Attachment #3281 for bug #22553

View | Details | Raw Unified | Return to bug 22553
Collapse All | Expand All




			break;
		switch (c) {
			case 'h':
				ldap_parameters->host = optarg;
				break;
			case 'D':
				ldap_parameters->binddn = optarg;
				break;
			case 'w':
				ldap_parameters->bindpw = optarg;
				break;
			case 'd':
				opt_debug = 1;

		univention_debug_init("/dev/null", 0, 0);
	}

	dn = argv[argc - 1];

	if (univention_ldap_open(ldap_parameters) != 0) {
		if (output == OUTPUT_VERBOSE) {

					printf("\n");
				} else if (output == OUTPUT_SHELL) {
					for (i = 0; attribute->values->values[i] != NULL; i++) {
						for (j = 0; j < strlen(attribute->name); j++) {
							if (attribute->name[j] == ';' || attribute->name[j] == '-') {
								printf("_");
							} else {

					if (attribute != policy->attributes)
						printf(" ");
					for (i = 0; attribute->values->values[i] != NULL; i++) {
						if (i > 0)
							printf(" ");
						printf("%s=\"%s\"", attribute->name, attribute->values->values[i]);
					}

Lines 7-14 Link Here

(-)debian/changelog (-1 / +5 lines)
7	* Remove broken libunivention-policy-krb5-dev.	7	* Remove broken libunivention-policy-krb5-dev.
8	* Add manual page.	8	* Add manual page.
9	* Add linkting to liblber.	9	* Add linkting to liblber.
		10	* Fix memory leaks and NULL pointer exceptions.
		11	* Simplify allocating and cleaning memory.
		12	* Handle line terminattion in ldap.secret.
		13	* Make univention_krb5_init() thread-save.
10		14
11	-- Philipp Hahn <hahn@univention.de> Tue, 17 May 2011 18:34:11 +0200	15	-- Philipp Hahn <hahn@univention.de> Tue, 17 May 2011 19:19:37 +0200
12		16
13	univention-policy (4.0.2-1) unstable; urgency=low	17	univention-policy (4.0.2-1) unstable; urgency=low
14		18

Lines 60-67 Link Here

(-)include/univention/policy.h (-2 / +2 lines)
60	} univention_policy_handle_t;	60	} univention_policy_handle_t;
61		61
62		62
63	univention_policy_handle_t* univention_policy_open(LDAP* ld, char* base, char* dn);	63	univention_policy_handle_t* univention_policy_open(LDAP ld, const char base, const char *dn);
64	univention_policy_result_t* univention_policy_get(univention_policy_handle_t* handle, char* policy_name, char* attribute_name);	64	univention_policy_result_t* univention_policy_get(univention_policy_handle_t handle, const char policy_name, const char *attribute_name);
65	void univention_policy_close(univention_policy_handle_t* handle);	65	void univention_policy_close(univention_policy_handle_t* handle);
66		66
67	#endif	67	#endif




/*
 * returns object from list if it already exists, create new object otherwise
 */
struct univention_policy_list_s* univention_policy_list_get(struct univention_policy_list_s** list, const char *name)
{
	struct univention_policy_list_s *new;
	struct univention_policy_list_s *cur;

/*
 * returns object from list if it already exists, create new object otherwise
 */
struct univention_policy_attribute_list_s* univention_policy_attribute_list_get(struct univention_policy_attribute_list_s **list, const char *name)
{
	struct univention_policy_attribute_list_s *new;
	struct univention_policy_attribute_list_s *cur;

	new->name = strdup(name);
	new->values = NULL;

	new->next = *list;
		new->next = NULL;
	else
		new->next = *list;
	*list = new;

	return new;

	}
}

void univention_policy_merge(LDAP *ld, const char *dn, univention_policy_handle_t *handle, char **object_classes)
{
	int		rc;
	LDAPMessage	*res;

