sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-26 18:50:30 +03:00
Code

r12269: Update to current lorikeet-heimdal. This changed the way the hdb

Browse Source 
interface worked, so hdb-ldb.c and the glue have been updated.

Andrew Bartlett
(This used to be commit 8fd5224c6b5c17c3a2c04c7366b7e367012db77e)
This commit is contained in:
Andrew Bartlett 2005-12-15 20:38:24 +00:00 committed by Gerald (Jerry) Carter
parent d8966dcd7e
commit fbf106f670
32 changed files with 949 additions and 742 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
source4/heimdal/kdc/524.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997-2005 Kungliga Tekniska Högskolan
* Copyright (c) 1997-2005 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,7 @@
#include "kdc_locl.h"
RCSID("$Id: 524.c,v 1.34 2005/06/30 01:47:35 lha Exp $");
RCSID("$Id: 524.c,v 1.35 2005/12/13 19:42:37 lha Exp $");
#include <krb5-v4compat.h>
@ -47,7 +47,7 @@ fetch_server (krb5_context context,
krb5_kdc_configuration *config,
const Ticket *t,
char **spn,
hdb_entry **server,
hdb_entry_ex **server,
const char *from)
{
krb5_error_code ret;
@ -221,7 +221,7 @@ static krb5_error_code
encode_524_response(krb5_context context,
krb5_kdc_configuration *config,
const char *spn, const EncTicketPart et,
const Ticket *t, hdb_entry *server,
const Ticket *t, hdb_entry_ex *server,
EncryptedData *ticket, int *kvno)
{
krb5_error_code ret;
@ -274,7 +274,7 @@ encode_524_response(krb5_context context,
"Failed to encrypt v4 ticket (%s)", spn);
return ret;
}
*kvno = server->kvno;
*kvno = server->entry.kvno;
}
return 0;
@ -293,7 +293,7 @@ _kdc_do_524(krb5_context context,
{
krb5_error_code ret = 0;
krb5_crypto crypto;
hdb_entry *server = NULL;
hdb_entry_ex *server = NULL;
Key *skey;
krb5_data et_data;
EncTicketPart et;
@ -316,7 +316,7 @@ _kdc_do_524(krb5_context context,
goto out;
}
ret = hdb_enctype2key(context, server, t->enc_part.etype, &skey);
ret = hdb_enctype2key(context, &server->entry, t->enc_part.etype, &skey);
if(ret){
kdc_log(context, config, 0,
"No suitable key found for server (%s) from %s", spn, from);

46
source4/heimdal/kdc/kaserver.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,7 @@
#include "kdc_locl.h"
RCSID("$Id: kaserver.c,v 1.30 2005/06/30 01:49:39 lha Exp $");
RCSID("$Id: kaserver.c,v 1.31 2005/12/13 19:44:27 lha Exp $");
#include <krb5-v4compat.h>
#include <rx.h>
@ -404,8 +404,8 @@ do_authenticate (krb5_context context,
time_t end_time;
krb5_data request;
int32_t max_seq_len;
hdb_entry *client_entry = NULL;
hdb_entry *server_entry = NULL;
hdb_entry_ex *client_entry = NULL;
hdb_entry_ex *server_entry = NULL;
Key *ckey = NULL;
Key *skey = NULL;
krb5_storage *reply_sp;
@ -453,8 +453,8 @@ do_authenticate (krb5_context context,
}
ret = _kdc_check_flags (context, config,
client_entry, client_name,
server_entry, server_name,
&client_entry->entry, client_name,
&server_entry->entry, server_name,
TRUE);
if (ret) {
make_error_reply (hdr, KAPWEXPIRED, reply);
@ -516,17 +516,17 @@ do_authenticate (krb5_context context,
time skew between client and server. Let's make sure it is postive */
if(max_life < 1)
max_life = 1;
if (client_entry->max_life)
max_life = min(max_life, *client_entry->max_life);
if (server_entry->max_life)
max_life = min(max_life, *server_entry->max_life);
if (client_entry->entry.max_life)
max_life = min(max_life, *client_entry->entry.max_life);
if (server_entry->entry.max_life)
max_life = min(max_life, *server_entry->entry.max_life);
life = krb_time_to_life(kdc_time, kdc_time + max_life);
create_reply_ticket (context,
hdr, skey,
name, instance, config->v4_realm,
addr, life, server_entry->kvno,
addr, life, server_entry->entry.kvno,
max_seq_len,
"krbtgt", config->v4_realm,
chal + 1, "tgsT",
@ -618,9 +618,9 @@ do_getticket (krb5_context context,
char *instance = NULL;
krb5_data times;
int32_t max_seq_len;
hdb_entry *server_entry = NULL;
hdb_entry *client_entry = NULL;
hdb_entry *krbtgt_entry = NULL;
hdb_entry_ex *server_entry = NULL;
hdb_entry_ex *client_entry = NULL;
hdb_entry_ex *krbtgt_entry = NULL;
Key *kkey = NULL;
Key *skey = NULL;
DES_cblock key;
@ -752,8 +752,8 @@ do_getticket (krb5_context context,
}
ret = _kdc_check_flags (context, config,
client_entry, client_name,
server_entry, server_name,
&client_entry->entry, client_name,
&server_entry->entry, server_name,
FALSE);
if (ret) {
make_error_reply (hdr, KAPWEXPIRED, reply);
@ -789,21 +789,21 @@ do_getticket (krb5_context context,
time skew between client and server. Let's make sure it is postive */
if(max_life < 1)
max_life = 1;
if (krbtgt_entry->max_life)
max_life = min(max_life, *krbtgt_entry->max_life);
if (server_entry->max_life)
max_life = min(max_life, *server_entry->max_life);
if (krbtgt_entry->entry.max_life)
max_life = min(max_life, *krbtgt_entry->entry.max_life);
if (server_entry->entry.max_life)
max_life = min(max_life, *server_entry->entry.max_life);
/* if this is a cross realm request, the client_entry will likely
be NULL */
if (client_entry && client_entry->max_life)
max_life = min(max_life, *client_entry->max_life);
if (client_entry && client_entry->entry.max_life)
max_life = min(max_life, *client_entry->entry.max_life);
life = _krb5_krb_time_to_life(kdc_time, kdc_time + max_life);
create_reply_ticket (context,
hdr, skey,
ad.pname, ad.pinst, ad.prealm,
addr, life, server_entry->kvno,
addr, life, server_entry->entry.kvno,
max_seq_len,
name, instance,
0, "gtkt",

151
source4/heimdal/kdc/kdc-private.h Normal file
View File

@ -0,0 +1,151 @@
/* This is a generated file */
#ifndef __kdc_private_h__
#define __kdc_private_h__
#include <stdarg.h>
krb5_error_code
_kdc_as_rep (
krb5_context /*context*/,
krb5_kdc_configuration */*config*/,
KDC_REQ */*req*/,
const krb5_data */*req_buffer*/,
krb5_data */*reply*/,
const char */*from*/,
struct sockaddr */*from_addr*/);
krb5_error_code
_kdc_check_flags (
krb5_context /*context*/,
krb5_kdc_configuration */*config*/,
hdb_entry */*client*/,
const char */*client_name*/,
hdb_entry */*server*/,
const char */*server_name*/,
krb5_boolean /*is_as_req*/);
krb5_error_code
_kdc_db_fetch (
krb5_context /*context*/,
krb5_kdc_configuration */*config*/,
krb5_principal /*principal*/,
enum hdb_ent_type,
hdb_entry_ex **/*h*/);
krb5_error_code
_kdc_db_fetch4 (
krb5_context /*context*/,
krb5_kdc_configuration */*config*/,
const char */*name*/,
const char */*instance*/,
const char */*realm*/,
enum hdb_ent_type /*ent_type*/,
hdb_entry_ex **/*ent*/);
krb5_error_code
_kdc_do_524 (
krb5_context /*context*/,
krb5_kdc_configuration */*config*/,
const Ticket */*t*/,
krb5_data */*reply*/,
const char */*from*/,
struct sockaddr */*addr*/);
krb5_error_code
_kdc_do_kaserver (
krb5_context /*context*/,
krb5_kdc_configuration */*config*/,
unsigned char */*buf*/,
size_t /*len*/,
krb5_data */*reply*/,
const char */*from*/,
struct sockaddr_in */*addr*/);
krb5_error_code
_kdc_do_version4 (
krb5_context /*context*/,
krb5_kdc_configuration */*config*/,
unsigned char */*buf*/,
size_t /*len*/,
krb5_data */*reply*/,
const char */*from*/,
struct sockaddr_in */*addr*/);
krb5_error_code
_kdc_encode_v4_ticket (
krb5_context /*context*/,
krb5_kdc_configuration */*config*/,
void */*buf*/,
size_t /*len*/,
const EncTicketPart */*et*/,
const PrincipalName */*service*/,
size_t */*size*/);
void
_kdc_free_ent (
krb5_context /*context*/,
hdb_entry_ex */*ent*/);
krb5_error_code
_kdc_get_des_key (
krb5_context /*context*/,
hdb_entry_ex */*principal*/,
krb5_boolean /*is_server*/,
krb5_boolean /*prefer_afs_key*/,
Key **/*ret_key*/);
int
_kdc_maybe_version4 (
unsigned char */*buf*/,
int /*len*/);
krb5_error_code
_kdc_pk_check_client (
krb5_context /*context*/,
krb5_kdc_configuration */*config*/,
krb5_principal /*client_princ*/,
const hdb_entry */*client*/,
pk_client_params */*client_params*/,
char **/*subject_name*/);
void
_kdc_pk_free_client_param (
krb5_context /*context*/,
pk_client_params */*client_params*/);
krb5_error_code
_kdc_pk_initialize (
krb5_context /*context*/,
krb5_kdc_configuration */*config*/,
const char */*user_id*/,
const char */*x509_anchors*/);
krb5_error_code
_kdc_pk_mk_pa_reply (
krb5_context /*context*/,
krb5_kdc_configuration */*config*/,
pk_client_params */*client_params*/,
const hdb_entry */*client*/,
const KDC_REQ */*req*/,
const krb5_data */*req_buffer*/,
krb5_keyblock **/*reply_key*/,
METHOD_DATA */*md*/);
krb5_error_code
_kdc_pk_rd_padata (
krb5_context /*context*/,
krb5_kdc_configuration */*config*/,
KDC_REQ */*req*/,
PA_DATA */*pa*/,
pk_client_params **/*ret_params*/);
krb5_error_code
_kdc_tgs_rep (
krb5_context /*context*/,
krb5_kdc_configuration */*config*/,
KDC_REQ */*req*/,
krb5_data */*data*/,
const char */*from*/,
struct sockaddr */*from_addr*/);
#endif /* __kdc_private_h__ */

