Whamcloud - gitweb
git://git.whamcloud.com
/
fs
/
lustre-release.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
LU-4629 gss: fix incorrect memset size
[fs/lustre-release.git]
/
lustre
/
utils
/
gss
/
context_lucid.c
diff --git
a/lustre/utils/gss/context_lucid.c
b/lustre/utils/gss/context_lucid.c
index
c1f669f
..
3b2d90b
100644
(file)
--- a/
lustre/utils/gss/context_lucid.c
+++ b/
lustre/utils/gss/context_lucid.c
@@
-85,12
+85,11
@@
prepare_krb5_rfc1964_buffer(gss_krb5_lucid_context_v1_t *lctx,
{
char *p, *end;
static int constant_zero = 0;
- unsigned char fakeseed[16];
+ unsigned char fakeseed[16]
= { 0 }
;
uint32_t word_send_seq;
gss_krb5_lucid_key_t enc_key;
int i;
char *skd, *dkd;
- gss_buffer_desc fakeoid;
/*
* The new Kerberos interface to get the gss context
@@
-100,7
+99,6
@@
prepare_krb5_rfc1964_buffer(gss_krb5_lucid_context_v1_t *lctx,
* interface to the kernel.
*/
memset(&enc_key, 0, sizeof(enc_key));
- memset(&fakeoid, 0, sizeof(fakeoid));
if (!(buf->value = calloc(1, MAX_CTX_LEN)))
goto out_err;
@@
-146,20
+144,20
@@
prepare_krb5_rfc1964_buffer(gss_krb5_lucid_context_v1_t *lctx,
dkd = (char *) enc_key.data;
for (i = 0; i < enc_key.length; i++)
dkd[i] = skd[i] ^ 0xf0;
- if (write_lucid_keyblock(&p, end, &enc_key)) {
- free(enc_key.data);
+ if (write_lucid_keyblock(&p, end, &enc_key))
goto out_err;
- }
- free(enc_key.data);
-
if (write_lucid_keyblock(&p, end, &lctx->rfc1964_kd.ctx_key))
goto out_err;
+ free(enc_key.data);
buf->length = p - (char *)buf->value;
return 0;
out_err:
printerr(0, "ERROR: failed serializing krb5 context for kernel\n");
- if (buf->value) free(buf->value);
+ if (buf->value) {
+ free(buf->value);
+ buf->value = NULL;
+ }
buf->length = 0;
if (enc_key.data) free(enc_key.data);
return -1;
@@
-204,16
+202,15
@@
enum seal_alg {
* We don't have "legal" access to these MIT-only
* structures located in libk5crypto
*/
-extern void krb5int_enc_arcfour;
-extern void krb5int_enc_des3;
-extern void krb5int_enc_aes128;
-extern void krb5int_enc_aes256;
-extern int krb5_derive_key();
+extern void *krb5int_enc_arcfour;
+extern void *krb5int_enc_des3;
+extern void *krb5int_enc_aes128;
+extern void *krb5int_enc_aes256;
static void
key_lucid_to_krb5(const gss_krb5_lucid_key_t *lin, krb5_keyblock *kout)
{
- memset(kout,
'\0', sizeof(
kout));
+ memset(kout,
0, sizeof(*
kout));
#ifdef HAVE_KRB5
kout->enctype = lin->type;
kout->length = lin->length;
@@
-228,7
+225,7
@@
key_lucid_to_krb5(const gss_krb5_lucid_key_t *lin, krb5_keyblock *kout)
static void
key_krb5_to_lucid(const krb5_keyblock *kin, gss_krb5_lucid_key_t *lout)
{
- memset(lout,
'\0', sizeof(
lout));
+ memset(lout,
0, sizeof(*
lout));
#ifdef HAVE_KRB5
lout->type = kin->enctype;
lout->length = kin->length;
@@
-257,8
+254,13
@@
derive_key_lucid(const gss_krb5_lucid_key_t *in, gss_krb5_lucid_key_t *out,
int keylength;
void *enc;
krb5_keyblock kin, kout; /* must send krb5_keyblock, not lucid! */
-#if
def HAVE_HEIMDAL
+#if
defined(HAVE_HEIMDAL) || HAVE_KRB5INT_DERIVE_KEY
krb5_context kcontext;
+#endif
+#if HAVE_KRB5INT_DERIVE_KEY
+ krb5_key key_in, key_out;
+#endif
+#ifdef HAVE_HEIMDAL
krb5_keyblock *outkey;
#endif
@@
-316,12
+318,35
@@
derive_key_lucid(const gss_krb5_lucid_key_t *in, gss_krb5_lucid_key_t *out,
((char *)(datain.data))[4] = (char) extra;
#ifdef HAVE_KRB5
+#if HAVE_KRB5INT_DERIVE_KEY
+ code = krb5_init_context(&kcontext);
+ if (code) {
+ free(out->data);
+ out->data = NULL;
+ goto out;
+ }
+ code = krb5_k_create_key(kcontext, &kin, &key_in);
+ if (code) {
+ free(out->data);
+ out->data = NULL;
+ goto out;
+ }
+ code = krb5_k_create_key(kcontext, &kout, &key_out);
+ if (code) {
+ free(out->data);
+ out->data = NULL;
+ goto out;
+ }
+ code = krb5int_derive_key(enc, key_in, &key_out, &datain,
+ DERIVE_RFC3961);
+#else /* !HAVE_KRB5INT_DERIVE_KEY */
code = krb5_derive_key(enc, &kin, &kout, &datain);
-#else
+#endif /* HAVE_KRB5INT_DERIVE_KEY */
+#else /* !defined(HAVE_KRB5) */
if ((code = krb5_init_context(&kcontext))) {
}
code = krb5_derive_key(kcontext, &kin, in->type, constant_data, K5CLENGTH, &outkey);
-#endif
+#endif
/* defined(HAVE_KRB5) */
if (code) {
free(out->data);
out->data = NULL;
@@
-329,14
+354,17
@@
derive_key_lucid(const gss_krb5_lucid_key_t *in, gss_krb5_lucid_key_t *out,
}
#ifdef HAVE_KRB5
key_krb5_to_lucid(&kout, out);
-#else
+#if HAVE_KRB5INT_DERIVE_KEY
+ krb5_free_context(kcontext);
+#endif /* HAVE_KRB5INT_DERIVE_KEY */
+#else /* !defined(HAVE_KRB5) */
key_krb5_to_lucid(outkey, out);
krb5_free_keyblock(kcontext, outkey);
krb5_free_context(kcontext);
-#endif
+#endif
/* defined(HAVE_KRB5) */
out:
- if (code)
+ if (code)
printerr(0, "ERROR: %s: returning error %d (%s)\n",
__FUNCTION__, code, error_message(code));
return (code);