue;
 
-        code = merge_data_array_nocopy(&asserted, asserted2, &len);
-        if (code != 0)
-            break;
-
-        code = merge_data_array_nocopy(&verified, verified2, &len);
-        if (code != 0)
-            break;
+        if (asserted_attrs != NULL) {
+            code = merge_data_array_nocopy(&asserted, asserted2, &len);
+            if (code != 0) {
+                krb5int_free_data_list(kcontext, asserted2);
+                break;
+            }
+            if (asserted2 != NULL)
+                free(asserted2);
+        }
 
-        if (asserted2 != NULL)
-            free(asserted2);
-        if (verified2 != NULL)
-            free(verified2);
+        if (verified_attrs != NULL) {
+            code = merge_data_array_nocopy(&verified, verified2, &len);
+            if (code != 0)  {
+                krb5int_free_data_list(kcontext, verified2);
+                break;
+            }
+            if (verified2 != NULL)
+                free(verified2);
+        }
     }
 
     if (code == 0) {
-        *asserted_attrs = asserted;
-        *verified_attrs = verified;
+        if (asserted_attrs != NULL)
+            *asserted_attrs = asserted;
+        if (verified_attrs != NULL)
+            *verified_attrs = verified;
     }
 
     return code;
@@ -436,7 +452,11 @@ krb5_authdata_get_attribute(krb5_context kcontext,
     int i;
     krb5_error_code code = ENOENT;
 
-    /* NB at present a plugin is presumed to be authoritative for an attribute */
+    /*
+     * NB at present a module is presumed to be authoritative for
+     * an attribute; not sure how to federate "more" across module
+     * yet
+     */
     for (i = 0; i < context->n_modules; i++) {
         struct _krb5_authdata_context_module *module = &context->modules[i];
 
@@ -552,7 +572,7 @@ krb5_authdata_export_attributes(krb5_context kcontext,
         for (j = 0; authdata2[j] != NULL; j++)
             ;
 
-        authdata = (krb5_authdata **)realloc(authdata, (len + j + 1) * sizeof(krb5_authdata *));
+        authdata = realloc(authdata, (len + j + 1) * sizeof(krb5_authdata *));
         if (authdata == NULL)
             return ENOMEM;
 
@@ -680,19 +700,6 @@ import_export_authdata(krb5_context kcontext,
     if (dst_module == NULL)
         return ENOENT;
 
-#if 0
-    if (dst_module->client_req_init != NULL) {
-        code = (*dst_module->client_req_init)(kcontext,
-                                              dst_module->plugin_context,
-                                              dst_module->request_context_pp);
-        if ((code != 0 && code != ENOMEM) &&
-            (dst_module->flags & AD_INFORMATIONAL))
-            code = 0;
-        if (code != 0)
-            return code;
-    }
-#endif
-
     if (src_module->ftable->export_internal == NULL ||
         dst_module->ftable->import_internal == NULL)
         return 0;
@@ -730,6 +737,8 @@ krb5_authdata_context_copy(krb5_context kcontext,
     krb5_error_code code;
     krb5_authdata_context dst;
 
+    /* This is a bit of a hack and potentially very expensive. */
+
     code = krb5_authdata_context_init(kcontext, &dst);
     if (code != 0)
         return code;
@@ -769,7 +778,8 @@ debug_authdata_attribute(krb5_context kcontext,
         if (code != 0)
             break;
 
-        fprintf(stderr, "AD Attribute %.*s Value Length %d Disp Value Length %d More %d\n",
+        fprintf(stderr, "AD Attribute %.*s Value Length %d "
+                "Disp Value Length %d More %d\n",
                 attr->length, attr->data, value.length, display_value.length, more);
 
         krb5_free_data_contents(kcontext, &value);
diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c
index 88fd95a173..b6c15dd261 100644
--- a/src/lib/krb5/krb/pac.c
+++ b/src/lib/krb5/krb/pac.c
@@ -1053,12 +1053,10 @@ mspac_get_attribute_types(krb5_context context,
     unsigned int i, j;
     krb5_data *attrs;
     krb5_error_code code;
-
-    *asserted = NULL;
-    *verified = NULL;
+    krb5_data **outattrs;
 
     if (pacctx->pac == NULL) {
-	attrs = (krb5_data *)calloc(MSPAC_ATTRIBUTE_COUNT + 1, sizeof(krb5_data));
+	attrs = calloc(MSPAC_ATTRIBUTE_COUNT + 1, sizeof(krb5_data));
 	if (attrs == NULL)
 	    return ENOMEM;
 