/*
 * reads policies for dn from conn
 */
univention_policy_handle_t* univention_policy_open(LDAP* ld, const char *base, const char *dn)
{
	const char* pdn;
	int rc;

	timeout.tv_usec = 0;

	for (pdn = dn; pdn != NULL; pdn = parent_dn(pdn)) {
		const char *filter;

		univention_debug(UV_DEBUG_POLICY, UV_DEBUG_INFO, "processing dn %s", pdn);


			if ( rc == LDAP_NO_SUCH_OBJECT ) {
				univention_debug(UV_DEBUG_LDAP, UV_DEBUG_WARN, "Not found");
			} else if ( rc != LDAP_SUCCESS ) {
				univention_debug(UV_DEBUG_LDAP, UV_DEBUG_ERROR, "%s: %s", pdn, ldap_err2string(rc));
						"%s: %s", pdn, ldap_err2string(rc));
				univention_policy_close(handle);
				return NULL;
			}

/*
 * returns values for policy/attribute
 */
univention_policy_result_t* univention_policy_get(univention_policy_handle_t* handle, const char *policy_name, const char *attribute_name)
{
	struct univention_policy_list_s* policy;
	struct univention_policy_attribute_list_s* attribute;




#include <univention/ldap.h>
#include <univention/debug.h>

#define FREE(p) \
	do { \
		if (p != NULL) { \
			free(p); \
			p = NULL; \
		} \
	} while (0)

univention_ldap_parameters_t* univention_ldap_new(void)
{
	univention_ldap_parameters_t* lp;
	if ((lp = calloc(1, sizeof(univention_ldap_parameters_t))) == NULL)
		return NULL;
	lp->ld = NULL;
	lp->version = 0;
	lp->host = NULL;
	lp->port = 0;
	lp->uri = NULL;
	lp->start_tls = 0;
	lp->base = NULL;
	lp->binddn = NULL;
	lp->bindpw = NULL;
	lp->authmethod = 0;
	lp->sasl_mech = NULL;
	lp->sasl_realm = NULL;
	lp->sasl_authcid = NULL;
	lp->sasl_authzid = NULL;
	return lp;
}


	return LDAP_SUCCESS;
}

#define _UNIVENTION_LDAP_SECRET_LEN_MAX 27
int univention_ldap_set_admin_connection( univention_ldap_parameters_t *lp )
{
	FILE *secret;
	char *base = NULL;
	size_t len;

	base = univention_config_get_string("ldap/base");
	if (!base)
		goto err;
	len = strlen(base) + strlen("cn=admin,") + 1;
	lp->binddn = malloc(sizeof(char) * len);
	if (!lp->binddn) {
		free(base);
		goto err;
	}
	snprintf(lp->binddn, len, "cn=admin,%s", base);

	free(base);

	secret = fopen("/etc/ldap.secret", "r" );
	if (!secret)
		goto err1;

	lp->bindpw = calloc(_UNIVENTION_LDAP_SECRET_LEN_MAX, sizeof(char));
	if (!lp->bindpw) {
		fclose(secret);
		goto err1;
	}

	len = fread(lp->bindpw, _UNIVENTION_LDAP_SECRET_LEN_MAX, sizeof(char), secret);
	if (ferror(secret))
		len = -1;
	fclose(secret);

	for (; len >= 0; len--) {
		switch (lp->bindpw[len]) {
			case '\r':
			case '\n':
				lp->bindpw[len] = '\0';
			case '\0':
				continue;
			default:
				return 0;
		}
	}

err2:
	FREE(lp->bindpw);
err1:
	FREE(lp->binddn);
err:
	return 1;
	}
	if ( lp->bindpw[strlen(lp->bindpw)-1] == '\n' ) {
		lp->bindpw[strlen(lp->bindpw)-1] = '\0';
	}

	fclose(secret);

	return 0;
}

int univention_ldap_open(univention_ldap_parameters_t *lp)