26
source4/heimdal/kdc/kdc_locl.h
View File

@ -32,7 +32,7 @@
*/
/*
* $Id: kdc_locl.h,v 1.73 2005/08/15 11:07:25 lha Exp $
* $Id: kdc_locl.h,v 1.74 2005/12/12 12:23:33 lha Exp $
*/
#ifndef __KDC_LOCL_H__
@ -41,6 +41,9 @@
#include "headers.h"
#include "kdc.h"
typedef struct pk_client_params pk_client_params;
#include <kdc-private.h>
extern sig_atomic_t exit_flag;
extern size_t max_request;
extern const char *port_str;
@ -68,20 +71,13 @@ krb5_kdc_configuration *
configure(krb5_context context, int argc, char **argv);
krb5_error_code
_kdc_db_fetch(krb5_context, krb5_kdc_configuration *,
krb5_principal, enum hdb_ent_type, hdb_entry **);
krb5_error_code
_kdc_db_fetch_ex(krb5_context context,
krb5_kdc_configuration *config,
krb5_principal principal, enum hdb_ent_type ent_type,
hdb_entry_ex **h);
_kdc_db_fetch(krb5_context context,
krb5_kdc_configuration *config,
krb5_principal principal, enum hdb_ent_type ent_type,
hdb_entry_ex **h);
void
_kdc_free_ent(krb5_context context, hdb_entry *);
void
_kdc_free_ent_ex(krb5_context context, hdb_entry_ex *ent);
_kdc_free_ent(krb5_context context, hdb_entry_ex *ent);
void
loop(krb5_context context, krb5_kdc_configuration *config);
@ -99,7 +95,7 @@ _kdc_check_flags(krb5_context context,
krb5_boolean is_as_req);
krb5_error_code
_kdc_get_des_key(krb5_context context, hdb_entry*,
_kdc_get_des_key(krb5_context context, hdb_entry_ex*,
krb5_boolean, krb5_boolean, Key**);
krb5_error_code
@ -145,7 +141,7 @@ void _kdc_pk_free_client_param(krb5_context, pk_client_params *);
krb5_error_code
_kdc_db_fetch4 (krb5_context context,
krb5_kdc_configuration *config,
const char*, const char*, const char*, enum hdb_ent_type, hdb_entry**);
const char*, const char*, const char*, enum hdb_ent_type, hdb_entry_ex**);
krb5_error_code
_kdc_do_version4 (krb5_context context,

58
source4/heimdal/kdc/kerberos4.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -35,7 +35,7 @@
#include <krb5-v4compat.h>
RCSID("$Id: kerberos4.c,v 1.54 2005/06/30 01:51:43 lha Exp $");
RCSID("$Id: kerberos4.c,v 1.56 2005/12/13 19:44:01 lha Exp $");
#ifndef swap32
static u_int32_t
@ -70,7 +70,7 @@ valid_princ(krb5_context context,
krb5_kdc_configuration *config = funcctx;
krb5_error_code ret;
char *s;
hdb_entry *ent;
hdb_entry_ex *ent;
ret = krb5_unparse_name(context, princ, &s);
if (ret)
@ -93,7 +93,7 @@ _kdc_db_fetch4(krb5_context context,
krb5_kdc_configuration *config,
const char *name, const char *instance, const char *realm,
enum hdb_ent_type ent_type,
hdb_entry **ent)
hdb_entry_ex **ent)
{
krb5_principal p;
krb5_error_code ret;
@ -126,7 +126,7 @@ _kdc_do_version4(krb5_context context,
{
krb5_storage *sp;
krb5_error_code ret;
hdb_entry *client = NULL, *server = NULL;
hdb_entry_ex *client = NULL, *server = NULL;
Key *ckey, *skey;
int8_t pvno;
int8_t msg_type;
@ -201,8 +201,8 @@ _kdc_do_version4(krb5_context context,
}
ret = _kdc_check_flags (context, config,
client, client_name,
server, server_name,
&client->entry, client_name,
&server->entry, server_name,
TRUE);
if (ret) {
/* good error code? */
@ -217,8 +217,8 @@ _kdc_do_version4(krb5_context context,
*/
if (config->require_preauth
|| client->flags.require_preauth
|| server->flags.require_preauth) {
|| client->entry.flags.require_preauth
|| server->entry.flags.require_preauth) {
kdc_log(context, config, 0,
"Pre-authentication required for v4-request: "
"%s for %s",
@ -240,7 +240,7 @@ _kdc_do_version4(krb5_context context,
/* this is not necessary with the new code in libkrb */
/* find a properly salted key */
while(ckey->salt == NULL || ckey->salt->salt.length != 0)
ret = hdb_next_keytype2key(context, client, KEYTYPE_DES, &ckey);
ret = hdb_next_keytype2key(context, &client->entry, KEYTYPE_DES, &ckey);
if(ret){
kdc_log(context, config, 0, "No version-4 salted key in database -- %s.%s@%s",
name, inst, realm);
@ -260,10 +260,10 @@ _kdc_do_version4(krb5_context context,
}
max_life = _krb5_krb_life_to_time(0, life);
if(client->max_life)
max_life = min(max_life, *client->max_life);
if(server->max_life)
max_life = min(max_life, *server->max_life);
if(client->entry.max_life)
max_life = min(max_life, *client->entry.max_life);
if(server->entry.max_life)
max_life = min(max_life, *server->entry.max_life);
life = krb_time_to_life(kdc_time, kdc_time + max_life);
@ -302,7 +302,7 @@ _kdc_do_version4(krb5_context context,
sinst,
config->v4_realm,
life,
server->kvno % 255,
server->entry.kvno % 255,
&ticket,
kdc_time,
&ckey->key,
@ -321,8 +321,8 @@ _kdc_do_version4(krb5_context context,
realm,
req_time,
0,
client->pw_end ? *client->pw_end : 0,
client->kvno % 256,
client->entry.pw_end ? *client->entry.pw_end : 0,
client->entry.kvno % 256,
&cipher,
reply);
krb5_data_free(&cipher);
@ -339,7 +339,7 @@ _kdc_do_version4(krb5_context context,
int32_t address;
size_t pos;
krb5_principal tgt_princ = NULL;
hdb_entry *tgt = NULL;
hdb_entry_ex *tgt = NULL;
Key *tkey;
time_t max_end, actual_end, issue_time;
@ -373,10 +373,10 @@ _kdc_do_version4(krb5_context context,
goto out2;
}
if(tgt->kvno % 256 != kvno){
if(tgt->entry.kvno % 256 != kvno){
kdc_log(context, config, 0,
"tgs-req (krb4) with old kvno %d (current %d) for "
"krbtgt.%s@%s", kvno, tgt->kvno % 256,
"krbtgt.%s@%s", kvno, tgt->entry.kvno % 256,
realm, config->v4_realm);
make_err_reply(context, reply, KDC_AUTH_EXP,
"old krbtgt kvno used");
@ -489,8 +489,8 @@ _kdc_do_version4(krb5_context context,
}
ret = _kdc_check_flags (context, config,
client, client_name,
server, server_name,
&client->entry, client_name,
&server->entry, server_name,
FALSE);
if (ret) {
/* good error code? */
@ -511,10 +511,10 @@ _kdc_do_version4(krb5_context context,
max_end = _krb5_krb_life_to_time(ad.time_sec, ad.life);
max_end = min(max_end, _krb5_krb_life_to_time(kdc_time, life));
if(server->max_life)
max_end = min(max_end, kdc_time + *server->max_life);
if(client && client->max_life)
max_end = min(max_end, kdc_time + *client->max_life);
if(server->entry.max_life)
max_end = min(max_end, kdc_time + *server->entry.max_life);
if(client && client->entry.max_life)
max_end = min(max_end, kdc_time + *client->entry.max_life);
life = min(life, krb_time_to_life(kdc_time, max_end));
issue_time = kdc_time;
@ -571,7 +571,7 @@ _kdc_do_version4(krb5_context context,
sinst,
config->v4_realm,
life,
server->kvno % 255,
server->entry.kvno % 255,
&ticket,
issue_time,
&ad.session,
@ -721,7 +721,7 @@ _kdc_encode_v4_ticket(krb5_context context,
krb5_error_code
_kdc_get_des_key(krb5_context context,
hdb_entry *principal, krb5_boolean is_server,
hdb_entry_ex *principal, krb5_boolean is_server,
krb5_boolean prefer_afs_key, Key **ret_key)
{
Key *v5_key = NULL, *v4_key = NULL, *afs_key = NULL, *server_key = NULL;
@ -736,7 +736,7 @@ _kdc_get_des_key(krb5_context context,
afs_key == NULL || server_key == NULL);
++i) {
Key *key = NULL;
while(hdb_next_enctype2key(context, principal, etypes[i], &key) == 0) {
while(hdb_next_enctype2key(context, &principal->entry, etypes[i], &key) == 0) {
if(key->salt == NULL) {
if(v5_key == NULL)
v5_key = key;

