Hello community,
here is the log from the commit of package python-kerberos for openSUSE:Factory
checked in at 2018-02-09 15:53:17
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-kerberos (Old)
and /work/SRC/openSUSE:Factory/.python-kerberos.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-kerberos"
Fri Feb 9 15:53:17 2018 rev:3 rq:574530 version:1.2.5
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-kerberos/python-kerberos.changes
2015-07-21 13:29:10.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.python-kerberos.new/python-kerberos.changes
2018-02-09 15:53:19.018955425 +0100
@@ -1,0 +2,9 @@
+Wed Dec 20 09:43:38 UTC 2017 - dmuel...@suse.com
+
+- update to 1.2.5
+ * no changelog available
+- convert to singlespec
+- drop 0001-Initialise-pydelegatestate-variable-to-NULL.patch:
+ already upstream
+
+-------------------------------------------------------------------
Old:
----
0001-Initialise-pydelegatestate-variable-to-NULL.patch
kerberos-1.2.2.tar.gz
New:
----
kerberos-1.2.5.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-kerberos.spec ++++++
--- /var/tmp/diff_new_pack.zde6TF/_old 2018-02-09 15:53:19.906923529 +0100
+++ /var/tmp/diff_new_pack.zde6TF/_new 2018-02-09 15:53:19.906923529 +0100
@@ -1,7 +1,7 @@
#
# spec file for package python-kerberos
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,22 +16,22 @@
#
+%{?!python_module:%define python_module() python-%{**} python3-%{**}}
+%bcond_without test
Name: python-kerberos
-Version: 1.2.2
+Version: 1.2.5
Release: 0
Summary: Kerberos high-level interface
License: Apache-2.0
Group: Development/Languages/Python
Url: http://www.calendarserver.org/
-Source:
https://pypi.python.org/packages/source/k/kerberos/kerberos-%{version}.tar.gz
-Patch1: 0001-Initialise-pydelegatestate-variable-to-NULL.patch
-BuildRequires: krb5-devel
-BuildRequires: python-devel
-BuildRequires: python-setuptools
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
-%if 0%{?suse_version} && 0%{?suse_version} <= 1110
-%{!?python_sitearch: %global python_sitearch %(python -c "from
distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
-%endif
+Source:
https://files.pythonhosted.org/packages/source/k/kerberos/kerberos-%{version}.tar.gz
+BuildRequires: %{python_module devel}
+BuildRequires: %{python_module setuptools}
+BuildRequires: fdupes
+BuildRequires: krb5-mini-devel
+BuildRequires: python-rpm-macros
+%python_subpackages
%description
A high-level wrapper for Kerberos (GSSAPI) operations.
@@ -42,17 +42,18 @@
%prep
%setup -q -n kerberos-%{version}
-%patch1 -p1
%build
-CFLAGS="%{optflags}" python setup.py build
+export CFLAGS="%{optflags}"
+%python_build
%install
-python setup.py install --prefix=%{_prefix} --root=%{buildroot}
+%python_install
+%python_expand %fdupes %{buildroot}%{$python_sitearch}
-%files
+%files %{python_files}
%defattr(-,root,root,-)
-%doc LICENSE README.rst
+%doc README.rst
%{python_sitearch}/*
%changelog
++++++ kerberos-1.2.2.tar.gz -> kerberos-1.2.5.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kerberos-1.2.2/LICENSE new/kerberos-1.2.5/LICENSE
--- old/kerberos-1.2.2/LICENSE 2015-03-26 19:31:17.000000000 +0100
+++ new/kerberos-1.2.5/LICENSE 1970-01-01 01:00:00.000000000 +0100
@@ -1,202 +0,0 @@
-
- Apache License
- Version 2.0, January 2004
- http://www.apache.org/licenses/
-
- TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
- 1. Definitions.
-
- "License" shall mean the terms and conditions for use, reproduction,
- and distribution as defined by Sections 1 through 9 of this document.
-
- "Licensor" shall mean the copyright owner or entity authorized by
- the copyright owner that is granting the License.
-
- "Legal Entity" shall mean the union of the acting entity and all
- other entities that control, are controlled by, or are under common
- control with that entity. For the purposes of this definition,
- "control" means (i) the power, direct or indirect, to cause the
- direction or management of such entity, whether by contract or
- otherwise, or (ii) ownership of fifty percent (50%) or more of the
- outstanding shares, or (iii) beneficial ownership of such entity.
-
- "You" (or "Your") shall mean an individual or Legal Entity
- exercising permissions granted by this License.
-
- "Source" form shall mean the preferred form for making modifications,
- including but not limited to software source code, documentation
- source, and configuration files.
-
- "Object" form shall mean any form resulting from mechanical
- transformation or translation of a Source form, including but
- not limited to compiled object code, generated documentation,
- and conversions to other media types.
-
- "Work" shall mean the work of authorship, whether in Source or
- Object form, made available under the License, as indicated by a
- copyright notice that is included in or attached to the work
- (an example is provided in the Appendix below).
-
- "Derivative Works" shall mean any work, whether in Source or Object
- form, that is based on (or derived from) the Work and for which the
- editorial revisions, annotations, elaborations, or other modifications
- represent, as a whole, an original work of authorship. For the purposes
- of this License, Derivative Works shall not include works that remain
- separable from, or merely link (or bind by name) to the interfaces of,
- the Work and Derivative Works thereof.
-
- "Contribution" shall mean any work of authorship, including
- the original version of the Work and any modifications or additions
- to that Work or Derivative Works thereof, that is intentionally
- submitted to Licensor for inclusion in the Work by the copyright owner
- or by an individual or Legal Entity authorized to submit on behalf of
- the copyright owner. For the purposes of this definition, "submitted"
- means any form of electronic, verbal, or written communication sent
- to the Licensor or its representatives, including but not limited to
- communication on electronic mailing lists, source code control systems,
- and issue tracking systems that are managed by, or on behalf of, the
- Licensor for the purpose of discussing and improving the Work, but
- excluding communication that is conspicuously marked or otherwise
- designated in writing by the copyright owner as "Not a Contribution."