		ldap_unbind_ext(lp->ld, NULL, NULL);
		lp->ld = NULL;
	}
	FREE(lp->uri);
	FREE(lp->host);
	FREE(lp->base);
	FREE(lp->binddn);
	FREE(lp->bindpw);
	FREE(lp->sasl_mech);
	FREE(lp->sasl_realm);
	FREE(lp->sasl_authcid);
	FREE(lp->sasl_authzid);
	FREE(lp);
		lp->base = NULL;
	}
	if (lp->binddn != NULL) {
		free(lp->binddn);
		lp->binddn = NULL;
	}
	if (lp->bindpw != NULL) {
		free(lp->bindpw);
		lp->bindpw = NULL;
	}
	if (lp->sasl_mech != NULL) {
		free(lp->sasl_mech);
		lp->sasl_mech = NULL;
	}
	if (lp->sasl_realm != NULL) {
		free(lp->sasl_realm);
		lp->sasl_realm = NULL;
	}
	if (lp->sasl_authcid != NULL) {
		free(lp->sasl_authcid);
		lp->sasl_authcid = NULL;
	}
	if (lp->sasl_authzid != NULL) {
		free(lp->sasl_authzid);
		lp->sasl_authzid = NULL;
	}
	if (lp != NULL) {
		free(lp);
		lp = NULL;
	}
}




univention_krb5_parameters_t* univention_krb5_new(void)
{
	univention_krb5_parameters_t* kp;
	if ((kp = calloc(1, sizeof(univention_krb5_parameters_t))) == NULL)
		return NULL;
	kp->username = NULL;
	kp->realm = NULL;
	kp->password = NULL;
	return kp;
}



int univention_krb5_init(univention_krb5_parameters_t *kp)
{
	krb5_error_code rv = -1;
	char *principal_name;

	if (kp->username == NULL) {
		struct passwd pwd, *result;
		char *buf;
		size_t bufsize;
		int s;

		bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
		if (bufsize == -1)
			bufsize = 16384;
		buf = malloc(bufsize);
		if (buf == NULL)
			goto err;
		}
		s = getpwnam_r(argv[1], &pwd, buf, bufsize, &result);
		if (result != NULL)
			kp->username = strdup(pwd.pw_name);
		free(buf);
	}

	if (kp->realm == NULL)
		kp->realm = univention_config_get_string("kerberos/realm");

	if (kp->username == NULL || kp->realm == NULL)
		goto err;
	}
	asprintf(&principal_name, "%s@%s", kp->username, kp->realm);
	if (principal_name == NULL)
		goto err;

	univention_debug(UV_DEBUG_KERBEROS, UV_DEBUG_INFO, "receiving Kerberos ticket for %s", principal_name);

	if ((rv = krb5_init_context(&kp->context)))
		goto err1;
	if ((rv = krb5_cc_default(kp->context, &kp->ccache)))
		goto err2;
	if ((rv = krb5_parse_name(kp->context, principal_name, &kp->principal)))
		goto err2;
		krb5_free_context(kp->context);
		return rv;
	}
	if ((rv = krb5_parse_name(kp->context, principal_name, &kp->principal))) {
		free(principal_name);
		krb5_free_context(kp->context);
		return rv;
	}
	if ((rv = krb5_get_init_creds_password(kp->context, &kp->creds, kp->principal,
					NULL, kerb_prompter, kp->password, 0, NULL, NULL)))
		goto err3;
	if ((rv = krb5_cc_initialize(kp->context, kp->ccache, kp->principal)))
		goto err4;
	if ((rv = krb5_cc_store_cred(kp->context, kp->ccache, &kp->creds)))
		goto err5;
	if ((rv = krb5_cc_initialize(kp->context, kp->ccache, kp->principal))) {
		free(principal_name);
		krb5_free_cred_contents(kp->context, &kp->creds);
		krb5_free_principal(kp->context, kp->principal);
		krb5_free_context(kp->context);
		return rv;
	}
	if ((rv = krb5_cc_store_cred(kp->context, kp->ccache, &kp->creds))) {
		free(principal_name);
		krb5_cc_close(kp->context, kp->ccache);
		krb5_free_cred_contents(kp->context, &kp->creds);
		krb5_free_principal(kp->context, kp->principal);
		krb5_free_context(kp->context);
		return rv;
	}

	rv = 0;

err5:
	krb5_cc_close(kp->context, kp->ccache);
	kp->ccache = NULL;
err4:
	krb5_free_cred_contents(kp->context, &kp->creds);
	kp->creds = NULL;
err3:
	krb5_free_principal(kp->context, kp->principal);
	kp->principal = NULL;
err2:
	krb5_free_context(kp->context);
	kp->context = NULL;
err1:
	free(principal_name);
err:
	return rv;
}

