Skip Menu |
 

Date: Fri, 23 Apr 2010 11:20:42 -0400
From: Jeff Blaine <jblaine@kickflop.net>
To: krb5-bugs@mit.edu
Subject: Small kdc/kdc_preauth.c mods for your consideration
Download (untitled) / with headers
text/plain 2.2KiB
As usual, don't assume I have any clue, but I am trying to
fold what I consider small worthwhile changes into future
releases.

In order as seen in the diff:

* Log the static preauth mechs that have been found to be
"valid"

* Log the dynamic preauth mechs that have been found to be
"valid"

* Check against NULL, not 0, per the calloc()/malloc() man
page. A nitpick.

* Set length to 0, not NULL. This cleared up a gcc warning,
so maybe it's right...

--- ../../PRISTINE-DONT-MOD-krb5-1.8/src/kdc/kdc_preauth.c 2010-02-12
15:28:39.000000000 -0500
+++ kdc/kdc_preauth.c 2010-04-23 11:13:16.000000000 -0400
@@ -490,6 +490,9 @@
((*server_init_proc)(context, &plugin_context,
(const char **)kdc_realm_names) != 0)) {
memset(&preauth_systems[k], 0, sizeof(preauth_systems[k]));
+ krb5_klog_syslog (LOG_INFO,
+ "Static preauth mechanism %s valid for use.",
+ static_preauth_systems[i].name);
continue;
}
preauth_systems[k].plugin_context = plugin_context;
@@ -537,6 +540,9 @@
}
preauth_systems[k].name = ftable->name;
preauth_systems[k].type = ftable->pa_type_list[j];
+ krb5_klog_syslog (LOG_INFO,
+ "Dynamic preauth mechanism %s valid
for use.",
+ preauth_systems[k].name);
if (ftable->flags_proc != NULL)
preauth_systems[k].flags = ftable->flags_proc(context,

preauth_systems[k].type);
@@ -1006,8 +1012,11 @@
hw_only = isflagset(client->attributes, KRB5_KDB_REQUIRES_HW_AUTH);
/* Allocate two extra entries for the cookie and the terminator. */
pa_data = calloc(n_preauth_systems + 2, sizeof(krb5_pa_data *));
- if (pa_data == 0)
+ if (pa_data == NULL) {
+ krb5_klog_syslog (LOG_INFO,
+ "Not enough memory in get_preauth_hint_list");
return;
+ }
pa = pa_data;
for (ap = preauth_systems; ap->type != -1; ap++) {
@@ -1328,7 +1337,7 @@
}
key_modified = FALSE;
null_item.contents = NULL;
- null_item.length = NULL;
+ null_item.length = 0;
send_pa = send_pa_list;
*send_pa = 0;
Updated patch is in #6706.