135
source4/heimdal/kdc/kerberos5.c
View File

@ -33,7 +33,7 @@
#include "kdc_locl.h"
RCSID("$Id: kerberos5.c,v 1.198 2005/11/28 20:33:57 lha Exp $");
RCSID("$Id: kerberos5.c,v 1.201 2005/12/14 12:17:58 lha Exp $");
#define MAX_TIME ((time_t)((1U << 31) - 1))
@ -88,7 +88,7 @@ find_padata(KDC_REQ *req, int *start, int type)
*/
static krb5_error_code
find_etype(krb5_context context, hdb_entry *princ,
find_etype(krb5_context context, const hdb_entry_ex *princ,
krb5_enctype *etypes, unsigned len,
Key **ret_key, krb5_enctype *ret_etype)
{
@ -101,7 +101,7 @@ find_etype(krb5_context context, hdb_entry *princ,
if (krb5_enctype_valid(context, etypes[i]) != 0)
continue;
while (hdb_next_enctype2key(context, princ, etypes[i], &key) == 0) {
while (hdb_next_enctype2key(context, &princ->entry, etypes[i], &key) == 0) {
if (key->key.keyvalue.length == 0) {
ret = KRB5KDC_ERR_NULL_KEY;
continue;
@ -119,8 +119,8 @@ find_etype(krb5_context context, hdb_entry *princ,
static krb5_error_code
find_keys(krb5_context context,
krb5_kdc_configuration *config,
hdb_entry *client,
hdb_entry *server,
const hdb_entry_ex *client,
const hdb_entry_ex *server,
Key **ckey,
krb5_enctype *cetype,
Key **skey,
@ -136,7 +136,7 @@ find_keys(krb5_context context,
/* find client key */
ret = find_etype(context, client, etypes, num_etypes, ckey, cetype);
if (ret) {
if (krb5_unparse_name(context, client->principal, &name) != 0)
if (krb5_unparse_name(context, client->entry.principal, &name) != 0)
name = unparse_name;
kdc_log(context, config, 0,
"Client (%s) has no support for etypes", name);
@ -150,7 +150,7 @@ find_keys(krb5_context context,
/* find server key */
ret = find_etype(context, server, etypes, num_etypes, skey, setype);
if (ret) {
if (krb5_unparse_name(context, server->principal, &name) != 0)
if (krb5_unparse_name(context, server->entry.principal, &name) != 0)
name = unparse_name;
kdc_log(context, config, 0,
"Server (%s) has no support for etypes", name);
@ -805,7 +805,7 @@ _kdc_as_rep(krb5_context context,
AS_REP rep;
KDCOptions f = b->kdc_options;
hdb_entry_ex *client = NULL;
hdb_entry *server = NULL;
hdb_entry_ex *server = NULL;
krb5_enctype cetype, setype;
EncTicketPart et;
EncKDCRepPart ek;
@ -851,7 +851,7 @@ _kdc_as_rep(krb5_context context,
kdc_log(context, config, 0, "AS-REQ %s from %s for %s",
client_name, from, server_name);
ret = _kdc_db_fetch_ex(context, config, client_princ, HDB_ENT_TYPE_CLIENT, &client);
ret = _kdc_db_fetch(context, config, client_princ, HDB_ENT_TYPE_CLIENT, &client);
if(ret){
kdc_log(context, config, 0, "UNKNOWN -- %s: %s", client_name,
krb5_get_err_text(context, ret));
@ -869,7 +869,7 @@ _kdc_as_rep(krb5_context context,
ret = _kdc_check_flags(context, config,
&client->entry, client_name,
server, server_name,
&server->entry, server_name,
TRUE);
if(ret)
goto out;
@ -920,7 +920,7 @@ _kdc_as_rep(krb5_context context,
ret = _kdc_pk_check_client(context,
config,
client_princ,
&client->entry,
client,
pkp,
&client_cert);
if (ret) {
@ -969,7 +969,8 @@ _kdc_as_rep(krb5_context context,
goto out;
}
ret = hdb_enctype2key(context, &client->entry, enc_data.etype, &pa_key);
ret = hdb_enctype2key(context, &client->entry,
enc_data.etype, &pa_key);
if(ret){
char *estr;
e_text = "No key matches pa-data";
@ -1076,7 +1077,7 @@ _kdc_as_rep(krb5_context context,
}
}else if (config->require_preauth
|| client->entry.flags.require_preauth
|| server->flags.require_preauth) {
|| server->entry.flags.require_preauth) {
METHOD_DATA method_data;
PA_DATA *pa;
unsigned char *buf;
@ -1110,11 +1111,12 @@ _kdc_as_rep(krb5_context context,
*/
/* XXX check ret */
if (only_older_enctype_p(req))
ret = get_pa_etype_info(context, config, &method_data, &client->entry,
ret = get_pa_etype_info(context, config,
&method_data, &client->entry,
b->etype.val, b->etype.len);
/* XXX check ret */
ret = get_pa_etype_info2(context, config, &method_data, &client->entry,
b->etype.val, b->etype.len);
ret = get_pa_etype_info2(context, config, &method_data,
&client->entry, b->etype.val, b->etype.len);
ASN1_MALLOC_ENCODE(METHOD_DATA, buf, len, &method_data, &len, ret);
@ -1141,7 +1143,7 @@ _kdc_as_rep(krb5_context context,
}
ret = find_keys(context, config,
&client->entry, server, &ckey, &cetype, &skey, &setype,
client, server, &ckey, &cetype, &skey, &setype,
b->etype.val, b->etype.len);
if(ret) {
kdc_log(context, config, 0, "Server/client has no support for etypes");
@ -1213,12 +1215,12 @@ _kdc_as_rep(krb5_context context,
_krb5_principal2principalname(&rep.cname,
client->entry.principal);
rep.ticket.tkt_vno = 5;
copy_Realm(&server->principal->realm, &rep.ticket.realm);
copy_Realm(&server->entry.principal->realm, &rep.ticket.realm);
_krb5_principal2principalname(&rep.ticket.sname,
server->principal);
server->entry.principal);
et.flags.initial = 1;
if(client->entry.flags.forwardable && server->flags.forwardable)
if(client->entry.flags.forwardable && server->entry.flags.forwardable)
et.flags.forwardable = f.forwardable;
else if (f.forwardable) {
ret = KRB5KDC_ERR_POLICY;
@ -1226,7 +1228,7 @@ _kdc_as_rep(krb5_context context,
"Ticket may not be forwardable -- %s", client_name);
goto out;
}
if(client->entry.flags.proxiable && server->flags.proxiable)
if(client->entry.flags.proxiable && server->entry.flags.proxiable)
et.flags.proxiable = f.proxiable;
else if (f.proxiable) {
ret = KRB5KDC_ERR_POLICY;
@ -1234,7 +1236,7 @@ _kdc_as_rep(krb5_context context,
"Ticket may not be proxiable -- %s", client_name);
goto out;
}
if(client->entry.flags.postdate && server->flags.postdate)
if(client->entry.flags.postdate && server->entry.flags.postdate)
et.flags.may_postdate = f.allow_postdate;
else if (f.allow_postdate){
ret = KRB5KDC_ERR_POLICY;
@ -1274,8 +1276,8 @@ _kdc_as_rep(krb5_context context,
if(client->entry.max_life)
t = start + min(t - start, *client->entry.max_life);
if(server->max_life)
t = start + min(t - start, *server->max_life);
if(server->entry.max_life)
t = start + min(t - start, *server->entry.max_life);
#if 0
t = min(t, start + realm->max_life);
#endif
@ -1295,8 +1297,8 @@ _kdc_as_rep(krb5_context context,
t = MAX_TIME;
if(client->entry.max_renew)
t = start + min(t - start, *client->entry.max_renew);
if(server->max_renew)
t = start + min(t - start, *server->max_renew);
if(server->entry.max_renew)
t = start + min(t - start, *server->entry.max_renew);
#if 0
t = min(t, start + realm->max_renew);
#endif
@ -1352,7 +1354,8 @@ _kdc_as_rep(krb5_context context,
ALLOC(ek.key_expiration);
if (client->entry.valid_end) {
if (client->entry.pw_end)
*ek.key_expiration = min(*client->entry.valid_end, *client->entry.pw_end);
*ek.key_expiration = min(*client->entry.valid_end,
*client->entry.pw_end);
else
*ek.key_expiration = *client->entry.valid_end;
} else
@ -1415,7 +1418,7 @@ _kdc_as_rep(krb5_context context,
et.endtime, et.renew_till);
ret = encode_reply(context, config,
&rep, &et, &ek, setype, server->kvno, &skey->key,
&rep, &et, &ek, setype, server->entry.kvno, &skey->key,
client->entry.kvno, reply_key, &e_text, reply);
free_EncTicketPart(&et);
free_EncKDCRepPart(&ek);
@ -1445,7 +1448,7 @@ _kdc_as_rep(krb5_context context,
krb5_free_principal(context, server_princ);
free(server_name);
if(client)
_kdc_free_ent_ex(context, client);
_kdc_free_ent(context, client);
if(server)
_kdc_free_ent(context, server);
return ret;
@ -1697,9 +1700,9 @@ tgs_make_reply(krb5_context context,
AuthorizationData *auth_data,
krb5_ticket *tgs_ticket,
hdb_entry_ex *server,
hdb_entry *client,
hdb_entry_ex *client,
krb5_principal client_principal,
hdb_entry *krbtgt,
hdb_entry_ex *krbtgt,
EncryptionKey *tgtkey,
krb5_enctype cetype,
const char **e_text,
@ -1717,21 +1720,18 @@ tgs_make_reply(krb5_context context,
if(adtkt) {
int i;
krb5_keytype kt;
ekey = &adtkt->key;
for(i = 0; i < b->etype.len; i++){
ret = krb5_enctype_to_keytype(context, b->etype.val[i], &kt);
if(ret)
continue;
if(adtkt->key.keytype == kt)
for(i = 0; i < b->etype.len; i++)
if (b->etype.val[i] == adtkt->key.keytype)
break;
}
if(i == b->etype.len)
if(i == b->etype.len) {
krb5_clear_error_string(context);
return KRB5KDC_ERR_ETYPE_NOSUPP;
}
etype = b->etype.val[i];
}else{
ret = find_keys(context, config,
NULL, &server->entry, NULL, NULL, &skey, &etype,
NULL, server, NULL, NULL, &skey, &etype,
b->etype.val, b->etype.len);
if(ret) {
kdc_log(context, config, 0, "Server has no support for etypes");
@ -1786,7 +1786,7 @@ tgs_make_reply(krb5_context context,
&tgt->transited, &et,
*krb5_princ_realm(context, client_principal),
*krb5_princ_realm(context, server->entry.principal),
*krb5_princ_realm(context, krbtgt->principal));
*krb5_princ_realm(context, krbtgt->entry.principal));
if(ret)
goto out;
@ -1807,8 +1807,8 @@ tgs_make_reply(krb5_context context,
{
time_t life;
life = et.endtime - *et.starttime;
if(client && client->max_life)
life = min(life, *client->max_life);
if(client && client->entry.max_life)
life = min(life, *client->entry.max_life);
if(server->entry.max_life)
life = min(life, *server->entry.max_life);
et.endtime = *et.starttime + life;
@ -1822,8 +1822,8 @@ tgs_make_reply(krb5_context context,
if(et.renew_till){
time_t renew;
renew = *et.renew_till - et.authtime;
if(client && client->max_renew)
renew = min(renew, *client->max_renew);
if(client && client->entry.max_renew)
renew = min(renew, *client->entry.max_renew);
if(server->entry.max_renew)
renew = min(renew, *server->entry.max_renew);
*et.renew_till = et.authtime + renew;
@ -1902,8 +1902,8 @@ tgs_make_reply(krb5_context context,
etype list, even if we don't want a session key with
DES3? */
ret = encode_reply(context, config,
&rep, &et, &ek, etype, adtkt ? 0 : server->entry.kvno, ekey,
0, &tgt->key, e_text, reply);
&rep, &et, &ek, etype, adtkt ? 0 : server->entry.kvno,
ekey, 0, &tgt->key, e_text, reply);
out:
free_TGS_REP(&rep);
free_TransitedEncoding(&et.transited);
@ -2053,7 +2053,7 @@ tgs_rep2(krb5_context context,
const char *e_text = NULL;
krb5_crypto crypto;
hdb_entry *krbtgt = NULL;
hdb_entry_ex *krbtgt = NULL;
EncTicketPart *tgt;
Key *tkey;
krb5_enctype cetype;
@ -2101,7 +2101,7 @@ tgs_rep2(krb5_context context,
}
if(ap_req.ticket.enc_part.kvno &&
*ap_req.ticket.enc_part.kvno != krbtgt->kvno){
*ap_req.ticket.enc_part.kvno != krbtgt->entry.kvno){
char *p;
ret = krb5_unparse_name (context, princ, &p);
@ -2111,7 +2111,7 @@ tgs_rep2(krb5_context context,
kdc_log(context, config, 0,
"Ticket kvno = %d, DB kvno = %d (%s)",
*ap_req.ticket.enc_part.kvno,
krbtgt->kvno,
krbtgt->entry.kvno,
p);
if (ret == 0)
free (p);
@ -2119,13 +2119,16 @@ tgs_rep2(krb5_context context,
goto out2;
}
ret = hdb_enctype2key(context, krbtgt, ap_req.ticket.enc_part.etype, &tkey);
ret = hdb_enctype2key(context, &krbtgt->entry,
ap_req.ticket.enc_part.etype, &tkey);
if(ret){
char *str;
char *str, *p;
krb5_enctype_to_string(context, ap_req.ticket.enc_part.etype, &str);
krb5_unparse_name(context, princ, &p);
kdc_log(context, config, 0,
"No server key found for %s", str);
"No server key with enctype %s found for %s", str, p);
free(str);
free(p);
ret = KRB5KRB_AP_ERR_BADKEYVER;
goto out2;
}
@ -2252,8 +2255,7 @@ tgs_rep2(krb5_context context,
PrincipalName *s;
Realm r;
char *spn = NULL, *cpn = NULL;
hdb_entry_ex *server = NULL;
hdb_entry *client = NULL;
hdb_entry_ex *server = NULL, *client = NULL;
int nloop = 0;
EncTicketPart adtkt;
char opt_str[128];
@ -2262,7 +2264,7 @@ tgs_rep2(krb5_context context,
r = b->realm;
if(b->kdc_options.enc_tkt_in_skey){
Ticket *t;
hdb_entry *uu;
hdb_entry_ex *uu;
krb5_principal p;
Key *uukey;
@ -2288,13 +2290,15 @@ tgs_rep2(krb5_context context,
ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
goto out;
}
ret = hdb_enctype2key(context, uu, t->enc_part.etype, &uukey);
ret = hdb_enctype2key(context, &uu->entry,
t->enc_part.etype, &uukey);
if(ret){
_kdc_free_ent(context, uu);
ret = KRB5KDC_ERR_ETYPE_NOSUPP; /* XXX */
goto out;
}
ret = krb5_decrypt_ticket(context, t, &uukey->key, &adtkt, 0);
_kdc_free_ent(context, uu);
if(ret)
goto out;
s = &adtkt.cname;
@ -2320,7 +2324,7 @@ tgs_rep2(krb5_context context,
kdc_log(context, config, 0,
"TGS-REQ %s from %s for %s", cpn, from, spn);
server_lookup:
ret = _kdc_db_fetch_ex(context, config, sp, HDB_ENT_TYPE_SERVER, &server);
ret = _kdc_db_fetch(context, config, sp, HDB_ENT_TYPE_SERVER, &server);
if(ret){
const char *new_rlm;
@ -2386,9 +2390,9 @@ tgs_rep2(krb5_context context,
#endif
if(strcmp(krb5_principal_get_realm(context, sp),
krb5_principal_get_comp_string(context, krbtgt->principal, 1)) != 0) {
krb5_principal_get_comp_string(context, krbtgt->entry.principal, 1)) != 0) {
char *tpn;
ret = krb5_unparse_name(context, krbtgt->principal, &tpn);
ret = krb5_unparse_name(context, krbtgt->entry.principal, &tpn);
kdc_log(context, config, 0,
"Request with wrong krbtgt: %s",
(ret == 0) ? tpn : "<unknown>");
@ -2400,7 +2404,7 @@ tgs_rep2(krb5_context context,
}
ret = _kdc_check_flags(context, config,
client, cpn,
&client->entry, cpn,
&server->entry, spn,
FALSE);
if(ret)
@ -2408,7 +2412,7 @@ tgs_rep2(krb5_context context,
if((b->kdc_options.validate || b->kdc_options.renew) &&
!krb5_principal_compare(context,
krbtgt->principal,
krbtgt->entry.principal,
server->entry.principal)){
kdc_log(context, config, 0, "Inconsistent request.");
ret = KRB5KDC_ERR_SERVER_NOMATCH;
@ -2422,7 +2426,8 @@ tgs_rep2(krb5_context context,
goto out;
}
ret = tgs_make_reply(context, config,
ret = tgs_make_reply(context,
config,
b,
tgt,
b->kdc_options.enc_tkt_in_skey ? &adtkt : NULL,
@ -2442,7 +2447,7 @@ tgs_rep2(krb5_context context,
free(cpn);
if(server)
_kdc_free_ent_ex(context, server);
_kdc_free_ent(context, server);
if(client)
_kdc_free_ent(context, client);
}