Return to bug 22553

Lines 77-89 Link Here

(-)tools/univention_policy_result.c (-6 / +6 lines)
77	break;	77	break;
78	switch (c) {	78	switch (c) {
79	case 'h':	79	case 'h':
80	ldap_parameters->host = strdup(optarg);	80	ldap_parameters->host = optarg;
81	break;	81	break;
82	case 'D':	82	case 'D':
83	ldap_parameters->binddn = strdup(optarg);	83	ldap_parameters->binddn = optarg;
84	break;	84	break;
85	case 'w':	85	case 'w':
86	ldap_parameters->bindpw = strdup(optarg);	86	ldap_parameters->bindpw = optarg;
87	break;	87	break;
88	case 'd':	88	case 'd':
89	opt_debug = 1;	89	opt_debug = 1;
Lines 111-117 Link Here
111	univention_debug_init("/dev/null", 0, 0);	111	univention_debug_init("/dev/null", 0, 0);
112	}	112	}
113		113
114	dn = argv[argc-1];	114	dn = argv[argc - 1];
115		115
116	if (univention_ldap_open(ldap_parameters) != 0) {	116	if (univention_ldap_open(ldap_parameters) != 0) {
117	if (output == OUTPUT_VERBOSE) {	117	if (output == OUTPUT_VERBOSE) {
Lines 155-161 Link Here
155	printf("\n");	155	printf("\n");
156	} else if (output == OUTPUT_SHELL) {	156	} else if (output == OUTPUT_SHELL) {
157	for (i = 0; attribute->values->values[i] != NULL; i++) {	157	for (i = 0; attribute->values->values[i] != NULL; i++) {
158	for (j = 0; j<strlen(attribute->name); j++) {	158	for (j = 0; j < strlen(attribute->name); j++) {
159	if (attribute->name[j] == ';' \|\| attribute->name[j] == '-') {	159	if (attribute->name[j] == ';' \|\| attribute->name[j] == '-') {
160	printf("_");	160	printf("_");
161	} else {	161	} else {
Lines 181-187 Link Here
181	if (attribute != policy->attributes)	181	if (attribute != policy->attributes)
182	printf(" ");	182	printf(" ");
183	for (i = 0; attribute->values->values[i] != NULL; i++) {	183	for (i = 0; attribute->values->values[i] != NULL; i++) {
184	if (i>0)	184	if (i > 0)
185	printf(" ");	185	printf(" ");
186	printf("%s=\"%s\"", attribute->name, attribute->values->values[i]);	186	printf("%s=\"%s\"", attribute->name, attribute->values->values[i]);
187	}	187	}