-
- "Contributor" shall mean Licensor and any individual or Legal Entity
- on behalf of whom a Contribution has been received by Licensor and
- subsequently incorporated within the Work.
-
- 2. Grant of Copyright License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- copyright license to reproduce, prepare Derivative Works of,
- publicly display, publicly perform, sublicense, and distribute the
- Work and such Derivative Works in Source or Object form.
-
- 3. Grant of Patent License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- (except as stated in this section) patent license to make, have made,
- use, offer to sell, sell, import, and otherwise transfer the Work,
- where such license applies only to those patent claims licensable
- by such Contributor that are necessarily infringed by their
- Contribution(s) alone or by combination of their Contribution(s)
- with the Work to which such Contribution(s) was submitted. If You
- institute patent litigation against any entity (including a
- cross-claim or counterclaim in a lawsuit) alleging that the Work
- or a Contribution incorporated within the Work constitutes direct
- or contributory patent infringement, then any patent licenses
- granted to You under this License for that Work shall terminate
- as of the date such litigation is filed.
-
- 4. Redistribution. You may reproduce and distribute copies of the
- Work or Derivative Works thereof in any medium, with or without
- modifications, and in Source or Object form, provided that You
- meet the following conditions:
-
- (a) You must give any other recipients of the Work or
- Derivative Works a copy of this License; and
-
- (b) You must cause any modified files to carry prominent notices
- stating that You changed the files; and
-
- (c) You must retain, in the Source form of any Derivative Works
- that You distribute, all copyright, patent, trademark, and
- attribution notices from the Source form of the Work,
- excluding those notices that do not pertain to any part of
- the Derivative Works; and
-
- (d) If the Work includes a "NOTICE" text file as part of its
- distribution, then any Derivative Works that You distribute must
- include a readable copy of the attribution notices contained
- within such NOTICE file, excluding those notices that do not
- pertain to any part of the Derivative Works, in at least one
- of the following places: within a NOTICE text file distributed
- as part of the Derivative Works; within the Source form or
- documentation, if provided along with the Derivative Works; or,
- within a display generated by the Derivative Works, if and
- wherever such third-party notices normally appear. The contents
- of the NOTICE file are for informational purposes only and
- do not modify the License. You may add Your own attribution
- notices within Derivative Works that You distribute, alongside
- or as an addendum to the NOTICE text from the Work, provided
- that such additional attribution notices cannot be construed
- as modifying the License.
-
- You may add Your own copyright statement to Your modifications and
- may provide additional or different license terms and conditions
- for use, reproduction, or distribution of Your modifications, or
- for any such Derivative Works as a whole, provided Your use,
- reproduction, and distribution of the Work otherwise complies with
- the conditions stated in this License.
-
- 5. Submission of Contributions. Unless You explicitly state otherwise,
- any Contribution intentionally submitted for inclusion in the Work
- by You to the Licensor shall be under the terms and conditions of
- this License, without any additional terms or conditions.
- Notwithstanding the above, nothing herein shall supersede or modify
- the terms of any separate license agreement you may have executed
- with Licensor regarding such Contributions.
-
- 6. Trademarks. This License does not grant permission to use the trade
- names, trademarks, service marks, or product names of the Licensor,
- except as required for reasonable and customary use in describing the
- origin of the Work and reproducing the content of the NOTICE file.
-
- 7. Disclaimer of Warranty. Unless required by applicable law or
- agreed to in writing, Licensor provides the Work (and each
- Contributor provides its Contributions) on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
- implied, including, without limitation, any warranties or conditions
- of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
- PARTICULAR PURPOSE. You are solely responsible for determining the
- appropriateness of using or redistributing the Work and assume any
- risks associated with Your exercise of permissions under this License.
-
- 8. Limitation of Liability. In no event and under no legal theory,
- whether in tort (including negligence), contract, or otherwise,
- unless required by applicable law (such as deliberate and grossly
- negligent acts) or agreed to in writing, shall any Contributor be
- liable to You for damages, including any direct, indirect, special,
- incidental, or consequential damages of any character arising as a
- result of this License or out of the use or inability to use the
- Work (including but not limited to damages for loss of goodwill,
- work stoppage, computer failure or malfunction, or any and all
- other commercial damages or losses), even if such Contributor
- has been advised of the possibility of such damages.
-
- 9. Accepting Warranty or Additional Liability. While redistributing
- the Work or Derivative Works thereof, You may choose to offer,
- and charge a fee for, acceptance of support, warranty, indemnity,
- or other liability obligations and/or rights consistent with this
- License. However, in accepting such obligations, You may act only
- on Your own behalf and on Your sole responsibility, not on behalf
- of any other Contributor, and only if You agree to indemnify,
- defend, and hold each Contributor harmless for any liability
- incurred by, or claims asserted against, such Contributor by reason
- of your accepting any such warranty or additional liability.
-
- END OF TERMS AND CONDITIONS
-
- APPENDIX: How to apply the Apache License to your work.
-
- To apply the Apache License to your work, attach the following
- boilerplate notice, with the fields enclosed by brackets "[]"
- replaced with your own identifying information. (Don't include
- the brackets!) The text should be enclosed in the appropriate
- comment syntax for the file format. We also recommend that a
- file or class name and description of purpose be included on the
- same "printed page" as the copyright notice for easier
- identification within third-party archives.
-
- Copyright [yyyy] [name of copyright owner]
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kerberos-1.2.2/PKG-INFO new/kerberos-1.2.5/PKG-INFO
--- old/kerberos-1.2.2/PKG-INFO 2015-03-27 02:15:27.000000000 +0100
+++ new/kerberos-1.2.5/PKG-INFO 2016-07-18 21:18:19.000000000 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: kerberos
-Version: 1.2.2
+Version: 1.2.5
Summary: Kerberos high-level interface
Home-page: http://www.calendarserver.org/
Author: Apple Inc.