67
source4/heimdal/kdc/misc.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,7 @@
#include "kdc_locl.h"
RCSID("$Id: misc.c,v 1.25 2005/06/30 01:53:48 lha Exp $");
RCSID("$Id: misc.c,v 1.26 2005/12/12 12:37:31 lha Exp $");
struct timeval _kdc_now;
@ -41,16 +41,15 @@ krb5_error_code
_kdc_db_fetch(krb5_context context,
krb5_kdc_configuration *config,
krb5_principal principal, enum hdb_ent_type ent_type,
hdb_entry **h)
hdb_entry_ex **h)
{
hdb_entry *ent;
hdb_entry_ex *ent;
krb5_error_code ret = HDB_ERR_NOENTRY;
int i;
ent = malloc (sizeof (*ent));
if (ent == NULL)
return ENOMEM;
ent->principal = principal;
for(i = 0; i < config->num_db; i++) {
ret = config->db[i]->hdb_open(context, config->db[i], O_RDONLY, 0);
@ -76,65 +75,9 @@ _kdc_db_fetch(krb5_context context,
}
void
_kdc_free_ent(krb5_context context, hdb_entry *ent)
_kdc_free_ent(krb5_context context, hdb_entry_ex *ent)
{
hdb_free_entry (context, ent);
free (ent);
}
krb5_error_code
_kdc_db_fetch_ex(krb5_context context,
krb5_kdc_configuration *config,
krb5_principal principal, enum hdb_ent_type ent_type,
hdb_entry_ex **h)
{
hdb_entry_ex *ent;
krb5_error_code ret = HDB_ERR_NOENTRY;
int i;
ent = malloc (sizeof (*ent));
if (ent == NULL)
return ENOMEM;
memset(ent, '\0', sizeof(*ent));
ent->entry.principal = principal;
for(i = 0; i < config->num_db; i++) {
ret = config->db[i]->hdb_open(context, config->db[i], O_RDONLY, 0);
if (ret) {
kdc_log(context, config, 0, "Failed to open database: %s",
krb5_get_err_text(context, ret));
continue;
}
if (config->db[i]->hdb_fetch_ex) {
ret = config->db[i]->hdb_fetch_ex(context,
config->db[i],
HDB_F_DECRYPT,
principal,
ent_type,
ent);
} else {
ret = config->db[i]->hdb_fetch(context,
config->db[i],
HDB_F_DECRYPT,
principal,
ent_type,
&ent->entry);
}
config->db[i]->hdb_close(context, config->db[i]);
if(ret == 0) {
*h = ent;
return 0;
}
}
free(ent);
return ret;
}
void
_kdc_free_ent_ex(krb5_context context, hdb_entry_ex *ent)
{
hdb_free_entry_ex (context, ent);
free (ent);
}

4
source4/heimdal/lib/asn1/gen.c
View File

@ -33,7 +33,7 @@
#include "gen_locl.h"
RCSID("$Id: gen.c,v 1.63 2005/08/23 10:49:16 lha Exp $");
RCSID("$Id: gen.c,v 1.64 2005/12/06 19:59:13 lha Exp $");
FILE *headerfile, *codefile, *logfile;
@ -567,6 +567,7 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep)
i.type = TInteger;
i.range = &range;
i.members = NULL;
i.constraint = NULL;
space(level);
if(ASN1_TAILQ_EMPTY(t->members))
@ -640,6 +641,7 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep)
i.type = TInteger;
i.range = &range;
i.members = NULL;
i.constraint = NULL;
space(level);
fprintf (headerfile, "struct %s {\n", typedefp ? name : "");

700
source4/heimdal/lib/asn1/parse.c
View File

File diff suppressed because it is too large Load Diff

5
source4/heimdal/lib/asn1/parse.h
View File

@ -210,7 +210,7 @@
#if ! defined (YYSTYPE) && ! defined (YYSTYPE_IS_DECLARED)
#line 64 "parse.y"
#line 65 "parse.y"
typedef union YYSTYPE {
int constant;
struct value *value;
@ -223,9 +223,10 @@ typedef union YYSTYPE {
struct string_list *sl;
struct tagtype tag;
struct memhead *members;
struct constraint_spec *constraint_spec;
} YYSTYPE;
/* Line 1318 of yacc.c. */
#line 229 "parse.h"
#line 230 "parse.h"
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1
# define YYSTYPE_IS_TRIVIAL 1

