Subject: | krb5_get_init_creds_keytab() corrupts keytab structure |
When starting the 1st iteration through the keytab file after calling krb5_kt_default(),
calls to krb5_get_init_creds_keytab() will NULL out the FILE * in the krb5_keytab
structure. Subsequent iterations will crash the program with a NULL pointer dereference.
See attached sample program.
calls to krb5_get_init_creds_keytab() will NULL out the FILE * in the krb5_keytab
structure. Subsequent iterations will crash the program with a NULL pointer dereference.
See attached sample program.
#include <Kerberos/Kerberos.h>
#include <stdio.h>
/****************************************************************************
* Enumerates the domains.
****************************************************************************/
static
void
enumerateDomains(
void )
{
/* Get context. */
krb5_context kcontext;
if( krb5_init_context( &kcontext ) == 0 )
{
/* Get a handle to the keytab file. */
krb5_keytab keytab = NULL;
if( krb5_kt_default( kcontext, &keytab ) == 0 )
{
/* Setup keytab iteration objects. */
krb5_kt_cursor cursor;
memset( &cursor, 0, sizeof( cursor ) );
if( krb5_kt_start_seq_get( kcontext, keytab, &cursor ) == 0 )
{
/* Iterate through keytab entries. */
krb5_keytab_entry entry;
memset( &entry, 0, sizeof( entry ) );
while( krb5_kt_next_entry(
kcontext, keytab, &entry, &cursor ) == 0 )
{
char * unparsed_name = NULL;
if( krb5_unparse_name(
kcontext, entry.principal, &unparsed_name ) == 0 )
{
krb5_creds host_creds;
if( krb5_get_init_creds_keytab(
kcontext, &host_creds, entry.principal,
keytab, 0, NULL, NULL ) == 0 )
{
int ttl = host_creds.times.endtime - time( NULL );
if( ttl < 0 )
{
ttl = 0;
}
printf( "Domain = %s, TTL = %d\n", unparsed_name, ttl );
//krb5_free_cred_contents( kcontext, &host_creds );
}
}
//krb5_free_keytab_entry_contents( kcontext, &entry );
}
krb5_kt_end_seq_get( kcontext, keytab, &cursor );
}
krb5_kt_close( kcontext, keytab );
}
krb5_free_context( kcontext );
}
}
/****************************************************************************/
int main( int argc, const char ** argv )
{
enumerateDomains();
return 0;
}
#include <stdio.h>
/****************************************************************************
* Enumerates the domains.
****************************************************************************/
static
void
enumerateDomains(
void )
{
/* Get context. */
krb5_context kcontext;
if( krb5_init_context( &kcontext ) == 0 )
{
/* Get a handle to the keytab file. */
krb5_keytab keytab = NULL;
if( krb5_kt_default( kcontext, &keytab ) == 0 )
{
/* Setup keytab iteration objects. */
krb5_kt_cursor cursor;
memset( &cursor, 0, sizeof( cursor ) );
if( krb5_kt_start_seq_get( kcontext, keytab, &cursor ) == 0 )
{
/* Iterate through keytab entries. */
krb5_keytab_entry entry;
memset( &entry, 0, sizeof( entry ) );
while( krb5_kt_next_entry(
kcontext, keytab, &entry, &cursor ) == 0 )
{
char * unparsed_name = NULL;
if( krb5_unparse_name(
kcontext, entry.principal, &unparsed_name ) == 0 )
{
krb5_creds host_creds;
if( krb5_get_init_creds_keytab(
kcontext, &host_creds, entry.principal,
keytab, 0, NULL, NULL ) == 0 )
{
int ttl = host_creds.times.endtime - time( NULL );
if( ttl < 0 )
{
ttl = 0;
}
printf( "Domain = %s, TTL = %d\n", unparsed_name, ttl );
//krb5_free_cred_contents( kcontext, &host_creds );
}
}
//krb5_free_keytab_entry_contents( kcontext, &entry );
}
krb5_kt_end_seq_get( kcontext, keytab, &cursor );
}
krb5_kt_close( kcontext, keytab );
}
krb5_free_context( kcontext );
}
}
/****************************************************************************/
int main( int argc, const char ** argv )
{
enumerateDomains();
return 0;
}