@@ -69,7 +69,7 @@
Copyright and License
=====================
- Copyright (c) 2006-2015 Apple Inc. All rights reserved.
+ Copyright (c) 2006-2016 Apple Inc. All rights reserved.
This software is licensed under the Apache License, Version 2.0. The
Apache License is a well-established open source license, enabling
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kerberos-1.2.2/README.rst
new/kerberos-1.2.5/README.rst
--- old/kerberos-1.2.2/README.rst 2015-03-26 19:31:17.000000000 +0100
+++ new/kerberos-1.2.5/README.rst 2016-01-25 18:51:33.000000000 +0100
@@ -61,7 +61,7 @@
Copyright and License
=====================
-Copyright (c) 2006-2015 Apple Inc. All rights reserved.
+Copyright (c) 2006-2016 Apple Inc. All rights reserved.
This software is licensed under the Apache License, Version 2.0. The
Apache License is a well-established open source license, enabling
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kerberos-1.2.2/kerberos.egg-info/PKG-INFO
new/kerberos-1.2.5/kerberos.egg-info/PKG-INFO
--- old/kerberos-1.2.2/kerberos.egg-info/PKG-INFO 2015-03-27
02:15:27.000000000 +0100
+++ new/kerberos-1.2.5/kerberos.egg-info/PKG-INFO 2016-07-18
21:18:19.000000000 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: kerberos
-Version: 1.2.2
+Version: 1.2.5
Summary: Kerberos high-level interface
Home-page: http://www.calendarserver.org/
Author: Apple Inc.
@@ -69,7 +69,7 @@
Copyright and License
=====================
- Copyright (c) 2006-2015 Apple Inc. All rights reserved.
+ Copyright (c) 2006-2016 Apple Inc. All rights reserved.
This software is licensed under the Apache License, Version 2.0. The
Apache License is a well-established open source license, enabling
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kerberos-1.2.2/kerberos.egg-info/SOURCES.txt
new/kerberos-1.2.5/kerberos.egg-info/SOURCES.txt
--- old/kerberos-1.2.2/kerberos.egg-info/SOURCES.txt 2015-03-27
02:15:27.000000000 +0100
+++ new/kerberos-1.2.5/kerberos.egg-info/SOURCES.txt 2016-07-18
21:18:19.000000000 +0200
@@ -1,4 +1,3 @@
-LICENSE
MANIFEST.in
README.rst
setup.py
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kerberos-1.2.2/pysrc/kerberos.py
new/kerberos-1.2.5/pysrc/kerberos.py
--- old/kerberos-1.2.2/pysrc/kerberos.py 2015-03-26 21:31:26.000000000
+0100
+++ new/kerberos-1.2.5/pysrc/kerberos.py 2016-01-25 18:51:33.000000000
+0100
@@ -1,5 +1,5 @@
##
-# Copyright (c) 2006-2015 Apple Inc. All rights reserved.
+# Copyright (c) 2006-2016 Apple Inc. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -158,6 +158,8 @@
@param delegated: Optional server context containing delegated credentials
+ @param mech_oid: Optional GGS mech OID
+
@return: A tuple of (result, context) where result is the result code (see
above) and context is an opaque value that will need to be passed to
subsequent functions.
@@ -177,6 +179,20 @@
+def authGSSClientInquireCred(context):
+ """
+ Get the current user name, if any, without a client-side GSSAPI step.
+ If the principal has already been authenticated via completed client-side
+ GSSAPI steps then the user name of the authenticated principal is kept. The
+ user name will be available via authGSSClientUserName.
+
+ @param context: The context object returned from L{authGSSClientInit}.
+
+ @return: A result code (see above).
+ """
+
+
+
def authGSSClientStep(context, challenge):
"""
Processes a single GSSAPI client-side step using the supplied server data.
@@ -219,9 +235,10 @@
def authGSSClientUserName(context):
"""
Get the user name of the principal authenticated via the now complete
- GSSAPI client-side operations.
- This method must only be called after authGSSClientStep returns a complete
- response code.
+ GSSAPI client-side operations, or the current user name obtained via
+ authGSSClientInquireCred. This method must only be called after
+ authGSSClientStep or authGSSClientInquireCred return a complete response
+ code.
@param context: The context object returned from L{authGSSClientInit}.
@@ -266,7 +283,8 @@
to dispose of the context once all GSSAPI operations are complete.
@param service: A string containing the service principal in the form
- C{"type@fqdn"}.
+ C{"type@fqdn"}. To initialize the context for the purpose of accepting
+ delegated credentials, pass the literal string C{"DELEGATE"}.
@return: A tuple of (result, context) where result is the result code (see
above) and context is an opaque value that will need to be passed to
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kerberos-1.2.2/setup.py new/kerberos-1.2.5/setup.py
--- old/kerberos-1.2.2/setup.py 2015-03-27 02:15:10.000000000 +0100
+++ new/kerberos-1.2.5/setup.py 2016-07-18 21:18:04.000000000 +0200
@@ -1,5 +1,5 @@
##
-# Copyright (c) 2006-2015 Apple Inc. All rights reserved.
+# Copyright (c) 2006-2016 Apple Inc. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -29,11 +29,11 @@
project_name = "kerberos"
-version_string = "1.2.2"
+version_string = "1.2.5"
description = "Kerberos high-level interface"
-long_description = file(joinpath(dirname(__file__), "README.rst")).read()
+long_description = open(joinpath(dirname(__file__), "README.rst")).read()
url = "http://www.calendarserver.org/";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kerberos-1.2.2/src/base64.c
new/kerberos-1.2.5/src/base64.c
--- old/kerberos-1.2.2/src/base64.c 2015-03-26 22:29:55.000000000 +0100
+++ new/kerberos-1.2.5/src/base64.c 2016-01-25 18:51:33.000000000 +0100
@@ -1,5 +1,5 @@
/**
- * Copyright (c) 2006-2015 Apple Inc. All rights reserved.