Lines 53-59 Link Here

(-)lib/policy.c (-12 / +8 lines)
53	/*	53	/*
54	* returns object from list if it already exists, create new object otherwise	54	* returns object from list if it already exists, create new object otherwise
55	*/	55	*/
56	struct univention_policy_list_s* univention_policy_list_get(struct univention_policy_list_s** list, char* name)	56	struct univention_policy_list_s* univention_policy_list_get(struct univention_policy_list_s** list, const char *name)
57	{	57	{
58	struct univention_policy_list_s *new;	58	struct univention_policy_list_s *new;
59	struct univention_policy_list_s *cur;	59	struct univention_policy_list_s *cur;
Lines 82-88 Link Here
82	/*	82	/*
83	* returns object from list if it already exists, create new object otherwise	83	* returns object from list if it already exists, create new object otherwise
84	*/	84	*/
85	struct univention_policy_attribute_list_s* univention_policy_attribute_list_get(struct univention_policy_attribute_list_s** list, char* name)	85	struct univention_policy_attribute_list_s* univention_policy_attribute_list_get(struct univention_policy_attribute_list_s *list, const char name)
86	{	86	{
87	struct univention_policy_attribute_list_s *new;	87	struct univention_policy_attribute_list_s *new;
88	struct univention_policy_attribute_list_s *cur;	88	struct univention_policy_attribute_list_s *cur;
Lines 99-108 Link Here
99	new->name = strdup(name);	99	new->name = strdup(name);
100	new->values = NULL;	100	new->values = NULL;
101		101
102	if (*list == NULL)	102	new->next = *list;
103	new->next = NULL;
104	else
105	new->next = *list;
106	*list = new;	103	*list = new;
107		104
108	return new;	105	return new;
Lines 171-177 Link Here
171	}	168	}
172	}	169	}
173		170
174	void univention_policy_merge(LDAP* ld, char dn, univention_policy_handle_t handle, char** object_classes)	171	void univention_policy_merge(LDAP ld, const char dn, univention_policy_handle_t handle, char *object_classes)
175	{	172	{
176	int rc;	173	int rc;
177	LDAPMessage *res;	174	LDAPMessage *res;
Lines 327-333 Link Here
327	/*	324	/*
328	* reads policies for dn from conn	325	* reads policies for dn from conn
329	*/	326	*/
330	univention_policy_handle_t* univention_policy_open(LDAP* ld, char* base, char* dn)	327	univention_policy_handle_t* univention_policy_open(LDAP* ld, const char base, const char dn)
331	{	328	{
332	const char* pdn;	329	const char* pdn;
333	int rc;	330	int rc;
Lines 356-362 Link Here
356	timeout.tv_usec = 0;	353	timeout.tv_usec = 0;
357		354
358	for (pdn = dn; pdn != NULL; pdn = parent_dn(pdn)) {	355	for (pdn = dn; pdn != NULL; pdn = parent_dn(pdn)) {
359	char* filter;	356	const char *filter;
360		357
361	univention_debug(UV_DEBUG_POLICY, UV_DEBUG_INFO, "processing dn %s", pdn);	358	univention_debug(UV_DEBUG_POLICY, UV_DEBUG_INFO, "processing dn %s", pdn);
362		359
Lines 369-376 Link Here
369	if ( rc == LDAP_NO_SUCH_OBJECT ) {	366	if ( rc == LDAP_NO_SUCH_OBJECT ) {
370	univention_debug(UV_DEBUG_LDAP, UV_DEBUG_WARN, "Not found");	367	univention_debug(UV_DEBUG_LDAP, UV_DEBUG_WARN, "Not found");
371	} else if ( rc != LDAP_SUCCESS ) {	368	} else if ( rc != LDAP_SUCCESS ) {
372	univention_debug(UV_DEBUG_LDAP, UV_DEBUG_ERROR,	369	univention_debug(UV_DEBUG_LDAP, UV_DEBUG_ERROR, "%s: %s", pdn, ldap_err2string(rc));
373	"%s: %s", pdn, ldap_err2string(rc));
374	univention_policy_close(handle);	370	univention_policy_close(handle);
375	return NULL;	371	return NULL;
376	}	372	}
Lines 449-455 Link Here
449	/*	445	/*
450	* returns values for policy/attribute	446	* returns values for policy/attribute
451	*/	447	*/
452	univention_policy_result_t* univention_policy_get(univention_policy_handle_t* handle, char* policy_name, char* attribute_name)	448	univention_policy_result_t* univention_policy_get(univention_policy_handle_t* handle, const char policy_name, const char attribute_name)
453	{	449	{
454	struct univention_policy_list_s* policy;	450	struct univention_policy_list_s* policy;
455	struct univention_policy_attribute_list_s* attribute;	451	struct univention_policy_attribute_list_s* attribute;