17
source4/heimdal/lib/asn1/symbol.h
View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: symbol.h,v 1.12 2005/07/12 06:27:40 lha Exp $ */
/* $Id: symbol.h,v 1.13 2005/12/06 19:59:52 lha Exp $ */
#ifndef _SYMBOL_H
#define _SYMBOL_H
@ -111,6 +111,10 @@ struct range {
int max;
};
enum ctype { CT_CONTENTS, CT_USER } ;
struct constraint_spec;
struct type {
Typetype type;
struct memhead *members;
@ -118,10 +122,21 @@ struct type {
struct type *subtype;
struct tagtype tag;
struct range *range;
struct constraint_spec *constraint;
};
typedef struct type Type;
struct constraint_spec {
enum ctype ctype;
union {
struct {
Type *type;
struct value *encoding;
} content;
} u;
};
struct objid {
const char *label;
int value;

7
source4/heimdal/lib/gssapi/context_time.c
View File

@ -33,7 +33,7 @@
#include "gssapi_locl.h"
RCSID("$Id: context_time.c,v 1.10 2003/06/03 15:08:00 lha Exp $");
RCSID("$Id: context_time.c,v 1.11 2005/12/05 09:19:52 lha Exp $");
OM_uint32
gssapi_lifetime_left(OM_uint32 *minor_status,
@ -43,6 +43,11 @@ gssapi_lifetime_left(OM_uint32 *minor_status,
krb5_timestamp timeret;
krb5_error_code kret;
if (lifetime == 0) {
*lifetime_rec = GSS_C_INDEFINITE;
return GSS_S_COMPLETE;
}
kret = krb5_timeofday(gssapi_krb5_context, &timeret);
if (kret) {
*minor_status = kret;

2
source4/heimdal/lib/gssapi/gssapi.h
View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: gssapi.h,v 1.38 2005/10/26 11:22:13 lha Exp $ */
/* $Id: gssapi.h,v 1.39 2005/12/05 11:52:45 lha Exp $ */
#ifndef GSSAPI_H_
#define GSSAPI_H_

21
source4/heimdal/lib/hdb/db.c
View File

@ -33,7 +33,7 @@
#include "hdb_locl.h"
RCSID("$Id: db.c,v 1.33 2005/11/28 23:30:51 lha Exp $");
RCSID("$Id: db.c,v 1.35 2005/12/13 11:52:55 lha Exp $");
#if HAVE_DB1
@ -85,7 +85,7 @@ DB_unlock(krb5_context context, HDB *db)
static krb5_error_code
DB_seq(krb5_context context, HDB *db,
unsigned flags, hdb_entry *entry, int flag)
unsigned flags, hdb_entry_ex *entry, int flag)
{
DB *d = (DB*)db->hdb_db;
DBT key, value;
@ -106,21 +106,22 @@ DB_seq(krb5_context context, HDB *db,
key_data.length = key.size;
data.data = value.data;
data.length = value.size;
if (hdb_value2entry(context, &data, entry))
memset(entry, 0, sizeof(*entry));
if (hdb_value2entry(context, &data, &entry->entry))
return DB_seq(context, db, flags, entry, R_NEXT);
if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
code = hdb_unseal_keys (context, db, entry);
code = hdb_unseal_keys (context, db, &entry->entry);
if (code)
hdb_free_entry (context, entry);
}
if (code == 0 && entry->principal == NULL) {
entry->principal = malloc(sizeof(*entry->principal));
if (entry->principal == NULL) {
if (code == 0 && entry->entry.principal == NULL) {
entry->entry.principal = malloc(sizeof(*entry->entry.principal));
if (entry->entry.principal == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
code = ENOMEM;
hdb_free_entry (context, entry);
} else {
hdb_key2principal(context, &key_data, entry->principal);
hdb_key2principal(context, &key_data, entry->entry.principal);
}
}
return code;
@ -128,14 +129,14 @@ DB_seq(krb5_context context, HDB *db,
static krb5_error_code
DB_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
DB_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
{
return DB_seq(context, db, flags, entry, R_FIRST);
}
static krb5_error_code
DB_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
DB_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
{
return DB_seq(context, db, flags, entry, R_NEXT);
}

6
source4/heimdal/lib/hdb/hdb-private.h
View File

@ -11,7 +11,7 @@ _hdb_fetch (
unsigned /*flags*/,
krb5_const_principal /*principal*/,
enum hdb_ent_type /*ent_type*/,
hdb_entry */*entry*/);
hdb_entry_ex */*entry*/);
hdb_master_key
_hdb_find_master_key (
@ -43,13 +43,13 @@ krb5_error_code
_hdb_remove (
krb5_context /*context*/,
HDB */*db*/,
hdb_entry */*entry*/);
hdb_entry_ex */*entry*/);
krb5_error_code
_hdb_store (
krb5_context /*context*/,
HDB */*db*/,
unsigned /*flags*/,
hdb_entry */*entry*/);
hdb_entry_ex */*entry*/);
#endif /* __hdb_private_h__ */

23
source4/heimdal/lib/hdb/hdb-protos.h
View File

@ -427,11 +427,6 @@ hdb_foreach (
void
hdb_free_entry (
krb5_context /*context*/,
hdb_entry */*ent*/);
void
hdb_free_entry_ex (
krb5_context /*context*/,
hdb_entry_ex */*ent*/);
@ -476,12 +471,25 @@ hdb_key2principal (
krb5_data */*key*/,
krb5_principal /*p*/);
krb5_error_code
hdb_ldap_common (
krb5_context /*context*/,
HDB ** /*db*/,
const char */*search_base*/,
const char */*url*/);
krb5_error_code
hdb_ldap_create (
krb5_context /*context*/,
HDB ** /*db*/,
const char */*arg*/);
krb5_error_code
hdb_ldapi_create (
krb5_context /*context*/,
HDB ** /*db*/,
const char */*arg*/);
krb5_error_code
hdb_list_builtin (
krb5_context /*context*/,
@ -515,7 +523,7 @@ krb5_error_code
hdb_print_entry (
krb5_context /*context*/,
HDB */*db*/,
hdb_entry */*entry*/,
hdb_entry_ex */*entry*/,
void */*data*/);
krb5_error_code
@ -613,9 +621,6 @@ hdb_write_master_key (
const char */*filename*/,
hdb_master_key /*mkey*/);
void
initialize_hdb_error_table (void);
void
initialize_hdb_error_table_r (struct et_list **/*list*/);

23
source4/heimdal/lib/hdb/hdb.c
View File

@ -33,7 +33,7 @@
#include "hdb_locl.h"
RCSID("$Id: hdb.c,v 1.59 2005/11/30 12:22:09 lha Exp $");
RCSID("$Id: hdb.c,v 1.60 2005/12/12 12:35:36 lha Exp $");
#ifdef HAVE_DLFCN_H
#include <dlfcn.h>
@ -133,25 +133,18 @@ hdb_unlock(int fd)
}
void
hdb_free_entry(krb5_context context, hdb_entry *ent)
hdb_free_entry(krb5_context context, hdb_entry_ex *ent)
{
int i;
for(i = 0; i < ent->keys.len; ++i) {
Key *k = &ent->keys.val[i];
if (ent->free_entry)
(*ent->free_entry)(context, ent);
for(i = 0; i < ent->entry.keys.len; ++i) {
Key *k = &ent->entry.keys.val[i];
memset (k->key.keyvalue.data, 0, k->key.keyvalue.length);
}
free_hdb_entry(ent);
}
void
hdb_free_entry_ex(krb5_context context, hdb_entry_ex *ent)
{
if (ent->free_private) {
ent->free_private(context, ent);
}
free_hdb_entry(&ent->entry);
}
@ -163,7 +156,7 @@ hdb_foreach(krb5_context context,
void *data)
{
krb5_error_code ret;
hdb_entry entry;
hdb_entry_ex entry;
ret = db->hdb_firstkey(context, db, flags, &entry);
while(ret == 0){
ret = (*func)(context, db, &entry, data);