+ * Copyright (c) 2006-2016 Apple Inc. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -43,6 +43,10 @@
char *base64_encode(const unsigned char *value, size_t vlen)
{
char *result = (char *)malloc((vlen * 4) / 3 + 5);
+ if (result == NULL)
+ {
+ return NULL;
+ }
char *out = result;
while (vlen >= 3)
{
@@ -79,6 +83,10 @@
size_t vlen = strlen(value);
unsigned char *result =(unsigned char *)malloc((vlen * 3) / 4 + 1);
+ if (result == NULL)
+ {
+ return NULL;
+ }
unsigned char *out = result;
while (1) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kerberos-1.2.2/src/base64.h
new/kerberos-1.2.5/src/base64.h
--- old/kerberos-1.2.2/src/base64.h 2015-03-26 22:30:02.000000000 +0100
+++ new/kerberos-1.2.5/src/base64.h 2016-01-25 18:51:33.000000000 +0100
@@ -1,5 +1,5 @@
/**
- * Copyright (c) 2006-2015 Apple Inc. All rights reserved.
+ * Copyright (c) 2006-2016 Apple Inc. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kerberos-1.2.2/src/kerberos.c
new/kerberos-1.2.5/src/kerberos.c
--- old/kerberos-1.2.2/src/kerberos.c 2015-03-27 00:13:12.000000000 +0100
+++ new/kerberos-1.2.5/src/kerberos.c 2016-07-18 21:14:56.000000000 +0200
@@ -1,5 +1,5 @@
/**
- * Copyright (c) 2006-2015 Apple Inc. All rights reserved.
+ * Copyright (c) 2006-2016 Apple Inc. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -57,6 +57,14 @@
ob = Py_InitModule3(name, methods, doc);
#endif
+static char krb5_mech_oid_bytes [] = "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02";
+gss_OID_desc krb5_mech_oid = { 9, &krb5_mech_oid_bytes };
+
+static char spnego_mech_oid_bytes[] = "\x2b\x06\x01\x05\x05\x02";
+gss_OID_desc spnego_mech_oid = { 6, &spnego_mech_oid_bytes };
+
+char STATE_NULL_C = 'C';
+void* STATE_NULL = &STATE_NULL_C;
PyObject *KrbException_class;
PyObject *BasicAuthException_class;
@@ -108,7 +116,7 @@
{
const char *service = NULL;
const char *hostname = NULL;
- char* result;
+ char* result = NULL;
if (! PyArg_ParseTuple(args, "ss", &service, &hostname)) {
return NULL;
@@ -129,32 +137,44 @@
{
const char *service = NULL;
const char *principal = NULL;
- gss_client_state *state;
- PyObject *pystate;
+ gss_client_state *state = NULL;
+ PyObject *pystate = NULL;
gss_server_state *delegatestate = NULL;
- PyObject *pydelegatestate;
+ PyObject *pydelegatestate = NULL;
+ gss_OID mech_oid = GSS_C_NO_OID;
+ PyObject *pymech_oid = NULL;
static char *kwlist[] = {
- "service", "principal", "gssflags", "delegated", NULL
+ "service", "principal", "gssflags", "delegated", "mech_oid", NULL
};
long int gss_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
int result = 0;
if (! PyArg_ParseTupleAndKeywords(
- args, keywds, "s|slO", kwlist,
- &service, &principal, &gss_flags, &pydelegatestate
+ args, keywds, "s|slOO", kwlist,
+ &service, &principal, &gss_flags, &pydelegatestate, &pymech_oid
)) {
return NULL;
}
state = (gss_client_state *) malloc(sizeof(gss_client_state));
+ if (state == NULL)
+ {
+ PyErr_NoMemory();
+ return NULL;
+ }
pystate = PyCObject_FromVoidPtr(state, NULL);
- if (PyCObject_Check(pydelegatestate)) {
+ if (pydelegatestate != NULL && PyCObject_Check(pydelegatestate)) {
delegatestate = PyCObject_AsVoidPtr(pydelegatestate);
}
+ if (pymech_oid != NULL && PyCapsule_CheckExact(pymech_oid)) {
+ const char * mech_oid_name = PyCapsule_GetName(pymech_oid);
+ mech_oid = PyCapsule_GetPointer(pymech_oid, mech_oid_name);
+ }
+
result = authenticate_gss_client_init(
- service, principal, gss_flags, delegatestate, state
+ service, principal, gss_flags, delegatestate, mech_oid, state
);
if (result == AUTH_GSS_ERROR) {
@@ -166,8 +186,8 @@
static PyObject *authGSSClientClean(PyObject *self, PyObject *args)
{
- gss_client_state *state;
- PyObject *pystate;
+ gss_client_state *state = NULL;
+ PyObject *pystate = NULL;
int result = 0;
if (! PyArg_ParseTuple(args, "O", &pystate)) {
@@ -181,11 +201,11 @@
state = (gss_client_state *)PyCObject_AsVoidPtr(pystate);
- if (state != NULL) {
+ if (state != STATE_NULL) {
result = authenticate_gss_client_clean(state);
free(state);
- PyCObject_SetVoidPtr(pystate, NULL);
+ PyCObject_SetVoidPtr(pystate, STATE_NULL);
}
return Py_BuildValue("i", result);
@@ -193,8 +213,8 @@
static PyObject *authGSSClientStep(PyObject *self, PyObject *args)
{
- gss_client_state *state;
