mirror of
https://github.com/samba-team/samba.git
synced 2025-03-09 08:58:35 +03:00
hdb-ldb: fix the callers after drsblobs.idl changes
metze (This used to be commit 1223cd17c79d130b46b0e0ccb0f6011c92441173)
This commit is contained in:
Stefan Metzmacher
parent
0c8fb9361e
commit
79657f78e8
@ -191,11 +191,10 @@ static krb5_error_code LDB_message2entry_keys(krb5_context context,
|
||||
const struct ldb_val *sc_val;
|
||||
struct supplementalCredentialsBlob scb;
|
||||
struct supplementalCredentialsPackage *scpk = NULL;
|
||||
struct supplementalCredentialsPackage *scpkn = NULL;
|
||||
bool newer_keys = false;
|
||||
struct package_PrimaryKerberosBlob _pkb;
|
||||
struct package_PrimaryKerberosCtr3 *pkb3 = NULL;
|
||||
struct package_PrimaryKerberosNewerBlob _pknb;
|
||||
struct package_PrimaryKerberosNewerCtr4 *pkb4 = NULL;
|
||||
struct package_PrimaryKerberosCtr4 *pkb4 = NULL;
|
||||
uint32_t i;
|
||||
uint32_t allocated_keys = 0;
|
||||
|
||||
@ -232,11 +231,12 @@ static krb5_error_code LDB_message2entry_keys(krb5_context context,
|
||||
|
||||
for (i=0; i < scb.sub.num_packages; i++) {
|
||||
if (strcmp("Primary:Kerberos-Newer-Keys", scb.sub.packages[i].name) == 0) {
|
||||
scpkn = &scb.sub.packages[i];
|
||||
if (!scpkn->data || !scpkn->data[0]) {
|
||||
scpkn = NULL;
|
||||
scpk = &scb.sub.packages[i];
|
||||
if (!scpk->data || !scpk->data[0]) {
|
||||
scpk = NULL;
|
||||
continue;
|
||||
}
|
||||
newer_keys = true;
|
||||
break;
|
||||
} else if (strcmp("Primary:Kerberos", scb.sub.packages[i].name) == 0) {
|
||||
scpk = &scb.sub.packages[i];
|
||||
@ -250,39 +250,11 @@ static krb5_error_code LDB_message2entry_keys(krb5_context context,
|
||||
}
|
||||
}
|
||||
}
|
||||
/* Primary:Kerberos-Newer-Keys element of supplementalCredentials */
|
||||
if (scpkn) {
|
||||
DATA_BLOB blob;
|
||||
|
||||
blob = strhex_to_data_blob(scpkn->data);
|
||||
if (!blob.data) {
|
||||
ret = ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
talloc_steal(mem_ctx, blob.data);
|
||||
|
||||
/* TODO: use ndr_pull_struct_blob_all(), when the ndr layer handles it correct with relative pointers */
|
||||
ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, iconv_convenience, &_pknb,
|
||||
(ndr_pull_flags_fn_t)ndr_pull_package_PrimaryKerberosNewerBlob);
|
||||
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
|
||||
krb5_set_error_string(context, "LDB_message2entry_keys: could not parse package_PrimaryKerberosNewerBlob");
|
||||
krb5_warnx(context, "LDB_message2entry_keys: could not parse package_PrimaryKerberosNewerBlob");
|
||||
ret = EINVAL;
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (_pknb.version != 4) {
|
||||
krb5_set_error_string(context, "LDB_message2entry_keys: could not parse PrimaryKerberosNewer not version 4");
|
||||
krb5_warnx(context, "LDB_message2entry_keys: could not parse PrimaryKerberosNewer not version 4");
|
||||
ret = EINVAL;
|
||||
goto out;
|
||||
}
|
||||
|
||||
pkb4 = &_pknb.ctr.ctr4;
|
||||
|
||||
allocated_keys += pkb4->num_keys;
|
||||
} else if (scpk) {
|
||||
/* Fallback to Primary:Kerberos element of supplementalCredentials */
|
||||
/*
|
||||
* Primary:Kerberos-Newer-Keys or Primary:Kerberos element
|
||||
* of supplementalCredentials
|
||||
*/
|
||||
if (scpk) {
|
||||
DATA_BLOB blob;
|
||||
|
||||
blob = strhex_to_data_blob(scpk->data);
|
||||
@ -302,16 +274,27 @@ static krb5_error_code LDB_message2entry_keys(krb5_context context,
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (_pkb.version != 3) {
|
||||
krb5_set_error_string(context, "LDB_message2entry_keys: could not parse PrimaryKerberos not version 3");
|
||||
krb5_warnx(context, "LDB_message2entry_keys: could not parse PrimaryKerberos not version 3");
|
||||
if (newer_keys && _pkb.version != 4) {
|
||||
krb5_set_error_string(context, "LDB_message2entry_keys: Primary:Kerberos-Newer-Keys not version 4");
|
||||
krb5_warnx(context, "LDB_message2entry_keys: Primary:Kerberos-Newer-Keys not version 4");
|
||||
ret = EINVAL;
|
||||
goto out;
|
||||
}
|
||||
|
||||
pkb3 = &_pkb.ctr.ctr3;
|
||||
|
||||
allocated_keys += pkb3->num_keys;
|
||||
if (!newer_keys && _pkb.version != 3) {
|
||||
krb5_set_error_string(context, "LDB_message2entry_keys: could not parse Primary:Kerberos not version 3");
|
||||
krb5_warnx(context, "LDB_message2entry_keys: could not parse Primary:Kerberos not version 3");
|
||||
ret = EINVAL;
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (_pkb.version == 4) {
|
||||
pkb4 = &_pkb.ctr.ctr4;
|
||||
allocated_keys += pkb4->num_keys;
|
||||
} else if (_pkb.version == 3) {
|
||||
pkb3 = &_pkb.ctr.ctr3;
|
||||
allocated_keys += pkb3->num_keys;
|
||||
}
|
||||
}
|
||||
|
||||
if (allocated_keys == 0) {
|
||||
@ -391,6 +374,8 @@ static krb5_error_code LDB_message2entry_keys(krb5_context context,
|
||||
}
|
||||
}
|
||||
|
||||
/* TODO: maybe pass the iteration_count somehow... */
|
||||
|
||||
ret = krb5_keyblock_init(context,
|
||||
pkb4->keys[i].keytype,
|
||||
pkb4->keys[i].value->data,
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user