Index: src/lib/gssapi/krb5/k5sealv3.c =================================================================== --- src/lib/gssapi/krb5/k5sealv3.c (.../tags/krb5-1-6-final) (Revision 19119) +++ src/lib/gssapi/krb5/k5sealv3.c (.../branches/krb5-1-6) (Revision 19119) @@ -412,10 +412,16 @@ if (load_16_be(althdr) != 0x0504 || althdr[2] != ptr[2] || althdr[3] != ptr[3] - || memcmp(althdr+8, ptr+8, 8)) + || memcmp(althdr+8, ptr+8, 8)) { + free(plain.data); goto defective; + } message_buffer->value = plain.data; message_buffer->length = plain.length - ec - 16; + if(message_buffer->length == 0) { + free(message_buffer->value); + message_buffer->value = NULL; + } } else { /* no confidentiality */ if (conf_state) Index: src/lib/krb5/keytab/kt_file.c =================================================================== --- src/lib/krb5/keytab/kt_file.c (.../tags/krb5-1-6-final) (Revision 19119) +++ src/lib/krb5/keytab/kt_file.c (.../branches/krb5-1-6) (Revision 19119) @@ -193,6 +193,7 @@ err = k5_mutex_init(&data->lock); if (err) { + krb5_xfree(data); krb5_xfree(*id); return err; } @@ -791,6 +792,7 @@ err = k5_mutex_init(&data->lock); if (err) { + krb5_xfree(data); krb5_xfree(*id); return err; } Index: src/lib/krb5/os/sendto_kdc.c =================================================================== --- src/lib/krb5/os/sendto_kdc.c (.../tags/krb5-1-6-final) (Revision 19119) +++ src/lib/krb5/os/sendto_kdc.c (.../branches/krb5-1-6) (Revision 19119) @@ -1127,7 +1127,7 @@ return ENOMEM; } - memset(conns, 0, n_conns * sizeof(conns[i])); + memset(conns, 0, n_conns * sizeof(struct conn_state)); if (callback_info) { callback_data = malloc(n_conns * sizeof(krb5_data)); @@ -1135,7 +1135,7 @@ return ENOMEM; } - memset(conns, 0, n_conns * sizeof(callback_data[i])); + memset(callback_data, 0, n_conns * sizeof(krb5_data)); } for (i = 0; i < n_conns; i++) { Index: src/lib/krb5/os/changepw.c =================================================================== --- src/lib/krb5/os/changepw.c (.../tags/krb5-1-6-final) (Revision 19119) +++ src/lib/krb5/os/changepw.c (.../branches/krb5-1-6) (Revision 19119) @@ -70,12 +70,14 @@ locate_service_kadmin, SOCK_STREAM, 0); if (!code) { /* Success with admin_server but now we need to change the - port number to use DEFAULT_KPASSWD_PORT. */ + port number to use DEFAULT_KPASSWD_PORT and the socktype. */ int i; for (i=0; inaddrs; i++) { struct addrinfo *a = addrlist->addrs[i].ai; if (a->ai_family == AF_INET) sa2sin (a->ai_addr)->sin_port = htons(DEFAULT_KPASSWD_PORT); + if (sockType != SOCK_STREAM) + a->ai_socktype = sockType; } } } Index: src/lib/krb5/ccache/ccapi/stdcc.c =================================================================== --- src/lib/krb5/ccache/ccapi/stdcc.c (.../tags/krb5-1-6-final) (Revision 19119) +++ src/lib/krb5/ccache/ccapi/stdcc.c (.../branches/krb5-1-6) (Revision 19119) @@ -56,6 +56,7 @@ #ifdef USE_CCAPI_V3 cc_context_t gCntrlBlock = NULL; +cc_int32 gCCVersion = 0; #else apiCB *gCntrlBlock = NULL; #endif @@ -222,13 +223,59 @@ #ifdef USE_CCAPI_V3 + +static krb5_error_code stdccv3_get_timeoffset (krb5_context in_context, + cc_ccache_t in_ccache) +{ + krb5_error_code err = 0; + + if (gCCVersion >= ccapi_version_5) { + krb5_os_context os_ctx = (krb5_os_context) in_context->os_context; + cc_time_t time_offset = 0; + + err = cc_ccache_get_kdc_time_offset (in_ccache, cc_credentials_v5, + &time_offset); + + if (!err) { + os_ctx->time_offset = time_offset; + os_ctx->usec_offset = 0; + os_ctx->os_flags = ((os_ctx->os_flags & ~KRB5_OS_TOFFSET_TIME) | + KRB5_OS_TOFFSET_VALID); + } + + if (err == ccErrTimeOffsetNotSet) { + err = 0; /* okay if there is no time offset */ + } + } + + return err; /* Don't translate. Callers will translate for us */ +} + +static krb5_error_code stdccv3_set_timeoffset (krb5_context in_context, + cc_ccache_t in_ccache) +{ + krb5_error_code err = 0; + + if (gCCVersion >= ccapi_version_5) { + krb5_os_context os_ctx = (krb5_os_context) in_context->os_context; + + if (!err && os_ctx->os_flags & KRB5_OS_TOFFSET_VALID) { + err = cc_ccache_set_kdc_time_offset (in_ccache, + cc_credentials_v5, + os_ctx->time_offset); + } + } + + return err; /* Don't translate. Callers will translate for us */ +} + static krb5_error_code stdccv3_setup (krb5_context context, stdccCacheDataPtr ccapi_data) { krb5_error_code err = 0; if (!err && !gCntrlBlock) { - err = cc_initialize (&gCntrlBlock, ccapi_version_max, NULL, NULL); + err = cc_initialize (&gCntrlBlock, ccapi_version_max, &gCCVersion, NULL); } if (!err && ccapi_data && !ccapi_data->NamedCache) { @@ -237,6 +284,10 @@ &ccapi_data->NamedCache); } + if (!err && ccapi_data && ccapi_data->NamedCache) { + err = stdccv3_get_timeoffset (context, ccapi_data->NamedCache); + } + return err; /* Don't translate. Callers will translate for us */ } @@ -245,6 +296,7 @@ { if (gCntrlBlock) { cc_context_release(gCntrlBlock); } gCntrlBlock = NULL; + gCCVersion = 0; } /* @@ -278,11 +330,15 @@ } if (!err) { - err = cc_context_create_new_ccache (gCntrlBlock, cc_credentials_v5, 0L, + err = cc_context_create_new_ccache (gCntrlBlock, cc_credentials_v5, "", &ccache); } if (!err) { + err = stdccv3_set_timeoffset (context, ccache); + } + + if (!err) { err = cc_ccache_get_name (ccache, &ccstring); } @@ -395,6 +451,7 @@ krb5_error_code err = 0; stdccCacheDataPtr ccapi_data = id->data; char *name = NULL; + cc_ccache_t ccache = NULL; if (id == NULL) { err = KRB5_CC_NOMEM; } @@ -406,23 +463,28 @@ err = krb5_unparse_name(context, princ, &name); } - if (!err && ccapi_data->NamedCache) { - err = cc_ccache_release(ccapi_data->NamedCache); - ccapi_data->NamedCache = NULL; - } - if (!err) { err = cc_context_create_ccache (gCntrlBlock, ccapi_data->cache_name, cc_credentials_v5, name, - &ccapi_data->NamedCache); + &ccache); } if (!err) { - cache_changed(); + err = stdccv3_set_timeoffset (context, ccache); } - if (name) { krb5_free_unparsed_name(context, name); } + if (!err) { + if (ccapi_data->NamedCache) { + err = cc_ccache_release (ccapi_data->NamedCache); + } + ccapi_data->NamedCache = ccache; + ccache = NULL; /* take ownership */ + cache_changed (); + } + if (ccache) { cc_ccache_release (ccache); } + if (name ) { krb5_free_unparsed_name(context, name); } + return cc_err_xlate(err); } Eigenschaftsänderungen: . ___________________________________________________________________ Name: svk:merge - 122d7f7f-0217-0410-a6d0-d37b9a318acc:/local/krb5/branches/krb5-1-6:19331 304ed8f4-7412-0410-a0db-8249d8f37659:/my-branches/kdb-config:339 dc483132-0cff-0310-8789-dd5450dbe970:/branches/ccapi:18199 dc483132-0cff-0310-8789-dd5450dbe970:/branches/referrals/trunk:18581 + 122d7f7f-0217-0410-a6d0-d37b9a318acc:/local/krb5/branches/krb5-1-6:19411 304ed8f4-7412-0410-a0db-8249d8f37659:/my-branches/kdb-config:339 dc483132-0cff-0310-8789-dd5450dbe970:/branches/ccapi:18199 dc483132-0cff-0310-8789-dd5450dbe970:/branches/referrals/trunk:18581