- PyObject *pystate;
+ gss_client_state *state = NULL;
+ PyObject *pystate = NULL;
char *challenge = NULL;
int result = 0;
@@ -209,7 +229,7 @@
state = (gss_client_state *)PyCObject_AsVoidPtr(pystate);
- if (state == NULL) {
+ if (state == STATE_NULL) {
return NULL;
}
@@ -224,8 +244,8 @@
static PyObject *authGSSClientResponseConf(PyObject *self, PyObject *args)
{
- gss_client_state *state;
- PyObject *pystate;
+ gss_client_state *state = NULL;
+ PyObject *pystate = NULL;
if (! PyArg_ParseTuple(args, "O", &pystate)) {
return NULL;
@@ -238,7 +258,7 @@
state = (gss_client_state *)PyCObject_AsVoidPtr(pystate);
- if (state == NULL) {
+ if (state == STATE_NULL) {
return NULL;
}
@@ -247,8 +267,8 @@
static PyObject *authGSSServerHasDelegated(PyObject *self, PyObject *args)
{
- gss_server_state *state;
- PyObject *pystate;
+ gss_server_state *state = NULL;
+ PyObject *pystate = NULL;
if (! PyArg_ParseTuple(args, "O", &pystate)) {
return NULL;
@@ -261,7 +281,7 @@
state = (gss_server_state *)PyCObject_AsVoidPtr(pystate);
- if (state == NULL) {
+ if (state == STATE_NULL) {
return NULL;
}
@@ -270,8 +290,8 @@
static PyObject *authGSSClientResponse(PyObject *self, PyObject *args)
{
- gss_client_state *state;
- PyObject *pystate;
+ gss_client_state *state = NULL;
+ PyObject *pystate = NULL;
if (! PyArg_ParseTuple(args, "O", &pystate)) {
return NULL;
@@ -284,7 +304,7 @@
state = (gss_client_state *)PyCObject_AsVoidPtr(pystate);
- if (state == NULL) {
+ if (state == STATE_NULL) {
return NULL;
}
@@ -293,8 +313,8 @@
static PyObject *authGSSClientUserName(PyObject *self, PyObject *args)
{
- gss_client_state *state;
- PyObject *pystate;
+ gss_client_state *state = NULL;
+ PyObject *pystate = NULL;
if (! PyArg_ParseTuple(args, "O", &pystate)) {
return NULL;
@@ -307,7 +327,7 @@
state = (gss_client_state *)PyCObject_AsVoidPtr(pystate);
- if (state == NULL) {
+ if (state == STATE_NULL) {
return NULL;
}
@@ -316,8 +336,8 @@
static PyObject *authGSSClientUnwrap(PyObject *self, PyObject *args)
{
- gss_client_state *state;
- PyObject *pystate;
+ gss_client_state *state = NULL;
+ PyObject *pystate = NULL;
char *challenge = NULL;
int result = 0;
@@ -332,7 +352,7 @@
state = (gss_client_state *)PyCObject_AsVoidPtr(pystate);
- if (state == NULL) {
+ if (state == STATE_NULL) {
return NULL;
}
@@ -347,8 +367,8 @@
static PyObject *authGSSClientWrap(PyObject *self, PyObject *args)
{
- gss_client_state *state;
- PyObject *pystate;
+ gss_client_state *state = NULL;
+ PyObject *pystate = NULL;
char *challenge = NULL;
char *user = NULL;
int protect = 0;
@@ -367,7 +387,7 @@
state = (gss_client_state *)PyCObject_AsVoidPtr(pystate);
- if (state == NULL) {
+ if (state == STATE_NULL) {
return NULL;
}
@@ -382,8 +402,8 @@
static PyObject *authGSSClientInquireCred(PyObject *self, PyObject *args)
{
- gss_client_state *state;
- PyObject *pystate;
+ gss_client_state *state = NULL;
+ PyObject *pystate = NULL;
int result = 0;
if (!PyArg_ParseTuple(args, "O", &pystate)) {
return NULL;
@@ -395,7 +415,7 @@
}
state = (gss_client_state *)PyCObject_AsVoidPtr(pystate);
- if (state == NULL) {
+ if (state == STATE_NULL) {
return NULL;
}
@@ -410,8 +430,8 @@
static PyObject *authGSSServerInit(PyObject *self, PyObject *args)
{
const char *service = NULL;
- gss_server_state *state;
- PyObject *pystate;
+ gss_server_state *state = NULL;
+ PyObject *pystate = NULL;
int result = 0;
if (! PyArg_ParseTuple(args, "s", &service)) {
@@ -419,6 +439,11 @@
}
state = (gss_server_state *) malloc(sizeof(gss_server_state));
+ if (state == NULL)
+ {
+ PyErr_NoMemory();
+ return NULL;
+ }
pystate = PyCObject_FromVoidPtr(state, NULL);
result = authenticate_gss_server_init(service, state);
@@ -432,8 +457,8 @@
static PyObject *authGSSServerClean(PyObject *self, PyObject *args)
{
- gss_server_state *state;
- PyObject *pystate;
+ gss_server_state *state = NULL;
+ PyObject *pystate = NULL;
int result = 0;
if (! PyArg_ParseTuple(args, "O", &pystate)) {
@@ -447,11 +472,11 @@
state = (gss_server_state *)PyCObject_AsVoidPtr(pystate);
- if (state != NULL) {
+ if (state != STATE_NULL) {
result = authenticate_gss_server_clean(state);
free(state);
- PyCObject_SetVoidPtr(pystate, NULL);
+ PyCObject_SetVoidPtr(pystate, STATE_NULL);
}
return Py_BuildValue("i", result);