Lines 42-66 Link Here

(-)lib/ldap.c (-82 / +55 lines)
42	#include <univention/ldap.h>	42	#include <univention/ldap.h>
43	#include <univention/debug.h>	43	#include <univention/debug.h>
44		44
		45	#define FREE(p) \
		46	do { \
		47	if (p != NULL) { \
		48	free(p); \
		49	p = NULL; \
		50	} \
		51	} while (0)
		52
45	univention_ldap_parameters_t* univention_ldap_new(void)	53	univention_ldap_parameters_t* univention_ldap_new(void)
46	{	54	{
47	univention_ldap_parameters_t* lp;	55	univention_ldap_parameters_t* lp;
48	if ((lp = malloc(sizeof(univention_ldap_parameters_t))) == NULL)	56	if ((lp = calloc(1, sizeof(univention_ldap_parameters_t))) == NULL)
49	return NULL;	57	return NULL;
50	lp->ld = NULL;
51	lp->version = 0;
52	lp->host = NULL;
53	lp->port = 0;
54	lp->uri = NULL;
55	lp->start_tls = 0;
56	lp->base = NULL;
57	lp->binddn = NULL;
58	lp->bindpw = NULL;
59	lp->authmethod = 0;
60	lp->sasl_mech = NULL;
61	lp->sasl_realm = NULL;
62	lp->sasl_authcid = NULL;
63	lp->sasl_authzid = NULL;
64	return lp;	58	return lp;
65	}	59	}
66		60
Lines 113-162 Link Here
113	return LDAP_SUCCESS;	107	return LDAP_SUCCESS;
114	}	108	}
115		109
		110	#define _UNIVENTION_LDAP_SECRET_LEN_MAX 27
116	int univention_ldap_set_admin_connection( univention_ldap_parameters_t *lp )	111	int univention_ldap_set_admin_connection( univention_ldap_parameters_t *lp )
117	{	112	{
118	FILE *secret;	113	FILE *secret;
119	char *base = NULL;	114	char *base = NULL;
		115	size_t len;
120		116
121	base = univention_config_get_string("ldap/base");	117	base = univention_config_get_string("ldap/base");
122	if ( !base ) {	118	if (!base)
123	return 1;	119	goto err;
124	}	120	len = strlen(base) + strlen("cn=admin,") + 1;
125	lp->binddn = malloc( ( strlen(base) + strlen("cn=admin,") + 1) * sizeof (char) );	121	lp->binddn = malloc(sizeof(char) * len);
126	if ( !lp->binddn ) {	122	if (!lp->binddn) {
127	free(base);	123	free(base);
128	return 1;	124	goto err;
129	}	125	}
130	sprintf(lp->binddn, "cn=admin,%s", base );	126	snprintf(lp->binddn, len, "cn=admin,%s", base);
131		127
132	free(base);	128	free(base);
133		129
134	secret = fopen("/etc/ldap.secret", "r" );	130	secret = fopen("/etc/ldap.secret", "r" );
		131	if (!secret)
		132	goto err1;
135		133
136	if ( !secret ) {	134	lp->bindpw = calloc(_UNIVENTION_LDAP_SECRET_LEN_MAX, sizeof(char));
