From 1382b1f0c8d40386827dc49cb8fd7eb869e755aa Mon Sep 17 00:00:00 2001 From: Timothy Pearson Date: Fri, 6 Jul 2012 11:43:35 -0500 Subject: Fix crash caused by improper SASL initialization --- lib/libtdekrb/src/tdekrbclientsocket.cpp | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) (limited to 'lib/libtdekrb/src/tdekrbclientsocket.cpp') diff --git a/lib/libtdekrb/src/tdekrbclientsocket.cpp b/lib/libtdekrb/src/tdekrbclientsocket.cpp index a286ff6..c1cade8 100644 --- a/lib/libtdekrb/src/tdekrbclientsocket.cpp +++ b/lib/libtdekrb/src/tdekrbclientsocket.cpp @@ -50,6 +50,9 @@ delete m_canary; \ m_canary = NULL; +static bool tde_krb_sasl_client_initialized = false; +static sasl_callback_t tde_krb_sasl_client_callbacks[N_CALLBACKS]; + /* exception handling */ struct exit_exception { int c; @@ -59,7 +62,6 @@ struct exit_exception { class SASLDataPrivate { public: - sasl_callback_t m_callbacks[N_CALLBACKS]; sasl_conn_t *m_krbConnection; }; @@ -113,6 +115,7 @@ TDEKerberosClientSocket::~TDEKerberosClientSocket() { delete kerberosInitLoopTimer; kerberosInitLoopTimer = NULL; } + setUsingKerberos(false); m_buffer->close(); delete m_buffer; delete saslData; @@ -533,7 +536,7 @@ void TDEKerberosClientSocket::sendSASLDataToNetwork(const char *buffer, unsigned unsigned len, alloclen; int result; - alloclen = ((length / 3) + 1) * 4 + 1; + alloclen = (((length / 3) + 1) * 4) + 1; buf = (char*)malloc(alloclen+1); if (!buf) { printf("[ERROR] Unable to malloc()!\n\r"); @@ -834,7 +837,8 @@ void TDEKerberosClientSocket::continueKerberosInitialization() { else { printf("[DEBUG] Authenticated username: %s\n\r", data ? data : "(NULL)"); } - + +#if 0 m_krbInitResult = sasl_getprop(saslData->m_krbConnection, SASL_DEFUSERREALM, (const void **)&data); if (m_krbInitResult != SASL_OK) { printf("[WARNING] Unable to determine authenticated realm!\n\r"); @@ -842,6 +846,7 @@ void TDEKerberosClientSocket::continueKerberosInitialization() { else { printf("[DEBUG] Authenticated realm: %s\n\r", data ? data : "(NULL)"); } +#endif m_krbInitResult = sasl_getprop(saslData->m_krbConnection, SASL_SSF, (const void **)&ssf); if (m_krbInitResult != SASL_OK) { @@ -850,7 +855,7 @@ void TDEKerberosClientSocket::continueKerberosInitialization() { else { printf("[DEBUG] Authenticated SSF: %d\n", *ssf); } - + m_krbInitResult = sasl_getprop(saslData->m_krbConnection, SASL_MAXOUTBUF, (const void **)&m_negotiatedMaxBufferSize); if (m_krbInitResult != SASL_OK) { printf("[WARNING] Unable to determine maximum buffer size!\n\r"); @@ -896,7 +901,7 @@ int TDEKerberosClientSocket::initializeKerberosInterface() { const char *service = m_serviceName.ascii(); const char *fqdn = m_serverFQDN.ascii(); - callback = saslData->m_callbacks; + callback = tde_krb_sasl_client_callbacks; // log callback->id = SASL_CB_LOG; @@ -915,10 +920,13 @@ int TDEKerberosClientSocket::initializeKerberosInterface() { secprops.maxbufsize = NET_SEC_BUF_SIZE; secprops.max_ssf = UINT_MAX; - m_krbInitResult = sasl_client_init(saslData->m_callbacks); - if (m_krbInitResult != SASL_OK) { - printf("[ERROR] Initializing libsasl returned %s (%d)\n\r", sasl_errstring(m_krbInitResult, NULL, NULL), m_krbInitResult); - return -1; + if (!tde_krb_sasl_client_initialized) { + m_krbInitResult = sasl_client_init(tde_krb_sasl_client_callbacks); + if (m_krbInitResult != SASL_OK) { + printf("[ERROR] Initializing libsasl returned %s (%d)\n\r", sasl_errstring(m_krbInitResult, NULL, NULL), m_krbInitResult); + return -1; + } + tde_krb_sasl_client_initialized = true; } m_krbInitResult = sasl_client_new(service, fqdn, iplocal, ipremote, NULL, m_krbInitServerLast, &saslData->m_krbConnection); -- cgit v1.2.1