@@ -459,8 +484,8 @@
static PyObject *authGSSServerStep(PyObject *self, PyObject *args)
{
- gss_server_state *state;
- PyObject *pystate;
+ gss_server_state *state = NULL;
+ PyObject *pystate = NULL;
char *challenge = NULL;
int result = 0;
@@ -475,7 +500,7 @@
state = (gss_server_state *)PyCObject_AsVoidPtr(pystate);
- if (state == NULL) {
+ if (state == STATE_NULL) {
return NULL;
}
@@ -490,8 +515,8 @@
static PyObject *authGSSServerStoreDelegate(PyObject *self, PyObject *args)
{
- gss_server_state *state;
- PyObject *pystate;
+ gss_server_state *state = NULL;
+ PyObject *pystate = NULL;
int result = 0;
if (! PyArg_ParseTuple(args, "O", &pystate)) {
@@ -505,7 +530,7 @@
state = (gss_server_state *)PyCObject_AsVoidPtr(pystate);
- if (state == NULL) {
+ if (state == STATE_NULL) {
return NULL;
}
@@ -520,8 +545,8 @@
static PyObject *authGSSServerResponse(PyObject *self, PyObject *args)
{
- gss_server_state *state;
- PyObject *pystate;
+ gss_server_state *state = NULL;
+ PyObject *pystate = NULL;
if (! PyArg_ParseTuple(args, "O", &pystate)) {
return NULL;
@@ -534,7 +559,7 @@
state = (gss_server_state *)PyCObject_AsVoidPtr(pystate);
- if (state == NULL) {
+ if (state == STATE_NULL) {
return NULL;
}
@@ -543,8 +568,8 @@
static PyObject *authGSSServerUserName(PyObject *self, PyObject *args)
{
- gss_server_state *state;
- PyObject *pystate;
+ gss_server_state *state = NULL;
+ PyObject *pystate = NULL;
if (! PyArg_ParseTuple(args, "O", &pystate)) {
return NULL;
@@ -557,7 +582,7 @@
state = (gss_server_state *)PyCObject_AsVoidPtr(pystate);
- if (state == NULL) {
+ if (state == STATE_NULL) {
return NULL;
}
@@ -566,8 +591,8 @@
static PyObject *authGSSServerCacheName(PyObject *self, PyObject *args)
{
- gss_server_state *state;
- PyObject *pystate;
+ gss_server_state *state = NULL;
+ PyObject *pystate = NULL;
if (! PyArg_ParseTuple(args, "O", &pystate)) {
return NULL;
@@ -580,7 +605,7 @@
state = (gss_server_state *)PyCObject_AsVoidPtr(pystate);
- if (state == NULL) {
+ if (state == STATE_NULL) {
return NULL;
}
@@ -589,8 +614,8 @@
static PyObject *authGSSServerTargetName(PyObject *self, PyObject *args)
{
- gss_server_state *state;
- PyObject *pystate;
+ gss_server_state *state = NULL;
+ PyObject *pystate = NULL;
if (! PyArg_ParseTuple(args, "O", &pystate)) {
return NULL;
@@ -603,7 +628,7 @@
state = (gss_server_state *)PyCObject_AsVoidPtr(pystate);
- if (state == NULL) {
+ if (state == STATE_NULL) {
return NULL;
}
@@ -808,6 +833,12 @@
PyDict_SetItemString(
d, "GSS_C_TRANS_FLAG", PyInt_FromLong(GSS_C_TRANS_FLAG)
);
+ PyDict_SetItemString(
+ d, "GSS_MECH_OID_KRB5", PyCapsule_New(&krb5_mech_oid,
"kerberos.GSS_MECH_OID_KRB5", NULL)
+ );
+ PyDict_SetItemString(
+ d, "GSS_MECH_OID_SPNEGO", PyCapsule_New(&spnego_mech_oid,
"kerberos.GSS_MECH_OID_SPNEGO", NULL)
+ );
error:
if (PyErr_Occurred()) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kerberos-1.2.2/src/kerberosbasic.c
new/kerberos-1.2.5/src/kerberosbasic.c
--- old/kerberos-1.2.2/src/kerberosbasic.c 2015-03-26 22:33:16.000000000
+0100
+++ new/kerberos-1.2.5/src/kerberosbasic.c 2016-01-25 18:51:33.000000000
+0100
@@ -1,5 +1,5 @@
/**
- * Copyright (c) 2006-2015 Apple Inc. All rights reserved.
+ * Copyright (c) 2006-2016 Apple Inc. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -76,6 +76,12 @@
name = NULL;
name = (char *)malloc(256);
+ if (name == NULL)
+ {
+ PyErr_NoMemory();
+ ret = 0;
+ goto end;
+ }
p = strchr(user, '@');
if (p == NULL) {
snprintf(name, 256, "%s@%s", user, default_realm);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kerberos-1.2.2/src/kerberosbasic.h
new/kerberos-1.2.5/src/kerberosbasic.h
--- old/kerberos-1.2.2/src/kerberosbasic.h 2015-03-26 22:33:48.000000000
+0100
+++ new/kerberos-1.2.5/src/kerberosbasic.h 2016-01-25 18:51:33.000000000
+0100
@@ -1,5 +1,5 @@
/**
- * Copyright (c) 2006-2015 Apple Inc. All rights reserved.
+ * Copyright (c) 2006-2016 Apple Inc. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kerberos-1.2.2/src/kerberosgss.c
new/kerberos-1.2.5/src/kerberosgss.c
--- old/kerberos-1.2.2/src/kerberosgss.c 2015-03-27 02:07:57.000000000
+0100
+++ new/kerberos-1.2.5/src/kerberosgss.c 2016-01-25 18:51:33.000000000
+0100
@@ -1,5 +1,5 @@
/**
- * Copyright (c) 2006-2015 Apple Inc. All rights reserved.
