diff options
| author | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2012-07-06 11:43:35 -0500 |
|---|---|---|
| committer | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2012-07-06 11:43:35 -0500 |
| commit | 1382b1f0c8d40386827dc49cb8fd7eb869e755aa (patch) | |
| tree | 7bf475e548de62f837d2a685556cf65a0106c88f /lib/libtdekrb/src | |
| parent | 9a3bfffc76e52b18a952016a1793af57b7d92cd4 (diff) | |
| download | ulab-1382b1f0c8d40386827dc49cb8fd7eb869e755aa.tar.gz ulab-1382b1f0c8d40386827dc49cb8fd7eb869e755aa.zip | |
Fix crash caused by improper SASL initialization
Diffstat (limited to 'lib/libtdekrb/src')
| -rw-r--r-- | lib/libtdekrb/src/tdekrbclientsocket.cpp | 26 | ||||
| -rw-r--r-- | lib/libtdekrb/src/tdekrbserversocket.cpp | 33 |
2 files changed, 42 insertions, 17 deletions
diff --git a/lib/libtdekrb/src/tdekrbclientsocket.cpp b/lib/libtdekrb/src/tdekrbclientsocket.cpp index a286ff6..c1cade8 100644 --- a/lib/libtdekrb/src/tdekrbclientsocket.cpp +++ b/lib/libtdekrb/src/tdekrbclientsocket.cpp @@ -50,6 +50,9 @@ delete m_canary; \ m_canary = NULL; +static bool tde_krb_sasl_client_initialized = false; +static sasl_callback_t tde_krb_sasl_client_callbacks[N_CALLBACKS]; + /* exception handling */ struct exit_exception { int c; @@ -59,7 +62,6 @@ struct exit_exception { class SASLDataPrivate { public: - sasl_callback_t m_callbacks[N_CALLBACKS]; sasl_conn_t *m_krbConnection; }; @@ -113,6 +115,7 @@ TDEKerberosClientSocket::~TDEKerberosClientSocket() { delete kerberosInitLoopTimer; kerberosInitLoopTimer = NULL; } + setUsingKerberos(false); m_buffer->close(); delete m_buffer; delete saslData; @@ -533,7 +536,7 @@ void TDEKerberosClientSocket::sendSASLDataToNetwork(const char *buffer, unsigned unsigned len, alloclen; int result; - alloclen = ((length / 3) + 1) * 4 + 1; + alloclen = (((length / 3) + 1) * 4) + 1; buf = (char*)malloc(alloclen+1); if (!buf) { printf("[ERROR] Unable to malloc()!\n\r"); @@ -834,7 +837,8 @@ void TDEKerberosClientSocket::continueKerberosInitialization() { else { printf("[DEBUG] Authenticated username: %s\n\r", data ? data : "(NULL)"); } - + +#if 0 m_krbInitResult = sasl_getprop(saslData->m_krbConnection, SASL_DEFUSERREALM, (const void **)&data); if (m_krbInitResult != SASL_OK) { printf("[WARNING] Unable to determine authenticated realm!\n\r"); @@ -842,6 +846,7 @@ void TDEKerberosClientSocket::continueKerberosInitialization() { else { printf("[DEBUG] Authenticated realm: %s\n\r", data ? data : "(NULL)"); } +#endif m_krbInitResult = sasl_getprop(saslData->m_krbConnection, SASL_SSF, (const void **)&ssf); if (m_krbInitResult != SASL_OK) { @@ -850,7 +855,7 @@ void TDEKerberosClientSocket::continueKerberosInitialization() { else { printf("[DEBUG] Authenticated SSF: %d\n", *ssf); } - + m_krbInitResult = sasl_getprop(saslData->m_krbConnection, SASL_MAXOUTBUF, (const void **)&m_negotiatedMaxBufferSize); if (m_krbInitResult != SASL_OK) { printf("[WARNING] Unable to determine maximum buffer size!\n\r"); @@ -896,7 +901,7 @@ int TDEKerberosClientSocket::initializeKerberosInterface() { const char *service = m_serviceName.ascii(); const char *fqdn = m_serverFQDN.ascii(); - callback = saslData->m_callbacks; + callback = tde_krb_sasl_client_callbacks; // log callback->id = SASL_CB_LOG; @@ -915,10 +920,13 @@ int TDEKerberosClientSocket::initializeKerberosInterface() { secprops.maxbufsize = NET_SEC_BUF_SIZE; secprops.max_ssf = UINT_MAX; - m_krbInitResult = sasl_client_init(saslData->m_callbacks); - if (m_krbInitResult != SASL_OK) { - printf("[ERROR] Initializing libsasl returned %s (%d)\n\r", sasl_errstring(m_krbInitResult, NULL, NULL), m_krbInitResult); - return -1; + if (!tde_krb_sasl_client_initialized) { + m_krbInitResult = sasl_client_init(tde_krb_sasl_client_callbacks); + if (m_krbInitResult != SASL_OK) { + printf("[ERROR] Initializing libsasl returned %s (%d)\n\r", sasl_errstring(m_krbInitResult, NULL, NULL), m_krbInitResult); + return -1; + } + tde_krb_sasl_client_initialized = true; } m_krbInitResult = sasl_client_new(service, fqdn, iplocal, ipremote, NULL, m_krbInitServerLast, &saslData->m_krbConnection); diff --git a/lib/libtdekrb/src/tdekrbserversocket.cpp b/lib/libtdekrb/src/tdekrbserversocket.cpp index aa281cc..1303e64 100644 --- a/lib/libtdekrb/src/tdekrbserversocket.cpp +++ b/lib/libtdekrb/src/tdekrbserversocket.cpp @@ -50,6 +50,10 @@ delete m_canary; \ m_canary = NULL; +static bool tde_krb_sasl_server_initialized = false; +static TQString tde_krb_sasl_server_appname; +static sasl_callback_t tde_krb_sasl_server_callbacks[N_CALLBACKS]; + /* exception handling */ struct exit_exception { int c; @@ -59,7 +63,6 @@ struct exit_exception { class SASLDataPrivate { public: - sasl_callback_t m_callbacks[N_CALLBACKS]; sasl_conn_t *m_krbConnection; }; @@ -113,6 +116,7 @@ TDEKerberosServerSocket::~TDEKerberosServerSocket() { delete kerberosInitLoopTimer; kerberosInitLoopTimer = NULL; } + setUsingKerberos(false); m_buffer->close(); delete m_buffer; delete saslData; @@ -307,7 +311,7 @@ int TDEKerberosServerSocket::processPendingData() { int TDEKerberosServerSocket::setUsingKerberos(bool krbactive) { int ret = 0; - if (m_serviceName == "") { + if ((m_serviceName == "") || (tde_krb_sasl_server_appname == "")) { printf("[ERROR] No service name set!\n\r"); fflush(stdout); return -1; } @@ -330,6 +334,12 @@ int TDEKerberosServerSocket::setUsingKerberos(bool krbactive) { void TDEKerberosServerSocket::setServiceName(TQString name) { m_serviceName = name; + if (!tde_krb_sasl_server_initialized) { + tde_krb_sasl_server_appname = name; + } + else { + printf("[WARNING] Attempt was made to change application name after initial Kerberos connection was tried. Application name was NOT changed!\n\r"); fflush(stdout); + } } void TDEKerberosServerSocket::setServerFQDN(TQString name) { @@ -533,7 +543,7 @@ void TDEKerberosServerSocket::sendSASLDataToNetwork(const char *buffer, unsigned unsigned len, alloclen; int result; - alloclen = ((length / 3) + 1) * 4 + 1; + alloclen = (((length / 3) + 1) * 4) + 1; buf = (char*)malloc(alloclen+1); if (!buf) { printf("[ERROR] Unable to malloc()!\n\r"); @@ -839,6 +849,7 @@ void TDEKerberosServerSocket::continueKerberosInitialization() { printf("[DEBUG] Authenticated username: %s\n\r", m_authenticatedUserName.ascii()); } +#if 0 m_krbInitResult = sasl_getprop(saslData->m_krbConnection, SASL_DEFUSERREALM, (const void **)&m_krbInitData); if (m_krbInitResult != SASL_OK) { printf("[WARNING] Unable to determine authenticated realm!\n\r"); @@ -847,6 +858,9 @@ void TDEKerberosServerSocket::continueKerberosInitialization() { m_authenticatedRealmName = m_krbInitData ? m_krbInitData : "(NULL)"; printf("[DEBUG] Authenticated realm: %s\n\r", m_authenticatedRealmName.ascii()); } +#else + m_authenticatedRealmName = "(NULL)"; +#endif m_krbInitResult = sasl_getprop(saslData->m_krbConnection, SASL_SSF, (const void **)&ssf); if (m_krbInitResult != SASL_OK) { @@ -906,7 +920,7 @@ int TDEKerberosServerSocket::initializeKerberosInterface() { char *localdomain = NULL; char *userdomain = NULL; - callback = saslData->m_callbacks; + callback = tde_krb_sasl_server_callbacks; // log callback->id = SASL_CB_LOG; @@ -925,10 +939,13 @@ int TDEKerberosServerSocket::initializeKerberosInterface() { secprops.maxbufsize = NET_SEC_BUF_SIZE; secprops.max_ssf = UINT_MAX; - m_krbInitResult = sasl_server_init(saslData->m_callbacks, m_serviceName.ascii()); - if (m_krbInitResult != SASL_OK) { - printf("[ERROR] Initializing libsasl returned %s (%d)\n\r", safe_sasl_errdetail(saslData->m_krbConnection), m_krbInitResult); - return -1; + if (!tde_krb_sasl_server_initialized) { + m_krbInitResult = sasl_server_init(tde_krb_sasl_server_callbacks, tde_krb_sasl_server_appname.ascii()); + if (m_krbInitResult != SASL_OK) { + printf("[ERROR] Initializing libsasl returned %s (%d)\n\r", safe_sasl_errdetail(saslData->m_krbConnection), m_krbInitResult); + return -1; + } + tde_krb_sasl_server_initialized = true; } m_krbInitResult = sasl_server_new(m_serviceName.ascii(), localdomain, userdomain, iplocal, ipremote, NULL, m_krbInitServerLast, &saslData->m_krbConnection); |