66
source4/heimdal/lib/hdb/hdb.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: hdb.h,v 1.35 2005/08/11 13:16:44 lha Exp $ */
/* $Id: hdb.h,v 1.36 2005/12/12 12:35:36 lha Exp $ */
#ifndef __HDB_H__
#define __HDB_H__
@ -55,27 +55,30 @@ enum hdb_ent_type{ HDB_ENT_TYPE_CLIENT, HDB_ENT_TYPE_SERVER, HDB_ENT_TYPE_ANY };
typedef struct hdb_master_key_data *hdb_master_key;
typedef struct hdb_entry_ex {
struct hdb_entry entry;
void *private;
krb5_error_code (*free_private)(krb5_context, struct hdb_entry_ex *);
krb5_error_code (*check_client_access)(krb5_context, struct hdb_entry_ex *, HostAddresses *);
krb5_error_code (*authz_data_as_req)(krb5_context, struct hdb_entry_ex *,
METHOD_DATA* pa_data_seq,
time_t authtime,
EncryptionKey *tgtkey,
EncryptionKey *sessionkey,
AuthorizationData **out);
krb5_error_code (*authz_data_tgs_req)(krb5_context, struct hdb_entry_ex *,
krb5_principal client,
AuthorizationData *in,
time_t authtime,
EncryptionKey *tgtkey,
EncryptionKey *servicekey,
EncryptionKey *sessionkey,
AuthorizationData **out);
void *ctx;
hdb_entry entry;
void (*free_entry)(krb5_context, struct hdb_entry_ex *);
krb5_error_code (*check_client_access)(krb5_context, struct hdb_entry_ex *,
HostAddresses *);
krb5_error_code (*authz_data_as_req)(krb5_context,
struct hdb_entry_ex *,
METHOD_DATA* pa_data_seq,
time_t authtime,
EncryptionKey *tgtkey,
EncryptionKey *sessionkey,
AuthorizationData **out);
krb5_error_code (*authz_data_tgs_req)(krb5_context,
struct hdb_entry_ex *,
krb5_principal client,
AuthorizationData *in,
time_t authtime,
EncryptionKey *tgtkey,
EncryptionKey *servicekey,
EncryptionKey *sessionkey,
AuthorizationData **out);
} hdb_entry_ex;
typedef struct HDB{
void *hdb_db;
void *hdb_dbc;
@ -86,16 +89,17 @@ typedef struct HDB{
krb5_error_code (*hdb_open)(krb5_context, struct HDB*, int, mode_t);
krb5_error_code (*hdb_close)(krb5_context, struct HDB*);
krb5_error_code (*hdb_fetch)(krb5_context,struct HDB*,unsigned hdb_flags, krb5_const_principal principal,
enum hdb_ent_type ent_type, hdb_entry*);
krb5_error_code (*hdb_fetch_ex)(krb5_context,struct HDB*,unsigned hdb_flags, krb5_const_principal principal,
void (*hdb_free)(krb5_context,struct HDB*,hdb_entry_ex*);
krb5_error_code (*hdb_fetch)(krb5_context,struct HDB*,unsigned hdb_flags,
krb5_const_principal principal,
enum hdb_ent_type ent_type, hdb_entry_ex*);
krb5_error_code (*hdb_store)(krb5_context,struct HDB*,unsigned,hdb_entry*);
krb5_error_code (*hdb_remove)(krb5_context, struct HDB*, hdb_entry*);
krb5_error_code (*hdb_firstkey)(krb5_context, struct HDB*,
unsigned, hdb_entry*);
krb5_error_code (*hdb_nextkey)(krb5_context, struct HDB*,
unsigned, hdb_entry*);
krb5_error_code (*hdb_store)(krb5_context,struct HDB*,
unsigned,hdb_entry_ex*);
krb5_error_code (*hdb_remove)(krb5_context, struct HDB*, hdb_entry_ex*);
krb5_error_code (*hdb_firstkey)(krb5_context, struct HDB*,
unsigned, hdb_entry_ex*);
krb5_error_code (*hdb_nextkey)(krb5_context, struct HDB*,
unsigned, hdb_entry_ex*);
krb5_error_code (*hdb_lock)(krb5_context, struct HDB*, int operation);
krb5_error_code (*hdb_unlock)(krb5_context, struct HDB*);
krb5_error_code (*hdb_rename)(krb5_context, struct HDB*, const char*);
@ -119,7 +123,7 @@ struct hdb_so_method {
#define HDB_DB_FORMAT_ENTRY "hdb/db-format"
typedef krb5_error_code (*hdb_foreach_func_t)(krb5_context, HDB*,
hdb_entry*, void*);
hdb_entry_ex*, void*);
extern krb5_kt_ops hdb_kt_ops;
#include <hdb-protos.h>

25
source4/heimdal/lib/hdb/ndbm.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,7 @@
#include "hdb_locl.h"
RCSID("$Id: ndbm.c,v 1.36 2005/11/28 23:31:36 lha Exp $");
RCSID("$Id: ndbm.c,v 1.38 2005/12/13 11:54:10 lha Exp $");
#if HAVE_NDBM
@ -77,7 +77,7 @@ NDBM_unlock(krb5_context context, HDB *db)
static krb5_error_code
NDBM_seq(krb5_context context, HDB *db,
unsigned flags, hdb_entry *entry, int first)
unsigned flags, hdb_entry_ex *entry, int first)
{
struct ndbm_db *d = (struct ndbm_db *)db->hdb_db;
@ -99,21 +99,22 @@ NDBM_seq(krb5_context context, HDB *db,
db->hdb_unlock(context, db);
data.data = value.dptr;
data.length = value.dsize;
if(hdb_value2entry(context, &data, entry))
memset(entry, 0, sizeof(*entry));
if(hdb_value2entry(context, &data, &entry->entry))
return NDBM_seq(context, db, flags, entry, 0);
if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
ret = hdb_unseal_keys (context, db, entry);
ret = hdb_unseal_keys (context, db, &entry->entry);
if (ret)
hdb_free_entry (context, entry);
}
if (entry->principal == NULL) {
entry->principal = malloc (sizeof(*entry->principal));
if (entry->principal == NULL) {
if (ret == 0 && entry->entry.principal == NULL) {
entry->entry.principal = malloc (sizeof(*entry->entry.principal));
if (entry->entry.principal == NULL) {
ret = ENOMEM;
hdb_free_entry (context, entry);
krb5_set_error_string(context, "malloc: out of memory");
} else {
hdb_key2principal (context, &key_data, entry->principal);
hdb_key2principal (context, &key_data, entry->entry.principal);
}
}
return ret;
@ -121,14 +122,14 @@ NDBM_seq(krb5_context context, HDB *db,
static krb5_error_code
NDBM_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
NDBM_firstkey(krb5_context context, HDB *db,unsigned flags,hdb_entry_ex *entry)
{
return NDBM_seq(context, db, flags, entry, 1);
}
static krb5_error_code
NDBM_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
NDBM_nextkey(krb5_context context, HDB *db, unsigned flags,hdb_entry_ex *entry)
{
return NDBM_seq(context, db, flags, entry, 0);
}
@ -339,8 +340,6 @@ hdb_ndbm_create(krb5_context context, HDB **db,
return ENOMEM;
}
memset(*db, '\0', sizeof(**db));
(*db)->hdb_db = NULL;
(*db)->hdb_name = strdup(filename);
if ((*db)->hdb_name == NULL) {

14
source4/heimdal/lib/krb5/cache.c
View File

@ -33,7 +33,7 @@
#include "krb5_locl.h"
RCSID("$Id: cache.c,v 1.76 2005/11/29 09:10:47 lha Exp $");
RCSID("$Id: cache.c,v 1.77 2005/12/13 15:42:36 lha Exp $");
/*
* Add a new ccache type with operations `ops', overwriting any
@ -358,14 +358,12 @@ krb5_cc_set_default_name(krb5_context context, const char *name)
if (e == NULL) {
e = krb5_config_get_string(context, NULL, "libdefaults",
"default_cc_name", NULL);
if (e) {
ret = _krb5_expand_default_cc_name(context, e, &p);
if (ret)
return ret;
}
if (e == NULL)
e = KRB5_DEFAULT_CCNAME;
ret = _krb5_expand_default_cc_name(context, e, &p);
if (ret)
return ret;
}
if (e == NULL)
asprintf(&p,"FILE:/tmp/krb5cc_%u", (unsigned)getuid());
} else
p = strdup(name);

11
source4/heimdal/lib/krb5/changepw.c
View File

@ -33,7 +33,7 @@
#include <krb5_locl.h>
RCSID("$Id: changepw.c,v 1.54 2005/09/08 11:38:01 lha Exp $");
RCSID("$Id: changepw.c,v 1.55 2005/12/12 12:48:57 lha Exp $");
static void
str2data (krb5_data *d,
@ -522,7 +522,12 @@ change_password_loop (krb5_context context,
int sock;
int i;
int done = 0;
krb5_realm realm = creds->client->realm;
krb5_realm realm;
if (targprinc)
realm = targprinc->realm;
else
realm = creds->client->realm;
ret = krb5_auth_con_init (context, &auth_context);
if (ret)
@ -712,7 +717,7 @@ krb5_set_password(krb5_context context,
for (i = 0; procs[i].name != NULL; i++) {
*result_code = 0;
ret = change_password_loop(context, creds, targprinc, newpw,
ret = change_password_loop(context, creds, principal, newpw,
result_code, result_code_string,
result_string,
&procs[i]);

13
source4/heimdal/lib/krb5/crypto.c
View File

@ -32,7 +32,7 @@
*/
#include "krb5_locl.h"
RCSID("$Id: crypto.c,v 1.129 2005/09/19 22:13:54 lha Exp $");
RCSID("$Id: crypto.c,v 1.130 2005/12/02 14:47:44 lha Exp $");
#undef CRYPTO_DEBUG
#ifdef CRYPTO_DEBUG
@ -3942,6 +3942,8 @@ krb5_derive_key(krb5_context context,
struct encryption_type *et;
struct key_data d;
*derived_key = NULL;
et = _find_enctype (etype);
if (et == NULL) {
krb5_set_error_string(context, "encryption type %d not supported",
@ -3949,16 +3951,15 @@ krb5_derive_key(krb5_context context,
return KRB5_PROG_ETYPE_NOSUPP;
}
ret = krb5_copy_keyblock(context, key, derived_key);
ret = krb5_copy_keyblock(context, key, &d.key);
if (ret)
return ret;
d.key = *derived_key;
d.schedule = NULL;
ret = derive_key(context, et, &d, constant, constant_len);
if (ret)
return ret;
ret = krb5_copy_keyblock(context, d.key, derived_key);
if (ret == 0)
ret = krb5_copy_keyblock(context, d.key, derived_key);
free_key_data(context, &d);
return ret;
}

14
source4/heimdal/lib/krb5/keytab_memory.c
View File

@ -33,7 +33,7 @@
#include "krb5_locl.h"
RCSID("$Id: keytab_memory.c,v 1.7 2005/12/01 12:40:22 lha Exp $");
RCSID("$Id: keytab_memory.c,v 1.8 2005/12/05 18:39:46 lha Exp $");
/* memory operations -------------------------------------------- */
@ -214,15 +214,9 @@ mkt_remove_entry(krb5_context context,
krb5_clear_error_string (context);
return KRB5_KT_NOTFOUND;
}
if (d->num_entries == 0) {
free(d->entries);
d->entries = NULL;
} else {
e = realloc(d->entries, d->num_entries * sizeof(*d->entries));
if(e != NULL)
d->entries = e;
}
e = realloc(d->entries, d->num_entries * sizeof(*d->entries));
if(e != NULL || d->num_entries == 0)
d->entries = e;
return 0;
}

9
source4/heimdal/lib/krb5/krb5-protos.h
View File

@ -20,21 +20,12 @@ extern "C" {
#endif
#endif
void
initialize_heim_error_table (void);
void
initialize_heim_error_table_r (struct et_list **/*list*/);
void
initialize_k524_error_table (void);
void
initialize_k524_error_table_r (struct et_list **/*list*/);
void
initialize_krb5_error_table (void);
void
initialize_krb5_error_table_r (struct et_list **/*list*/);