+ * Copyright (c) 2006-2016 Apple Inc. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -93,6 +93,10 @@
if (strncmp(pname, match, match_len) == 0) {
result = malloc(strlen(pname) + 1);
+ if (result == NULL) {
+ PyErr_NoMemory();
+ goto end;
+ }
strcpy(result, pname);
krb5_free_unparsed_name(kcontext, pname);
krb5_free_keytab_entry_contents(kcontext, &entry);
@@ -124,7 +128,7 @@
int authenticate_gss_client_init(
const char* service, const char* principal, long int gss_flags,
- gss_server_state* delegatestate, gss_client_state* state
+ gss_server_state* delegatestate, gss_OID mech_oid, gss_client_state* state
)
{
OM_uint32 maj_stat;
@@ -134,6 +138,7 @@
int ret = AUTH_GSS_COMPLETE;
state->server_name = GSS_C_NO_NAME;
+ state->mech_oid = mech_oid;
state->context = GSS_C_NO_CONTEXT;
state->gss_flags = gss_flags;
state->client_creds = GSS_C_NO_CREDENTIAL;
@@ -245,6 +250,12 @@
if (challenge && *challenge) {
size_t len;
input_token.value = base64_decode(challenge, &len);
+ if (input_token.value == NULL)
+ {
+ PyErr_NoMemory();
+ ret = AUTH_GSS_ERROR;
+ goto end;
+ }
input_token.length = len;
}
@@ -255,7 +266,7 @@
state->client_creds,
&state->context,
state->server_name,
- GSS_C_NO_OID,
+ state->mech_oid,
(OM_uint32)state->gss_flags,
0,
GSS_C_NO_CHANNEL_BINDINGS,
@@ -276,7 +287,12 @@
ret = (maj_stat == GSS_S_COMPLETE) ? AUTH_GSS_COMPLETE : AUTH_GSS_CONTINUE;
// Grab the client response to send back to the server
if (output_token.length) {
- state->response = base64_encode((const unsigned char
*)output_token.value, output_token.length);;
+ state->response = base64_encode((const unsigned char
*)output_token.value, output_token.length);
+ if (state->response == NULL) {
+ PyErr_NoMemory();
+ ret = AUTH_GSS_ERROR;
+ goto end;
+ }
maj_stat = gss_release_buffer(&min_stat, &output_token);
}
@@ -294,15 +310,25 @@
name_token.length = 0;
maj_stat = gss_display_name(&min_stat, gssuser, &name_token, NULL);
if (GSS_ERROR(maj_stat)) {
- if (name_token.value)
+ if (name_token.value) {
gss_release_buffer(&min_stat, &name_token);
+ }
gss_release_name(&min_stat, &gssuser);
set_gss_error(maj_stat, min_stat);
ret = AUTH_GSS_ERROR;
goto end;
} else {
+ if (state->username != NULL) {
+ free(state->username);
+ state->username = NULL;
+ }
state->username = (char *)malloc(name_token.length + 1);
+ if (state->username == NULL) {
+ PyErr_NoMemory();
+ ret = AUTH_GSS_ERROR;
+ goto end;
+ }
strncpy(state->username, (char*) name_token.value,
name_token.length);
state->username[name_token.length] = 0;
gss_release_buffer(&min_stat, &name_token);
@@ -341,6 +367,11 @@
if (challenge && *challenge) {
size_t len;
input_token.value = base64_decode(challenge, &len);
+ if (input_token.value == NULL) {
+ PyErr_NoMemory();
+ ret = AUTH_GSS_ERROR;
+ goto end;
+ }
input_token.length = len;
}
@@ -367,6 +398,12 @@
state->response = base64_encode(
(const unsigned char *)output_token.value, output_token.length
);
+ if (state->response == NULL)
+ {
+ PyErr_NoMemory();
+ ret = AUTH_GSS_ERROR;
+ goto end;
+ }
state->responseConf = conf;
maj_stat = gss_release_buffer(&min_stat, &output_token);
}
@@ -402,6 +439,12 @@
if (challenge && *challenge) {
size_t len;
input_token.value = base64_decode(challenge, &len);
+ if (input_token.value == NULL)
+ {
+ PyErr_NoMemory();
+ ret = AUTH_GSS_ERROR;
+ goto end;
+ }
input_token.length = len;
}
@@ -451,7 +494,12 @@
}
// Grab the client response to send back to the server
if (output_token.length) {
- state->response = base64_encode((const unsigned char
*)output_token.value, output_token.length);;
+ state->response = base64_encode((const unsigned char
*)output_token.value, output_token.length);
+ if (state->response == NULL) {
+ PyErr_NoMemory();
+ ret = AUTH_GSS_ERROR;
+ goto end;
+ }
maj_stat = gss_release_buffer(&min_stat, &output_token);
}
@@ -471,6 +519,11 @@
gss_name_t name = GSS_C_NO_NAME;
int ret = AUTH_GSS_COMPLETE;
+ // Check whether credentials have already been obtained.