137	return 1;	135	if (!lp->bindpw) {
		136	fclose(secret);
		137	goto err1;
138	}	138	}
139		139
140	lp->bindpw = malloc(25*sizeof(char));	140	len = fread(lp->bindpw, _UNIVENTION_LDAP_SECRET_LEN_MAX, sizeof(char), secret);
		141	if (ferror(secret))
		142	len = -1;
		143	fclose(secret);
141		144
142	if ( !lp->bindpw ) {	145	for (; len >= 0; len--) {
143	return 1;	146	switch (lp->bindpw[len]) {
		147	case '\r':
		148	case '\n':
		149	lp->bindpw[len] = '\0';
		150	case '\0':
		151	continue;
		152	default:
		153	return 0;
		154	}
144	}	155	}
145		156
146	memset(lp->bindpw, 0, 25);	157	err2:
147		158	FREE(lp->bindpw);
148	fread(lp->bindpw, 24, 1, secret);	159	err1:
149		160	FREE(lp->binddn);
150	if ( lp->bindpw[strlen(lp->bindpw)-1] == '\r' ) {	161	err:
151	lp->bindpw[strlen(lp->bindpw)-1] = '\0';	162	return 1;
152	}
153	if ( lp->bindpw[strlen(lp->bindpw)-1] == '\n' ) {
154	lp->bindpw[strlen(lp->bindpw)-1] = '\0';
155	}
156
157	fclose(secret);
158
159	return 0;
160	}	163	}
161		164
162	int univention_ldap_open(univention_ldap_parameters_t *lp)	165	int univention_ldap_open(univention_ldap_parameters_t *lp)
Lines 281-324 Link Here
281	ldap_unbind_ext(lp->ld, NULL, NULL);	284	ldap_unbind_ext(lp->ld, NULL, NULL);
282	lp->ld = NULL;	285	lp->ld = NULL;
283	}	286	}
284	if (lp->uri != NULL) {	287	FREE(lp->uri);
285	free(lp->uri);	288	FREE(lp->host);
286	lp->uri = NULL;	289	FREE(lp->base);
287	}	290	FREE(lp->binddn);
288	if (lp->host != NULL) {	291	FREE(lp->bindpw);
289	free(lp->host);	292	FREE(lp->sasl_mech);
290	lp->host = NULL;	293	FREE(lp->sasl_realm);
291	}	294	FREE(lp->sasl_authcid);
292	if (lp->base != NULL) {	295	FREE(lp->sasl_authzid);
293	free(lp->base);	296	FREE(lp);
294	lp->base = NULL;
295	}
296	if (lp->binddn != NULL) {
297	free(lp->binddn);
298	lp->binddn = NULL;
299	}
300	if (lp->bindpw != NULL) {
301	free(lp->bindpw);
302	lp->bindpw = NULL;
303	}
304	if (lp->sasl_mech != NULL) {
305	free(lp->sasl_mech);
306	lp->sasl_mech = NULL;
307	}
308	if (lp->sasl_realm != NULL) {
309	free(lp->sasl_realm);
310	lp->sasl_realm = NULL;
311	}
312	if (lp->sasl_authcid != NULL) {
313	free(lp->sasl_authcid);
314	lp->sasl_authcid = NULL;
315	}
316	if (lp->sasl_authzid != NULL) {
317	free(lp->sasl_authzid);
318	lp->sasl_authzid = NULL;
319	}
320	if (lp != NULL) {
321	free(lp);
322	lp = NULL;
323	}
324	}	297	}