10
source4/heimdal/lib/krb5/krb5_locl.h
View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: krb5_locl.h,v 1.83 2005/10/07 12:08:02 lha Exp $ */
/* $Id: krb5_locl.h,v 1.84 2005/12/13 15:40:50 lha Exp $ */
#ifndef __KRB5_LOCL_H__
#define __KRB5_LOCL_H__
@ -170,6 +170,14 @@ struct _krb5_krb_auth_data;
#define KRB5_BUFSIZ 1024
#ifndef KRB5_DEFAULT_CCNAME
#ifdef __APPLE__
#define KRB5_DEFAULT_CCNAME "API:"
#else
#define KRB5_DEFAULT_CCNAME "FILE:/tmp/krb5cc_%{uid}"
#endif
#endif
typedef enum {
KRB5_PA_PAC_DONT_CARE = 0,
KRB5_PA_PAC_REQ_TRUE,

2
source4/heimdal/lib/krb5/principal.c
View File

@ -41,7 +41,7 @@
#include <fnmatch.h>
#include "resolve.h"
RCSID("$Id: principal.c,v 1.91 2005/08/23 08:34:40 lha Exp $");
RCSID("$Id: principal.c,v 1.92 2005/12/11 17:48:13 lha Exp $");
#define princ_num_comp(P) ((P)->name.name_string.len)
#define princ_type(P) ((P)->name.name_type)

15
source4/heimdal/lib/krb5/set_default_realm.c
View File

@ -77,8 +77,19 @@ krb5_set_default_realm(krb5_context context,
"libdefaults",
"default_realm",
NULL);
if (realms == NULL)
ret = krb5_get_host_realm(context, NULL, &realms);
if (realms == NULL) {
char hostname[MAXHOSTNAMELEN];
if (gethostname (hostname, sizeof(hostname))) {
return errno;
}
if (strchr(hostname, '.') == NULL) {
/* There is no way we can get this mapping, as we can't do DNS */
return KRB5_CONFIG_NODEFREALM;
}
ret = krb5_get_host_realm(context, hostname,
&realms);
}
} else {
ret = string_to_list (context, realm, &realms);
}

3
source4/heimdal_build/config.h
View File

@ -62,6 +62,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg }
#ifndef HAVE_STRNDUP
#define HAVE_STRNDUP
#endif
#ifndef HAVE_SOCKLEN_T
#define HAVE_SOCKLEN_T
#endif
#ifndef HAVE_SSIZE_T
#define HAVE_SSIZE_T

1
source4/heimdal_build/config.m4
View File

@ -139,6 +139,7 @@ AC_HAVE_TYPE([struct sockaddr], [#include <sys/socket.h>])
AC_HAVE_TYPE([struct sockaddr_storage], [#include <sys/socket.h>])
AC_HAVE_TYPE([struct addrinfo], [#include <netdb.h>])
AC_HAVE_TYPE([struct ifaddrs], [#include <ifaddrs.h>])
AC_HAVE_TYPE([socklen_t],[#include <sys/socket.h>])
AC_DEFUN([AC_KRB_STRUCT_WINSIZE], [