+ if (state->username != NULL) {
+ goto end;
+ }
+
// Get credentials
maj_stat = gss_acquire_cred(
&min_stat, GSS_C_NO_NAME, GSS_C_INDEFINITE,
@@ -502,17 +555,25 @@
goto end;
}
- state->username = strndup(name_token.value, name_token.length);
- if (!state->username) {
- set_gss_error(GSS_S_FAILURE, ENOMEM);
+ state->username = (char *)malloc(name_token.length + 1);
+ if (state->username == NULL) {
+ PyErr_NoMemory();
ret = AUTH_GSS_ERROR;
+ goto end;
}
+ strncpy(state->username, (char*) name_token.value, name_token.length);
+ state->username[name_token.length] = 0;
end:
- (void)gss_release_cred(&min_stat, &client_creds);
- (void)gss_release_buffer(&min_stat, &name_token);
- (void)gss_release_name(&min_stat, &name);
-
+ if (client_creds != GSS_C_NO_CREDENTIAL) {
+ gss_release_cred(&min_stat, &client_creds);
+ }
+ if (name_token.length) {
+ gss_release_buffer(&min_stat, &name_token);
+ }
+ if (name != GSS_C_NO_NAME) {
+ gss_release_name(&min_stat, &name);
+ }
return ret;
}
@@ -532,29 +593,35 @@
state->targetname = NULL;
state->response = NULL;
state->ccname = NULL;
+ int cred_usage = GSS_C_ACCEPT;
// Server name may be empty which means we aren't going to create our own
creds
size_t service_len = strlen(service);
if (service_len != 0) {
// Import server name first
- name_token.length = strlen(service);
- name_token.value = (char *)service;
+ if (strcmp(service, "DELEGATE") == 0) {
+ cred_usage = GSS_C_BOTH;
+ }
+ else {
+ name_token.length = strlen(service);
+ name_token.value = (char *)service;
- maj_stat = gss_import_name(
- &min_stat, &name_token, GSS_C_NT_HOSTBASED_SERVICE,
- &state->server_name
- );
+ maj_stat = gss_import_name(
+ &min_stat, &name_token, GSS_C_NT_HOSTBASED_SERVICE,
+ &state->server_name
+ );
- if (GSS_ERROR(maj_stat)) {
- set_gss_error(maj_stat, min_stat);
- ret = AUTH_GSS_ERROR;
- goto end;
- }
+ if (GSS_ERROR(maj_stat)) {
+ set_gss_error(maj_stat, min_stat);
+ ret = AUTH_GSS_ERROR;
+ goto end;
+ }
+ }
// Get credentials
maj_stat = gss_acquire_cred(
- &min_stat, GSS_C_NO_NAME, GSS_C_INDEFINITE, GSS_C_NO_OID_SET,
- GSS_C_BOTH, &state->server_creds, NULL, NULL
+ &min_stat, state->server_name, GSS_C_INDEFINITE, GSS_C_NO_OID_SET,
+ cred_usage, &state->server_creds, NULL, NULL
);
if (GSS_ERROR(maj_stat)) {
@@ -630,6 +697,12 @@
if (challenge && *challenge) {
size_t len;
input_token.value = base64_decode(challenge, &len);
+ if (input_token.value == NULL)
+ {
+ PyErr_NoMemory();
+ ret = AUTH_GSS_ERROR;
+ goto end;
+ }
input_token.length = len;
} else {
PyErr_SetString(
@@ -665,7 +738,13 @@
if (output_token.length) {
state->response = base64_encode(
(const unsigned char *)output_token.value, output_token.length
- );;
+ );
+ if (state->response == NULL)
+ {
+ PyErr_NoMemory();
+ ret = AUTH_GSS_ERROR;
+ goto end;
+ }
maj_stat = gss_release_buffer(&min_stat, &output_token);
}
@@ -679,6 +758,12 @@
goto end;
}
state->username = (char *)malloc(output_token.length + 1);
+ if (state->username == NULL)
+ {
+ PyErr_NoMemory();
+ ret = AUTH_GSS_ERROR;
+ goto end;
+ }
strncpy(state->username, (char*) output_token.value, output_token.length);
state->username[output_token.length] = 0;
@@ -703,6 +788,12 @@
goto end;
}
state->targetname = (char *)malloc(output_token.length + 1);
+ if (state->targetname == NULL)
+ {
+ PyErr_NoMemory();
+ ret = AUTH_GSS_ERROR;
+ goto end;
+ }
strncpy(
state->targetname, (char*) output_token.value, output_token.length
);
@@ -906,6 +997,10 @@
}
state->ccname = (char *)malloc(32*sizeof(char));
+ if (state->ccname == NULL) {
+ PyErr_NoMemory();
+ return 1;
+ }
strcpy(state->ccname, ccname);
return ret;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kerberos-1.2.2/src/kerberosgss.h
new/kerberos-1.2.5/src/kerberosgss.h
--- old/kerberos-1.2.2/src/kerberosgss.h 2015-03-27 00:15:29.000000000
+0100
+++ new/kerberos-1.2.5/src/kerberosgss.h 2016-01-25 18:51:33.000000000
+0100
@@ -1,5 +1,5 @@
/**
- * Copyright (c) 2006-2015 Apple Inc. All rights reserved.
+ * Copyright (c) 2006-2016 Apple Inc. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -31,6 +31,7 @@
typedef struct {
gss_ctx_id_t context;
gss_name_t server_name;
+ gss_OID mech_oid;
long int gss_flags;
gss_cred_id_t client_creds;
char* username;
@@ -54,7 +55,7 @@
int authenticate_gss_client_init(
const char* service, const char* principal, long int gss_flags,
- gss_server_state* delegatestate, gss_client_state* state
+ gss_server_state* delegatestate, gss_OID mech_oid, gss_client_state* state
);
int authenticate_gss_client_clean(
gss_client_state *state
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kerberos-1.2.2/src/kerberospw.c
new/kerberos-1.2.5/src/kerberospw.c
--- old/kerberos-1.2.2/src/kerberospw.c 2015-03-26 22:53:06.000000000 +0100
+++ new/kerberos-1.2.5/src/kerberospw.c 2016-01-25 18:51:33.000000000 +0100
@@ -86,6 +86,7 @@
krb5_principal client = NULL;
krb5_creds creds;
int ret = 0;
+ int bytes = 0;
char *name = NULL;
const char* service = "kadmin/changepw";
@@ -104,6 +105,11 @@
}
name = (char *)malloc(256);
+ if (name == NULL)
+ {
+ PyErr_NoMemory();
+ goto end;
+ }
snprintf(name, 256, "%s", user);
code = krb5_parse_name(kcontext, name, &client);
@@ -125,18 +131,25 @@
}
if (result_code) {
char *message = NULL;
- asprintf(
+ bytes = asprintf(
&message, "%.*s: %.*s",
(int) result_code_string.length,
(char *) result_code_string.data,
(int) result_string.length,
(char *) result_string.data
);
- PyErr_SetObject(
- PwdChangeException_class,
- Py_BuildValue("((s:i))", message, result_code)
- );
- free(message);
+ if (bytes == -1)
+ {
+ PyErr_NoMemory();
+ }
+ else
+ {
+ PyErr_SetObject(
+ PwdChangeException_class,
+ Py_BuildValue("((s:i))", message, result_code)
+ );
+ free(message);
+ }
goto end;
}