Lines 44-54 Link Here

(-)lib/krb5.c (-52 / +50 lines)
44	univention_krb5_parameters_t* univention_krb5_new(void)	44	univention_krb5_parameters_t* univention_krb5_new(void)
45	{	45	{
46	univention_krb5_parameters_t* kp;	46	univention_krb5_parameters_t* kp;
47	if ((kp = malloc(sizeof(univention_krb5_parameters_t))) == NULL)	47	if ((kp = calloc(1, sizeof(univention_krb5_parameters_t))) == NULL)
48	return NULL;	48	return NULL;
49	kp->username = NULL;
50	kp->realm = NULL;
51	kp->password = NULL;
52	return kp;	49	return kp;
53	}	50	}
54		51
Lines 73-140 Link Here
73		70
74	int univention_krb5_init(univention_krb5_parameters_t *kp)	71	int univention_krb5_init(univention_krb5_parameters_t *kp)
75	{	72	{
76	krb5_error_code rv;	73	krb5_error_code rv = -1;
77	char *principal_name;	74	char *principal_name;
78		75
79	if (kp->username == NULL) {	76	if (kp->username == NULL) {
80	struct passwd *pwd;	77	struct passwd pwd, *result;
81	pwd = getpwuid(getuid());	78	char *buf;
82	if (pwd == NULL) {	79	size_t bufsize;
83	return 1;	80	int s;
		81
		82	bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
		83	if (bufsize == -1)
		84	bufsize = 16384;
		85	buf = malloc(bufsize);
		86	if (buf == NULL)
		87	goto err;
84	}	88	}
85	kp->username = strdup(pwd->pw_name);	89	s = getpwnam_r(argv[1], &pwd, buf, bufsize, &result);
		90	if (result != NULL)
		91	kp->username = strdup(pwd.pw_name);
		92	free(buf);
86	}	93	}
87	if (kp->realm == NULL) {	94
		95	if (kp->realm == NULL)
88	kp->realm = univention_config_get_string("kerberos/realm");	96	kp->realm = univention_config_get_string("kerberos/realm");
89	if (kp->realm == NULL) {	97
90	return 1;	98	if (kp->username == NULL \|\| kp->realm == NULL)
91	}	99	goto err;
92	}
93	asprintf(&principal_name, "%s@%s", kp->username, kp->realm);	100	asprintf(&principal_name, "%s@%s", kp->username, kp->realm);
		101	if (principal_name == NULL)
		102	goto err;
94		103
95	univention_debug(UV_DEBUG_KERBEROS, UV_DEBUG_INFO, "receiving Kerberos ticket for %s", principal_name);	104	univention_debug(UV_DEBUG_KERBEROS, UV_DEBUG_INFO, "receiving Kerberos ticket for %s", principal_name);
96		105
97	if ((rv = krb5_init_context(&kp->context))) {	106	if ((rv = krb5_init_context(&kp->context)))
98	free(principal_name);	107	goto err1;
99	return rv;	108	if ((rv = krb5_cc_default(kp->context, &kp->ccache)))
100	}	109	goto err2;
101	if ((rv = krb5_cc_default(kp->context, &kp->ccache))) {	110	if ((rv = krb5_parse_name(kp->context, principal_name, &kp->principal)))
102	free(principal_name);	111	goto err2;
103	krb5_free_context(kp->context);
104	return rv;
105	}
106	if ((rv = krb5_parse_name(kp->context, principal_name, &kp->principal))) {
107	free(principal_name);
108	krb5_free_context(kp->context);
109	return rv;
110	}
111	if ((rv = krb5_get_init_creds_password(kp->context, &kp->creds, kp->principal,	112	if ((rv = krb5_get_init_creds_password(kp->context, &kp->creds, kp->principal,
112	NULL, kerb_prompter, kp->password, 0, NULL, NULL))) {	113	NULL, kerb_prompter, kp->password, 0, NULL, NULL)))
113	free(principal_name);	114	goto err3;
114	krb5_free_principal(kp->context, kp->principal);	115	if ((rv = krb5_cc_initialize(kp->context, kp->ccache, kp->principal)))
115	krb5_free_context(kp->context);	116	goto err4;
116	return rv;	117	if ((rv = krb5_cc_store_cred(kp->context, kp->ccache, &kp->creds)))
117	}	118	goto err5;
118	if ((rv = krb5_cc_initialize(kp->context, kp->ccache, kp->principal))) {
119	free(principal_name);
120	krb5_free_cred_contents(kp->context, &kp->creds);
121	krb5_free_principal(kp->context, kp->principal);
122	krb5_free_context(kp->context);
123	return rv;
124	}
125	if ((rv = krb5_cc_store_cred(kp->context, kp->ccache, &kp->creds))) {
126	free(principal_name);
127	krb5_cc_close(kp->context, kp->ccache);
128	krb5_free_cred_contents(kp->context, &kp->creds);
129	krb5_free_principal(kp->context, kp->principal);
130	krb5_free_context(kp->context);
131	return rv;
132	}
133		119
134	free(principal_name);	120	rv = 0;
		121
		122	err5:
135	krb5_cc_close(kp->context, kp->ccache);	123	krb5_cc_close(kp->context, kp->ccache);
		124	kp->ccache = NULL;
		125	err4:
136	krb5_free_cred_contents(kp->context, &kp->creds);	126	krb5_free_cred_contents(kp->context, &kp->creds);
		127	kp->creds = NULL;
		128	err3:
137	krb5_free_principal(kp->context, kp->principal);	129	krb5_free_principal(kp->context, kp->principal);
		130	kp->principal = NULL;
		131	err2:
138	krb5_free_context(kp->context);	132	krb5_free_context(kp->context);
139	return 0;	133	kp->context = NULL;
		134	err1:
		135	free(principal_name);
		136	err:
		137	return rv;
140	}	138	}