@@ -1067,7 +1065,7 @@ mspac_get_attribute_types(krb5_context context,
 					      &mspac_attribute_types[i].attribute,
 					      &attrs[i]);
 	    if (code != 0) {
-		free(attrs); /* XXX leak */
+		krb5int_free_data_list(context, attrs);
 		return code;
 	    }
 	}
@@ -1077,7 +1075,11 @@ mspac_get_attribute_types(krb5_context context,
 	return 0;
     }
 
-    attrs = (krb5_data *)calloc(1 + pacctx->pac->pac->cBuffers + 1, sizeof(krb5_data));
+    outattrs = pacctx->pac->verified ? verified : asserted;
+    if (outattrs == NULL)
+	return EINVAL;
+
+    attrs = calloc(1 + pacctx->pac->pac->cBuffers + 1, sizeof(krb5_data));
     if (attrs == NULL)
 	return ENOMEM;
 
@@ -1099,7 +1101,7 @@ mspac_get_attribute_types(krb5_context context,
 	if (code == 0) {
 	    code = krb5int_copy_data_contents(context, &attr, &attrs[j++]);
 	    if (code != 0) {
-		free(attrs); /* XXX leak */
+		krb5int_free_data_list(context, attrs);
 		return code;
 	    }
 	} else {
@@ -1108,7 +1110,7 @@ mspac_get_attribute_types(krb5_context context,
 	    length = asprintf(&attrs[j].data, "mspac:%d",
 			      pacctx->pac->pac->Buffers[i].ulType);
 	    if (length < 0) {
-		free(attrs); /* XXX leak */
+		krb5int_free_data_list(context, attrs);
 		return ENOMEM;
 	    }
 	    attrs[j++].length = length;
@@ -1117,10 +1119,7 @@ mspac_get_attribute_types(krb5_context context,
     attrs[j].data = NULL;
     attrs[j].length = 0;
 
-    if (pacctx->pac->verified)
-	*verified = attrs;
-    else
-	*asserted = attrs;
+    *outattrs = attrs;
 
     return 0;
 }
@@ -1144,8 +1143,8 @@ mspac_get_attribute(krb5_context context,
     value->length = 0;
 
     if (display_value != NULL) {
-        display_value->data = NULL;
-        display_value->length = 0;
+	display_value->data = NULL;
+	display_value->length = 0;
     }
 
     if (*more != -1 || pacctx->pac == NULL)
@@ -1157,17 +1156,17 @@ mspac_get_attribute(krb5_context context,
 
     /* -1 is a magic type that refers to the entire PAC */
     if (type == (krb5_ui_4)-1) {
-        if (value != NULL)
+	if (value != NULL)
 	    code = krb5int_copy_data_contents(context,
-                                              &pacctx->pac->data,
-                                              value);
-        else
-            code = 0;
+					      &pacctx->pac->data,
+					      value);
+	else
+	    code = 0;
     } else {
-        if (value != NULL)
+	if (value != NULL)
 	    code = krb5_pac_get_buffer(context, pacctx->pac, type, value);
-        else
-            code = k5_pac_locate_buffer(context, pacctx->pac, type, NULL);
+	else
+	    code = k5_pac_locate_buffer(context, pacctx->pac, type, NULL);
     }
     if (code == 0) {
 	*authenticated = pacctx->pac->verified;
@@ -1230,11 +1229,11 @@ mspac_export_attributes(krb5_context context,
     if (pacctx->pac == NULL)
 	return EINVAL;
 
-    authdata = (krb5_authdata **)calloc(2, sizeof(krb5_authdata *));
+    authdata = calloc(2, sizeof(krb5_authdata *));
     if (authdata == NULL)
 	return ENOMEM;
 
-    authdata[0] = (krb5_authdata *)calloc(1, sizeof(krb5_authdata));
+    authdata[0] = calloc(1, sizeof(krb5_authdata));
     if (authdata[0] == NULL) {
 	free(authdata);
 	return ENOMEM;
@@ -1259,7 +1258,7 @@ static krb5_error_code
 mspac_export_internal(krb5_context context,
 		      void *plugin_context,
 		      void *request_context,
-                      krb5_boolean restrict_authenticated,
+		      krb5_boolean restrict_authenticated,
 		      void **ptr)
 {
     struct mspac_context *pacctx = (struct mspac_context *)request_context;
@@ -1272,13 +1271,13 @@ mspac_export_internal(krb5_context context,
 	return 0;
 
     if (restrict_authenticated && (pacctx->pac->verified) == FALSE)
-        return 0;
+	return 0;
 
     code = krb5_pac_parse(context, pacctx->pac->data.data,
-	                  pacctx->pac->data.length, &pac);
+			  pacctx->pac->data.length, &pac);
     if (code == 0) {
-        pac->verified = pacctx->pac->verified;
-        *ptr = pac;
+	pac->verified = pacctx->pac->verified;
+	*ptr = pac;
     }
 
     return code;