194
source4/kdc/hdb-ldb.c
View File

@ -198,10 +198,17 @@ static HDBFlags uf2HDBFlags(krb5_context context, int userAccountControl, enum h
return flags;
}
static krb5_error_code hdb_ldb_free_private(krb5_context context, hdb_entry_ex *entry_ex)
static int hdb_ldb_destrutor(void *ptr)
{
talloc_free(entry_ex->private);
return 0;
struct hdb_ldb_private *private = ptr;
hdb_entry_ex *entry_ex = private->entry_ex;
free_hdb_entry(&entry_ex->entry);
return 0;
}
static void hdb_ldb_free_entry(krb5_context context, hdb_entry_ex *entry_ex)
{
talloc_free(entry_ex->ctx);
}
/*
@ -223,10 +230,9 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
struct ldb_dn *domain_dn = samdb_result_dn(mem_ctx, realm_ref_msg, "nCName", ldb_dn_new(mem_ctx));
struct hdb_ldb_private *private;
hdb_entry *ent = &entry_ex->entry;
NTTIME acct_expiry;
memset(ent, 0, sizeof(*ent));
memset(entry_ex, 0, sizeof(*entry_ex));
krb5_warnx(context, "LDB_message2entry:\n");
@ -236,9 +242,22 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
goto out;
}
private = talloc(mem_ctx, struct hdb_ldb_private);
if (!private) {
ret = ENOMEM;
goto out;
}
private->entry_ex = entry_ex;
talloc_set_destructor(private, hdb_ldb_destrutor);
entry_ex->ctx = private;
entry_ex->free_entry = hdb_ldb_free_entry;
userAccountControl = ldb_msg_find_uint(msg, "userAccountControl", 0);
ent->principal = malloc(sizeof(*(ent->principal)));
entry_ex->entry.principal = malloc(sizeof(*(entry_ex->entry.principal)));
if (ent_type == HDB_LDB_ENT_TYPE_ANY && principal == NULL) {
const char *samAccountName = ldb_msg_find_string(msg, "samAccountName", NULL);
if (!samAccountName) {
@ -247,10 +266,10 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
goto out;
}
samAccountName = ldb_msg_find_string(msg, "samAccountName", NULL);
krb5_make_principal(context, &ent->principal, realm, samAccountName, NULL);
krb5_make_principal(context, &entry_ex->entry.principal, realm, samAccountName, NULL);
} else {
char *strdup_realm;
ret = copy_Principal(principal, ent->principal);
ret = copy_Principal(principal, entry_ex->entry.principal);
if (ret) {
krb5_clear_error_string(context);
goto out;
@ -263,7 +282,7 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
* we determine from our records */
/* don't leak */
free(*krb5_princ_realm(context, ent->principal));
free(*krb5_princ_realm(context, entry_ex->entry.principal));
/* this has to be with malloc() */
strdup_realm = strdup(realm);
@ -272,56 +291,56 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
krb5_clear_error_string(context);
goto out;
}
krb5_princ_set_realm(context, ent->principal, &strdup_realm);
krb5_princ_set_realm(context, entry_ex->entry.principal, &strdup_realm);
}
ent->kvno = ldb_msg_find_int(msg, "msDS-KeyVersionNumber", 0);
entry_ex->entry.kvno = ldb_msg_find_int(msg, "msDS-KeyVersionNumber", 0);
ent->flags = uf2HDBFlags(context, userAccountControl, ent_type);
entry_ex->entry.flags = uf2HDBFlags(context, userAccountControl, ent_type);
if (ent_type == HDB_LDB_ENT_TYPE_KRBTGT) {
ent->flags.invalid = 0;
ent->flags.server = 1;
ent->flags.forwardable = 1;
ent->flags.ok_as_delegate = 1;
entry_ex->entry.flags.invalid = 0;
entry_ex->entry.flags.server = 1;
entry_ex->entry.flags.forwardable = 1;
entry_ex->entry.flags.ok_as_delegate = 1;
}
if (lp_parm_bool(-1, "kdc", "require spn for service", True)) {
if (!ldb_msg_find_string(msg, "servicePrincipalName", NULL)) {
ent->flags.server = 0;
entry_ex->entry.flags.server = 0;
}
}
/* use 'whenCreated' */
ent->created_by.time = ldb_msg_find_krb5time_ldap_time(msg, "whenCreated", 0);
entry_ex->entry.created_by.time = ldb_msg_find_krb5time_ldap_time(msg, "whenCreated", 0);
/* use '???' */
ent->created_by.principal = NULL;
entry_ex->entry.created_by.principal = NULL;
ent->modified_by = (Event *) malloc(sizeof(Event));
if (ent->modified_by == NULL) {
entry_ex->entry.modified_by = (Event *) malloc(sizeof(Event));
if (entry_ex->entry.modified_by == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
goto out;
}
/* use 'whenChanged' */
ent->modified_by->time = ldb_msg_find_krb5time_ldap_time(msg, "whenChanged", 0);
entry_ex->entry.modified_by->time = ldb_msg_find_krb5time_ldap_time(msg, "whenChanged", 0);
/* use '???' */
ent->modified_by->principal = NULL;
entry_ex->entry.modified_by->principal = NULL;
ent->valid_start = NULL;
entry_ex->entry.valid_start = NULL;
acct_expiry = samdb_result_nttime(msg, "accountExpires", (NTTIME)-1);
if ((acct_expiry == (NTTIME)-1) ||
(acct_expiry == 0x7FFFFFFFFFFFFFFFULL)) {
ent->valid_end = NULL;
entry_ex->entry.valid_end = NULL;
} else {
ent->valid_end = malloc(sizeof(*ent->valid_end));
if (ent->valid_end == NULL) {
entry_ex->entry.valid_end = malloc(sizeof(*entry_ex->entry.valid_end));
if (entry_ex->entry.valid_end == NULL) {
ret = ENOMEM;
goto out;
}
*ent->valid_end = nt_time_to_unix(acct_expiry);
*entry_ex->entry.valid_end = nt_time_to_unix(acct_expiry);
}
if ((ent_type != HDB_LDB_ENT_TYPE_KRBTGT) && (!(userAccountControl & UF_DONT_EXPIRE_PASSWD))) {
@ -330,24 +349,24 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
domain_dn, msg,
"pwdLastSet");
if (must_change_time != 0) {
ent->pw_end = malloc(sizeof(*ent->pw_end));
if (ent->pw_end == NULL) {
entry_ex->entry.pw_end = malloc(sizeof(*entry_ex->entry.pw_end));
if (entry_ex->entry.pw_end == NULL) {
ret = ENOMEM;
goto out;
}
*ent->pw_end = nt_time_to_unix(must_change_time);
*entry_ex->entry.pw_end = nt_time_to_unix(must_change_time);
} else {
ent->pw_end = NULL;
entry_ex->entry.pw_end = NULL;
}
} else {
ent->pw_end = NULL;
entry_ex->entry.pw_end = NULL;
}
ent->max_life = NULL;
entry_ex->entry.max_life = NULL;
ent->max_renew = NULL;
entry_ex->entry.max_renew = NULL;
ent->generation = NULL;
entry_ex->entry.generation = NULL;
/* create the keys and enctypes */
unicodePwd = ldb_msg_find_string(msg, "unicodePwd", NULL);
@ -399,21 +418,21 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
}
if (ret == 0) {
size_t num_keys = ent->keys.len;
size_t num_keys = entry_ex->entry.keys.len;
/*
* create keys from unicodePwd
*/
ret = hdb_generate_key_set_password(context, salt_principal,
unicodePwd,
&ent->keys.val, &num_keys);
ent->keys.len = num_keys;
&entry_ex->entry.keys.val, &num_keys);
entry_ex->entry.keys.len = num_keys;
krb5_free_principal(context, salt_principal);
}
if (ret != 0) {
krb5_warnx(context, "could not generate keys from unicodePwd\n");
ent->keys.val = NULL;
ent->keys.len = 0;
entry_ex->entry.keys.val = NULL;
entry_ex->entry.keys.len = 0;
goto out;
}
} else {
@ -423,11 +442,11 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
val = ldb_msg_find_ldb_val(msg, "ntPwdHash");
if (!val) {
krb5_warnx(context, "neither type of key available for this account\n");
ent->keys.val = NULL;
ent->keys.len = 0;
entry_ex->entry.keys.val = NULL;
entry_ex->entry.keys.len = 0;
} else if (val->length < 16) {
ent->keys.val = NULL;
ent->keys.len = 0;
entry_ex->entry.keys.val = NULL;
entry_ex->entry.keys.len = 0;
krb5_warnx(context, "ntPwdHash has invalid length: %d\n",
(int)val->length);
} else {
@ -440,53 +459,45 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
memcpy(keyvalue.data, val->data, 16);
ent->keys.val = malloc(sizeof(ent->keys.val[0]));
if (ent->keys.val == NULL) {
entry_ex->entry.keys.val = malloc(sizeof(entry_ex->entry.keys.val[0]));
if (entry_ex->entry.keys.val == NULL) {
krb5_data_free(&keyvalue);
krb5_clear_error_string(context);
ret = ENOMEM;
goto out;
}
memset(&ent->keys.val[0], 0, sizeof(Key));
ent->keys.val[0].key.keytype = ETYPE_ARCFOUR_HMAC_MD5;
ent->keys.val[0].key.keyvalue = keyvalue;
memset(&entry_ex->entry.keys.val[0], 0, sizeof(Key));
entry_ex->entry.keys.val[0].key.keytype = ETYPE_ARCFOUR_HMAC_MD5;
entry_ex->entry.keys.val[0].key.keyvalue = keyvalue;
ent->keys.len = 1;
entry_ex->entry.keys.len = 1;
}
}
ent->etypes = malloc(sizeof(*(ent->etypes)));
if (ent->etypes == NULL) {
entry_ex->entry.etypes = malloc(sizeof(*(entry_ex->entry.etypes)));
if (entry_ex->entry.etypes == NULL) {
krb5_clear_error_string(context);
ret = ENOMEM;
goto out;
}
ent->etypes->len = ent->keys.len;
ent->etypes->val = calloc(ent->etypes->len, sizeof(int));
if (ent->etypes->val == NULL) {
entry_ex->entry.etypes->len = entry_ex->entry.keys.len;
entry_ex->entry.etypes->val = calloc(entry_ex->entry.etypes->len, sizeof(int));
if (entry_ex->entry.etypes->val == NULL) {
krb5_clear_error_string(context);
ret = ENOMEM;
goto out;
}
for (i=0; i < ent->etypes->len; i++) {
ent->etypes->val[i] = ent->keys.val[i].key.keytype;
for (i=0; i < entry_ex->entry.etypes->len; i++) {
entry_ex->entry.etypes->val[i] = entry_ex->entry.keys.val[i].key.keytype;
}
private = talloc(db, struct hdb_ldb_private);
if (!private) {
ret = ENOMEM;
goto out;
}
private->msg = talloc_steal(private, msg);
private->realm_ref_msg = talloc_steal(private, realm_ref_msg);
private->samdb = (struct ldb_context *)db->hdb_db;
entry_ex->private = private;
entry_ex->free_private = hdb_ldb_free_private;
entry_ex->check_client_access = hdb_ldb_check_client_access;
entry_ex->authz_data_tgs_req = hdb_ldb_authz_data_tgs_req;
entry_ex->authz_data_as_req = hdb_ldb_authz_data_as_req;
@ -494,7 +505,9 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
out:
if (ret != 0) {
/* This doesn't free ent itself, that is for the eventual caller to do */
hdb_free_entry(context, &entry_ex->entry);
hdb_free_entry(context, entry_ex);
} else {
talloc_steal(db, entry_ex->ctx);
}
return ret;
@ -669,10 +682,10 @@ static krb5_error_code LDB_rename(krb5_context context, HDB *db, const char *new
return HDB_ERR_DB_INUSE;
}
static krb5_error_code LDB_fetch_ex(krb5_context context, HDB *db, unsigned flags,
krb5_const_principal principal,
enum hdb_ent_type ent_type,
hdb_entry_ex *entry_ex)
static krb5_error_code LDB_fetch(krb5_context context, HDB *db, unsigned flags,
krb5_const_principal principal,
enum hdb_ent_type ent_type,
hdb_entry_ex *entry_ex)
{
struct ldb_message **msg = NULL;
struct ldb_message **realm_ref_msg = NULL;
@ -860,32 +873,12 @@ static krb5_error_code LDB_fetch_ex(krb5_context context, HDB *db, unsigned flag
return ret;
}
static krb5_error_code LDB_fetch(krb5_context context, HDB *db, unsigned flags,
krb5_const_principal principal,
enum hdb_ent_type ent_type,
hdb_entry *entry)
{
struct hdb_entry_ex entry_ex;
krb5_error_code ret;
memset(&entry_ex, '\0', sizeof(entry_ex));
ret = LDB_fetch_ex(context, db, flags, principal, ent_type, &entry_ex);
if (ret == 0) {
if (entry_ex.free_private) {
entry_ex.free_private(context, &entry_ex);
}
*entry = entry_ex.entry;
}
return ret;
}
static krb5_error_code LDB_store(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
static krb5_error_code LDB_store(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
{
return HDB_ERR_DB_INUSE;
}
static krb5_error_code LDB_remove(krb5_context context, HDB *db, hdb_entry *entry)
static krb5_error_code LDB_remove(krb5_context context, HDB *db, hdb_entry_ex *entry)
{
return HDB_ERR_DB_INUSE;
}
@ -898,7 +891,7 @@ struct hdb_ldb_seq {
struct ldb_message **realm_ref_msgs;
};
static krb5_error_code LDB_seq(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
static krb5_error_code LDB_seq(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
{
krb5_error_code ret;
struct hdb_ldb_seq *priv = (struct hdb_ldb_seq *)db->hdb_openp;
@ -921,13 +914,7 @@ static krb5_error_code LDB_seq(krb5_context context, HDB *db, unsigned flags, hd
ret = LDB_message2entry(context, db, mem_ctx,
NULL, HDB_LDB_ENT_TYPE_ANY,
priv->msgs[priv->index++],
priv->realm_ref_msgs[0], &entry_ex);
if (ret == 0) {
if (entry_ex.free_private) {
entry_ex.free_private(context, &entry_ex);
}
*entry = entry_ex.entry;
}
priv->realm_ref_msgs[0], entry);
} else {
ret = HDB_ERR_NOENTRY;
}
@ -943,7 +930,7 @@ static krb5_error_code LDB_seq(krb5_context context, HDB *db, unsigned flags, hd
}
static krb5_error_code LDB_firstkey(krb5_context context, HDB *db, unsigned flags,
hdb_entry *entry)
hdb_entry_ex *entry)
{
struct ldb_context *ldb_ctx = (struct ldb_context *)db->hdb_db;
struct hdb_ldb_seq *priv = (struct hdb_ldb_seq *)db->hdb_openp;
@ -1028,7 +1015,7 @@ static krb5_error_code LDB_firstkey(krb5_context context, HDB *db, unsigned flag
}
static krb5_error_code LDB_nextkey(krb5_context context, HDB *db, unsigned flags,
hdb_entry *entry)
hdb_entry_ex *entry)
{
return LDB_seq(context, db, flags, entry);
}
@ -1083,7 +1070,6 @@ NTSTATUS hdb_ldb_create(TALLOC_CTX *mem_ctx,
(*db)->hdb_open = LDB_open;
(*db)->hdb_close = LDB_close;
(*db)->hdb_fetch = LDB_fetch;
(*db)->hdb_fetch_ex = LDB_fetch_ex;
(*db)->hdb_store = LDB_store;
(*db)->hdb_remove = LDB_remove;
(*db)->hdb_firstkey = LDB_firstkey;

8
source4/kdc/pac-glue.c
View File

@ -157,7 +157,7 @@ krb5_error_code hdb_ldb_authz_data_as_req(krb5_context context, struct hdb_entry
krb5_boolean pac_wanted = TRUE;
unsigned int userAccountControl;
struct PA_PAC_REQUEST pac_request;
struct hdb_ldb_private *private = talloc_get_type(entry_ex->private, struct hdb_ldb_private);
struct hdb_ldb_private *private = talloc_get_type(entry_ex->ctx, struct hdb_ldb_private);
/* The user account may be set not to want the PAC */
userAccountControl = ldb_msg_find_uint(private->msg, "userAccountControl", 0);
@ -218,7 +218,7 @@ krb5_error_code hdb_ldb_authz_data_tgs_req(krb5_context context, struct hdb_entr
unsigned int userAccountControl;
struct hdb_ldb_private *private = talloc_get_type(entry_ex->private, struct hdb_ldb_private);
struct hdb_ldb_private *private = talloc_get_type(entry_ex->ctx, struct hdb_ldb_private);
krb5_data k5pac_in, k5pac_out;
DATA_BLOB pac_in, pac_out;
@ -321,8 +321,8 @@ krb5_error_code hdb_ldb_check_client_access(krb5_context context, hdb_entry_ex *
{
krb5_error_code ret;
NTSTATUS nt_status;
TALLOC_CTX *tmp_ctx = talloc_new(entry_ex->private);
struct hdb_ldb_private *private = talloc_get_type(entry_ex->private, struct hdb_ldb_private);
TALLOC_CTX *tmp_ctx = talloc_new(entry_ex->ctx);
struct hdb_ldb_private *private = talloc_get_type(entry_ex->ctx, struct hdb_ldb_private);
char *name, *workstation = NULL;
int i;

1
source4/kdc/pac-glue.h
View File

@ -25,6 +25,7 @@
struct ldb_context *samdb;
struct ldb_message *msg;
struct ldb_message *realm_ref_msg;
hdb_entry_ex *entry_ex;
};
krb5_error_code hdb_ldb_authz_data_as_req(krb5_context context, struct hdb_entry_ex *entry_ex,